Doug Bedell — September 18, 2021, 10:09 am

Employers: Working From Outside an Office Invites Cyber Risks


Cyber security presents a growing risk as employees work from home or elsewhere outside an office. Ian Barker on beta news advises that “Nearly a quarter (24 percent) of office workers have experienced a data breach, yet 12 percent say nothing will make them take cyber security more seriously, and a third won’t take extra precautions.”

Potential costs to employers grow when workers don’t take computer security seriously. “It’s frustrating that despite being aware of the risks, so many office workers are seemingly unwilling to make even small changes in their behavior to help their largely overworked and under-resourced cybersecurity colleagues,” says Ian Jennings, co-founder and managing director at BlueFort. “And the fact that many have fallen victim to a cybercrime themselves makes the situation so much worse. Given it’s Insider Threat Awareness Month right now, the irony of the survey results is not lost on me.”

Pay heed. Cyber criminals are lurking out there. Be mindful of them.

Doug Bedell — September 15, 2021, 11:21 am

U.S. ‘Raising the Ante’ Against Cyberattacks


The Biden administration is raising the ante against foreign-based cyber attackers, the Associated Press reports in a post on Military.com.

“In an interview Sept. 14 with The Associated Press, Gen. Paul Nakasone broadly described ‘an intense focus’ by government specialists to better find and share information about cyberattacks and ‘impose costs when necessary.’ Those costs include publicly linking adversarial countries to high-profile attacks and exposing the means by which those attacks were carried out, he said.

“Even six months ago, we probably would have said, ‘Ransomware, that’s criminal activity,’” Nakasone said. “But if it has an impact on a nation, like we’ve seen, then it becomes a national security issue. If it’s a national security issue, then certainly we’re going to surge toward it.”

“A devastating wave of cyberattacks,” the Military.com post adds, “has compromised sensitive government records and at times led to the shutdown of the operations of energy companies, hospitals and schools. The SolarWinds espionage campaign exposed the emails of 80% of the email accounts used by the U.S. attorneys’ offices in New York and several other departments. A separate hack of Microsoft email server software affected potentially tens of thousands.

“Nakasone jointly leads the National Security Agency, the chief intelligence agency tracking foreign communications, and U.S. Cyber Command, the Pentagon’s force for offensive attacks. While the two organizations work mostly in secret, they have been part of a Biden administration effort to publicly identify the people and countries behind attacks. The White House has linked the SolarWinds breach to Russian intelligence and the Microsoft hack to China.”

Doug Bedell — September 13, 2021, 11:45 am

TSA Stiffens Mask Mandate for Airline Travel


The Department of Homeland Security’s Transportation Security Administration (TSA) is stiffening its mask requirements for airline travel. “The federal mask mandate for transportation, which was implemented by TSA on February 2, 2021, will remain in effect until January 18, 2022.

“The new range of penalties, which take effect Friday, September 10, 2021, will be $500-$1000 for first offenders and $1000-$3000 for second offenders.

“Wearing a mask protects the traveling public and all of the personnel who make the travel experience safe, secure, and comfortable,” said Secretary of Homeland Security Alejandro N. Mayorkas. “We will continue to enforce the mask mandate as long as necessary to protect public health and safety.”

“TSA will provide updated signage at airports regarding these increased civil penalties. For more information about the federal face mask requirement, visit the TSA Coronavirus webpage”.

Doug Bedell — September 10, 2021, 11:28 am

Proof of How Taxing Organizational Security Can Be


Maintaining organizational security during the pandemic has been a continuing challenge. Ian Barker on betanews writes: “A new report from HP Wolf Security reveals that 76 percent of IT teams admit security has taken a backseat to business continuity during the pandemic, while 91 percent feel pressure to compromise security for business continuity.

“It also shows that almost half (48 percent) of younger office workers (18-24 years old) surveyed view security tools as a hindrance, leading to nearly a third (31 percent) trying to bypass corporate security policies to get their work done.

“Indeed, 54 percent of 18–24-year-olds are more worried about meeting deadlines than exposing their organization to a data breach, while 39 percent are unsure what their security policies say, or are unaware if their company even has them — suggesting a growing level of apathy among younger workers.”

All of which provides an example of how stringent a discipline organizational security actually is.

Doug Bedell — September 8, 2021, 1:41 pm

Setting Up a Cybersecurity Operations Center


For larger-size organizations, the pressures of keeping ahead of cybersecurity challenges might suggest setting up a Security Operations Center. The GBHackers on Security site shows how that can be done

“Today’s Cyber security operations center (CSOC),” Balaji N writes, “should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise.

“This includes a vast array of sophisticated detection and prevention technologies, a virtual sea of cyber intelligence reporting, and access to a rapidly expanding workforce of talented IT professionals. Yet, most CSOCs continue to fall short in keeping the adversary—even the unsophisticated one—out of the enterprise.

“Ensuring the confidentiality, integrity, and availability of the modern information technology (IT) enterprise is a big job.

“It incorporates many tasks, from robust systems engineering and configuration management (CM) to effective cybersecurity or information assurance (IA) policy and comprehensive workforce training.

“It must also include cybersecurity operations, where a group of people is charged with monitoring and defending the enterprise against all measures of cyber attack.”

