As the race to recruit female talent in STEM continues moving ahead with steady progress, stunning statistics still wrack the cybersecurity sector: Women working in cybersecurity currently account forless than one quarter of the overall workforce.

Megan Rapinoe. Sister Rosetta Tharpe. Shirley Chisholm. Donning jeans and a Ukrainian flag t-shirt, the director of the nation's lead cybersecurity agency ticked through PowerPoint slides of women "who took a sledgehammer to the glass ceiling."

"I need your help," said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, on Friday to an audience of 1,700 female cybersecurity professionals assembled for a three-day technical conference in Cleveland. "We need to get to 50% of cybersecurity by the year 2030. Think we can do it?" Someone whistled. ACDC pulsed through the speakers. "Come on!" Easterly rallied.

After exiting the stage, Easterly told CBS News she has become accustomed to setting "unreasonable" goals. "That's been sort of my [modus operandi] my entire life," she quipped. "And I honestly believe if you set a super ambitious goal, and you as a leader inspire and empower people, and look at that goal as something that may be challenging, highly ambitious, but is in fact achievable, you can get there."

Pressed on how close America's cyber defense agency is to "getting there," Easterly responded down to the decimal. "Right now, we're at 36.4% women at CISA's workforce, but I think we can get to 50% before 2030." She paused before adding, "Actually, I'm hoping we can get there before 2025."

Easterly says she hopes colleagues across the federal workforce including FBI, NSA, U.S. Secret Service make similar pledges. The Army veteran-turned-corporate leader came close to "getting there" in her previous stint as head of Firm Resilience at Morgan Stanley, where she oversaw a team that was roughly 48% women.

Currently, there's just one woman serving as chief information security officer, or "CISO," among the top 10 largest companies nationwide: Chandra McMahon, CISO of CVS Health. The former executive at Verizon and Lockheed Martin can remember what it was like to be the only woman in the room.

"Cybersecurity is not well understood as a career or as an opportunity," McMahon said during an interview with CBS News on Friday. "What most people don't realize is that there's a spectrum of roles and careers that you can have." McMahon rattled them off: "Penetration testers, ethical hackers, the cyber security engineers and architects."

But the gender gap marks just one of the cybersecurity workforce's persistent challenges. Hispanic, African American, Asian and American Indian/Native Alaskan workers made up just 4%, 9%, 8% and 1% respectively of the cyber security workforce, according to the Aspen Institute.

An estimated 3.7 million cybersecurity jobs are available but unfilled, according to the latest (ISC) Cybersecurity Workforce Study, with 377,000 of those vacancies located in the United States. By that measure, the global cybersecurity workforce will need to grow 65% in 2022 to effectively defend organizations' critical assets.

Last week, Microsoft called recruitment of women "mission-critical" to filling the worldwide cyber vacancies. A survey commissioned by Microsoft Security found that only 44% of female respondents felt sufficiently represented in their industry.

Not all "black hoodies" and "dungeons"

Part of the federal government's cyber strategy is just showing up. Easterly, who ditched plans to appear via video at Friday's Women in Cybersecurity Conference only to instead dance onto stage to the tune of ACDC, recounted the thrill of manning CISA's booth at the conference.

"At the end of the day, if people can see me as the director of America's Cyber Defense Agency, then there are women out there who can say I can be her," she told CBS News.

A decade ago, that lack of visibility in a security field known for operating behind the scenes served as the inspiration for the group behind Friday's conference, Women in Cybersecurity, or "WiCyS."

"I think people have to understand that even though cybersecurity works best when it's invisible, there are so many people behind it," said WiCyS founder Dr. Ambareen Siraj.

"There's this stereotypical notion about cybersecurity that it's all about fighting. And we're all working in some sort of dungeon in black hoodies. But it is really not the case," Siraj said.

Unclogging the cyber talent pipeline will require more than just breaking a stereotype though, with experts advocating for more outreach to non-traditional candidates.

