Category Archives: Internet Security
France, Egypt, and India Can Help to Spread Security from Mediterranean to the Indo-Pacific – War on the Rocks
In March 2021, the container ship Ever Given got stuck in the Suez Canal for six days, triggering a worldwide supply-chain crisis with extensive economic consequences. This incident was a powerful reminder of how intertwined the Mediterranean Sea and the Indo-Pacific are. Yet, these two maritime areas are often seen as separate regions despite a growing list of shared challenges from climate to trade and security. Russias war in Ukraine has only added to this connectivity by destabilizing the energy market and provoking a food crisis.
Addressing these challenges requires overcoming the limits of existing institutions and multilateral formats, which are often restricted in their geographical scope, or paralyzed by internal divisions. In this context, innovative coalitions are emerging to tackle transnational issues, as recently illustrated with the Quad and the Israel-India-United Arab Emirates-United States I2U2 grouping. Cooperation between France, Egypt, and India could add an important new element to this web of overlapping coalitions.
Trilateral engagement between Paris, Cairo, and New Delhi would serve as a geostrategic corridor that connects the Mediterranean to the Indo-Pacific and allows the three countries to work together when interests align without being bound in a formal structure. To succeed, the three countries should refrain from pursuing far-fetched objectives, and instead focus on tangible issues such as maritime security, undersea cables, and food resilience.
Converging Geostrategic Interests
The potential for trilateral cooperation between France, Egypt, and India stems from their converging geostrategic interests. All three countries are maritime nations that are committed to preserving the stability of the transoceanic space stretching from the Mediterranean Sea to the Indo-Pacific. They share the same concern: that growing geopolitical tensions could jeopardize such stability, as recently witnessed in the Eastern Mediterranean and the Strait of Hormuz. The three countries are also aware of the destabilizing impact of climate change on the oceans, as illustrated by mounting illegal fishing activities and natural disasters.
Paris, Cairo, and New Delhi are also collectively facing the aftershocks of Russias war against Ukraine, specifically in the form of energy and food insecurity. Although the three countries are not perfectly aligned in their approach to this conflict, they have nonetheless displayed a common desire to address these challenges. On the energy front, France, like the rest of Europe, must find alternative gas and oil suppliers as the continent begins an energy divorce with Russia. Here, Cairo has positioned itself as a geostrategic partner to Europe, leveraging its status as the architect of gas production in the eastern Mediterranean. Egypt, in turn, as the worlds largest importer of wheat, has been hit particularly hard by the war. Cairo has been forced to diversify its wheat suppliers and look towards India and France as more reliable sources.
Strong Bilateral Partnerships
France, Egypt, and India have already built strong bilateral partnerships over the past few years. Since the 1990s, Paris and New Delhi have managed to develop a deep strategic partnership in key security areas such as maritime, space, and cyber as well as defense procurement. Since the 2010s, France and Egypt have progressively strengthened their defense cooperation, as demonstrated by Cairos acquisition of French Rafale jets and two Mistral helicopter carriers, along with joint maritime exercises in the Red Sea.
There is a historical affinity between Cairo and New Delhi because of their self-proclaimed status as civilization-states, demographic hegemony within their respective regions, geographic centrality, and well-earned geopolitical aspirations. From their shared struggle for independence against the British Empire to founding and leading the Non-Aligned Movement at the height of the Cold War, Egypt and India have long maintained close ties. Following Egypts transition from the Soviet to the American bloc after the 1978 Camp David Accords, bilateral relations cooled off and did not live up to their potential. Policymakers in Cairo and New Delhi bilaterally or within a Indo-Abrahamic framework now aim to revive them. President Abdel-Fattah el-Sisi and Prime Minister Narendra Modi have met in person several times, maintain a friendly and cooperative relationship, and have shown a clear appetite for closer ties. Both countries have recently increased their cooperation on various issues, including health (with Egypt supporting India during the pandemic), food security (with India supplying wheat to Egypt), and security (with joint air force exercises).
Embracing a Transoceanic Approach
Building on these shared interests, a trilateral partnership between France, Egypt, and India would ensure a much-needed transoceanic approach that would cover the Mediterranean Sea and the Indo-Pacific. In the 19th century, Britains vast imperial endeavor established a transcontinental geostrategic system that spanned from the Mediterranean Sea to the Indian Ocean via Egypts Suez Canal. Yet this transoceanic construct, which existed centuries ago before being appropriated by the British Empire, gradually collapsed following World Wars I and II. The Cold War divided the littoral states of these two maritime regions into warring camps with different sets of interests and objectives. Today, this region is often divided into separate bureaucratic sub-regions. In the U.S. system, for example, parts of it fall under the authority of four different combatant commands: Europe, Central, Africa, and Indo-Pacific.
Yet this transoceanic region remains as important as ever. Suez is a major strategic chokepoint for Europe-Asia trade flows, with 12 percent of global trade and 30 percent of global container traffic crossing the canal. Often overlooked compared to East Asia and the Pacific, the Indian Ocean is also of central importance, with strategic routes for energy shipping and international trade that are increasingly a theater of geopolitical competition.
Given its geopolitical centrality, Egypt would be an anchor point for trilateral cooperation. Egypts civilization and geographic position between Africa, Europe, and Asia places Cairo as a bridge between multiple sub-regions. Over the past few years, Cairo has displayed renewed regional ambitions aimed at making Egypt an integral member state of any strategy that focuses on economic vitality and security among the littoral states of the Mediterranean and the Indian Ocean. These ambitions are reinforced by Egypts concerns about the growing competition in its near environment. Specifically, Cairo is seeking to diversify its partnerships in a context of strategic convergence between Turkey, Iran, and Pakistan across multiple theaters from the eastern Mediterranean Sea to Central Asia.