Doug Bedell — September 6, 2021, 2:06 pm

Mindfulness Matters; It’s Us, Not the Technology


“What if all our Culture War problems we’re having right now aren’t tech problems,” Daniel Miessler wonders, “but rather are the result of large groups of humans communicating – which is enabled by technology. In other words, what if technology is just a means of exposing the ugliness that exists within humans? And specifically, ugliness that exists when large groups of humans are exposed to each other.”

“What if Facebook and Reddit are nothing but megaphones and microscopes. Rather than create ugliness, they merely show us how ugly we actually are with increasing volume and resolution?”

Good questions. But what does it take to be continually mindful of the source of our ills and do our part to ease the tension? Mindfulness matters greatly.

Doug Bedell — September 3, 2021, 1:13 pm

Covid Vaccine Booster Shots on Hold for a Full Review


Covid-19 vaccine booster shots, at least for the Moderna Inc. and Johnson & Johnson vaccines, are likely to be pushed back somewhat, The Wall Street Journal reports. “The Food and Drug Administration needs more time to collect and assess the data on safety and efficacy,” federal health officials are advising.

“Centers for Disease Control and Prevention Director Rochelle Wollensky and Acting Food and Drug Commissioner Janet Woodcock made the recommendation on Thursday (Sept. 2) in a meeting with Jeffrey Zients, the White House coronavirus coordinator, one of the people said.

“One official said the process for Pfizer remains on track but Moderna and J&J are likely to be pushed back beyond the week of Sept. 20. Last month, the Biden administration said people who had been vaccinated for eight months or longer should get a booster starting Sept. 20.

“The White House said it is awaiting a full review, clearance by the FDA and a recommendation by the CDC’s expert advisory panel.”

Assurances of safety and effectiveness are vital to the acceptance of vaccines.

Doug Bedell — September 1, 2021, 1:06 pm

Remembering 9/11: U.S. Homeland Security Digital Library Offers Password-Accessible Materials


As we near the 20th anniversary of 9/11, the U.S. Homeland Security Digital Library is offering “20 Years After 9/11: A Selection of Webinars“. It’s a means of revisiting the origins of the war on terror in 2001.

“To commemorate 9/11,” the post begins, “HSDL has selected upcoming webinars from various research centers and think tanks, highlighting personal memories as well as global repercussions. Among these webinars is a seminar from the National Maritime Historical Society titled Remembering the 9/11 Boatlift: The Largest Water Evacuation in American History. This event is a tribute to the maritime efforts that successfully evacuated more than 500,000 civilians in just 9 hours- a rescue effort coordinated by the New York City Fire Department and the U.S. Coast Guard. It will begin with a screening of the short documentary film Boatlift: An Untold Tale of 9/11 Resilience narrated by Tom Hanks and will continue with a panel discussion.

To examine the lasting impact of 9/11 globally, the Wilson Center will host a virtual event with a regional focus on the Middle East, South Asia, and Europe. “Global Impact of 9/11: Twenty Years On” will feature a discussion with experts on the legacy of 9/11 with regard to regional instability, jihadism, politics, and U.S. global leadership.”

It’s necessary, however, to have password access to the Center for Homeland Defense and Security (CHDS) to reach these materials.

+To comm

Doug Bedell — August 30, 2021, 11:42 am

Origins of COVID-19 Being Explored by U.S. Intelligence Agencies


The U.S.intelligence community (IC) has assessed the origins of COVID-19 and reached these tentative conclusions:

• “Four IC elements and the National Intelligence Council assess with low confidence that the initial SARS-CoV-2 infection was most likely caused by natural exposure to an animal infected with it or a close progenitor virus—a virus that probably would be more than 99 percent similar to SARS-CoV-2. These analysts give weight to China’s officials’ lack of foreknowledge, the numerous vectors for natural exposure, and other factors.

• “One IC element assesses with moderate confidence that the first human infection with SARS-CoV-2 most likely was the result of a laboratory-associated incident, probably involving experimentation, animal handling, or sampling by the Wuhan Institute of Virology. These analysts give weight to the inherently risky nature of work on coronaviruses.

• “Analysts at three IC elements remain unable to coalesce around either explanation without additional information, with some analysts favoring natural origin, others a laboratory origin, and some seeing the hypotheses as equally likely.

• “Variations in analytic views largely stem from differences in how agencies weigh intelligence reporting and scientific publications, and intelligence and scientific gaps.”

“The IC judges they will be unable to provide a more definitive explanation for the origin of COVID-19 unless new information allows them to determine the specific pathway for initial natural contact with an animal or to determine that a laboratory in Wuhan was handling SARS-CoV-2 or a close progenitor virus before COVID-19 emerged.”

Doug Bedell — August 27, 2021, 2:20 pm

Google, Microsoft, Others Investing Big Cybersecurity Bucks


The HackerNews reports that Google and Microsoft “are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks to data, organizations, and governments worldwide.

“The White House cybersecurity meeting, which brought together executives from the education, energy, finance, insurance, and tech sectors, included companies like ADP, Amazon, Apple, Bank of America, Code.org, Girls Who Code, Google, IBM, JPMorgan Chase, Microsoft, and Vantage Group, among others.

“To that end,” the announcement continued, “the U.S. government on Wednesday announced a collaboration between the National Institute of Standards and Technology (NIST) and industry partners to develop a new framework to improve the security and integrity of the technology supply chain, alongside plans to expand the Industrial Control Systems Cybersecurity Initiative to secure natural gas pipelines.”

May pledges like these insure that we get the cyber scene under secure control.