Tag Archives: Cybersecurity

Updates from Ciena

Virtualizing the World of Cable
By Wayne Hickey – When cable operators saw huge demands in linear video, Video-on-Demand (VoD) and high-speed data services, and faced with an aging analog infrastructure, they moved to a Converged Cable Access Platform (CCAP) to increase capacity and throughput. CCAP combines headend functions into a single architecture by combing Edge Quadrature Amplitude Modulation (EQAM) and Cable Modem Termination System (CMTS).

Back in June 2011, CableLabs created CCAP by blending two competing platforms, a Comcast-backed Converged Multiservice Access Platform (CMAP) and a Time Warner Cable Converged Edge Services Access Router (CESAR) platform. The following year CCAP products were introduced, and deployed the year after.

Fast forward to today, cable operators are looking to implement software-based access platforms, migrate away from commonly deployed centralized, purpose-built CCAP equipment, and virtualize CCAP (vCCAP) — and thus begin the shift to a Distributed Access Architecture (DAA). Developed by CableLabs, vCCAP is the latest cable technologies that combines functions including the CMTS and EQAM.

Virtualizing and distributing MAC and PHY functions enables digital combining, eliminates analog optics with cost effective 10G Ethernet transport, and converts analog fiber nodes to digital optic IP-enabled devices. DAA makes it easier to push fiber deeper into the edge of the network, and along with the ability to support denser wavelengths for each fiber, digital optics greatly improves Carrier-to-Noise-Ratio (CNR), which will enable higher orders of QAM on the coax and higher performance DOCSIS technologies. more> https://goo.gl/EoPwPL

Related>

Cyberwar: A guide to the frightening future of online conflict

By Steve Ranger – At its core, cyberwarfare is the use of digital attacks by one country or nation to disrupt the computer systems of another with the aim of create significant damage, death or destruction.

Governments and intelligence agencies worry that digital attacks against vital infrastructure — like banking systems or power grids — will give attackers a way of bypassing a country’s traditional defenses.

And unlike standard military attacks, a cyberattack can be launched instantaneously from any distance, with little obvious evidence in the build-up, and it is often extremely hard to trace such an attack back to its originators. Modern economies, underpinned by computer networks that run everything from sanitation to food distribution and communications, are particularly vulnerable to such attacks, especially as these systems are in the main poorly designed and protected.

Attacks by individual hackers, or even groups of hackers, would not usually be considered to be cyberwarfare, unless they were being aided and directed by a state. more> https://goo.gl/U3S5Ds

Why cyber warfare isn’t

By Mike Hearn – One of the issues (though not at all the only one) is how governments understand the term “cyber warfare”. This term has spread rapidly throughout government in the past 20 years. Presidents, Prime Ministers, generals and journalists all believe they understand what “cyber warfare” is, but they don’t and this lack of understanding leads to events like today’s.

The big problem is that cyber warfare is totally different to normal warfare, in fact it’s so different that calling it warfare at all is meaningless. In regular warfare you can build up your own defenses without improving your opponent’s defenses, and you can develop new weapons that your opponents will not have. This basic asymmetry is key to the very concept of war: the side with the better weapons, defenses and tactics should normally win.

But cyber warfare doesn’t work like that. Because everyone uses the same software infrastructure, and the “weapons” are nothing more than weaknesses in that global infrastructure, building up your own defenses by fixing problems inherently builds up your opponents defenses too. And developing new “weapons” is only possible if your opponents are able to develop the very same weapons for themselves, by exploiting the very same vulnerabilities in your country that you are exploiting in theirs.

Governments have huge problems understanding this fact because politicians tend to reflexively trust their own intelligence agencies, who deliberately obfuscate about it. more> https://goo.gl/t1YWuS

Related>

What’s Wrong With America’s Current Approach to Cybersecurity?

By Gregory Michaelidis – Go behind the headlines of the latest megahack, and what you’ll find is a growing public-safety and national-security crisis.

We are barely discussing how to help people help themselves in the digital world, let alone do their part in protecting our major networks and critical infrastructure.

Until we embrace a vision of public cybersecurity that sees people, at all ranges of skill, as essential to our collective security, there will be no widespread cybersecurity.

Right now, America’s collective cybersecurity effort is headed toward near-certain failure for reasons within our own control. In less than a decade — thanks to the influx of dollars and high-level policy and press attention — cybersecurity has transformed what is actually a “people problem with a technology component” into its exact opposite.

Official Washington and Silicon Valley have adopted a set of faulty assumptions about cybersecurity and internalized them to such a degree it’s practically a new religion, somewhere between late-19th-century technological determinism and medieval alchemy. more> https://goo.gl/elH8r2

The identity threat

By Teri Takai – The big problem for many government agencies is that most of them still rely on declarative legacy roles, rubber-stamping certifications and manual processes to manage identities and roles — all of which expose them to continual and multiple access risks. External threat actors compromise identities to evade detection from existing defenses, while insiders work under the radar to access data for exfiltration.

To provide a robust defense and protect the identity-based perimeter, government agencies must consider new thinking and approaches.

The core issue is security leaders are not attacking the evolving security landscape through proactive planning and change management. Instead, they are stuck in a reactive mode.

