Tag Archives: Cybersecurity

Why cyber warfare isn’t

By Mike Hearn – One of the issues (though not at all the only one) is how governments understand the term “cyber warfare”. This term has spread rapidly throughout government in the past 20 years. Presidents, Prime Ministers, generals and journalists all believe they understand what “cyber warfare” is, but they don’t and this lack of understanding leads to events like today’s.

The big problem is that cyber warfare is totally different to normal warfare, in fact it’s so different that calling it warfare at all is meaningless. In regular warfare you can build up your own defenses without improving your opponent’s defenses, and you can develop new weapons that your opponents will not have. This basic asymmetry is key to the very concept of war: the side with the better weapons, defenses and tactics should normally win.

But cyber warfare doesn’t work like that. Because everyone uses the same software infrastructure, and the “weapons” are nothing more than weaknesses in that global infrastructure, building up your own defenses by fixing problems inherently builds up your opponents defenses too. And developing new “weapons” is only possible if your opponents are able to develop the very same weapons for themselves, by exploiting the very same vulnerabilities in your country that you are exploiting in theirs.

Governments have huge problems understanding this fact because politicians tend to reflexively trust their own intelligence agencies, who deliberately obfuscate about it. more> https://goo.gl/t1YWuS


What’s Wrong With America’s Current Approach to Cybersecurity?

By Gregory Michaelidis – Go behind the headlines of the latest megahack, and what you’ll find is a growing public-safety and national-security crisis.

We are barely discussing how to help people help themselves in the digital world, let alone do their part in protecting our major networks and critical infrastructure.

Until we embrace a vision of public cybersecurity that sees people, at all ranges of skill, as essential to our collective security, there will be no widespread cybersecurity.

Right now, America’s collective cybersecurity effort is headed toward near-certain failure for reasons within our own control. In less than a decade — thanks to the influx of dollars and high-level policy and press attention — cybersecurity has transformed what is actually a “people problem with a technology component” into its exact opposite.

Official Washington and Silicon Valley have adopted a set of faulty assumptions about cybersecurity and internalized them to such a degree it’s practically a new religion, somewhere between late-19th-century technological determinism and medieval alchemy. more> https://goo.gl/elH8r2

The identity threat

By Teri Takai – The big problem for many government agencies is that most of them still rely on declarative legacy roles, rubber-stamping certifications and manual processes to manage identities and roles — all of which expose them to continual and multiple access risks. External threat actors compromise identities to evade detection from existing defenses, while insiders work under the radar to access data for exfiltration.

To provide a robust defense and protect the identity-based perimeter, government agencies must consider new thinking and approaches.

The core issue is security leaders are not attacking the evolving security landscape through proactive planning and change management. Instead, they are stuck in a reactive mode.

It is not hard to understand why: the user profile is 24-7, global, instantaneous, and rich in consumer-driven IT. more> https://goo.gl/X59JUA

Updates from Georgia Tech

Four-Stroke Engine Cycle Produces Hydrogen from Methane and Captures CO<sub2
By John Toon – When is an internal combustion engine not an internal combustion engine? When it’s been transformed into a modular reforming reactor that could make hydrogen available to power fuel cells wherever there’s a natural gas supply available.

By adding a catalyst, a hydrogen separating membrane and carbon dioxide sorbent to the century-old four-stroke engine cycle, researchers have demonstrated a laboratory-scale hydrogen reforming system that produces the green fuel at relatively low temperature in a process that can be scaled up or down to meet specific needs. The process could provide hydrogen at the point of use for residential fuel cells or neighborhood power plants, electricity and power production in natural-gas powered vehicles, fueling of municipal buses or other hydrogen-based vehicles, and supplementing intermittent renewable energy sources such as photovoltaics.

Known as the CO2/H2 Active Membrane Piston (CHAMP) reactor, the device operates at temperatures much lower than conventional steam reforming processes, consumes substantially less water and could also operate on other fuels such as methanol or bio-derived feedstock. It also captures and concentrates carbon dioxide emissions, a by-product that now lacks a secondary use – though that could change in the future.

Unlike conventional engines that run at thousands of revolutions per minute, the reactor operates at only a few cycles per minute – or more slowly – depending on the reactor scale and required rate of hydrogen production. And there are no spark plugs because there’s no fuel combusted. more> https://goo.gl/h4K7fV


Updates from Aalto University

A new method for converting wastewater nutrients into fertilizer
By Riku Vahala – Researchers of Aalto University have developed a new, energy-efficient method for capturing nitrogen and phosphorus from different liquid waste fractions. In laboratory studies, with the help of the method, it is possible to separate 99% of the nitrogen and 90-99% of phosphorus in wastewater and produce granular ammonium sulphate (NH4)2SO4 and phosphorus precipitate suitable for fertilizers.

The capture method is based on the use of calcium hydroxide Ca(OH)2 to convert ammoniacal nitrogen NH4+ into ammoniacal gas NH3, which are separated through a semi-permeable membrane. Following this, the ammonium is dissolved into sulphuric acid to produce ammonium sulphate. In the process, the phosphorus is precipitated with the help of calcium salt.

