Category Archives: NSA

Since the Russia-Ukraine conflict broke out, war on the ground has been brutal and catastrophic. Cyber warfare has been comparably insignificant, and projections about mass online shutdowns have not materialised.

However, there has been some intervention from hostile state actors. Just last week, the Foreign, Commonwealth and Development Office (FCDO) announced that Russia was almost certainly behind a major cyber operation targeting the US commercial communications and internet satellite company Viasat, which happened an hour before the invasion on 24 February.

After months of analysis, the UK governments National Cyber Security Centre (NCSC) has now attributed the hacks to the Russian state. While the primary target was the Ukrainian military, the attacks also impacted Ukrainian Viasat customers, and caused disruption to wind farms and internet users across central Europe. Additionally, the NCSC has ascertained that Russia was also behind an earlier attack on the Ukrainian government on 13 January, which involved defacing government websites and the deployment of destructive malware.

Interestingly, global sanctions on Russia have caused ransomware attacks to decrease since March, noted Rob Joyce, cyber security director of the US National Security Agency (NSA), at the NCSCs CyberUK conference in Wales this week. Sanctions have made it harder for criminals to organise attacks and move money in the West, he said.

But cyber threats do not only come from hostile states. Speaking in a panel discussion, Joyce highlighted the rise of cyber vigilantes lone actors on both sides of the conflict who are taking matters into their own hands to infiltrate and destroy their enemys systems.

While activism in support of Ukraine might seem commendable, Joyce warned that such an approach is not conducive to ethical behaviour. You want to sit back and root for the folks who are trying to do noble things but it is problematic, he said. We are trying to hold bad actors accountable in other nations [and] we have to be good international citizens in the cyber arena.

Abigail Bradshaw, head of the Australian Cyber Security Centre (ACSC), said that roughly 300,000 hactivists related to the Russia-Ukraine conflict have been identified so far, and added that the extent of cyber vigilantism has taken [government] by surprise.

There is an extreme unpredictability associated with these exploits that make it difficult to attribute, contain and stop them, she said. Hactivism can also impact regular citizens quite significantly, due to spillover onto non-primary targets (such as with the Viasat campaign) and breaches on public tools like Google Maps, impeding peoples ability to travel and infiltrating personal location data.

Some hactivists do not act alone and have the advantage of an organisation behind them, making them even more of a threat. Perhaps the best-known is Anonymous, the pro-Ukraine collective that has vowed to keep attacking Russia until its aggression stops. The groups actions have caused Russia to become the most hacked country in the world in 2022 so far, with breaches affecting 3.5 million people, according to research from virtual private network (VPN) provider Surfshark.

But hactivist collectives exist on both sides. Conti, a group of pro-Russia ransomware cyber criminals, have now restyled themselves as political activists, said Jonathan Hope, senior technology evangelist at cyber security firm Sophos, who spoke in another session at CyberUK on ransomware.

Vigilantes can be more ruthless and chaotic than other cyber criminals, he noted, as they destroy data for the sake of it rather than for financial gain, meaning victims are less likely to get their information back. Theyre hacking for Mother Russia with no checks, controls or balances, Hope said. Its a tool, a weapon to destroy data.

The rise in such sporadic hacking makes it ever more important that governments secure and stress-test their critical national infrastructure, said Juhan Lepassaar, executive director of the European Union Agency for Cyber Security.

He said that the UK has done great work in securing its telecoms sector, and other industries and countries need to follow suit. It pays off to build a framework where you stress-test the most critical sectors in society. [The sectors should be] incentivised to do it themselves.

There was consensus that both organisations and individuals need to be encouraged to undertake basic steps in cyber security. Joyce said that attitudes are changing, albeit a little late intelligence agencies have focused on counter-insurgency and terrorism for the past two decades, he said, which has caused cyber defence to fall by the wayside.

Weve not been investing in IT and now China is threatening those systems, he said. We will now do the things that we should have done ten or 20 years ago. The narrative has shifted.