With a southern maritime coastline in the Mediterranean Sea and overseas territories (and military bases) both in the Indian Ocean and the Pacific, France is also in a unique position to tie together this region. In its 2018 Indo-Pacific strategy, Paris has already started to create bridges between Europe, the Indian Ocean, and the Pacific, with an extensive geographical definition of the Indo-Pacific stretching from Djibouti to Polynesia.
Coalition of Middle Powers
A trilateral arrangement between France, Egypt, and India would be part of a larger network of middle-power coalitions across the Indo-Pacific. As witnessed with the Quad or, more recently, with the Israel-India-United Arab Emirates-United States group (which may eventually extent to include Egypt), these minilateral formats have proliferated in recent years to overcome the limitations of traditional multilateralism. Compared to large organizations that are often paralyzed by consensus rule and internal divisions, these groupings are flexible and pragmatic enough to ensure quick, tangible results. Far from fragmenting international cooperation, these coalitions are actually strengthening multilateralism through their solution-oriented approach.
While traditional multilateral organizations are often built around existing geographical formats, smaller coalitions have helped to enable transregional cooperation. This was the rationale behind the French-Indian-Australian axis that has been promoted by Paris, New Delhi, and Canberra since 2018 in order to address shared challenges in the Indian Ocean and the Pacific. This specific format stalled after AUKUS, but there is now a potential for reviving it following the recent French-Australian rapprochement. More recently, India, France, and the United Arab Emirates have launched a new trilateral dialogue, at the technical level, to explore potential cooperation in the Indo-Pacific region.
The China Question
One potential challenge to trilateral cooperation between France, Egypt, and India could be Chinas reaction, particularly as the three countries have different approaches vis--vis Beijing. France has recently hardened its stance in response to Chinas assertive diplomatic and military posture. India has long pursued a more ambiguous approach, but has recently strengthened its ties with Washington, notably through the Quad, in light of mounting tensions with Beijing. On the other hand, Egypt does not want to choose the United States over China or vice versa. Cairo is a non-NATO ally for Washington but also emerging as a strategic partner for Beijing in Africa and the greater Middle East region. Egypt might be reluctant to engage in a trilateral framework that could be perceived by China as a coalition challenging its interests.
Against this backdrop, France, Egypt, and India should be careful how they frame their cooperation. From the start, they should be clear that such an arrangement would not alter their respective relationships with China, nor force them to choose between rival camps. Far from being a broader strategic alignment between the three countries, this trilateral arrangement would simply seek pragmatic cooperation on issues of shared interest. As outlined by the French defense minister at the Shangri-La Dialogue last June, Frances goal in the region is not to force its partners to join one side or the other, but to pursue a multilateral approach respecting the sovereignty of all. Trilateral cooperation between Paris, Cairo, and New Delhi would therefore counterbalance the conventional description of the Indo-Pacific as a new Cold War theater between the United States and China. Instead of fueling a bipolar competition, a France-Egypt-India framework would offer an alternative approach in which members could strengthen their own autonomy and sovereignty.
Building a Common Agenda
The starting point for a new France-Egypt-India relationship could be a trilateral foreign minister-level meeting, where the three nations agree on common objectives and priorities. Instead of pursuing grand and far-fetched goals, the trilateral format should focus on critical areas such as intelligence sharing, maritime security, cyber security, energy, food security and critical infrastructure such as 5G and undersea cables. Among those areas, three are particularly promising: maritime security, undersea cables, and food resilience.
First, greater cooperation between the French, Egyptian, and Indian navies would contribute to maritime security in the Indian Ocean, the Gulf, and the Mediterranean Sea. To start with, they could share data, including satellite imagery, to build a common operating picture. This would allow them to monitor illegal activities, from unlicensed fishing to piracy. The three navies should also organize joint exercises to build their interoperability and train for different scenarios, from humanitarian assistance to combat missions. This naval cooperation could contribute to ongoing efforts led by organizations such as the Indian Ocean Rim Association, of which France and India are members, and Egypt is a dialogue partner.
Second, Paris, Cairo, and New Delhi should cooperate on securing and even building undersea cables. These critical infrastructure elements carry over 95 percent of international data. Multiple undersea cables pass through the Suez Canal, linking Europe, Africa, the Middle East, and Asia. Up to 30 percent of global internet traffic is believed to flow through the canal. Given the mounting importance of this infrastructure, France, Cairo, and New Delhi should aim to better protect existing cables and also explore potential new cables to meet the growing bandwidth demand.
Third, the three countries should accelerate their collective effort to address the growing food insecurity that has resulted from the war in Ukraine. Paris and New Delhi have already taken encouraging steps. France will increase its wheat export to Egypt. New Delhi has also exempted Cairo from a recent wheat export ban imposed in response to its own limited supplies. Beyond this immediate assistance, the three countries should work on long-term solutions to develop and adapt their food production, notably by supporting the French-led Food and Agriculture Resilience Mission. Launched in response to the war in Ukraine, and supported by the World Food Program, the initiative aims to reduce tensions in agricultural markets and increase agricultural capabilities worldwide. Frances initiative is not the only framework. As part of the Israel-India-United Arab Emirates-United States group, India is committed to providing the needed agricultural land for integrated food parks. New Delhi could provide the same perk to the France-Egypt-India format.
Conclusion
With global disorder intensifying, new formats are needed to overcome the limitations of traditional multilateral institutions. An innovative coalition bringing together France, Egypt, and India would be an imaginative way of addressing transnational challenges affecting the transoceanic space from the Mediterranean Sea to the Indo-Pacific. In the short term, the three countries should be pragmatic and start with concrete cooperation on immediate challenges, such as maritime security, undersea cables, and food resilience. This can then grow into a format capable of engaging on a more global level by coordinating with other issue-based transregional groups, such as Israel-India-United Arab Emirates-United States and the Quad. By doing so, France, Egypt, and India would contribute to an emerging and promising trend of greater integration among the littoral states of Eurasia.
