Cloud Hosting

Cybersecurity. Its important stuff. Theres a lot of critical data out there that you dont want bad actors snooping on.

That is why the Air Force apparently needs a cybersecurity mascot. A caped robot with a shield and lightning bolt adorned helmet, here to ask you if youve tried turning your computer off and on again and presumably solving the myriad of technical issues that come with the territory when youre using decades-old software.

He is mighty, strong and here to fight our cyber problems away, says the Air Force.

He is just he for now, and like any good mascot, he needs a catchy name. And its up to the proud men and women of the Air Force to come up with one.

We will be integrating this character with the Department of Air Force cyber awareness marketing material, campaigns and announcements to help support brand awareness, reads the website for the Air Forces chief information security officer, along with instructions for how to send in your name suggestions via email.

Will this become another Boaty McBoatface situation? Surely not.

After all, the Air Force is supposed to be the smart branch. Marines just trip balls at Camp Lejeune, but airmen do it while guarding nuclear weapons. When the Navy draws a sky penis, pilots lament that the balls are going to be a little lopsided. The Air Force does the same thing with some of the most expensive jets to ever take to the sky. And who wouldnt want to use a C-130 Hercules for a brief excursion to Marthas Vineyard to pick up your motorcycle?

Once given a name, this robot, whether its named Cyber McCyberface or any other proposed monikers, might have a lot on its cyber plate. Especially when its going to be operating in computers that struggle to even turn on.

So airmen, dont let us down. Comeup with a namefor this new keyboard warrior! You can find the email to submit your suggestions and more information about the mascothere.

Want to write for Task & Purpose? Click here. Or check out the latest stories on our homepage.

More here:
The Air Force is trusting the internet to name its ridiculous new cybersecurity mascot - Task & Purpose

The suggestion comes after a 24-year-old Sacramento man is behind bars, being accused of directing more than 80 underage victims to produce porn across the world.

SACRAMENTO, Calif. Investigators believe 24-year-old Demetrius Davis has at least 80 victims between the ages of 6 to 13 in the U.S., and many more overseas, after posing as an 11-year-old girl named Lizzy online, directing dozens of children to create child pornography online.

"On their siblings, other relatives and other kids that they know and then film it and send that video to our suspect," Sgt. Rod Grassman, a spokesman for the Sacramento County Sheriff's Office said.

Jeffrey Lee, author of the book, 'Online Predators, an Internet Insurgency,' has more than a decade of experience fighting against online child exploitation. He says the best way to prevent this sort of activity from happening is parental involvement, first and foremost.

"These types of cases are actually quite common, unfortunately," Lee said. "They're more common than you would like to think."

Lee said parents should be teaching their kids that the 'stranger danger' policy needs to apply online too and they should be checking their phones regularly as every app and every URL is a potential destination for victimization.

"You've got to adapt the stranger danger conversation for the 21st century, plain and simple," Lee said. "We have to adjust accordingly, we have to stay in front of our kids and we have to make the topic of online predation, online exploitation, online criminality in general, regular topic, the conversation in the house."

He encourages bringing up this case, which kids may have heard about on the news or from their friends, as a jumping off point to start the conversation. But, Lee says there are warning signs that every parent can be looking out for at anytime.

"Any abrupt changes in behavior, and it's generally going to be for the negative, spending a lot of time, more time isolated in their room, a little more insolent, grades start to slip," Lee said.

And he says this is something than can be avoided with parental involvement.

"Nothing is going to take the place of your involvement and your willingness to stay involved and your willingness to talk to your kids about this stuff," Lee said. "Present to them and show them say, hey, look, if this happens to you, I have a plan."

Lee added if you do find something on your child's phone, stay calm, be a good witness, do not converse with the person on the other end, make sure you have the passcode, don't delete anything and call law enforcement right away.

1/10

1 / 10

Sacramento County man allegedly lured 80 children into making porn

See original here:
'We have to stay in front of our kids' | Experts advocate for parental involvement to strengthen cyber security - ABC10.com KXTV

Western and media attention may be focused on the conflict between Russia and Ukraine, but countries have not taken their eye off the Indo-Pacific where there is clear evidence of the changing world order. This is manifest in the signing of the India-Australia Economic Cooperation and Trade Agreement in goods and services earlier this month.