Moving the onus of cyber security from response to prevention is key, added Lepassaar. In fact, Ukraines thorough preparations are what has helped the country stay online despite multiple setbacks and has even enabled them to host press conferences in besieged cities, he said. There has been a good deal of resilience from the Ukrainian state around maintaining connectivity. [This shows] the value of building partnerships early on and making sure you build distributed systems that are difficult to take down and attack.

Sign up for The New Statesmans newsletters Tick the boxes of the newsletters you would like to receive. Morning Call Quick and essential guide to domestic and global politics from the New Statesman's politics team. World Review The New Statesmans global affairs newsletter, every Monday and Friday. The New Statesman Daily The best of the New Statesman, delivered to your inbox every weekday morning. Green Times The New Statesmans weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. This Week in Business A handy, three-minute glance at the week ahead in companies, markets, regulation and investment, landing in your inbox every Monday morning. The Culture Edit Our weekly culture newsletter from books and art to pop culture and memes sent every Friday. Weekly Highlights A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. Ideas and Letters A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Events and Offers Sign up to receive information regarding NS events, subscription offers & product updates.

Read more:
NSA's Rob Joyce: Even the good hactivists are problematic - The New Statesman

David Sirota, founder of The Lever news outlet, said he believes a reported $10 billion deal between the Biden administration and Amazon is hidden in secrecy.

In late April, the news outlet Nextgov reported that the National Security Agency had re-awarded Amazon a contract for cloud-computing services.

NSA recently awarded a contract to Amazon Web Services that delivers cloud computing services to support the agencys mission, an NSA official told Nextgov.

Sirota expressed concerns with the reported contract.

We dont actually know the details of this contract. Its shrouded in secrecy, theres a national security exemption for the details of the contract, but we know its a cloud computing contract, Sirota said while appearing on Hill.TVs Rising.

There is a privacy question about what the NSA needs with a $10 billion build out of cloud computing. The mind can run wild about what thats all about in terms of surveillance and data collection, he added.

Sirota said the size of the contract is huge.

Theres very few details about what that contract is and I think that people need to understand how big the contract is. Federal contracts go out all the time in the millions of dollars even hundred of millions of dollars. A $10 billion federal contract, even at the federal government level, that is a huge contract, Sirota said.

Sirota said the size of the contract can provide some answers to as why the Biden administration awarded it.

Whatever they are actually building out with that, whatever the NSA is doing with it, you can rest assured that it is a big thing, he added.

More:
Sirota: Biden administrations reported $10B deal with Amazon shrouded in secrecy - The Hill

An active-duty sailor who triggered a two-hour lockdown at Naval Support Activity Naples last year by firing an airsoft gun on base is being discharged from the Navy, a spokesman said May 17, 2022. (Erik Slavin/Stars and Stripes)

NAPLES, Italy An active-duty sailor who triggered a two-hour lockdown at Naval Support Activity Naples last year by firing an airsoft gun on base is being booted from the Navy following a monthslong inquiry.

A probe led by the Naval Criminal Investigative Service found that the unidentified 22-year-old seaman shot at or near a group of adolescents with an airsoft rifle from the balcony of his on-base housing, said Lt. Cmdr. Matthew Comer, a spokesman for Navy Region Europe Africa Central. One of the adolescents alleged that they were struck with a plastic pellet.

As is policy with nonjudicial punishments, the service is not naming the sailor, who was assigned to the Navy Computer and Telecommunications Station Naples, Comer said.

The Dec. 16, 2021, shooting happened on the bases Gricignano di Aversa site. It was not reported to base police and the person who reported being hit did not have any apparent injuries, the NCIS investigation found.

No subsequent shots were fired, but about 45 minutes later another minor reported seeing a man carrying a gun on base. That report caused the lockdown and hunt for the service member, who ultimately was found in his room, Comer said

The service member was compliant with police instructions and immediately turned over the airsoft gun, he said.

The sailor is in the process of leaving Italy and separating from the Navy, Comer said.

Airsoft guns often are realistically modeled to look like real weapons. They shoot nonmetallic soft pellets and frequently are used for target practice and military-style games.

Personal weapons, including airsoft guns, are prohibited on base, a Navy spokesperson said in December.

