Page 39«..1020..38394041..5060..»

Category Archives: NSA

A Zero Trust Mindset Replacing the Age of Innocence in Cybersecurity – The National Interest

Posted: May 11, 2021 at 11:01 pm

In the face of repeated major exploitations of critical U.S. networks, it is past time for the U.S. government to recognize that traditional security systems such as perimeter entry controls or whitelists are no longer adequate. As the SolarWinds hack proved, any security system can be penetrated with enough time and effort. Cybersecurity must be based on zero trust, which assumes that threats exist continually both inside and outside a network or cloud environment. A strategy of zero trust is based on the need to continuously monitor and validate the presence of every individual, organization, device, and piece of information on a network.

In the past year, we have seen just how bad things can get when a lack of planning leads to the worst-case scenario becoming the new reality. A country without a contingency plan for an epidemic has disrupted life as we know it for more than a year. An electric grid without weatherproofing devastates an entire state. Networks without proper security are readily hacked. Planning and preparation for the so-called once in a century event should be standard for all critical infrastructure, given how frequently such events actually occur.

While not acts of God, devastating attacks on our cybersecurity infrastructure can produce results as bad as or worse than any pandemic or natural disaster. Recent intrusions, from the SolarWinds breach to an attack on a Florida towns water supply, continue to expose U.S. industry and government as desperately ill-prepared.

For years, there have been calls for comprehensive cybersecurity planning in the public and private sector to stave off attacks by domestic and international threats. Progress has been mixed. While the Department of Defense (DoD) has made strides in defining requirements and implementing solutions that will strengthen and protect IT networks, there is much that needs to be done.

We heard about some of this progress during the recent hearing on Future Cybersecurity Architectures before the Senate Armed Services Committee (SASC). Senators and witnesses from the National Security Agency (NSA) and the DoD focused heavily on zero trust architecture, a cybersecurity framework that continually assesses the trustworthiness of access requests to information resources. Testimony from DoD witnesses, NSA Director of Cybersecurity Rob Joyce, Senior Information Security Officer/Chief Information Officer for Cybersecurity David McKeown, and Senior Military Advisor for Cyber Policy to the Under Secretary of Defense for Policy Rear Admiral William Chase extolled the virtues of zero trust as the new waypoint on the journey to a secure future.

The National Security Agency, a strong advocate of the new approach, explained it this way: Zero Trust is a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgment that threats exist both inside and outside traditional network boundaries. The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information fed from multiple sources to determine access and other system responses.

Though far too soon for a victory lap, DoD has created programs to field much-needed capabilities that will strengthen cybers defenses. Likewise, Congress has driven the pace and funding for these programs since at least 2017. As noted in the Senate hearing referenced above, Rear Admiral Chase highlighted Comply-to-Connect (C2C) as an important foundational component of the DoDs Zero Trust initiative predicated on a simple principle: you can only protect what you know you have.

C2C establishes a framework of tools and technologies operating throughout a network infrastructure. This framework discovers, identifies, characterizes, and reports on all devices connected to the network. C2C does not require network managers or users to trust that the network is secure, as all users are both authorized access and are compliant with the minimum standards of security. This way, C2C allows for an environment of zero trust. In essence, all C2C users and devices must prove their legitimacy to be allowed to operate on DoD networks. Those devices that may be authorized but lack the proper security software can be remediated.

The bigger challenge, largely absent in the SASC hearing, is how to protect everything that is not what we would consider to be an Information Technology asset. The majority of these assetsmany of which can be easily deemed as criticalare part of Industrial Control Systems (ICS) used by the military. Simply put, even if IT networks were protected, every air conditioning unit, power outlet, and water main under DoD is a potential risk to mission readiness at every base, post, camp, and station across the Services. Arguably, C2C should be part of a broader cyber strategy for ICS as well as networks and nodes. The problem is that the managers for ICS do not naturally look to IT security folks to address the security of these other systems.

Despite the U.S. armed services investment in cybersecurity, the country still lacks a thorough cybersecurity strategy for securing the ICS environment. C2C is helping here, as some solutions provide the means to identify ICS vulnerabilities. But the defense department needs to do more of the hard work of securing ICS.