The botched US withdrawal from Afghanistan followed by China taking a serious interest in creating new economic, military and political alliances, and the impending energy crisis demand that nations recalibrate their strategic as well as long-term interests. The India-Australia ECTA is a concrete example of the bilateral faith in common values, and understanding of threats and goals. A reflection of this is cooperation in cyber security.

The Russia-Ukraine conflict has shown how cyber threat actors, both state and non-state, have become significant players in hybrid or unrestricted warfare. Both countries have let loose malicious elements in the information as well as operational space, while non-state actors like the hacktivist group Anonymous claimed to have caused significant damage to critical Russian and Belarusian financial and military infrastructure.

China is accused of having amassed a large number of cyber weapons and has allegedly carried out sophisticated operations aimed at espionage, theft of intellectual property, and destructive attacks on internet resources of some countries. Australia and India have been at the receiving end of several such campaigns by the so-called Advanced Persistent Threat (APT) groups, supported by or assumed to be located in China.

At the June 2020 virtual bilateral summit, Prime Minister Narendra Modi and his Australian counterpart Scott Morrison elevated the bilateral relationship to a Comprehensive Strategic Partnership. The new cyber framework includes a five-year plan to work together on the digital economy, cybersecurity and critical and emerging technologies. This will be supported by a $9.7 million fund for bilateral research to improve regional cyber resilience.

An annual Cyber Policy Dialogue, a new Joint Working Group on Cyber Security Cooperation and a joint working group on ICTs have been established. An annual India-Australia Foreign Ministers Cyber Framework Dialogue will be held. India will now be included in a core Australian initiative called the International Cyber Engagement Strategy it began in 2017 to actively conduct capacity-building arrangements in Indonesia, Singapore and Thailand, and support similar activities in Malaysia, Vietnam and Cambodia. In 2021 Australia added critical technologies to the initiative, making it important to the bilateral partnership with India and to the Quad.

India has much to learn from Australias low-key but smart cyber expertise. The Australian Cyber Security Centre (ACSC) in Canberra is the receptacle of the countrys cybersecurity information, advice and assistance efforts. It draws expertise from national law enforcement, intelligence agencies, crime investigation, and national security bodies. ACSC has a partnership programme with the corporate world to facilitate intelligence-sharing on threats. AustCyber, another government effort, aims at establishing an internationally competitive domestic cybersecurity industry.

India has set up the office of the National Cybersecurity Coordinator, a national Computer Emergency Response Team (CERT-IN), a national Critical Information Infrastructure Protection Agency (NCIIPC), and made appropriate amendments to the Information Technology Act and Rules to enhance its cyber security posture. This has upped Indias rank to 10th in the Global Cyber Security Index (GCI) 2020, from 47th just two years earlier. India has capable cybersecurity professionals.

In February, the foreign ministers of India and Australia recognised cooperation in cyber governance, cyber security, capacity building, innovation, digital economy, cyber and critical technologies as an essential pillar of the relations between the two countries. A joint Centre of Excellence for Critical and Emerging Technology Policy, to be located in Bengaluru, will be set up.

India and Australia share common concerns around 5G rollouts, threats by APT groups, cybercrime, information warfare and threats to a democratic order. Deepening cooperation can develop avenues for mutual learning and create complementary markets in cyber tools and technologies, boosting bilateral business and strategic commitments on both continents.

This column first appeared in the print edition on April 27, 2022 under the title Facing a common threat. The writer, Adjunct Distinguished Fellow for Cyber Security at Gateway House, is a senior IPS officer. Views expressed are personal

Visit link:
Common values, shared threats in India-Australia cyber security ties - The Indian Express

Robotics, medical research, bridges, Heinz Ketchup, the Pittsburgh Toilet these are the signatures of innovation in the Steel City. But buried underneath the surface of its journey from kitschy and industrial to kitschy and tech-centric is a story about the origins of the global cybersecurity industry.