NSA Naples Gricignano di Aversa site includes schools, housing, a commercial center, a hospital and a hotel. It is about 13 miles from the bases Capodichino site, which includes administrative and support services and is home to U.S. 6th Fleet.

Approximately 8,500 people are assigned to the base, according to its website.

Read more here:
Airsoft shooter at US military base in Italy receives discharge from Navy - Stars and Stripes

The court granted Central government time till May 10 to file its response, failing which it intended to decide the question of whether there was a requirement to refer the challenge to a seven-member bench.

Instead, the Central government filed an affidavit stating that it will reconsider the law and requested that the challenge proceedings be kept in abeyance.

It appears that the courts oral observations in the matter, where it disapproved of the misuse of the law, had a bearing on the governments decision.

The petition took objection to this approach mainly because such a proposal didnt factor in pending cases and continued misuse of the provision while the law would be under the governments consideration.

The Central government sought a days time to take instructions on interim measure to ally the petitioners fears.

On Wednesday, it proposed to establish a mechanism where sedition cases would be filed only after an officer of SP rank justified in writing and such a justification would be open to judicial review. The petitioners, on the other hand, insisted on suspension of law in totality.

In fact, Senior Advocate Gopal Sankaranarayanan submitted proposed consequential directions of an absolute suspension of the law which inter alia included explicit stay of pending proceedings and bar on registration of new cases.

Continued here:
Govt will simply slap UAPA or NSA on perceived dissenters even if sedition law is struck off statute - National Herald

Editors Note: The NSA IG mentioned in the report and in this interview, Robert Storch, told Federal News Network that the day ofter he learned of the cost-of-living adjustments he received, he repaid them with a personal check for $17,595.13. Storch says he was not consulted on the increases, and declined to seek a waiver to keep them.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drives daily audio interviews onApple PodcastsorPodcastOne.

The inspectors general for two intelligence agencies were each overpaid by tens of thousands of dollars between 2016 and 2020. Thats according to an internal Defense Department memo a whistleblower supplied to Empower Oversight, an outside watchdog group. Theres no clear evidence anyone intentionally did anything wrong. Theres also no evidence the moneys been repaid or whether the matter has been properly investigated. Jason Foster is founder and president of Empower Oversight. He spoke with Federal News Networks Jared Serbu on theFederal Drive with Tom Teminabout what we know and dont know.

Jason Foster: The memo was provided to the DoD inspector generals office and it walks through the relevant legal authorities for inspector general pay because inspector general pay is set by statute. And inspectors general are senior officials who are subject to a pay freeze and so the memo went through and concluded and reported findings to the DoD IG that these two inspectors general at NSA and NRO had been, according to this official at DoD, overpaid the amounts of approximately $18,000 total for one of the IGs and approximately $150,000 total for the other IG. And this is over a multiple-year timeframe.

Jared Serbu: And youre fairly confident at this point that that memo is authentic, even though it was not provided to you from an official source of any kind?

Jason Foster: Yes, so we attached a copy of the memo to our FOIA requests to all the agencies that we asked about it. And in our FOIA request, we explicitly said that we had received it from an anonymous source and couldnt independently authenticate it. However, since we sent those FOIA requests we were contacted by multiple other sources, who did authenticate the memo who we know who they are, and they are in a position to know that its an authentic memo.

Jared Serbu:And I believe youve seen a response from the NSA IG that basically just indicates this was a clerical error that he knew nothing about at the time. Anything similar from NRO, so far?

Jason Foster: No, weve had no contact from NRO. And I would note just that the amount for the NRO IG, the total amount of the alleged overpayments is much higher, its much more significant than with the, in one case, it was just the NSA IG got a cost of living increase that the DoD memo says he wasnt entitled to. However, with the NRO IG, youre talking about overpayments of over $40,000 a year for several years totaling about $150,000.

Jared Serbu:Yeah, can you unpack that one, maybe a little bit more? Because that one, it looks as, for one thing it spans over more years than the NSA IG overpayments did. But also it looks in that case as though the official started at a higher salary than would have been entitled to under law and then continue to get increases year after year after that.