Our adversaries are getting smarter and constantly looking for vulnerabilities in our defenses. What better way to cut us off at our knees than by infiltrating a military bases electric grid and killing the power for the entire installation? Congress is watching to see how the DoD accounts for military ICS security, and will probably become more directive in the next NDAA. In addition, the Biden Administration has identified critical infrastructure cybersecurity as a priority, which is an indicator that military ICS will be a factor in any future federal cybersecurity planning.

In cybersecuritys age of innocence, it was assumed that electronic walls could be built sufficiently high and wide to be made impregnable. The reality is that for a variety of reasons, any network, ICS, and cloud environment can be hackedif not from the outside, then from within. Today, with the rose-colored glasses falling from our eyes, it is clear that only a strategy based on zero trust offers any chance of successful cyber defense.

Dan Gour, Ph.D., is a vice president at the public-policy research think tank Lexington Institute. He has a background in the public sector and U.S. federal government, most recently serving as a member of the 2001 Department of Defense Transition Team. You can follow him on Twitter at @dgoure and the Lexington Institute @LexNextDC.

Image: Reuters.

Go here to read the rest:
A Zero Trust Mindset Replacing the Age of Innocence in Cybersecurity - The National Interest

Posted in NSA | Comments Off on A Zero Trust Mindset Replacing the Age of Innocence in Cybersecurity – The National Interest

NSA, CISA, FBI, and the UK NCSC Further Expose Russian Intelligence Cyber Tactics Homeland Security Today – HSToday

Posted: May 9, 2021 at 11:59 am

The National Security Agency (NSA), the United Kingdoms National Cyber Security Centre (NCSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released an unclassified cybersecurity advisory, Further TTPs associated with SVR cyber actors today. This advisory expands on the NSA, CISA, and FBI joint advisory released in April, Russian SVR Targets U.S. and Allied Networks, by outlining additional techniques the Russian Foreign Intelligence Service (SVR) leveraged to gain footholds into victim networks.

Visit NCSCs reports and advisories page to read the advisory.

The advisory provides mitigation guidance and detection strategies to help network defenders prioritize patching and further protect their networks against nation-state exploitation.

The document explains that the SVR continues to exploit publicly known vulnerabilities. It also details how SVR actors have targeted mailbox administrators to acquire further network information and access.

The advisory also notes the malware and command and control (C2) tools SVR has used in its various cyber activities, including a newly discovered use of an open source C2 tool called Sliver.

Mitigating against these vulnerabilities remains critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors. This joint advisory provides actionable information to the cybersecurity community and government-affiliated network defenders, helping them gain a more comprehensive understanding of the threats and the mitigation advice and guidance to protect their networks.

Read more at NSA

(Visited 108 times, 17 visits today)

Visit link:
NSA, CISA, FBI, and the UK NCSC Further Expose Russian Intelligence Cyber Tactics Homeland Security Today - HSToday

Posted in NSA | Comments Off on NSA, CISA, FBI, and the UK NCSC Further Expose Russian Intelligence Cyber Tactics Homeland Security Today – HSToday

This Is the NSAs 650-Page Guide to the Internet – VICE

Posted: at 11:59 am

The National Security Agencys 2007 guide to the internet begins with a description of an ancient Persian library and a fragment of analysis of a Jorge Luis Borges short story. This introduction to the 650 page document, titled Preface: The Clew to the Labyrinth, contains 8 footnotes and ends on a word of caution. As we enjoy, employ, and embrace the Internet, it is vital we not succumb to the chauvinism of novelty, that is, the belief that somehow whatever is new is inherently good, is better than what came before, and is the best way to go or the best tool to use, the NSA said of the internet.

We did not listen.

Untangling the Web is a massive and comprehensive guide for the internet designed for the NSA. It covers the basics of search engines (Yahoo is good, but Google is best), tools for uncovering the hidden internet, and 100 pages dedicated to improving your privacy online. Much of the advice is practical and useful for the average person as well as spooks. Its also a remarkably prescient document, the kind of thing I find myself nodding along with 13 years after it was written.

Though the document was originally made public in 2013, it's been getting some new attention on The Government Attic, a repository of government documents.

Its primary author is obsessed with magical realist writer Borges and references his work several times throughout. After explaining the plot of Borges short story The Aleph, a story about a mythical center point of the universe that allows anyone present to view anywhere else in the universe, the NSA author said that all technology comes at a cost and that the internet would not primarily cost money. We pay for the benefits of the internet less in terms of money and more in terms of the currencies of our age: time, energy, and privacy.