"Some of the best talent we have in cyber did not come from a background in cybersecurity," McMahon said.

Just 38% of women came from an IT background, compared to half of men in today's cybersecurity workforce. According to the (ISC) report, women also have higher rates of entry from self-learning (20%) compared to male counterparts (14%).

"We're now seeing an opening in the market for cyber skills. It's not so siloed in that you must have a cybersecurity degree," McMahon added.

Mind the gap: reshaping the federal workforce

Just 25.2% of the full-time federal cyber workforce is female, compared to 43.6% of government workers nationwide, according to the non-profit Partnership for Public Service, which assesses data from the U.S. Office of Personnel Management and U.S. Census Bureau.

The federal cybersecurity workforce is also decades older than the U.S. labor force. The percent of full-time cyber employees under the age of 30 steadily increased from 4.1% to 6.3% between September 2014 and September 2021. But it still lags behind the almost 20% of the employed U.S. labor force in 2021 that is under age 30. In the federal IT workforce, there are 15 times more employees over the age of 50 than under age 30.

"I think the most fundamental problem in the federal workforce is the lack of generational diversity," said Max Stier, head of the Partnership for Public Service. "There are very, very few young people in the federal technology and cyber workforce. And it becomes this self-fulfilling prophecy: the absence of young talent makes it harder for new young talent to want to come in or stay."

Data on the federal government's cybersecurity workforce vacancies remains scarce, but Stier estimates a "minimum of tens of thousands of jobs" is needed to bolster U.S. cyber defenses.

A 47-page audit by the Senate Homeland Security Committee last year found federal agencies responsible for safeguarding the security and personal data of millions of Americans earned a C- report card in talent recruiting.

Since 2014, the Department of Homeland Security has received a whopping $76 million to create a new cyber talent recruiting system, which launched with 150 job postings, last November. DHS received 650 applications in its first 48 hours of operation but has not released further progress reports on hiring. There are currently five positions posted on the Cyber Talent Management System's dashboard.

Easterly says CISA, an agency of approximately 5,000 full and part time employees, plans to hire between 500-1000 more in the next few years.

In an effort to reach young talent, the agency has also formed partnership programs with the Girl Scouts, Cyber Corps, and Historically Black Colleges and Universities.

But among career leaders in the government's Senior Executive Service (SES), just 28% of STEM leaders are female, and only 19% are people of color.

"It's not just women, but it's all types of diversity. Whether that's neuro diversity, diversity of gender identity, of sexual orientation of race, of national origin," Easterly said.

Leaders from across the federal government and private sector have likened diversity initiatives to a national security imperative.

"What we would like to see is a strong, adequate cybersecurity workforce that has people of all kinds, different racial backgrounds, ethnicity, gender," said Siraj. "When we have diverse people working in cyber, which is an extremely complex place, then it is more likely that we are going to bring the different perspectives and skills necessary to solve complex problems."

No room for "vigilance fatigue" amid Ukraine-Russia crisis

As information warfare plays out in the shadows of the Ukraine-Russia crisis, Easterly worries about "vigilance fatigue."

"It is hard to maintain a very high tempo of extreme preparedness," she conceded. "But we are not even a month into this unjust illegal, unprovoked invasion of a democracy and we need to continue to keep our shields up," Easterly told CBS News.

CISA and the FBI have released two alerts this week alone, including a joint bulletin to satellite communication (SATCOM) networks just days after the hack of telecommunications firm Viasat by unidentified actors disrupted broadband satellite internet access at the start of the Russian invasion.

That fatigue is further punctuated by a cybersecurity workforce shortage that sees more than just the federal government working overtime to monitor potential threats.

CISA and FBI "have not identified cyber activity in the US Homeland attributable to Russian state actors since the invasion commenced," an NYPD intelligence bulletin obtained by CBS News and published last week indicated.

But since November, the Department of Homeland Security has overseen more than 80 briefings, table exercises and informational sessions with the private sector designed to bolster U.S. cyber defenses in the event of Russian malicious cyber activity.