Jason Foster: Yeah, thats exactly correct. So we lay out the numbers from the memo in our FOIA request. And, you know, this is, again, the these are approximate and we dont have access to the underlying records. We just have the summary memo that the DoD provided to the DoD IG. And you know, according to that memo, the overpayments were about $5,000 in 2016; about $20,000 in 2017; about $38,000 in 2018; about $40,000 in 2019; and about $45,000 in 2020. I mean, this is significantly above the level at what an executive level, I think its executive level three, I think is the pay cap for a presidentially appointed inspector general.

Jared Serbu:I know you said youve not gotten any official responses from NRO yet, but is there any document in your possession or anything that youve seen that would lead you to come up with some reason why this might have happened in that case?

Jason Foster: I mean, I have a little bit of insight, again, from sources who contacted me after we sent the FOIA request as sort of what the backstory was. When this memo came over to the DoD OIG, they then referred it to the Council of Inspectors General Integrity Committee (CIGIE), which is sort of the self-policing body for inspectors general, to see if there was any potential investigation that body ought to do. I dont know whether they also informed the White House or Congress or anyone else, but its because the DoD IG is the one who referred it to the integrity committee, there were concerns about potential retaliation if, because the NSA IG is the nominee to be the new DoD IG, right? And so its the office that he would be taking over where people had, just doing what they thought was their duty, referred it for potential inquiry. And we raised questions about why the integrity committee didnt look at it, and how can this not have been elevated to responsible people in the political branches, either in Congress or the White House and sort of how, its just sort of perplexing, like, how could this happen without anybody knowing, and without it being public? You dont have accidental pay raises going to other IGs and I dont know if its because theyre national security components. And so theres just not as much transparency or what the explanation is.

Jared Serbu:Lets unpack that CIGIE piece a little bit, I think the allegation in your original whistleblower communication was not only was CIGIE aware that these overpayments had happened and didnt really do any kind of investigation, but may have also alerted the people who would have been the subjects of the investigation. Is that right?

Jason Foster: Thats correct. So the source who provided the memo to us also alleged that in CIGIE meetings, there was essentially a heads up to the other IGs and said, Hey, this is something that came in to the integrity committee, and you should double check and make sure your houses there in order, right? Basically, theres going to be scrutiny on this. So there was, like I said, essentially, a heads up to everyone to make sure that they werent in a similar position.

Jared Serbu:I want to stress I dont think theres really any hard evidence at this point that there was any impropriety on the part of CIGIE or, frankly, anyone else at this point because we just havent seen the documents yet. But does this kind of structure give you any kind of pause just in terms of how inspectors general are overseen? It is really, as you said, really just a self policing body where the inspectors general themselves are really the only oversight they have other than each of their respective agency directors, or am I missing something?

Jason Foster: Right, and Congress, right. I mean, and technically CIGIE, theres an OMB official who is part of CIGIE by statute. So thats supposed to be the line of oversight to the White House. But again, with my background and working years and years on issues around the IG community from Capitol Hill, my concern is there needs to be transparency and oversight and questions being asked from Capitol Hill about these things. I mean, this is ultimately, the structure, as you said, it is largely a self-policing structure. The integrity committee itself, the NSA IG was the vice chair of the integrity committee at the time this report came in and so had to recuse himself. My understanding is he did properly as I would expect, he recused himself from any consideration of this particular matter. But the standards are very opaque and vague as to what the integrity committee will open an investigation on and what it wont open an investigation on. And there has been a lot of dissatisfaction on Capitol Hill over the years with the integrity committees performance. It seems to be either too aggressive in some cases for some reasons and not aggressive enough in other cases. And theres no sort of coherent explanation for why they will open up an investigation on some and not open investigations on others. And my argument from the time even from when I was on Capitol Hill as a staffer dealing with CIGIE and its leadership was you need to manage this situation, when you have a problem like this, that has the potential to tarnish the reputation of the inspector general community writ large. You need to show some leadership and and make sure that its raised to the political branches to deal with, and that folks on the Hill and the folks in the White House know when theres an issue and can step in and resolve it one way or the other.

Jared Serbu:To the best of your knowledge, is anyone on the Hill actively looking into this?

