Tag Archives: Cybersecurity

Cybersecurity and digital trade: What role for international trade rules?

By Joshua P. Meltzer – Trade and cybersecurity are increasingly intertwined. The global expansion of the internet and increased use of data flows by businesses and consumers—for communication, e-commerce, and as a source of information and innovation—are transforming international trade. The spread of artificial intelligence, the “internet of things,” (IoT) and cloud computing will accelerate the global connectivity of businesses, governments, and supply chains.

As this connectivity grows, however, so does our exposure to the risks and costs of cyberattacks. As the President’s National Security Telecommunications Advisory Council observed, the U.S. is “faced with a progressively worsening cybersecurity threat environment and an ever-increasing dependence on internet technologies fundamental to public safety, economic prosperity, and overall way of life. Our national security is now inexorably linked to cybersecurity.

Not only are traditional defense and other national security targets at risk of cyberattack, so too is the broader economy. This includes critical infrastructure—such as telecommunications, transport, and health care—which relies on software to network services. There is also cybertheft of intellectual property (IP) and manipulation of online information. More broadly, these risks undermine business and consumer trust in the internet as a basis for commerce and trade.

Many countries are adopting policy measures to respond to the threat. According to one estimate, at least 50 percent of countries have adopted cybersecurity policies and regulations. more>

Introducing Cybersecurity Insights: Director’s Corner

By Matthew Scholl – The Director’s Corner will highlight how NIST’s cybersecurity, privacy, and information security-related projects are making a difference in the field and leading the charge to make positive changes.

I believe the greatest accomplishment for the division, and what I am most proud of, is how we work globally — and the way we work in an open, transparent, and inclusive process. This is especially true in the development and standardization of cryptography. This process, coupled with NISTs technical excellence in crypto, results in NIST encryption used by commercial IT products across the world. This underlying encryption enables billions of dollars of electronic commerce to function­; such as swiping credit cards at the grocery store — to online purchases — to major financial exchanges.

As we look at 2020 and beyond, NIST will update our encryption standards and ensure that encryption will continue to enable the economy and protect our livelihood. The biggest thing coming in the future (that you will hear more and more about), is in the area of quantum resistant cryptography. NIST is building open, transparent, and inclusive encryption methods with our global partners for new sets of encryption that are needed when quantum computing becomes a reality.

Quantum computing is a completely new method and architecture of conducting computational activity (or way to generate information). When a quantum computer finally is strong enough, some of our current encryption will become vulnerable. Therefore, NIST is proactively working to create new encryption standards. more>

Updates from ITU

Meet your virtual avatar: the future of personalized healthcare
ITU News – Tingly? Sharp? Electric? Dull? Pulsing?

Trying to describe a pain you feel to your doctor can be a difficult task. But soon, you won’t have to: a computer avatar is expected to tell your doctor everything they need to know.

The CompBioMed Centre of Excellence, an international consortium of universities and industries, is developing a program that creates a hyper-personalized avatar or ‘virtual human’ using a supercomputer-generated simulation of an individual’s physical and biomedical information for clinical diagnostics.

There is a rapid and growing need for this kind of technology-enabled healthcare. 12 million people who seek outpatient medical care in the U.S. experience some form of diagnostic error. Additionally, the World Health Organization estimates that there will be a global shortage of 12.9 million healthcare workers by 2035.

Greater access to technology-enabled healthcare will allow doctors to make better and faster diagnoses – and provide the tools to collect the necessary data.

The Virtual Human project combines different kinds of patient data that are routinely generated as part of the current healthcare system, such as x-rays, CAT scans or MRIs to create a personalized virtual avatar. more>

Related>

Updates from Datacenter.com

What is a DDoS attack and how to mitigate it?
Datacenter.com – A Distributed Denial-of-Service (DDoS) attack is a malicious attempt to disrupt the traffic of a targeted server, service or network by overwhelming it with a flood of internet traffic (Cloudflare, 2019).

DDoS attacks are much like traffic on a highway. Imagine regular traffic moving at a steady pace and cars on their way to their desired destination. If a flood of cars enters the highway at a particular point, it significantly delays or prevents the cars behind them from reaching their destination at the time they should.

In 2018, more than 400,000 DDoS attacks were reported worldwide (CALYPTIX, 2018). In 2018’s 4th quarter, Great Britain was responsible for 2.18% of these attacks, a staggering difference compared to 2019’s 1st quarter of 0.66% (Gutnikov, 2019).

The goal of this attack is to create congestion by consuming all available bandwidth utilized by the target to access the wider internet it wishes to interact with (Cloudflare, 2019). Large amounts of data are sent to the target by utilizing a form of amplification or another means of creating massive traffic, such as requests from a botnet (which is a group of devices infected with malware that an attacker has remote control over). more>

Related>

Updates from Ciena

Following the 3-pillar approach to effective security strategy
Large-scale data breaches are reported in the press almost daily, with devastating consequences for the organizations and individuals involved. A multi-layer security strategy minimizes cybersecurity risks for your organization and streamlines the compliance journey in the run-up to upcoming legislation.
By Paulina Gomez – Technology innovation – the continued evolution of cloud computing, the rapid increase in Internet of Things (IoT) and the growth of Artificial Intelligence (AI) – is expected to drive a 100x increase in connected devices and a 1,000x increase in data traffic by 2020 (2016 Mobility Report, November 2016, Ericsson). Each new device doesn’t just drive traffic, it also dramatically expands the network attack surface – increasing the opportunity of cybercriminals to leverage sophisticated methods to exploit these opportunities.

In response to the rapidly evolving cybersecurity threat landscape, regulations around the world are upping the pressure on organizations to protect their sensitive customer and operational data. The maximum fine for a data breach in the upcoming European General Data Protection Regulation (GDPR), for example, could be up to 4% of global revenues; enough to put even large organizations out of business.