Through its Joint Cyber Defense Collaborative, CISA administers a Slack channel dedicated to information sharing with tech and cybersecurity giants, including Cloudflare, CrowdStrike, Mandiant, Microsoft, Verizon, Google, and Amazon Web Services, along with the NSA, the FBI, and US Cyber Command.

Still, cybersecurity advocates worry that a lack of investment in cybersecurity extends to the larger workforce, with compromises a few clicks away from unwitting employees scanning through email inboxes. "You actually need the broader workforce familiar and capable of addressing these cyber challenges in the context of their normal, daily jobs," Stier said. "Consider the classic phishing incident."

"We are putting out more and more information so that the public understands the nature of the threat environment," Easterly said, Friday. "We have said consistently, that every business large and small remains at risk and is vulnerable to Russian malicious cyber activity. That's why we need to continue to keep our shields up to be prepared to be vigilant, to keep our thresholds low for sharing information about anomalous activity, and to ensure that we are working together for the collective cyber defense of the nation."

Catherine Herridge contributed to this report.

Trending News

CBS News reporter covering homeland security and justice.

See more here:
Women make up just 24% of the cyber workforce. CISA wants to fix that. - CBS News

Though a flood of claims by hacking groups followed Russia's invasion of Ukraine, one study shows most made by Anonymous check out.

Nurphoto | Nurphoto | Getty Images

More than three weeks ago, a popular Twitter account named "Anonymous" declared that the shadowy activist group was waging a "cyber war" against Russia.

Since then, the account which has more than 7.9 million followers, with some 500,000 gained since Russia's invasion of Ukraine has claimed responsibility for disabling prominent Russian government, news and corporate websites and leaking data from entities such as Roskomnadzor, the federal agency responsible for censoring Russian media.

But is any of that true?

It appears it is, says Jeremiah Fowler, a co-founder of the cybersecurity company Security Discovery, who worked with researchers at the web company Website Planet to attempt to verify the group's claims.

"Anonymous has proven to be a very capable group that has penetrated some high value targets, records and databases in the Russian Federation," he wrote in a report summarizing the findings.

Of 100 Russian databases that were analyzed, 92 had been compromised, said Fowler.

They belonged to retailers, Russian internet providers and intergovernmental websites, including the Commonwealth of Independent States, or CIS, an organization made up of Russia and other former Soviet nations that was created in 1991 following the fall of the Soviet Union.

Many CIS files were erased, hundreds of folders were renamed to "putin_stop_this_war" and email addresses and administrative credentials were exposed, said Fowler, who likened it to 2020's malicious "MeowBot" attacks, which "had no purpose except for a malicious script that wiped out data and renamed all the files."

Another hacked database contained more than 270,000 names and email addresses.

"We know for a fact that hackers found and probably accessed these systems," said Fowler. "We do not know if data was downloaded or what the hackers plan to do with this information."

Other databases contained security information, internal passwords and a "very large number" of secret keys, which unlock encrypted data, said Fowler.

As to whether this was the work of Anonymous, Fowler said he followed Anonymous' claims "and the timeline matches perfect," he said.

The Twitter account, named @YourAnonNews, has also claimed to have hacked into Russian state TV stations.

"I would mark that as true if I were a factchecker," said Fowler. "My partner at Security Discovery, Bob Diachenko, actually captured a state news live feed from a website and filmed the screen, so we were able to validate that they had hacked at least one live feed [with] a pro-Ukrainian message in Russian."

The English-language Russian news website RT "is for a western audience, and so what what's being shown on RT is not what's being told in Russia," said Security Discovery's Jeremiah Fowler.

Lionel Bonaventure | AFP | Getty Images

The account has also claimed to have disrupted websites of major Russian organizations and media agencies, such as the energy company Gazprom and state-sponsored news agency RT.

"Many of these agencies have admitted that they were attacked," said Fowler.