Jason Foster: We published an update to our press release that included questions for the record from Sen. Josh Hawley (R-Mo.), who had asked the NSA IG about the overpayments in the course of his confirmation proceedings, because hes the nominee to be the new DoD inspector general. And so thats the only one where I know we were provided a copy of the answer that the NSA inspector general provided to Sen. Hawleys office in response to that question for the record. But I know that that nomination hasnt moved forward in the last several weeks and that there were attempts to hotline it, and to have it passed by UC and that that hasnt occurred yet.

Jared Serbu:Just one more question on transparency. Beyond transparency around policy, is what you call it opaque a second ago, what else could or should CIGIE be doing to make the whole process that they run more transparent, and as you said, increase that or maintain that level of trust that everybody needs to have in the IG community?

Jason Foster: Well, we tried to impose some of that transparency back in 2016, when I worked on the IG empowerment act, and we had, there were dissatisfaction then on both sides of the aisle about the speed with which integrity committee investigations were being completed. And we passed at that time, a reporting requirement that said that when the integrity committee has an investigation on an IG thats open for more than 180 days, that then you have to send a report up to Congress with an explanation. Well, since Ive been off the Hill and Im now in this role in an outside watchdog organization, we actually FOIAd a whole bunch of those reports. Theyre not routinely made public. The statute didnt require them to make public so if Congress doesnt post them or put them out, then nobody sees them. And when we got them, we were sort of shocked by how little information is actually in them. So theyre constantly punting on these investigations. They stay open for extremely long periods of time, and then they send these perfunctory reports up to Congress technically satisfying the statute, but really not telling you much about why its taking so long. There were some people who wanted, who had argued for actual caps with requirements that look, you got to finish this investigation within X amount of time or something, some kind of consequence occurs. But they fought that, and we sort of had this compromise of the reporting requirement. But it doesnt seem to be doing much. So I know that theres talk among good government groups on the outside across the ideological spectrum about readdressing integrity committee reforms, because nobody seems to be happy with the progress on either side.

See more here:
Two agency inspectors general got salaries that busted legal limits on political employee pay - Federal News Network

By James J. Lidington

Isle of Wight Academy

The Isle of Wight Academy varsity baseball and softball teams were scheduled to open state tournament play Tuesday, May 17, as the schools varsity coed soccer team wrapped up an undefeated conference-title-winning season.

The No. 6-ranked IWA baseball squad was set to take on No. 3 Nansemond-Suffolk Academy on Tuesday in a renewal of pleasantries with their longtime rivals. The teams have not met on the baseball field since March 13, 2020, just before that season was canceled by the global COVID-19 pandemic. The Saints took that contest 16-1.

IWAs softball team was set to host Norfolk Collegiate School on Tuesday at IWA.

The IWA soccer team won both the Virginia Colonial Conference regular-season and tournament titles. The ODU side took the conference championship against Blessed Sacrament Huguenot School, 2-1, to finish the year 14-0, 12-0 in conference play.

IWAs coed golf team finished with a 23-5 record for dual matches.

Dustin Moon was 2-for-4 with a double, scored a run and drove in four as IWA topped Norfolk Christian School 11-3 Monday, May 9, in a non-conference Senior Day tilt.

The Chargers received prolific production from the graduating class: Trevor Mason was 1-for-2, scored two runs and drove in another with a triple.

Christian Biernot was 2-for-3 with a double, scored three times and drove in a pair. Jake Lineberry was 2-for-4, scoring and driving in a run each. Starting pitcher Zach Rusinak earned the win, pitching five innings and giving up only four hits and two earned runs. Rusinak walked four and struck out eight.

Seniors Mark Thompson, James Thompson, Dustin Moon, Jacob Chapman, Kody Kosiorek and Trent Holland also were honored before Mondays game.

The 19-1 Chargers are vying for their first Virginia Independent Schools Athletic Association Tournament win since May 13, 2019, when they defeated Fredericksburg Christian, 7-4.

IWA has a 2-1 mark against common opponents this season with the Saints (14-6); NSA was a perfect 3-0 against those opponents: Hampton Roads Academy, Walsingham Academy and Norfolk Christian.