It is not hard to understand why: the user profile is 24-7, global, instantaneous, and rich in consumer-driven IT. more> https://goo.gl/X59JUA

Updates from Georgia Tech

Four-Stroke Engine Cycle Produces Hydrogen from Methane and Captures CO<sub2
By John Toon – When is an internal combustion engine not an internal combustion engine? When it’s been transformed into a modular reforming reactor that could make hydrogen available to power fuel cells wherever there’s a natural gas supply available.

By adding a catalyst, a hydrogen separating membrane and carbon dioxide sorbent to the century-old four-stroke engine cycle, researchers have demonstrated a laboratory-scale hydrogen reforming system that produces the green fuel at relatively low temperature in a process that can be scaled up or down to meet specific needs. The process could provide hydrogen at the point of use for residential fuel cells or neighborhood power plants, electricity and power production in natural-gas powered vehicles, fueling of municipal buses or other hydrogen-based vehicles, and supplementing intermittent renewable energy sources such as photovoltaics.

Known as the CO2/H2 Active Membrane Piston (CHAMP) reactor, the device operates at temperatures much lower than conventional steam reforming processes, consumes substantially less water and could also operate on other fuels such as methanol or bio-derived feedstock. It also captures and concentrates carbon dioxide emissions, a by-product that now lacks a secondary use – though that could change in the future.

Unlike conventional engines that run at thousands of revolutions per minute, the reactor operates at only a few cycles per minute – or more slowly – depending on the reactor scale and required rate of hydrogen production. And there are no spark plugs because there’s no fuel combusted. more> https://goo.gl/h4K7fV

Related>

Updates from Aalto University

A new method for converting wastewater nutrients into fertilizer
By Riku Vahala – Researchers of Aalto University have developed a new, energy-efficient method for capturing nitrogen and phosphorus from different liquid waste fractions. In laboratory studies, with the help of the method, it is possible to separate 99% of the nitrogen and 90-99% of phosphorus in wastewater and produce granular ammonium sulphate (NH4)2SO4 and phosphorus precipitate suitable for fertilizers.

The capture method is based on the use of calcium hydroxide Ca(OH)2 to convert ammoniacal nitrogen NH4+ into ammoniacal gas NH3, which are separated through a semi-permeable membrane. Following this, the ammonium is dissolved into sulphuric acid to produce ammonium sulphate. In the process, the phosphorus is precipitated with the help of calcium salt.

‘A patent application for the method is currently under way, and the aim of the project is to find company partners who could make use of the patent in the best possible manner, create products with its help and market the new process. If successful, the new process will also create a competitive export product’, Anna Mikola, DSc (Tech), points out. more> https://goo.gl/kOrqHP

Related>

Dramatically reducing software vulnerabilities

By Paul E. Black, Larry Feldman, and Greg Witte – There are varied approaches to reducing software vulnerabilities, many of which are not primarily technical. These approaches cover many aspects of the development life cycle.

For example, helping users to meaningfully describe security needs may help to ensure that security is built into the products. Similarly, improving training for those who design, build, test, and use software will help to avoid, detect, and correct product defects

Practical changes in the development approach can significantly reduce the number of these errors, vastly improving the quality of the resulting product. Understanding the specific impact of each approach requires effective methods to measure software quality – such measurement itself is a difficult challenge. more> https://goo.gl/4zU50z

2017 Will Be The Year Of Cyber Warfare

By Paul Laudicina – I am pleased to share the “top ten” predictions for the year ahead from A.T. Kearney’s Global Business Policy Council.

The first prediction among these top ten, that a crippling cyber attack on critical infrastructure in a major economy will occur—an attack we all won’t miss in the headlines, or forget —is the one I believe merits the most attention. It demonstrates clearly that the current power politics dynamic has shifted dramatically. In the space of the last half century, hard power has given way to soft power which has in turn now yielded increasingly to cyber power.

And the challenge to leadership at every level of both the public and private sector to protect our physical, financial, institutional and ideological assets is considerable.

During the mid-20th century, “hard” military and economic might was how power was measured, with the high costs of “mutually assured destruction” acting as a deterrent against another world war.

After the fall of the Berlin wall, “soft” power, the ability to shape the preferences of others “through attraction rather than coercion or payments,” became the most influential medium advancing the interests of great powers, particularly the United States with its dominance in media, entertainment, lifestyle, and popular culture. more> https://goo.gl/ya3PyZ

The Pirates Who Stole Netflix

By Elaine Ou – Friday’s (Oct 21) attack was a Distributed Denial of Service, an attempt to make an online service unavailable by overwhelming it with junk traffic from multiple sources. Attackers amass their armies by scanning the internet for devices protected by default passwords and dropping malicious software into them. Infected machines become “bots” that can be controlled remotely, without their owners’ knowledge, and used to go after any target. This most recent attack used a botnet estimated to be millions of devices strong.

For many Americans, disabling Netflix on a Friday evening is about as close as it gets to an act of war . But what does a cyberwar look like?

During the rise of seaborne trade, the East India companies sailed merchant ships full of gold and jewels across the Indian Ocean while Spanish treasure galleons carried silver between Latin America and the coast of Spain. The inability of European powers to secure their shipping routes led hundreds of thousands of sailors to seek lucrative careers as pirates. more> https://goo.gl/S8m7O4

Related>