He called denial of service attacks which aim to disable websites by flooding them with traffic "super easy." Those websites, and many others, have been shuttered at various points in recent weeks, but they are also reportedly being targeted by other groups as well, including some 310,000 digital volunteers who have signed up for the "IT Army of Ukraine" Telegram account.

Fowler said he didn't find any instances where Anonymous had overstated its claims.

But that is happening with other hacktivist groups, said Lotem Finkelstein, head of threat intelligence and research at the cybersecurity company Check Point Software Technologies.

In recent weeks, a pro-Ukrainian group claimed it breached a Russian nuclear reactor, and a pro-Russian group said it shut down Anonymous' website. Check Point concluded both claims were false.

"As there is no real official Anonymous website, this attack appears to be more of a morale booster for the pro-Russian side, and a publicity event," CPR said, a fact which did not go unnoticed by Anonymous affiliates, who mocked the claim on social media.

Groups are making fake claims by posting old or publicly available information to gain popularity or glory, said Finkelstein.

Fowler said he feels Anonymous is, however, dedicated more to the "cause" than to notoriety.

"In what I saw in these databases, it was more about the messaging than saying 'hey, you know, Anonymous troop No. 21, group five, did this,'" he said. "It was more about the end result."

Hacktivists who conduct offensive cyber warfare-like activities without government authority are engaging in criminal acts, said Paul de Souza, the founder of the non-profit Cyber Security Forum Initiative.

Despite this, many social media users are cheering Anonymous' efforts on, with many posts receiving thousands of likes and messages of support.

"They're almost like a cyber Robin Hood, when it comes to causes that people really care about, that no one else can really do anything about," said Fowler. "You want action now, you want justice now, and I think groups like Anonymous and hacktivists give people that immediate satisfaction."

Many hacktivist groups have strong values, said Marianne Bailey, a cybersecurity partner at the consulting firm Guidehouse and former cybersecurity executive with the U.S. National Security Agency. Cyber activism is a low-cost way for them to influence governmental and corporate actions, she said.

"It is protesting in the 21st century," said Bailey.

Yet cheering them on can be dangerous in the "fog of war," she said.

"A cyberattack has the potential for such an immediate impact, in most cases well before any accurate attribution can be determined," she said. "A cyber strike back or even kinetic strike back could be directed to the wrong place.And what if that misattribution is intentional? What if someone makes the attack appear from a specific country when that's not true?"

She said cyber warfare can be cheaper, easier, more effective and easier to deny than traditional military warfare, and that it will only increase with time.

"With more devices connected to this global digital ecosystem the opportunity for impact continues to expand," she said. "It will undoubtedly be used more often in future conflicts."

Go here to see the original:
Anonymous declared a 'cyber war' against Russia. Here are the results - CNBC

Colleges and universities have a great deal of valuable and private data in their systems. Personnel, academic, financial and administrative systems hold everything from research data to student medical records. It all adds up to a lot of sensitive information that requires protection.

This is where cyber insurance comes in: an insurance product that shields the school from the financial disaster that comes with data breach lawsuits, liability findings, regulatory failure fines, and huge legal costs associated with a failure to protect that information and keep it private. Read on for some facts and fallacies about cyber insurance.

DISCOVER: What one university learned after a ransomware attack.

Cyber insurance isnt designed to handle the case of someone losing a laptop or having it stolen. Cyber insurance covers the case in which the laptop loss turns into a data breach and then the university must pay for fraud monitoring for 3,000 students who had their personal financial information exposed as part of the breach.

Of course, cyber insurance isnt all the same, and every institution will have a policy customized for its own requirements. The point of cyber insurance is to cover the cases that are handled poorly by other types of insurance, such as paying for legal costs and fines related to a regulatory action that came out of a cyber incident: device loss, system break-in, the wrong email going to the wrong person, and so on. Cyber insurance policies can cover liability costs, costs to replace lost data, even loss of income.