The winner of Tuesdays VISAA Division II contest will play in the semifinal round Friday, May 20, at 11:30 a.m. or 2 p.m. at Shepherd Stadium in Colonial Heights. The state champion will be decided there Saturday, May 21, at 5 p.m.

The Isle of Wight softball team finished its regular season with a 15-4 trouncing of Southampton Academy on May 9.

Beyond IWAs opener with Peninsula Catholic High School, VISAA Division II Softball Tournament semifinals will be Thursday, May 19, at the Dinwiddie Sports Complex in Sutherland. The championship will be decided Friday, May 20, with a rain date of Saturday, May 21.

View post:
IWA sports roundup: Soccer team wins VCC titles - The Suffolk News-Herald - Suffolk News-Herald

HANOVER, Md.--(BUSINESS WIRE)--Dragos, Inc.:

SUMMARY: Dragos, Inc., the global leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments, today announced CEO and co-founder Robert M. Lee has been invited to speak at the World Economic Forum (WEF) Annual Meeting in Davos Switzerland, during the Global Cybersecurity Outlook session on May 23.

DETAILS: Global Cybersecurity Outlook: The World Economic Forum documents the rise in cyberattacks globally in 2021 with evidence of a continued uptick in 2022. In this fast-changing landscape it is vital for leaders to take a strategic approach to cyber risks. How can leaders better prepare for future cyber shocks? What individual and collective actions will foster a more secure and resilient digital ecosystem?

WHEN: Monday 23 May, 14:30-15:15 CEST

WHERE: Davos-Klosters, Switzerland

LOCATION: Congress Centre, Aspen 2, WEF Annual Meeting

BACKGROUND: Dragos is part of the WEF Global Innovators community. WEF had previously selected Dragos as a 2020 Technology Pioneer, an annual distinction that recognizes the 100 most innovative early to growth-stage companies from across the globe that are poised to have a significant impact on business and society. Dragos is the first and only industrial cybersecurity company to receive this recognition.

Lee is an active contributor to the World Economic Forum. He is a member of the WEF Cybersecurity Leadership Community and the WEF Subcommittee on Cyber Resilience for the Oil and Gas and Electricity Communities. Lee contributed to the WEF white paper for Cyber Resilience in the Oil and Gas Industry, Advancing Supply Chain Security in Oil and Gas: An Industry Analysis, and published the WEF article, Cybersecurity has much to learn from industrial safety planning.

ABOUT LEE: Robert M. Lee is a recognized pioneer in the industrial cybersecurity, threat intelligence, and incident response community. He gained his start in cybersecurity as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency (NSA). There he established the first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission for the NSA to identify and analyze national threats to industrial infrastructure. Following his role at the NSA, Lee built the cybersecurity communitys first class for identifying and responding to threats targeted at ICS at the SANS Institute, the worlds largest company that specializes in information security and cybersecurity training.

Lee is routinely sought after for his advice and input into industrial threat detection and response. He has presented at major security conferences such as SANS, BlackHat, DefCon, and RSA, and has testified to the U.S. House of Representatives Committee on Energy and Commerce, Subcommittee on Oversight and Investigations; and the U.S. Senate Committee on Energy and Natural Resources. As a non-resident national security fellow at New America, Robert worked to inform policy related to critical infrastructure cyber security. He is regularly asked by various governments to brief national level leaders.

See the original post:
Dragos CEO Robert M. Lee to Address Global Audience on Criticality of Industrial Cybersecurity at the World Economic Forum Annual Meeting in Davos,...

Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they're increasingly targeted by supply chain attacks.

Multiple cybersecurity and law enforcement agencies from FVEY countries (NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, and the FBI) shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats.

"The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actorsincluding state-sponsored advanced persistent threat (APT) groupsto step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships," the joint advisory reads.

"For example, threat actors successfully compromising an MSP could enable follow-on activitysuch as ransomware and cyber espionageagainst the MSP as well as across the MSP's customer base."