Pittsburghs tech economy has long been recognized for its prowess in robotics and artificial intelligence, largely stemming from a strong pipeline of expertise out of local schools like Carnegie Mellon University and the University of Pittsburgh. While autonomous vehicle companies and autonomous mobile robot providers alike have found ways to profit off of those opportunities, theres a bedrock of a wider range of technical know-how still waiting to be leveraged into commercial possibilities.

Enter cybersecurity: an industry that was (arguably) born in Pittsburgh.

As the story goes, it all started with CERT, formerly an acronym for the computer emergency response team. The division was founded within CMUs Software Engineering Institute in 1988 as a response to the internet vulnerabilities exposed by the Morris worm, the countrys first major internet attack.

In the early hours of response to the Morris worm, you had a number of people working at DARPA at the time the Defense Advanced Research Projects Agency who had either ties to the SEI or to Carnegie Mellon School of Computer Science, Bill Wilson, current deputy director of the CERT Division, told Technical.ly.

Bill Wilson. (Courtesy photo)

Those DARPA employees reached out to CMU contacts, and they quickly kind of cobbled together a foundation and framework to begin to work with and build a community to as quickly as possible first, mitigate and solve the vulnerability underlying the Morris worm, Wilson said. But really, the purpose was to respond to what had been a sort of technical wakeup call in the realm of internet security. From the outset, it was always clear that CERT would be a new kind of organization in tech, something to work with a network of vendors and researchers to as best as possible, analyze and identify the [new internet] vulnerabilities and then rally the community to get the necessary solutions in place, he said.

A big part of that effort was building the talent base and expertise of people who could keep up with new cyber threats as computers and associated technology rapidly evolved throughout the 90s. Leveraging both talent within the SEI and working to foster the creation of new agencies across the globe, CERT spent the first 10 years helping other see the necessity of its services.

Much of that involved working with the government. By 2003, the Department of Homeland Security formed its own computer security incident response team, US-CERT. (At this point, CMU had trademarked the CERT name, and it still maintains that trademark. But it frequently licenses it out to organizations doing work in the realm of computer security incident response.) The US organization, which is distinct though often collaborative with the CMU one, is now housed in the DHS Cybersecurity and Infrastructure Security Agency.

That same year saw the founding of another significant effort from CMU, the CyLab Security & Privacy Institute, which is really an umbrella over all of its cybersecurity researchers, Wilson said. Now, CyLab brings together over 100 faculty and 30 graduate students across 15 departments within the university, and has trained over 75,000 people in security and privacy skills since its formation. Its research encompasses hardware security, IoT security and privacy, biometrics, blockchain, network security and more.

Outside of its research, CyLab has also been the source of some of Pittsburghs more noteworthy commercialization efforts in the world of cybersecurity. David Brumley, CEO and cofounder of application security startup ForAllSecure, was previously the director of CyLab. His company made waves earlier this year by closing a $21 million Series B round and promptly launching a new initiative to pay software engineers to use the startups fuzz testing tech to protect their open source software.

He sees CyLab as the organization that really launched a surge in cybersecurity talent concentrated in Pittsburgh.

At one point CMU had the majority of papers at top-tier conferences, he said of the early days for CyLab. So if you went to [the conferences] we had over 50% [of the work there], and its kind of that culture of having that top cybersecurity research that grew the cybersecurity field here. And Pittsburghs relative proximity to DC certainly helped too, Brumley said, adding that having easy access to the funding and resources provided by DARPA or the National Security Agency created more opportunities for CyLab to evolve its research over time as new threats emerged.

But as far as commercialization resources for CyLabs depth of academic projects and research, Brumley sees some struggles that might help explain why more startups havent come out of the organization so far. One is a need for improved tech transfer processes from local universities, but another is the classic problem of limited local venture capital volume, he told Technical.ly.

There is some access to capital, but its typically not an easy process and its not abundant in the amount, he said, though there are signs that has started to change with the pandemic, as some of the biggest VC firms in the country have begun to look outside of their signature markets.

Theyre starting to look at new places, and were starting to see more than one target outside of the West Coast, Brumley said. Still, its a new trend, and top firms like Sequoia Capital or Andreessen Horowitz, theyre not here, they dont have offices here yet.