Its not that the people at the NSA were cutting edge thinkers, they just knew things that the rest of the world didnt at the time. World government, especially D.C. and Beijing, were using the internet to build massive surveillance states. The companies we relied on to give us information and keep us safe were monetizing our every thought and action. The domestic spying apparatus born after 9/11 was using the internet to supercharge itself and compile vast amounts of information on the American public.

Muckrock first uncovered Untangling the Web in May of 2013. A month later, The Guardian would publish the first story about Edward Snowden and reveal just how much the NSA knew about the internet. Over the next year, various media outlets would feed the world a steady drip feed of news about programs with names like PRISM, MYSTIC, and Boundless Informant. The NSA recognized early how life altering the internet would be and it spent its time quietly building systems that would allow it to monitor anyone who touched the web.

The 2007 edition of Untangling the Web is the twelfth edition of a book that started as a small handout, according to the NSA. The uncredited author constantly reaffirms the inability of the NSA or any agency to catalogue, coallate, and track everything thats happening on the internet. That doesnt mean it isnt trying.

There is surely a new edition of this book at the NSA. Things have changed dramatically in the 14 years since it was written. For one thing, the NSA has gotten a lot better at using the connections we built between each other to keep tabs on us all. The overall implications of the internet for how we work and how we play are just beginning to be discussed and understood, the NSA said in the conclusion to Untangling the Web. No one is out of reach of this powerful, invasive technology.

Follow this link:
This Is the NSAs 650-Page Guide to the Internet - VICE

Posted in NSA | Comments Off on This Is the NSAs 650-Page Guide to the Internet – VICE

95% of Healthcare Insurers Report Concern on Achieving Compliance with the No Surprises Act – StreetInsider.com

Posted: at 11:59 am

Get inside Wall Street with StreetInsider Premium. Claim your 1-week free trial here.

Companies are working toward January 1, 2022 effective date

BEDMINSTER, N.J.--(BUSINESS WIRE)--H.R. 3630 or The No Surprises Act (NSA), which was signed into law on December 27, 2020, provides protection nationwide for patients from surprise medical bills and prohibits balance billing for certain out-of-network care. Although this is good news for patients facing crippling and often unexpected medical bills, healthcare insurers and providers must hustle to adjust systems, processes, and technological capabilities to comply beginning January 1, 2022.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20210506005273/en/

Unpacking the No Surprises Act (Photo: Business Wire)

According to a recent survey by Zelis, the leading payments company in healthcare, nearly all (95%) healthcare insurers expressed concern about the ability of the healthcare system to achieve compliance with the NSA by the deadline.1 While some states - Colorado, New Mexico, Texas and Washington - have existing balance billing laws to protect patients from unexpected and excessive healthcare costs, the NSA brings more complexity to the pricing, negotiation and settlement, and arbitration processes at a national level.

In the survey of more than 100 executives representing 85 U.S. healthcare payers:

The No Surprises Act impacts all healthcare organizations, from large health plans and systems to small medical offices and individual providers, said R. Andrew Eckert, Zelis CEO. Like Zelis, leaders across our industry are convening to dissect the details of the legislation because understanding the law and implementing it are equally important. Insurers will need tools and to invest resources into operationalizing the requirements.

From the patient-facing Advanced Explanation of Benefits through to adjudication, arbitration and settlement, alignment with the NSA requirements will require companies to adapt internal capabilities or outsource solutions, most likely a combination. Companies may have to alter their infrastructure and processes to administer all aspects of the law.

The multiple requirements mandated in these policies will be a very difficult lift for providers and payers. The healthcare industry at large will have to move quickly to understand and implement the data, technology and process requirements necessary to comply, said Matthew Albright, Zelis Chief Legislative Affairs Officer.

According to proprietary research, the ability to provide accurate advanced explanation of benefits to member-patients and the tight timelines of within 160 days post-service which providers and insurers must complete adjudication, remediation and arbitration will be the most challenging areas for the system to tackle, particularly for substantial claims.

For more unpacking of the NSA from legislative and clinical experts at Zelis, the leading healthcare payments company, visit the Zelis No Surprises Act Information Hub.