FVEY cybersecurity authorities have issued other advisories [1, 2, 3, 4] across the last several years with general guidance for MSPs and their customers.

However, today's advisory comes with specific measures on securing sensitive information and data via transparent discussions centered around re-evaluating security processes and contractual commitments to accommodate the customers' risk tolerance.

A quick rundown of the most critical tactical actions that MSPs and their customers can take includes:

"We know that MSPs that are vulnerable to exploitation significantly increases downstream risks to the businesses and organizations they support," CISA Director Jen Easterly said.

"Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain."

One year ago, the UK government announced a call for advice on defending against software supply-chain attacks and ways to strengthen the cybersecurity defenses of IT Managed Service Providers (MSPs) across the country.

The move came after President Biden had issued an executive order to modernize the United States' defenses against cyberattacks following the SolarWinds supply chain attack and the DarkSide ransomware attack against Colonial Pipeline, the largest US fuel pipeline.

Visit link:
FBI, CISA, and NSA warn of hackers increasingly targeting MSPs - BleepingComputer

During her senior year at Grovetown High School, Lauren Wheeler made a decision that changed her life. She received an internship with the National Security Agency at Fort Gordon that opened her mind to a future career in cybersecurity.

My dad worked at Fort Gordon, so I was born and raised here, Wheeler said. And I always liked computers, but initially I thought I was more artsy. So, back in high school, I was interested in graphic design and worked on the yearbook staff. But then my dad said, Well, you know, theres an internship that the NSA offers.

Wheeler didnt know much about the internship, but there were two aspects of the program that appealed to her.

First, I thought, I can get out of school with this internship, Wheeler said, laughing. And then, I thought, It will also look good on my resume. So, I applied and received the NSA internship. That decision put me on my career path in cybersecurity, instead of graphic design.

Wheeler, now 22, is graduating from Augusta University with a bachelors degree in cybersecurity and was recently named the 2022 Top Cybersecurity Student for the School of Computer and Cyber Sciences at AU.

While attending Augusta University, Wheeler has also been working full-time for almost four years as an access control specialist, contracting for the Department of Defense. In that role, she monitors closed-circuit television systems and intrusion detection systems and maintains a top secret/sensitive compartmented information clearance. In addition, Wheeler was also awarded the Department of Defense Cyber Scholarship during her senior year at Augusta University.

With my dad working at Fort Gordon, I already grew up with security stuff in the house, so I was familiar with that part of cyber. And my internship in high school made me want to go to Augusta University because a few of the cyber professors come from the NSA, Wheeler said. So, even when I was in high school, I thought, Cyber would be a good choice. Then, when I got to AU, I knew it was the right choice.

With her cybersecurity degree, Wheeler says her career opportunities are endless and she is proud to say she already has a job waiting for her the minute she walks across the stage and receives her diploma.

A few weeks right after graduation, Ill start my job with Army Cyber at Fort Gordon, Wheeler said. Its exciting because, of course, youll hear some people talk about how, with their degree, its hard to find a job. Well, thats not the case with cyber.

She loves the fact that her cybersecurity degree will allow her to either stay in Augusta, which has become an international cybersecurity hub, or travel around the world.

I know I want to stay within the government, but I also want to travel, so once this year is done, maybe I will start looking toward other locations, Wheeler said. For example, I have family up in Washington state and I think that would be a fun place to live. My parents also just moved to Hawaii. Personally, I think it would be cool to live in another country, which the government offers tons of opportunities for jobs overseas, so Im excited about the possibilities.

One of the main aspects of cybersecurity Wheeler finds most appealing is the empowerment that she now has over computer hackers, she said.

I like the idea that I can protect myself, Wheeler said. Cybersecurity lets me be able to know what strategies I need and gives me the knowledge to protect myself. But I also have the ability to pass that knowledge on to others.

Both in high school and college, Wheeler gave speeches and presentations about the importance of cybersecurity and she was pleased with the response she received from audience members.

People were really receptive to what I was telling them because I was showing them how some social media posts and oversharing certain aspects of your life can be cyber risks, Wheeler said. For example, if youre sharing that you are on vacation, youre basically telling people youre not at home. Or, like those Instagram challenges where they ask, What do you prefer? Or, Do you like this? With those kinds of challenges, youre basically telling people the answers to your security questions. Those are the little things that people dont think about.