Mohammed Soliman is a manager at McLarty Associates and a non-resident scholar at the Middle East Institute. You can find him on Twitter at @Thisissoliman
Pierre Morcos is a French diplomat in residence and visiting fellow in the Europe, Russia, and Eurasia Program at the Center for Strategic and International Studies in Washington. You can find him on Twitter at @morcos_pierre.
Raja Mohan is a Senior Fellow at Asia Society Policy Institute, New Delhi. You can find him on Twitter at @MohanCRaja.
The views expressed in this article are strictly personal.
Photo by MEAphotogallery
Read this article:
France, Egypt, and India Can Help to Spread Security from Mediterranean to the Indo-Pacific - War on the Rocks
Internet of Things vulnerability disclosures grew 57% – SecurityBrief New Zealand
Vulnerability disclosures impacting IoT devices increased by 57% in the first half of 2022 compared to the previous six months, according to new research released by cyber-physical systems protection company Claroty.
The State of XIoT Security Report: 1H 2022 also found that over the same time period, vendor self-disclosures increased by 69%, becoming more prolific reporters than independent research outfits for the first time, and fully or partially remediated firmware vulnerabilities increased by 79%, a notable improvement given the relative challenges in patching firmware versus software vulnerabilities.
Compiled by Team82, Clarotys research team, the report is a deep examination and analysis of vulnerabilities impacting the Extended Internet of Things (XIoT), a vast network of cyber-physical systems including operational technology and industrial control systems (OT/ICS), Internet of Medical Things (IoMT), building management systems, and enterprise IoT.
The data set comprises vulnerabilities discovered by Team82 and from trusted open sources including the National Vulnerability Database (NVD), the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), CERT@VDE, MITRE, and industrial automation vendors Schneider Electric and Siemens.
After decades of connecting things to the internet, cyber-physical systems are having a direct impact on our experiences in the real world, including the food we eat, the water we drink, the elevators we ride, and the medical care we receive, says Amir Preminger, vice president of research at Claroty.
We conducted this research to give decision makers within these critical sectors a complete snapshot of the XIoT vulnerability landscape, empowering them to properly assess, prioritise, and address risks to the mission-critical systems underpinning public safety, patient health, smart grids and utilities, and more.
Key Findings
IoT Devices: 15% of vulnerabilities were found in IoT devices, a significant increase from 9% in Team82s last report covering the second half (2H) of 2021. Additionally, for the first time, the combination of IoT and IoMT vulnerabilities (18.2%) exceeded IT vulnerabilities (16.5%). This indicates enhanced understanding on the part of vendors and researchers to secure these connected devices as they can be a gateway to deeper network penetration.Vendor Self-Disclosures: For the first time, vendor self-disclosures (29%) have surpassed independent research outfits (19%) as the second most prolific vulnerability reporters, after third-party security companies (45%). The 214 published CVEs almost doubles the total in Team82s 2H 2021 report of 127. This indicates that more OT, IoT, and IoMT vendors are establishing vulnerability disclosure programs and dedicating more resources to examining the security and safety of their products than ever before.Firmware: Published firmware vulnerabilities were nearly on par with software vulnerabilities (46% and 48% respectively), a huge jump from the 2H 2021 report when there was almost a 2:1 disparity between software (62%) and firmware (37%). The report also revealed a significant increase in fully or partially remediated firmware vulnerabilities (40% in 1H 2022, up from 21% in 2H 2021), which is notable given the relative challenges in patching firmware due to longer update cycles and infrequent maintenance windows. This indicates researchers growing interest in safeguarding devices at lower levels of the Purdue Model, which are more directly connected to the process itself and thus a more attractive target for attackers.Volume and Criticality: On average, XIoT vulnerabilities are being published and addressed at a rate of 125 per month, reaching a total of 747 in 1H 2022. The vast majority have CVSS scores of either critical (19%) or high severity (46%).Impacts: Nearly three-quarters (71%) have a high impact on system and device availability, the impact metric most applicable to XIoT devices. The leading potential impact is unauthorised remote code or command execution (prevalent in 54% of vulnerabilities), followed by denial-of-service conditions (crash, exit, or restart) at 43%.Mitigations: The top mitigation step is network segmentation (recommended in 45% of vulnerability disclosures), followed by secure remote access (38%) and ransomware, phishing, and spam protection (15%).
See original here:
Internet of Things vulnerability disclosures grew 57% - SecurityBrief New Zealand
80,000 internet-connected cameras still vulnerable after critical patch offered – The Register
Tens of thousands of internet-facing IP cameras made by China-based Hikvision remain unpatched and exploitable despite a fix being issued for a critical security bug nearly a year ago.
Researchers at Cyfirma recently published a report [PDF] claiming they found more than 80,000 cameras in more than 100 countries online, with ports open and no protection against CVE-2021-36260, a command-injection vulnerability exploitable by anyone with HTTP access to TCP ports 80 or 443 of an affected camera.
Awarded a CVSS score of 9.8 of 10 in severity, the Hikvision bug was considered serious enough for the US Cybersecurity and Infrastructure Security Agency (CISA) to add it to its list of "must patch" security flaws early this year, adding that the vulnerability is already being exploited.
Thus, we have thousands of publicly exposed devices home cameras, no less that are easy to exploit to gain control of, and have been exploited, presumably to press gang them into botnets, launch attacks on other networks, snoop on owners, and so on.
In a report last December, researchers at Fortinet said that the Hikvision vulnerability was being targeted by "numerous payloads," including variants of the Mirai botnet.
Cyfirma's said it also discovered multiple instances of criminals collaborating online to exploit the Hikvision vulnerability. "We have reasons to believe that Chinese threat groups such as MISSION2025/APT41, APT10 and its affiliates, as well as unknown Russian threat actor groups could potentially exploit vulnerabilities in these devices," Cyfirma said.