About Zelis

As the leading payments company in healthcare, we price, pay and explain healthcare for payers, providers, and healthcare consumers. Zelis was founded on a belief there is a better way to determine the cost of a healthcare claim, manage payment-related data, and make the payment because more affordable and transparent care is good for all of us. We partner with more than 700 payers, including the top-5 national health plans, Blues plans, regional health plans, TPAs and self-insured employers, 1.5 million providers and millions of members, enabling the healthcare industry to pay for care, with care. Zelis brings adaptive technology, a deeply ingrained service culture, and an integrated pre-payment through payments platform to manage the complete payment process. For more information, visit us at http://www.zelis.com and follow us on LinkedIn.

1 Survey of 116 healthcare payer executives representing 85 payer health plans, third-party administrators (TPAs) and health planned-owned TPAs, conducted by Zelis in January 2021

View source version on businesswire.com: https://www.businesswire.com/news/home/20210506005273/en/

Thuy-An WilkinsZelis908.389.8756thuy-an.wilkins@zelis.com

Source: Zelis

Read the rest here:
95% of Healthcare Insurers Report Concern on Achieving Compliance with the No Surprises Act - StreetInsider.com

Posted in NSA | Comments Off on 95% of Healthcare Insurers Report Concern on Achieving Compliance with the No Surprises Act – StreetInsider.com

New York Times Reporter Nicole Perlroth Writes How the U.S. Amassed an Arsenal of Computer Hacks That Makes It the Most Digitally Vulnerable Nation on…

Posted: April 23, 2021 at 12:49 pm

The Biden administration was guardedly silent last week after news broke that an explosion had blacked out Irans nuclear enrichment program.

Joe Bidens reticence was understandable. His former boss, President Barack Obama, had shown the world what cyberweapons could do when he ordered U.S. intelligence to step up Bush-era cyberattacks on Irans uranium centrifuges. Obama made the move to avert airstrikes by Israeland it worked, setting back Irans enrichment program by 18 months to two years.

In her harrowing new book, This Is How They Tell Me the World Ends (Bloomsbury, 528 pages, $30), New York Times cybersecurity reporter Nicole Perlroth warns that the United States, whose arsenal of cyberweapons is the largest, most sophisticated in the world, has fostered a global market in computer hacks that now makes it the most digitally vulnerable nation on earth. Its a troubling topic Perlroth will address May 21 at TechfestNW, a virtual one-day technology festival (see more at techfestnw.com).

Once derided by Donald Trump as somebody sitting on their bed who weighs 400 pounds, elite hackers are now treated like rock stars at international conferences that rival Cannes for glamour. And zero-daysthe bugs they find lurking in software used by smartphones and computers all over the worldcan bring not only street cred but duffel bags stuffed with cash.

Zero-days are so called because thats how long software engineers have to patch them once theyre used to break into a system. Coupled with exploitselaborate lines of codezero-days allow digital spies to sneak in the backdoors of the worlds most sensitive networks, steal stuff and break things.

This Is How penetrates a clandestine world where hackers, spy agencies, cybersecurity firms, software vendors, mercenaries, cybercriminals, terrorist organizations, and hostile nation-states buy and sell zero-day exploits that can turn off electrical grids, poison water supplies, steal industrial secrets, destroy hospital and banking records, sabotage nuclear facilities, interfere with elections, and empower nations to spy on their own citizens.

Perlroth traces the underground trade in zero-day exploits back to the Cold War under Reagan, when the U.S. National Security Agency figured out the Soviets had bugged IBM Selectric typewriters (ha! Remember those?) at the U.S. embassy in Moscow to steal typed messages before they could be encrypted. As technology shifted from analog to digital, Perlroth writes, the NSA took what it learned from the Soviet playbook to begin stockpiling the worlds largest arsenal of zero-day exploits.

In 2013, Edward Snowden blew the whistle on the NSAnot only tipping off other countries to the intelligence value of zero-day exploits coming available on a burgeoning world market, but suggesting the U.S. tacitly approved of their use to spy on friends as well as enemies, sabotage adversaries, and surveil a nations own citizens. (Perlroth spent six weeks locked inside Arthur Sulzbergers storage closet, poring through the Snowden leaks. Her assignment was to find out if the NSA was hacking data encryption; instead she found the agency was hacking around ita bigger story that would send her trotting the globe for the next seven years.)