One of the most popular coverages in cyber insurance is for ransomware attacks. This insurance is designed to reduce financial risk related to cyber extortion.

Click the banner belowfor exclusive insights about cybersecurity in higher ed.

Cyber insurance isnt like fire or theft insurance you dont just pick a dollar amount and send in a check. Because the cyber risk landscape is constantly changing and because cyber security is such a complicated area for IT teams, cyber insurance doesnt come with a one-size-fits-all rate sheet.

To make a fair price, the insurance company needs to be able to estimate the risk: the likelihood of loss and the amount of money at stake. That means the process of buying cyber insurance is going to require a lot of in-depth disclosure from your institution, along with very clear lines delineating what kind of coverage is needed and what is excluded.

FIND OUT: How to support mental health for university cybersecurity professionals.

In fact, the exact opposite is true. When you buy cyber insurance, the underwriter becomes very interested in your security profile and the attack surface you present to the world. Insurance companies may perform regular vulnerability scans permitted as part of the policy on all your internet-connected systems. If they find something they dont like, youll hear about it, first from an automated system and, if you dont do anything about it, from a human who wants to know when youre going to solve the problem thats been identified.

Your security team will be partially beholden to the standards set by the insurance company as well. What your team may have considered reasonable configurations or optimizations for usability, such as allowing old encryption algorithms, may suddenly show up on the insurance companys radar as a problem that you must solve, lest you see higher premiums or even lose insurance entirely. Cyber insurance underwriters will also want to look at your incident response plan and may insist on changes, especially in areas such as reporting and timelines.

The percentage of education IT decision-makers who falsely believe cybersecurity insurance protects them from ransomware (insurance helps cover the cost of an attack but does not stop the attack itself)

Source: Sophos, The State of Ransomware in Education 2021, July 2021

Theres a good side to all this too: Cyber insurance underwriters are interested in reducing risk, so youll gain a new partner when it comes to implementing these new security controls. Consulting services, training and automated assessments may all be part of the benefits that come with cyber insurance.

When its time to measure risk and make decisions about security investments, insurance companies have in-house experts that you can call on to help understand what types of investments have the best cybersecurity cost-benefit ratios.

EXPLORE: How to avoid security breaches within the IT department.

Insurance is all about risk transfer: A breach may or may not happen, but if it does, it will be expensive, so youll pay an insurance company to take that risk off your shoulders. This means that its the CFO who is responsible for buying insurance of all types. Insurance doesnt solve any problem other than a financial one, so the CFO is the person most interested in reducing the risk to the institution.

However, CIOs and their teams are the ones with the expertise and knowledge in this area. The CIO and CISO will be able to read policies and understand the specific terms of art used in a way that the CFO cant. The security team will be able to understand what is and isnt excluded and put it into context for the CFO. Thats a critical step, because if the important risks are not covered properly, then the insurance isnt meeting the goals of the institution or the CFO.

alexsl/Getty Images

Go here to see the original:
What Higher Education Institutions Need to Know About Cyber Insurance - EdTech Magazine: Focus on K-12

White House press secretary Jen Psaki declined to comment Wednesday on special counsel John Durhams allegation that tech executive Rodney Joffe mined non-public White House internet records to find dirt on former President Donald Trump.

Fox News correspondent Jacqui Heinrich asked Psaki during her regular briefing if there was still a DNS resolver server extracting White House data and whether its alleged review by a Hillary Clinton ally constituted spying.

Durham says there was an outside company with ties to the Clinton camp monitoring server data info on the Executive Office of the President through the Obama administration, possibly into the Trump administration, Heinrich began her questioning.

Do you know if theres still a system picking up server data on the EOP and if not, when it stopped?

I know you asked my colleague a few questions about this the other day, but I would point you any questions about this to the Department of Justice, replied Psaki, referencing Heinrich raising the matter at a Monday briefing with deputy press secretary Karine Jean-Pierre.