Being as simple as it is to execute, its past known use, and continued discussion of its merits, it's safe to assume that unpatched Hikvision cameras are already compromised.
Patches for affected Hikvision devices, of which there are more than 70 models, are available on the maker's website, where Hikvision urges its distributors to "work with your customers to ensure proper cyber hygiene and install the updated firmware."
In terms of where most affected devices are located, Cyfirma said most it found were in China, followed by the US, Vietnam, the UK, and Ukraine.
"Open vulnerabilities and ports in such devices will only compound the impact on targeted organizations and their countries economic and state prowess. It is paramount to patch the vulnerable software of the Hikvision camera products to the latest version," Cyfirma said.
This isn't Hikvision's first brush with bad publicity in the past few years. In 2019, the US placed the biz on a trade deny-list over allegations it helped the Chinese government repress Uyghur Muslims in the country by supplying cameras for surveillance.
Since then, America has also considered a wider ban on Hikvision through restrictions on US investment in the company as well as freezing its assets held in the US.
Similar discussions are being had in the UK, where several lawmakers backed a campaign in July to ban the sale or use of Hikvision or Dahua cameras for the same human rights-based reasons as the US.
See the original post here:
80,000 internet-connected cameras still vulnerable after critical patch offered - The Register
Worried about your data being shared with Google? Then you’ll want this app – Tom’s Guide
Want to know how much Google knows about you? A developer and privacy advocate has created a new app for those worried about how much of their information gets sent back to the search giant.
Although you can switch to using a more privacy-focused search engine like DuckDuckGo, Googles reach extends much farther than that due to how other companies rely on Google Analytics and Google AdSense.
In order to better understand how often third-party sites and services send data to Google, the creator of PowerDNS Bert Hubert has launched a new free app called Googerteller according to a report from 9to5Google (opens in new tab). The app itself uses a list of IP addresses, provided by the search giant, that are associated with all of the companys various services.
Although the Googleteller app (opens in new tab) is free to download and available on GitHub, youll need to be using one of the best Linux distros to install it on your computer. Fortunately, other developers have managed to get it running on Mac and have also created a cross-platform version for Windows.
In a demo video (opens in new tab) posted on Twitter, Hubert showed off his new app which beeps every time data is sent back to Google. While typing in the address bar in Google Chrome, the app beeps repeatedly since the browser sends data back to the search giant to request for autocomplete suggestions.
Huberts demo video also shows that the app frequently beeps when visiting third-party and even government websites. For instance, while browsing the Dutch governments careers website, there was a beep after almost every click since the site itself is tracked using Google Analytics.
If you think switching to another browser might help, youre out of luck as Hubert also tried running Mozilla Firefox using his app with nearly identical results.
Although you can stop using Google Search, Chrome, Drive and Googles other apps, completely removing the companys presence from your life can be quite difficult. For instance, our own Jordan Palmer tried to completely de-Google one of the best Android smartphones and found that app availability is the weak point.
Fortunately, the cybersecurity company Malwarebytes has provided some tips on how to remove Google from your life in a blog post (opens in new tab) highlighting a discussion with cybersecurity evangelist Carey Parker on an episode of its Lock and Code podcast.
To remove Google from his life, Parker began by using DuckDuckGo and Startpage as his new search engines. They both serve contextual ads based on your actual searches as opposed to using data stored on you. When it comes to a privacy-focused browser, Parker suggests using Mozilla Firefox or Brave.
Replacing Gmail and Google Calendar proved more difficult though but in the end, he turned to Fastmail which is a for-profit email provider that also has its own calendar solution. For more security conscious users, Parker recommends ProtonMail as it provides end-to-end encryption by default.
Google Drive and Google Docs were also difficult to find a suitable replacement for. For cloud storage, Parker recommends Sync.com for its client-side encryption while services like Swiss Transfer and Mega are a good choice for securely sending private files to others. While Skiff has an easy-to-use interface and is a suitable replacement for Google Docs, it doesnt include replacements for Googles other online tools like Google Spreadsheets or Slides.
While the Googleteller app doesn't do anything other than beep when a site sends information to Google, it's a helpful tool and reminder of just how much Google and its services are used without our knowledge.
For those concerned about their internet security, you should also check out DuckDuckGo Email Protection. The email-forwarding service takes out the trackers from the marketing emails you're constantly bombarded with, and now anyone can sign up.
See original here:
Worried about your data being shared with Google? Then you'll want this app - Tom's Guide
Why Memory Enclaves Are The Foundation Of Confidential Computing – The Next Platform
Sponsored Feature There are tens of millions of lines of code in thousands of software programs, on a typical server in the datacenter. All of which collectively present a huge attack surface for various kinds of malware.
And no matter how hard vendors and open-source project developers try to secure the code they produce, its still susceptible to vulnerabilities.
That puts the datacenter in a quandary, given that the value of modern applications derives from the fact that they can easily share data and the results of processing that data. Cyber security has been a concern since the first moment two computers were networked together. But it moved into the big league with the commercialization of the Internet and shortly thereafter, the emergence of web applications.
Its taken a long time to come up with computing platforms that deliver adequate security without leaving too much control in the hands of systems manufacturers. The Trusted Computing technology of the 2000s focused primarily on digital rights management (DRM). While it was too draconian for the enterprise datacenter, it was well suited to military and government institutions that need absolute control over data and applications residing on the machines attached to their networks.
The on-prem and cloud infrastructure increasingly used by enterprises needs a different approach, which is where the Confidential Computing movement and its idea of a Trusted Execution Environment, or TEE, have stepped in.