But what if the reason Pittsburghs cybersecurity industry hasnt generated as many startups as, say, its robotics industry isnt because of funding challenges, but because the latter is product-oriented while the former is a more nuanced service?

David Hickton, who is the former US attorney for the Western District of Pennsylvania and the founding director of the University of Pittsburgh Institute for Cyber Law, Policy and Security (Pitt Cyber), thinks that difference between the two makes sense for why entrepreneurship hasnt taken off for cybersecurity despite a deep well of local expertise. As one of the regions and countrys most prominent cyber attorneys, hes been approached several times by startups looking to take him on as an advisor or leader of some sort. But none have persuaded him.

In order to be a startup that I would be interested in, youd have to have a tangible product to sell as opposed to a labor-intensive service, he said. Im not interested in, for example, being a cybersecurity service tech to teach people how to protect their program. I would be interested in something that would be a more wholesome application.

Outside of the expertise of CERT, CyLab and CMU, Hicktons work as the local US attorney under President Barack Obama and his leadership at Pitt Cyber have anchored the city as more than just a mecca for technical expertise, but for law and policy, too. Recognizing the local talent available in the cyber industry, Hickton focused his team on law enforcement within that industry. He counts six big cases as moments of progress for Pittsburgh in building an understanding of how cybersecurity laws can be formed and enforced, making the city a leader in that space.

From the outset, his team focused on a growing problem at the time, of intellectual property theft through hacking from foreign actors. And in May 2014, the US Justice Department indicted five members of the Chinese military based on findings that Hicktons team had compiled the first time the US would charge another country in connection with cyber-related criminal charges. The other five cases Hickton mentioned as early landmarks in his offices work on cyber law are the June 2014 indictment of Evgeny Bogachev, the July 2015 Darkode case, the Avalanche case in November 2016, Boyusec in November 2017, and the Fancy Bear case in May and October 2018. The latter three concluded after Hickton had left his role as US attorney and helped launch Pitt Cyber in 2016.

When it comes to the local cybersecurity industry, Hickton has one of the more experienced perspectives, which makes his thoughts on the lack of local startups all the more intriguing. Because while cyber-focused entrepreneurship hasnt thrived, local cyber jobs look like they soon might.

According to a CompTIA report published earlier this month, Pittsburghs tech industry currently employs around 5,655 cybersecurity and systems engineers, a number thats expected to grow by at least 0.8% by the end of this year. Nationally, the industrys expected to grow by over 253% by 2030. That makes sense given the rapid increase in the number of cybercrime threats in 2021, which is expected to cost the world $10.5 trillion annually by 2025.

So, what role does Pittsburgh have in mitigating these threats?

Some companies have started to take matters into their own hands, hiring in-house cyber professionals to ensure their technical products are built safely and securely. Meanwhile, local academic institutions continue to partner with nearby corporations to continue building expertise and cross-industry initiatives in cybersecurity.

To grow the local cyber economy even more, though, a key step will be figuring out how to stop losing talent to other markets, Hickton said, noting that there arent as many cybersecurity-focused corporations with locations in Pittsburgh. However, he said, Pittsburgh is increasingly on the map as a tech and advanced manufacturing hub, pointing to Commerce Secretary Gina Reimondos recent remarks on the benefits semiconductor chip funding could have for the Steel Citys economy.

But cyber, in the mind of the everyday person, is still different from other spheres of tech that Pittsburgh has found success in.

Cybersecurity, in the minds of most people, its like the hockey goalie you know, protecting against the other team putting the puck in the net, Hickton said. Its not like the scorers and and so it doesnt have some of the same sex appeal that artificial intelligence, self-driving vehicles and semiconductor tech have.

And maybe thats part of the issue. Maybe the one factor needed to propel the local cyber industry to the success other sectors of tech have seen is simply a bit more excitement. Who knows maybe todays Pittsburgh cyber pros will squash the 21st-century version of the Morris worm.

Read the original:
Pittsburgh calls itself the robotics capital of the world. But it's also the birthplace of cybersecurity - Technical.ly