Is what was described in the filings there monitoring internet traffic is that generally speaking, would that be considered something along the lines of spying? Heinrich followed up.

Again, I would point you to the Department of Justice, Psaki said.

Trump cited Durhams Friday filing as evidence that he was the victim of a hoax linking him to Russia in the 2016 election. However, Joffe said through a spokesperson he did nothing wrong.

Joffe, a now-retired senior vice president at Virginia-based company Neustar who is identified as Tech Executive-1, exploited domain name system (DNS) Internet traffic pertaining to the Executive Office of the President, as well as two Trump properties and a healthcare provider, the Durham filing said.

[Neustar] had come to access and maintain dedicated servers for the EOP as part of a sensitive arrangement whereby it provided DNS resolution services to the EOP, the filing went on. [Joffe] and his associates exploited this arrangement by mining the EOPs DNS traffic and other data for the purpose of gathering derogatory information about Donald Trump.

Clinton campaign attorney Michael Sussmann allegedly gave the DNS records to the CIA in early 2017. Sussmann is awaiting trial for allegedly lying to the FBI about his links to the Clinton campaign while hawking a later-debunked theory linking Trump to Russia-based Alfa-Bank.

The Friday court filing alleged that [Joffe] indicated that he was seeking to please certain VIPs referring to individuals at [Sussmanns law firm] and the Clinton Campaign.

A DNS resolver server helps fulfill computer requests to visit websites such as WhiteHouse.gov. But the precise data points analyzed and circulated by Joffe and Sussmann have not been divulged.

A spokesperson for Joffe said Monday that he is an apolitical internet security expert who legally provided access to DNS data obtained from a private client that separately was providing DNS services to the Executive Office of the President (EOP).

Under the terms of the contract, the data could be accessed to identify and analyze any security breaches or threats, Joffes rep said.

As a result of the hacks of EOP and DNC servers in 2015 and 2016, respectively, there were serious and legitimate national security concerns about Russian attempts to infiltrate the 2016 election, the statement continued. Upon identifying DNS queries from Russian-made Yota phones in proximity to the Trump campaign and the EOP, respected cyber-security researchers were deeply concerned about the anomalies they found in the data and prepared a report of their findings, which was subsequently shared with theCIA.

Sussmanns legal team said in a court filing Monday that the DNS records in question dated to former President Barack Obamas administrations and not Trumps, which began on Jan. 20, 2017. The rebuttal also said Sussmann never billed the Clinton Campaign for the Feb. 9, 2017, meeting where he gave the records to the CIA.

The significance of Joffes access to DNS records and potential privacy concerns remain murky, in part because its unclear what exactly was accessed and shared. Joffe has declined The Posts request for an interview.

A 2020 document from the federal Cybersecurity & Infrastructure Security Agency emphasized that US agencies should pursue encryption when selecting from private-sector DNS resolver servers to enhance user security and privacy by preventing eavesdropping and manipulation of DNS data.

In recent years, the government has taken an increasingly active role in the process of hardening the security of federal DNS services.

Here is the original post:
Psaki won't comment on Clinton-linked tech exec 'mining' WH records - New York Post

Ho, a 39-year-old banker who grew up attending weekly language classes in Chinatown, thought sending more video documentation to the cloud could help bridge the gulf between authorities and disenchanted locals who felt like their safety concerns werent being taken seriously enough.

Its not rocket science, Ho remembered thinking at the time. Just arm a bunch of storefronts with security cameras. How hard could it be?

According to the team of technology consultants she hired, very.

Block after block, merchants and residents revealed that, if they had any internet at all, they were relying on ancient dial-up or slow DSL connections. In the tech capital of the world, Chinatown appeared to be an internet dead zone.

Ten months later, Hos team managed to install cameras on only one of the historic districts 30 blocks. The districts digital divide has ramifications beyond public safety. Ho said she heard from restaurants that were unable to transition to online deliveries during the roving lockdowns, from parents whose children couldnt log onto remote learning, from residents incapable of scheduling tele-health appointments, and from business owners, residents and others who simply gave up on connecting to the World Wide Web whatsoever.