For datacenters, the foundation for Confidential Computing on Intels Xeon SP CPUs is its Software Guard Extension, or SGX. The extension was initially added in the first generation Skylake Xeon SP processors and has gradually been added to more CPUs since. The protected memory area that SGX creates has also been increased over time, making it not only suitable for holding cryptographic keys, but also for housing entire datasets and the applications that use them.
The idea is to create enclaves secure partitions within main system memory where data and applications can reside and run in an encrypted state which makes them impenetrable to outsiders. Well, at least impenetrable enough to make it a real hassle to try to hack into the encrypted memory areas of the system short of using cold DRAM extraction or bus and cache monitoring quantum cryptographic hacking techniques in other words rendering the prospect extremely unattractive to the perpetrator so much less likely to occur.
The first principle of the early 21st century is that exponentially more data is being generated on a global basis. And that means more transactions with personal information are happening every day. Equally the volume and sophistication of hacking, phishing, and ransomware is increasing in parallel. So Confidential Computing implemented in different ways by hardware and software needs to inhabit any device handling sensitive data.
Data encryption has been around for a long time. It was first made available for data at rest on storage devices like disk and flash drives as well as data in transit as it passed through the NIC and out across the network. But data in use literally data in the memory of a system within which it is being processed has not, until fairly recently, been protected by encryption.
With the addition of memory encryption and enclaves, it is now possible to actually deliver a Confidential Computing platform with a TEE that provides data confidentiality. This not only stops unauthorized entities, either people or applications, from viewing data while it is in use, in transit, or at rest. It also stops them from adding, removing, or altering data or code while it is in use, in transit, or at rest too.
It effectively allows enterprises in regulated industries (banking, insurance, finance, healthcare, life sciences for example) as well as government agencies (particularly defense and national security) and multi-tenant cloud service providers to better secure their environments. Importantly, Confidential Computing means that any organization running applications on the cloud can be sure that any other users of the cloud capacity and even the cloud service providers themselves cannot access the data or applications residing within a memory enclave.
Intel SGX features which deliver those guarantees are now pervasive across third generation Xeon processors and make use of the integrated cryptographic acceleration circuits on the CPUs. On earlier generations of Intel Xeon, the memory enclave had a maximum capacity of 256 MB, but with the release of the third generation of this technology, it has grown to a 1 TB that can unlock data insights faster than ever.
The combination of encryption plus the memory enclave which is isolated from other parts of the memory space where the operating system and other software resides means that certain data and applications can be secured from disclosure or modification.
This allows for organizations that might not otherwise work together to share data and compute against it without actually having access to that data a process called federated analytics and learning.
Privacy preserving analytics have been revolutionary in a lot of industries, explains Laura Martinez, director of datacenter security marketing at Intel. Take insurance as one example. In the past, insurance companies did not have the ability to share data. That made it hard to detect double dipping, which is when bad actors create multiple claims for the same loss event at multiple insurers, which in turn makes it hard to know if you have more than one policy.
Until recently, there was no technology that supported this type of data exchange. With the recent advancements and adoption of enterprise blockchain and confidential computing, companies like IntellectEU have built solutions to securely and privately share and match data without compromising the customer data.
Fraud detection is a good example of how analytics and machine learning from within shared secure enclaves can deliver benefits that were not possible before Intel SGX. Healthcare is another. HIPAA and other regulations are strict in their controls of patient data, but if you want an AI algorithm to work properly, you need a tremendous amount of data. And, if you want to train an AI application to read brain scans, you have to figure out a way to share patient data without violating patient rights.
Enter the memory enclave and Intel SGX. The University of Pennsylvania, working with Intel and funded by the US National Institutes of Health, has been able to put together the brain scans of dozens of different healthcare institutions to run AI algorithms against a much larger dataset than any individual institution could run against alone.
What these use cases demonstrate is that often Confidential Computing is more about sharing data and applications than it is about restricting use of data and applications.
Sponsored by Intel.
Go here to read the rest:
Why Memory Enclaves Are The Foundation Of Confidential Computing - The Next Platform
Exposed: Data breaches on the rise in Indonesia – The Star Online
JAKARTA (The Jakarta Post/Asia News Network): The private data of millions of Indonesian citizens and corporations are at an increased risk of being exposed, amid the pandemic-influenced rise of remote work and a lack of robust personal privacy legislation.
The country has seen at least five data breaches in August alone, two of which allegedly impacted state-owned firms holding the data of millions of customers.
The data is now up for sale, according to hacking forum Breach Forums. In a now-deleted discussion thread posted on Aug 18, a member of the forum with the username loliyta claimed to be offering the personal data of some 17 million customers of state-owned electricity firm PLN, including names, addresses, customer ID numbers, kilowatt-per-hour usage and electricity meter numbers.
PLN said in a statement on its Twitter account on Saturday (Aug 20) that it was conducting an investigation into the alleged data breach with the Communications and Information Ministry and the National Cyber and Encryption Agency (BSSN).
The company claimed that its actual customer data system had remained secure and that the alleged leaked data was only a copy of public data taken from a customer data dashboard app, not real-time transaction data.
Another forum member, Bjorka, claimed to be holding some 26 million data entries belonging to IndiHome, an Internet service provider owned by state-owned telecommunications firm Telkom.
The breached data allegedly included full names, email addresses, genders, national ID numbers, IP addresses and customer browsing history.
Telkom denied the claim, saying the story of the leaked data had been fabricated and that its data was stored in an integrated cyber security system.
The government had summoned the two state-owned companies for clarification, said the information ministrys applications and informatics director general, Semual Abrijani Pangerapan.
Breach Forum users also claimed to be selling 347 GB of confidential documents belonging to some 21,700 Indonesian companies and branches of foreign companies operating in Indonesia, 14 GB of data from Pendidikan Indonesia University students and 500,000 data entries from Gianyar regency in Bali.