How can an organization minimize its security risks? It’s about more than just encryption and firewalls. A comprehensive, multi-layer security strategy is vital to an effective defense.

By following these three key pillars to achieve the confidentiality, integrity, and availability of data in your network, you will be protecting your data, your customers, and your business. more>

Updates from Ciena

Following the 3-pillar approach to effective security strategy
By Paulina Gomez – In response to the rapidly evolving cybersecurity threat landscape, regulations around the world are upping the pressure on organizations to protect their sensitive customer and operational data. The maximum fine for a data breach in the upcoming European General Data Protection Regulation (GDPR), for example, could be up to 4% of global revenues; enough to put even large organizations out of business.

How can an organization minimize its security risks?

It’s about more than just encryption and firewalls. A comprehensive, multi-layer security strategy is vital to an effective defense. By following these three key pillars to achieve the confidentiality, integrity, and availability of data in your network, you will be protecting your data, your customers, and your business.

The central driving vision for any data security approach is to ensure customer data remains confidential at all times. This requires an end-to-end security solution protecting network traffic from the end point to the data center. more>

Updates from Ciena

Virtualizing the World of Cable
By Wayne Hickey – When cable operators saw huge demands in linear video, Video-on-Demand (VoD) and high-speed data services, and faced with an aging analog infrastructure, they moved to a Converged Cable Access Platform (CCAP) to increase capacity and throughput. CCAP combines headend functions into a single architecture by combing Edge Quadrature Amplitude Modulation (EQAM) and Cable Modem Termination System (CMTS).

Back in June 2011, CableLabs created CCAP by blending two competing platforms, a Comcast-backed Converged Multiservice Access Platform (CMAP) and a Time Warner Cable Converged Edge Services Access Router (CESAR) platform. The following year CCAP products were introduced, and deployed the year after.

Fast forward to today, cable operators are looking to implement software-based access platforms, migrate away from commonly deployed centralized, purpose-built CCAP equipment, and virtualize CCAP (vCCAP) — and thus begin the shift to a Distributed Access Architecture (DAA). Developed by CableLabs, vCCAP is the latest cable technologies that combines functions including the CMTS and EQAM.

Virtualizing and distributing MAC and PHY functions enables digital combining, eliminates analog optics with cost effective 10G Ethernet transport, and converts analog fiber nodes to digital optic IP-enabled devices. DAA makes it easier to push fiber deeper into the edge of the network, and along with the ability to support denser wavelengths for each fiber, digital optics greatly improves Carrier-to-Noise-Ratio (CNR), which will enable higher orders of QAM on the coax and higher performance DOCSIS technologies. more> https://goo.gl/EoPwPL

Related>

Cyberwar: A guide to the frightening future of online conflict

By Steve Ranger – At its core, cyberwarfare is the use of digital attacks by one country or nation to disrupt the computer systems of another with the aim of create significant damage, death or destruction.

Governments and intelligence agencies worry that digital attacks against vital infrastructure — like banking systems or power grids — will give attackers a way of bypassing a country’s traditional defenses.

And unlike standard military attacks, a cyberattack can be launched instantaneously from any distance, with little obvious evidence in the build-up, and it is often extremely hard to trace such an attack back to its originators. Modern economies, underpinned by computer networks that run everything from sanitation to food distribution and communications, are particularly vulnerable to such attacks, especially as these systems are in the main poorly designed and protected.

Attacks by individual hackers, or even groups of hackers, would not usually be considered to be cyberwarfare, unless they were being aided and directed by a state. more> https://goo.gl/U3S5Ds

Why cyber warfare isn’t

By Mike Hearn – One of the issues (though not at all the only one) is how governments understand the term “cyber warfare”. This term has spread rapidly throughout government in the past 20 years. Presidents, Prime Ministers, generals and journalists all believe they understand what “cyber warfare” is, but they don’t and this lack of understanding leads to events like today’s.

The big problem is that cyber warfare is totally different to normal warfare, in fact it’s so different that calling it warfare at all is meaningless. In regular warfare you can build up your own defenses without improving your opponent’s defenses, and you can develop new weapons that your opponents will not have. This basic asymmetry is key to the very concept of war: the side with the better weapons, defenses and tactics should normally win.

But cyber warfare doesn’t work like that. Because everyone uses the same software infrastructure, and the “weapons” are nothing more than weaknesses in that global infrastructure, building up your own defenses by fixing problems inherently builds up your opponents defenses too. And developing new “weapons” is only possible if your opponents are able to develop the very same weapons for themselves, by exploiting the very same vulnerabilities in your country that you are exploiting in theirs.

Governments have huge problems understanding this fact because politicians tend to reflexively trust their own intelligence agencies, who deliberately obfuscate about it. more> https://goo.gl/t1YWuS

Related>

What’s Wrong With America’s Current Approach to Cybersecurity?

By Gregory Michaelidis – Go behind the headlines of the latest megahack, and what you’ll find is a growing public-safety and national-security crisis.

We are barely discussing how to help people help themselves in the digital world, let alone do their part in protecting our major networks and critical infrastructure.

Until we embrace a vision of public cybersecurity that sees people, at all ranges of skill, as essential to our collective security, there will be no widespread cybersecurity.

Right now, America’s collective cybersecurity effort is headed toward near-certain failure for reasons within our own control. In less than a decade — thanks to the influx of dollars and high-level policy and press attention — cybersecurity has transformed what is actually a “people problem with a technology component” into its exact opposite.

Official Washington and Silicon Valley have adopted a set of faulty assumptions about cybersecurity and internalized them to such a degree it’s practically a new religion, somewhere between late-19th-century technological determinism and medieval alchemy. more>