In a historic district with origins in government-sanctioned isolation, Ho found herself going up against internet giants.

This is wrong, she said she thought in early 2021. So who do we talk to about this?

First settled in 1848, Chinatown has always been ghettoized, said Justin Hoover, executive director of the Chinese Historical Society of America.

The history of the Chinese in Chinatown is one of exclusion and inequity, he told The Chronicle.

Joel Hernandez, chief technology officer of IT Jockeys, takes a photograph of a security camera outside Charity Cultural Services Center in Chinatown. The buildings windows were smashed twice in the past year, but its security cameras were not high-quality enough to record the attacks.

In the mid-1800s, city ordinances limited where Chinese immigrants could live and work while their children were forbidden from attending public schools. During the 1900 bubonic plague, police officers sealed off Chinatown, preventing people from coming or going.

Today, low-income families cram into rooms designed for one person in Chinatowns numerous single-room occupancy hotels, and there are few parklets or outdoor spaces for recreation, Hoover said. Not being able to access a critical utility like high-speed internet is just the latest hardship.

Were each left to fight our own battle to get better internet or get left behind, said Hoover, whose office is in the the former YWCA building, where single Chinese women found a social outlet from the 1930s to the 1980s.

And yet, the states broadband map shows parts of Chinatown to be among the areas most wired for fast internet, performing much better than the neighboring financial district. Points on the map directly contradict what merchants and residents say they experience on a daily basis.

Terrie Prosper, a spokesperson for the California Public Utility Commission, told The Chronicle the broadband map represents the maximum possible speed for the area, not what speed users will sign up for. Many businesses opt for a lower plan and would get slower speed than the maximum for that reason, Prosper said.

Ho thinks the technical explanations dont take into account Chinatowns history of exclusion.

Its racism, Ho said. There is literally a (digital) infrastructure line around Chinatown.

Laura Li, a partner in the Waverly Services and Print shop, points to her computer as it undergoes speed testing in Chinatown. Li pays $150 a month for AT&T internet, which she said was unreliable and slow, a common issue within the historic and dense neighborhood.

Ho requested meetings with the areas major service providers, AT&T and Comcast. Comcast met with community leaders in July 2021 and sent a team to walk the district that September.

The company acknowledged issues with high-speed internet in the neighborhood and challenges to improving it, telling The Chronicle its technicians have been denied access to buildings by owners, and that the community does not want its sidewalks dug up to lay new fiber optic cables.

Ho acknowledged these as legitimate challenges, but said it sounded like Comcast was blaming the community instead of finding ways to work with it. She noted that there is no Chinese language option when calling the company.

Joan Hammel, senior director of external communications for Comcast in California, said in an email that her company has a deep, sincere commitment to finding solutions to serve Chinatown.

For a district that has been hit hard by the loss of tourism and day-to-day foot traffic, the struggle to connect with the world outside its boundaries has been acute.

On Feb. 13, The Chronicle accompanied Ho as she checked internet speeds door to door on a block of Clay Street opposite Portsmouth Square. Of the 10 open businesses, the average download speed was 12.85 megabits per second and average upload speed was 0.89 Mbps.

The Federal Communications Commission sets the baseline for adequate broadband coverage at 25 Mbps for downloads and 3 Mbps for uploads.

Three businesses had no internet service at all.

The Powell Trading Co. jewelry store registered 0.94 Mbps upload and 9.4 Mbps download, while a bookkeeping office a few doors down had the fastest speeds of the day 0.78 Mbps upload and 16.2 Mbps download.

Waverly Services and Print shop registered an upload speed of 0.82 Mbps and a download speed of 15.2 Mbps. Laura Lis store is one of the businesses Ho was hoping to outfit with a security camera. In June 2021, Li said her windows were smashed along with others on the block.