Pratama Persadha of the Communications and Information System Security Research Center said the rate of data breaches had increased during the pandemic as more people began working from home with weak internet security systems.
The BSSN, he said, had recorded an increase in internet traffic anomalies such as DDoS attacks, wherein hackers try to overwhelm and freeze websites with access requests from around 800 million in 2020 to 1.6 billion in 2021.
Working from home has increased the risk of data breaches because a lot of people access their employers' [online] systems from home or other locations outside the office, he said.
He added that the countrys lack of data privacy laws had exacerbated the situation, as the government was not ensuring that electronic system providers secured user data or set uniform standards.
The result is that when a data breach happens, nobody feels responsible and everybody feels like a victim, Pratama said.
He urged the House of Representatives and the Communications and Information Ministry to quickly enact the personal data protection bill to hold electronic service providers accountable for any failures to protect private data.
The private sector, he added, should proactively improve its cyber security practices and the public should be more aware of data privacy.
Deputy chair of House Commission I, Abdul Kharis Almasyhari, said the legislative body would soon finish deliberations on the bill.
We hope that by September the bill can be signed into law, Kharis said on Wednesday.
He did not elaborate when asked if there were any specific points of contention holding up the bill.
The legislation seeks to clarify how state agencies are to handle data privacy cases and ensure that action is taken to protect private data, said commission member Bobby Adhityo Rizaldi.
See the original post here:
Exposed: Data breaches on the rise in Indonesia - The Star Online
The internet’s edge routers are all so different. What if we unified them with software? – The Register
Systems Approach Edge routers have been an essential part of the internet for decades, connecting access networks enterprise LANs, mobile and broadband networks to the global backbone.
These devices often have cryptic names MPLS VPN Provider Edge routers, S/P-Gateways in the case of cellular networks, and Broadband Network Gateways (BNG) in the case of fiber networks but they are, at their core, IP (L3) packet forwarders, sometimes augmented with features to support the business logic required by commercial access providers. But the world is changing, and the form and function of the edge router is changing with it.
To account for modern cloud technology, especially the rush to the edge, we expect it to be less common to think in terms of edge networks connecting to backbone networks. Instead, we will think in terms of local edge clouds connecting to global hyperscalers. Devices will request service from an edge cloud, which will sometimes forward requests to remote clouds (see for example, Cloudflare Workers and Fly.io), continuing the trend of true end-to-end connections being the exception.
The edge router will increasingly be realized as a disaggregated collection of virtual functions rather than by a physical box
L3 connectivity is still there, of course, but it will increasingly be an implementation detail. And as this transition happens, the L3 data plane will be subsumed into the switching fabric of the edge cloud, with the associated control plane (whether IETF-specified, 3GPP-specified, BBF-specified, or proprietary) implemented by microservices running in the cloud (at the edge or centralized).
That is, the edge router will increasingly be realized as a disaggregated collection of virtual functions rather than by a physical box, with control in the cloud and with the dataplane running on specialized infrastructure for speed and scale. In this sense, we see the paradigm introduced by SDN logically centralized control with distributed forwarding making its way to the edge.
SD-WANs are a current example of applying an SDN architecture to the edge, and more recently, cloud-delivered SASE (Secure Access Service Edge) services blend layers of security into the solution. But the pattern is much the same L3 packet forwarding in the data plane coupled with a rich cloud-based control plane with significant (functional) overlap with cloud native implementations of access gateways.
And with most of todays SD-WAN offerings being vertically integrated and proprietary, we would argue that the benefits of SDN (such as the ability for network operators to customize the functionality) are only partly delivered in these solutions today.
Once you stop thinking in terms of edge routers as special devices and start to view routing as yet another edge function, its a small step to realize that todays diverse set of edge routers are all fundamentally the same, and that it is possible to build a generalized (and disaggregated) edge routing capability that accommodates them all. This function can be centrally orchestrated and deployed, with functional elements running in multiple edges where case-specific packet processing needs to take place.
Easier said than done, of course, but it strikes me as a likely outcome, and worth a little forethought. The key insight is that all the scenarios outlined above have a similar structure, with L3 forwarding in the data plane augmented with support for:
Secure tunnels requiring encapsulation/decapsulation
Differentiated Service requiring Q-in-Q tagging and class-based queues
Billing & Accounting requiring per-flow counters
Policy Enforcement requiring access control rules
Observability requiring in-band network telemetry
And a microservice-based control plane that implements:
Authentication triggering changes to data plane tunnels
Subscriber Management triggering updates to per-flow counters and queues
Mobility & Routing triggering forwarding changes according to resource availability
Session & Policy Management triggering changes access control rules
Diagnostics & Anomaly Detection triggering changes to in-band network telemetry
All of the data plane features can be realized in P4-programming forwarding pipelines (more on that in a moment), where the triggering relationship in the list of control functions helps us understand how to craft a converged control/data-plane interface something that P4-Runtime (P4RT) supports.
An example of the generalized data plane already exists, and we describe it in our SDN book. Its the fabric.p4 program that implements the forwarding pipeline for ONFs SD-Fabric, which (a) implements L3 forwarding for the leaf-spine switching fabric you would find in an edge cloud, and (b) can be extended to connect different access network technologies (5Gs UPF and a PON-based BNG) to the internet.
The current implementation is a bit crude (it uses #ifdef), but the idea is clear: its possible to build an L3 forwarding pipeline that can be extended with access-specific plugins.
Popping up a level, one can imagine iterating on fabric.p4 until you have an extensible edge cloud data plane suitable for all of the use cases outlined above. The P4RT-generated interface could then support multiple control plane tenants, for example, allowing a 3GPP-defined core and an SD-WAN controller to independently set queue parameters, define encapsulation/decapsulation labels, install forwarding rules, and so on.
Converging on a shared data plane, but accepting that multiple control planes will co-exist, is a good starting point. But converging on the control plane is likely within reach as well, where we can expect a converged data plane to catalyze that process.