Post-Snowden, North Korea figured out it could bypass international sanctions by robbing global banks of tens of millions online, and shut down a Hollywood studio, Sony Pictures, when it made a bad Seth Rogen comedy in 2014 poking fun at Kim Jong-un. After arch-conservative billionaire Sheldon Adelson suggested the U.S. nuke the Iranian desert, hackers cost the gambling impresario $40 million when they bricked (made useless) the computers at his Sands casino. (OK, maybe that wasnt such a bad thing.)

But Snowden had merely sounded the alarm: The Shadow Brokers, a phantom group of hackers whose identities remain unknown to this day, broke into the NSAs cyber arsenal and, in 2016, began leaking the agencys zero-day exploits online.

Russia had digitally harassed Ukraine ever since the former Soviet republic overthrew its Russian puppet government in 2014. In 2017, it used NSA code stolen by the Shadow Brokers to turn off the lights in Kyiv, shut down ATMs, railways, government agencies, gas stations and the postal service, even switch off radiation monitors at Chernobyl. (Then the attack boomeranged on companies doing business with Ukraine, ranging from a state-owned Russian oil giant to a Cadbury chocolate factory in Tasmania.)

For Russia, Perlroth explains, Ukraine has always been just a testing ground for its cyberweapons, a smaller neighborhood kid Vladimir Putin can smack around without fear of reprisal. Putins real objective is to drive a wedge between the U.S. and NATO by undermining support for Western democratic institutions. This is why Russia set its cyber sights on the U.S. presidential elections in 2016 and 2020.

Perlroths verdict on the success of Putins election meddling is mixed: Yes, Russia hacked the DNCs emails and trolled social media to influence swing-state voters, but no, the Russian bear probably never infiltrated U.S. voting systems in sufficient force to throw an election. But it didnt have toit merely had to sow enough distrust in election integrity to further split an already divided nation and fuel unfounded conspiracy theories that would embolden a fading president to incite a raid on the U.S. Capitol.

The larger menace for the United States, Perlroth argues, is that the arsenal of computer bugs amassed by the top cyberspies of one of the most technology-dependent nations on earth ultimately makes us less safe, not more. The NSA holds on to its zero-day exploits for far too longin one disastrous case, more than five years.

Among other fixes, Perlroth urges that the U.S. adopt protocols that would turn over unused zero-days much more quickly to Microsoft and Apple to be patched. Until it does, Perlroth warns, click on those software updates and, for Gods sake, change your passwords. This Is How They Tell Me the World Ends is the book everyone will want to read the day after the world ends how Nicole Perlroth told us it would.

STREAM: Nicole Perlroth speaks at TechfestNW on May 21. Tickets to the virtual one-day festival are $25 at techfestnw.com.

See the article here:
New York Times Reporter Nicole Perlroth Writes How the U.S. Amassed an Arsenal of Computer Hacks That Makes It the Most Digitally Vulnerable Nation on...

Posted in NSA | Comments Off on New York Times Reporter Nicole Perlroth Writes How the U.S. Amassed an Arsenal of Computer Hacks That Makes It the Most Digitally Vulnerable Nation on…

Inside the CIA and NSA disagreement over Russian bounties story – Washington Examiner

Posted: April 21, 2021 at 9:47 am

Did Russia's GRU military intelligence service pay the Taliban bounties to kill American military personnel in Afghanistan? It's unclear. The intelligence community has given neither former President Donald Trump or President Joe Biden a high confidence assessment that such incidents occurred. But that's not the end of the story.

For the CIA in particular, this is very much an open matter.

Primarily responsible for the collection of human intelligence, the CIA has moderate confidence that a compartmentalized unit of the GRU did indeed pay bounties for the explicit purpose of killing Americans. I'm led to believe that the CIA's basis for this assessment has five key foundations.

First, information gathered from detainee interviews and related U.S. military operations in Afghanistan.

Second, detected financial flows between the GRU, its intermediaries, and Taliban officers.

Third, highly sensitive and reliable reporting from agents (human sources) inside and outside of the Taliban network (some of this reporting is so sensitive that the CIA delayed sharing it with America's closest foreign partners).

Fourth, assessment of the GRU's established covert actions in Afghanistan. It has previously been established with high confidence, for example, that the GRU has supported active combat Taliban elements with funding, explicitly anti-U.S. tactical guidance, and weaponry.

Fifth, Vladimir Putin's particular ideological animus for the United States and historic animus over 1980s U.S. actions against the Soviet Union in Afghanistan. At least under its current chief, Igor Kostyukov, the GRU is a near-perfect physical manifestation of this anti-Americanism (in the coming days, I will report on another case of the GRU's exceptionally aggressive anti-U.S. activity).