Another aspect of cybersecurity that Wheeler enjoys is programming, she said.

I always thought being a code hacker sounded cool, like Mr. Robot, Wheeler said, referring to the former USA Network show that featured a cybersecurity engineer who is recruited to join a group of hacktivists that aims to destroy all debt records by encrypting the financial data of one of the largest companies in the world. I thought that programming would be cool and it would be awesome to be a girl doing it, too. There arent a lot of girls in this field.

In fact, one of her favorite courses that she took at Augusta University was a class about programming taught by Steven Weldon, director of the Cyber Institute.

I just knew programming would be exciting and Steven Weldon broke it down where it was a lot of fun, Wheeler said. He made it engaging, which not all people can do, and the two hours in the lab would just fly by.

I also liked Dr. Jason Williams classes because he stimulates a lot of conversation in the classroom, she added. That was nice because sometimes with this major and if you are a student like me who doesnt live on campus we dont get to talk to a lot of the other students. But, in his class, he encourages discussions and that helps you get to know your peers. And now I really know the people who Im graduating with this spring.

After four years at Augusta University, Wheeler cant believe she will receive her diploma this week.

Everything just went by so fast. Its crazy to me that its already time to graduate. My brain is still on 2020 sometimes, Wheeler said, laughing. But my parents are super proud, especially my dad. When I decided to go into cybersecurity, I almost didnt want to tell him. I didnt want people to think, Oh, she went into cybersecurity because her dad is in computer science. I just like to figure things out myself.

But Im so glad that I went into cybersecurity and my parents are thrilled with my decision and cant wait for me to graduate.

Augusta Universitys Spring 2022 Commencement ceremonies will be held Thursday, May 12 and Friday, May 13. Thursdays ceremony will honor graduate students, and Fridays ceremonies will honor undergraduate students. Watch the events via livestream.

LikeLoveHahaWowSadAngry

31

View original post here:
Graduation Week 2022: Cybersecurity grad prepares to protect the world - Jagwire Augusta

Tribune News Service

Sandeep Dikshit

NEW DELHI, MAY 11

One of the Prime Minster Narendra Modis greatest successes was in handling cross-border terrorism and the finesse with which the Balakot aerial strike was conceived and implemented which blew away the myth of Pakistans nuclear blackmail, writes National Security Advisor Ajit Doval, who was in the operational cockpit during both the surgical land strikes of 2016 and the Balakot aerial strikes 2019.

Doval went on to warn that while the first two counter strikes were land-based and aerial, tomorrow, it may be different from both if the adversary again causes disproportionate casualties. Domain and level will not be inhibiting factors, writes Doval in the chapter, Tackling adversaries through strong and effective national security policies in the book Modi@20 unveiled on Wednesday.

The lack of response to the numerous incidents of bombings in Indian cities during the UPA era had agitated Modi ever since he was Gujarat chief minister. The decision not to retaliate for the Mumbai attacks had earned India the infamous nomenclature of being a soft state. The first-of-its-kind operations after Uri enhanced Indias global prestige. It caused panic in the adversarys mind and momentarily disrupted terror training and planning of more attacks, he said.

Revealing more details, Doval recalled that it was a simultaneous operation by multiple strike teams at four disparate locations. The novel planning for the strike generated chaos, panic and confusion by creating the enemy is everywhere syndrome. The then Pakistan Army leadership castigated its ground formations for failing to block even one strike team, despite having a large number of forward deployed troops. More importantly, it was a political call by the Prime Minister, which meant that he was taking responsibility, not only for success, but also failure. This exhibited risk-taking at the highest levela quality shown by very few.

The PMs striking characteristic has been his ability to approach national security matters from a long-term strategic perspective. He has an uncanny futuristic sense, and observes risks and opportunities that are often missed even by experts, affirms the NSA.

Read the original:
Modi@20: Balakot blew away the myth of Pakistans nuclear blackmail, writes NSA Ajit Doval - The Tribune India