In my mind, its primarily a matter of aligning incentives for the various domains. Its already the case that the BBF is working towards a converged access network control plane that aligns with the 3GPP-defined mobile core, largely because Telcos have an incentive to make that happen.
Another good example is Magma, which defines a unified control plane and a programmable data plane for both RAN-based and Wi-Fi-based wireless networks. As enterprises start to roll out private 5G, the push to unify how they are managed will only increase.
The SD-WAN use case is more of a wild card. On the one hand, SD-WAN is surprisingly similar to SD-RAN in the functionality it needs from an edge router. On the other hand, SD-WAN offerings so far have resisted disaggregation. Of course the same was true of telco access networks, until recently.
Operators gain the ability to customize the functionality rather than just accepting the bundle that comes from the router vendor
If we accept that unification of edge routing is possible, a reasonable next question is: is it desirable? I would argue that the value will come first from disaggregation, as we have already seen in other environments such as the cloud data center.
Once the control plane is disaggregated from the data plane, innovation can happen more easily in both, and the operators of these devices gain the ability to customize the functionality rather than just accepting the bundle that comes from the router vendor.
And secondly, there is an opportunity to take a more holistic view of the edge, which offers the chance for applying consistent network policies that are independent of the access technology. But this is a topic for another post.
Security pros are rallying to defend the Twitter whistleblower – The Verge
Peiter Mudge Zatko, the former Twitter security chief who has alleged that the company covered up negligent security practices and lied to regulators about data management, was a credible, capable, and brutally honest security expert, according to peers and colleagues.
The assessment of Zatkos work and character culled from public messages of support and recollections shared directly with The Verge is at odds with statements made by current Twitter CEO Parag Agrawal, who has claimed that Zatko is presenting a false narrative of the inner workings of the company after being terminated for poor performance in January.
In a whistleblower disclosure filed with the SEC and first reported by CNN and The Washington Post, Zatko accused Twitter of numerous severe security lapses and claimed that the executive team frequently misled government regulators and its own board of directors about the extent of vulnerabilities on the platform. The filing also claims that the company violated a privacy agreement made with the FTC that required it to delete the data of any users who decided to cancel their Twitter accounts and that the company intentionally manipulated data on the number of bot accounts on the platform.
In a response provided to CNN language from which was echoed in an email sent by Agrawal to Twitter staff a Twitter spokesperson said that Zatkos allegations were riddled with inconsistencies and inaccuracies and seemed designed to capture attention and inflict harm on Twitter, its customers and its shareholders.
But Twitters fierce pushback against Zatkos criticism prompted a backlash from many leading voices in the field, who spoke out to endorse the security experts credentials and track record. Alec Muffett, an internet security expert and software engineer who worked on Twitters efforts to launch a Tor service, told The Verge that he had known Zatko for decades and trusted the claims made in the SEC disclosure.
Ive known Mudge since the mid 1990s when he and the other members of the L0pht were capable and scrappy hackers, Muffett said. He demonstrated enormous creativity and drive towards improvement of internet security overall ... I have no hesitation about supporting his observations as being both highly credible and concerning.
Zatko first gained prominence as part of the L0pht, a Boston-based hacker collective known as an influential computer security research group in the 1990s. Notably, while the L0pht released software, the group also advised on policy, even giving testimony before the Senate on internet security in 1998. In his earlier hacking days, Zatko was also a member of the notorious hacker group Cult of the Dead Cow, which also counted former presidential candidate (and current Texas gubernatorial candidate) Beto ORourke as a member.
As his profile grew, Zatko took on roles with Defense Advanced Research Projects Agency (DARPA) and Googles Advanced Technologies and Projects research group. He was hired by Twitter in 2020 in the months after a major security incident that saw hackers take over some of the platforms most-followed celebrity accounts. But he stayed only just over a year, being fired by incoming CEO Agrawal in January 2022.
One of Zatkos specific claims that too many employees are given access to critical software within the company seemed to be supported by details shared by Al Sutton, a former software engineer at Twitter. In a tweet, Sutton said that he was still able to commit code in the employee group fo Twitters open-source software repositories on the code hosting website GitHub, despite having left the company 18 months ago.
The tweet linked to Twitters organization page on GitHub, showing that Suttons account was still listed as one of only 34 contributing members. Shortly after The Verge reached out to Twitter for comment, Suttons account was removed as a contributor.
Contacted by The Verge, Sutton declined to comment further on Twitters security posture but said of Zatko, I had very little overlap with Mudge, but from what overlap I did have, and other folk I know who know him pretty well, hes brutally honest and I have zero reason to doubt his claims.
Already, leaders in the security space have rushed to Zatkos public defense. Industrial security specialist Robert M. Lee accused Twitter of a smear campaign, saying Mudges skills and leadership were some of the most beloved and well documented in the community. Prominent cybersecurity journalist Kim Zetter echoed the sentiment, saying there was probably no security exec with more ethics, more credibility than Mudge.
The Verge reached out to Mudge for comment but did not receive a response. A statement sent from Whistleblower Aid, a nonprofit organization that supports whistleblowers and is representing Zatko, said that legal obligations prevent Mudge and Whistleblower Aid from discussing events during Mudges time at Twitter, except through lawful, properly authorized disclosures including subpoenas to testify which he would of course honor.
Twitter did not provide a comment by time of publication.
Excerpt from:
Security pros are rallying to defend the Twitter whistleblower - The Verge
7 Reasons to Attend MSSP Alert Live This September: Join Us – MSSP Alert
by MSSP Alert Live Aug 23, 2022
When the MSSP Alert Live 2022 conference kicks off (September 19-21, Washington, D.C.), our guest speakers will describe how MSPs and MSSPs can build more successful cyber practices on their own and through strategic partnerships with each other.