‘A patent application for the method is currently under way, and the aim of the project is to find company partners who could make use of the patent in the best possible manner, create products with its help and market the new process. If successful, the new process will also create a competitive export product’, Anna Mikola, DSc (Tech), points out. more> https://goo.gl/kOrqHP


Dramatically reducing software vulnerabilities

By Paul E. Black, Larry Feldman, and Greg Witte – There are varied approaches to reducing software vulnerabilities, many of which are not primarily technical. These approaches cover many aspects of the development life cycle.

For example, helping users to meaningfully describe security needs may help to ensure that security is built into the products. Similarly, improving training for those who design, build, test, and use software will help to avoid, detect, and correct product defects

Practical changes in the development approach can significantly reduce the number of these errors, vastly improving the quality of the resulting product. Understanding the specific impact of each approach requires effective methods to measure software quality – such measurement itself is a difficult challenge. more> https://goo.gl/4zU50z

2017 Will Be The Year Of Cyber Warfare

By Paul Laudicina – I am pleased to share the “top ten” predictions for the year ahead from A.T. Kearney’s Global Business Policy Council.

The first prediction among these top ten, that a crippling cyber attack on critical infrastructure in a major economy will occur—an attack we all won’t miss in the headlines, or forget —is the one I believe merits the most attention. It demonstrates clearly that the current power politics dynamic has shifted dramatically. In the space of the last half century, hard power has given way to soft power which has in turn now yielded increasingly to cyber power.

And the challenge to leadership at every level of both the public and private sector to protect our physical, financial, institutional and ideological assets is considerable.

During the mid-20th century, “hard” military and economic might was how power was measured, with the high costs of “mutually assured destruction” acting as a deterrent against another world war.

After the fall of the Berlin wall, “soft” power, the ability to shape the preferences of others “through attraction rather than coercion or payments,” became the most influential medium advancing the interests of great powers, particularly the United States with its dominance in media, entertainment, lifestyle, and popular culture. more> https://goo.gl/ya3PyZ

The Pirates Who Stole Netflix

By Elaine Ou – Friday’s (Oct 21) attack was a Distributed Denial of Service, an attempt to make an online service unavailable by overwhelming it with junk traffic from multiple sources. Attackers amass their armies by scanning the internet for devices protected by default passwords and dropping malicious software into them. Infected machines become “bots” that can be controlled remotely, without their owners’ knowledge, and used to go after any target. This most recent attack used a botnet estimated to be millions of devices strong.

For many Americans, disabling Netflix on a Friday evening is about as close as it gets to an act of war . But what does a cyberwar look like?

During the rise of seaborne trade, the East India companies sailed merchant ships full of gold and jewels across the Indian Ocean while Spanish treasure galleons carried silver between Latin America and the coast of Spain. The inability of European powers to secure their shipping routes led hundreds of thousands of sailors to seek lucrative careers as pirates. more> https://goo.gl/S8m7O4


Updates from Georgia Tech

Study Finds “Lurking Malice” in Cloud Hosting Services
By John Toon – “Bad actors have migrated to the cloud along with everybody else,” said Raheem Beyah, a professor in Georgia Tech’s School of Electrical and Computer Engineering. “The bad guys are using the cloud to deliver malware and other nefarious things while remaining undetected. The resources they use are compromised in a variety of ways, from traditional exploits to simply taking advantage of poor configurations.”

Beyah and graduate student Xiaojing Liao found that the bad actors could hide their activities by keeping components of their malware in separate repositories that by themselves didn’t trigger traditional scanners. Only when they were needed to launch an attack were the different parts of this malware assembled.

“Some exploits appear to be benign until they are assembled in a certain way,” explained Beyah, who is the Motorola Foundation Professor and associate chair for strategic initiatives and innovation in the School of Electrical and Computer Engineering. “When you scan the components in a piecemeal kind of way, you only see part of the malware, and the part you see may not be malicious.”

In the cloud, malicious actors take advantage of how difficult it can be to scan so much storage. Operators of cloud hosting services may not have the resources to do the deep scans that may be necessary to find the Bars – and their monitoring of repositories may be limited by service-level agreements. more> https://goo.gl/hiLHXk


Updates from Georgia Tech

Georgia Tech Research Finds Fan Communities Are Reshaping the Social Web for the Better
By Joshua Preston – Modern fan groups predate the Internet by more than half a century (think Star Trek conventions), and their shared interests include everything from science fiction to knitting. But replicating the connections fans make in person in a digital space has proved difficult.

Instead, groups with special interests are often forced onto Facebook and other social media with a one-size-fits-all approach to interacting online.

By adopting a user-centric approach to design, this community has created a rarity on the web, a “digital commons” without advertising where harassment is almost nonexistent, and a large installed audience enjoys a culture of genuine diversity.

The study, from Georgia Tech and University of Colorado-Boulder, is based on the website Archive of Our Own (AO3), an 840,000 member community of fan fiction or “fanfic” writers who post and share user-generated content. The site was launched in 2008 and boasts nearly 2 million story posts to date.

“AO3’s success demonstrates how beneficial it is to have a technology’s users as part of its development team,” said Casey Fiesler, lead researcher on the study while a Ph.D. candidate at Georgia Tech, and now assistant professor at University of Colorado-Boulder.

“What makes the rise of this online platform exceptional is that it was built primarily by its fans, some of whom started with little or no programming experience,” said Amy Bruckman, a professor of Interactive Computing at Georgia Tech and author on the study. more> http://goo.gl/KHngV9