Everybody started putting (up) cardboard, which makes this place look junky because everything is boarded up, Li said. Everybody is scared.

Communication cables for a security camera outside the Charity Cultural Services Center in Chinatown. The organization seeks to upgrade its security cameras after several incidents of vandalism in the past year, but the neighborhoods slow internet speeds could hamper that goal.

Chinatown saw 57 reported incidents of malicious mischief-breaking windows last year, more than double than either of the previous three years, according to San Francisco Police Department incident data.

Last month, on the same block, Vivian Lo, manager of the Chen Tseng Trading Co., said she arrived at work to find a bullet hole in her front window.

The lack of adequate internet speed has hindered other aspects of daily life in Chinatown. Sam Wo restaurant worker Ms. Ju, who did not give her first name, said her children could not access the internet during the pandemic and fell behind in school.

The school gave my kids two computers and two hotspots but we could not use the computers because the hotspots did not work, she said.

Ho does believe Comcast is more serious about fixing the internet issues in Chinatown than its competitor, AT&T, which has not met with community leaders. Of the six merchants with internet service that The Chronicle spoke to on Clay Street, all had AT&T and paid between $65 and $75 per month. Upload speeds were consistently zero and download speeds ranged from 9 Mbps to 16.2 Mbps.

When a reporter visited AT&Ts website and entered an address of a Clay Street business that did not currently have internet service, the only plan offered was Internet Basic 6 with Speeds up to 6Mbps for $60 per month. Ho said such plans are overpriced for the speed offered, and wishes AT&T would do better. They cant even say they are trying, Ho said.

AT&T declined interview requests for this story and referred comment to USTelecom, a broadband industry group.

The group provided The Chronicle with a statement saying there are a variety of reasons internet speed may vary, including the condition of an individuals home computer and router; traffic congestion at points outside of the local connection; and multiple devices sharing a Wi-Fi connection.

Supervisor Aaron Peskin, who represents the district, said the cost of upgrading Chinatowns older buildings to accommodate faster internet should not fall on the community alone. In October, his office and the city Department of Technology launched a $200,000 pilot project that outfitted five SRO buildings with high-speed internet.

The effort started after Peskin heard from residents at the pandemics outset how the lack of reliable internet created new barriers to accessing lifeline services, including getting groceries.

Our high-speed internet pilot program for SRO residents proved that we can actually bridge the access gap when we invest real dollars in communities where the highest need is, rather than where profit lies, he wrote in an email to The Chronicle.

A recent internet speed test at one of the newly wired buildings registered a download speed of 31.3 Mbps and an upload speed of 34.1 Mbps more than enough to run a security camera and provide satisfactory internet to residents, Ho said.

Ashley Cheng found a different way around the slow internet speeds for her nonprofit organization, the Charity Cultural Services Center. She sought out Monkey Brains, an internet service provider that installs antennas on its customers roofs to transmit data wirelessly through radio waves from a main tower site connected to a fiber-optic network. The company started in 1998 as a disruptor to the lock that the telecommunications giants had on the market, said Carlos Michaud, a company spokesperson.

We are very far removed from the limitations of having to run a ground cable, Michaud said. No digging up the sidewalk to lay cables, no opening interior walls in buildings to pass wires through. The company does need the permission of building owners to install antennas on the roofs.

The company provides free internet to many low-income housing complexes in San Francisco, and in return the city allows Monkey Brains to utilize some of their fiber-optic cables in the ground, Michaud said.

Ho believes this could be a viable solution for much of Chinatown. Her ultimate goal is to improve internet access for the whole neighborhood.

High-speed internet is an essential part of (Chinatowns) survival, she said.

San Francisco Chronicle data reporter Susie Neilson contributed to this report.

Deepa Fernandes is a San Francisco Chronicle staff writer. Email: deepa.fernandes@sfchronicle.com Twitter: @deepafern

Link:
Why is S.F. Chinatowns internet so bad? Its racism, says the person trying to fix it - San Francisco Chronicle