Need more agenda information before registering to attend? Glad you asked: Here are seven main-stage discussions, fireside chats and tutorials that are set to unfold at the conference:
Wendy K. Thomas, CEO, Secureworks
Booz Allen VP Wade Alt
1. Managed XDR Services A Reality Check: In this fireside chat, Secureworks CEO Wendy Thomas will describe how the MSSP transformed its business for cloud-based XDR services. Equally important, Thomas will describe the power of saying no to projects and revenue opportunities that can distract you from your business transformation.
2. The Future of Cyber Defense and Response Services: Here, Booz Allen Hamilton Senior VP Wade Alt will describe how one of the worlds top cyber defense and response organizations evolved in 2022 and where the business is heading next in 2023.
AWSs Ryan Orsi
Jon Boyens, NIST
3. Public Cloud Security Strategies for MSPs and MSSPs: Ryan Orsi, the worldwide MSSP partner lead at Amazon Web Services, sits down for a fireside chat to describe how the cloud giant is working with MSSPs and how those partner engagements are evolving.
4. Software Supply Chain Security Best Practices: Jon Boyens from NIST shares the latest guidance tohelp service providers, software companies and organizations enhance their software supply chain security.
Jeff Schmidt, CEO, Avertium
Bill Goldin
John Strand, Black Hills
5. Managed Detection and Response (MDR) Whos Actually Responsible for Response? Jeffrey Schmidt from Avertium and FBI Special Agent Kyriakos Vassilakos describe real cyber incidents and the best practices MSPs need to take to pinpoint who exactly owns each step of the response process.
6. How to Train Every MSP Employees on Security: For MSPs, your weakest cybersecurity link may involve your own employees. Need help? Learn from the best namely, John Strand of Black Hills Information Security and William Goldin of Lloyd Group.
Andrew Morgan, founder, Cyber Nation & CyberCall
Phyllis Lee, Center for Internet Security
Joe Panettieri, MSSP Alert
7. How Can MSPs Defend Against the Top Five Cyberattacks: Attend this session, and youll learn how your MSP can build a security stack around the CIS Critical Security Controls to keep both your company & your clients secure. Our guest experts leading the discussion: Phyllis Lee from the Center for Internet Security and Andrew Morgan, founder of The CyberCall and Right of Boom.
8. Bonus Top 250 MSSPs 2022 Research Findings: MSSP Alert Editorial Director Joe Panettieri describes the key business performance, technology and cyber trends from this years just-completed research report.
See the rest here:
7 Reasons to Attend MSSP Alert Live This September: Join Us - MSSP Alert
Advisory Board Sends Critical Infrastructure Cyber Recommendations to the White House – Nextgov
Members on the National Security Telecommunications Advisory Committee voted on Tuesday to send a new information technology impact report to President Joe Biden and reiterated its mission commitments to security compliance and fortified critical infrastructure.
The report, which focuses on the security risks involved in the convergence of operational technology and information technology across digital systems, was ultimately approved unanimously to head to the executive branch.
As information and communications technologies become ever more critical to our daily lives, how we set security requirements, through compliance with those requirements, and communicate that proof to users and regulators, is of great concern, NSTAC Vice Chair Scott Charney said during a press call on Tuesday.
ITOT systems are becoming more commonplace as connection to the internet expands. Formerly independent operations, such as water treatment processes and electrical grid operations, are now able to connect with IT devices like routers and servers. This increased connectivity facilitates daily business for some industries, but creates more room for disruptive cyberattacks throughout an organization.
Jack Huffard, NSTAC member and chair of the Information Technology and Operational Technology subcommittee within the advisory group, spearheaded the study that focused on ITOT convergence networks and their potential system vulnerabilities, as well as mitigation advice.
Huffard said the report looked to stakeholders in the private and public sectors, including cybersecurity and cloud vendors, as well as federal policymakers to gauge the threat landscape within ITOT interoperable systems.
Ultimately, the report found that many organizations in critical industries lack sufficient visibility into their OT environments as well as in their supply chain networks.
The convergence of IT and OT systems is not a new issue, Huffard said. It has been happening for decades. The convergence of IT and OT has created clear and present cyber exposure challenges [that] require attention. We have the technology and knowledge to secure these systems. But we have not prioritized the resources required to implement appropriate solutions.
The group included in the report 15 recommendations to help fortify ITOT digital networks. Three of these recommendations, however, were singled out by Huffard as being critically important. One recommends having the Cybersecurity and Infrastructure Security Agency issue a directive requiring executive civilian branch agencies to take inventory and interconnectivity of their internet of things, or IOT, devices to improve IT and cybersecurity needs.
The final two recommendations mandate CISA to update guidance in procurement language to require risk-informed cybersecurity capabilities for products contracted to support ITOT converged environments, and ask that CISA further work with the National Security Council and the Office of the National Cybersecurity Director to develop information and data sharing mechanisms that facilitate the protection of the countrys critical infrastructure from ransomware hackers.
These three recommendations, coupled with the other important recommendations in the report, can greatly improve our nation's critical infrastructure cybersecurity posture, Huffard said.
Improving U.S. networks cybersecurity is a pillar in the Biden administrations broader plan to improve infrastructure. His executive order on the matter spurred federal agencies into investigating gaps in digital security in order to improve the nations digital security.
The NSTAC, which was formed in 1982, has most recently issued other overview reports on 5G broadband network security and focuses on advocating on federal technological investment through a information and communications technology lens.
Prior to the most recent report on ITOT security, the NSTAC published other cybersecurity reviews for zero trust architecture and supply chain software as part of its multi-phase investigations within the overarching Enhancing Internet Resilience in 2021 and Beyond initiative at NSTAC.
View post:
Advisory Board Sends Critical Infrastructure Cyber Recommendations to the White House - Nextgov