In contrast, both the National Security Agency and the Defense Intelligence Agency, despite sharing the CIA's concerns over Russia's intelligence activity in Afghanistan, lack the independent intelligence reporting to corroborate the CIA's bounty assessment. The NSA is particularly relevant as pertaining to the intelligence community assessments previously given to Trump, and now, to Biden.

The NSA casts a wide net in terms of signal (phones, cyber, computers, etc.) intelligence collection targeting the Russian government. Were the bounties story legitimate, the NSA believes it would have intercepted, or at least detected, communications relating to such bounties. An important point to note here is that the NSA believes this, in spite of known Russian efforts to disrupt and misinform NSA collection activities. On the most sensitive Russian intelligence operations (as any bounties payments for American bodies would obviously be), Russian operatives take great pains to avoid communication not simply with Moscow but also with their relevant embassy stations. They do so not simply to avoid being caught but to avoid being caught up in the NSA's exceptionally capable metadata mining and profiling software. From Putin on down, Russian officials also regularly share fictions on encrypted lines they believe the NSA may have penetrated.

Top line: I understand that the NSA does not currently have evidence of GRU officers credibly talking about paying the Taliban to kill Americans. Nor does the NSA have more tangential data-based evidence, such as detection of burner cellphones used by compartmentalized GRU officers in proximity to burner cellphones used by Taliban officers responsible for U.S.-targeting efforts (this contrasts, for example, with the NSA's dead-to-rights evidence against the Russian FSB in the aftermath of its bungled August 2020 assassination attempt against Alexei Navalny).

This separation between the CIA and NSA is important. To guard against groupthink and confirmation bias (see weapons of mass destruction, circa 2003), the NSA must base its intelligence assessments on its own collection activities, not on what it wants to find.

This leaves the bounties story as an open case that lacks the evidence to justify presidential-level policy responses.

Here is the original post:
Inside the CIA and NSA disagreement over Russian bounties story - Washington Examiner

Posted in NSA | Comments Off on Inside the CIA and NSA disagreement over Russian bounties story – Washington Examiner

Shame on you, Cozy Bear. Domestic surveillance authority. Aviation cyber resilience. Working with CMMC. Beijing doesn’t like "historical…

Posted: at 9:47 am

At a glance.

NSA along with the FBI and Cybersecurity and Infrastructure Security Agency published a Cybersecurity Advisory warning that Russias Foreign Intelligence Service (SVR), also known as Cozy Bear, is actively exploiting five vulnerabilities in US and allies networks. The agencies urge immediate investigation and remediation, cautioning that Cozys favorite techniques include exploiting public-facing applications, leveraging external remote services, compromising supply chains, using valid accounts, exploiting software for credential access, and forging web credentials.

Meanwhile, the Biden Administration is preparing to formally attribute Holiday Bears supply chain gambit to the SVR, then in response to the campaign and other recent Russian misbehavior, expel ten diplomats and broaden financial sanctions via executive order, according to the Wall Street Journal. The order will strengthen current bans on trading in Russian government debt by barring U.S. financial institutions from buying new bonds directly from Russias central bank, finance ministry and the countrys massive sovereign-wealth fund after June 14. The announcement of this and other sanctions was made this morning from the White House.

Daniel Castro, Vice President of the Information Technology and Innovation Foundation, offered some early industry reaction to the measures announced today. He gives it generally favorable reviews:

"Today the United States hit reset on the nations cybersecurity policy. Bidens job is to make Putin and others realize the Trump era is over and there is a new sheriff in town. With todays announcement, hes off to a good start. The question is now whether the United States and its allies can consistently impose significant and proportionate costs on nations that engage in or support cyberattacks that undermine global security.

"The actions announced today will position the United States and its allies to be more prepared for future attacks. A key part of this strategy is better attribution to reliably identify the source of attacks. But it remains to be seen whether better attribution will cause Russia or China to change tactics. Put simply, a name and shame approach wont work on the shameless, and both Russia and China have brazenly engaged in state-backed cyberattacks in recent years.

"The Biden administration should hope for the best but prepare for the worst, including deploying offensive countermeasures to respond to future incidents of state-backed cyberattacks and expanding its investment in defensive cybersecurity technologies and capabilities."

FCW clarifies that NSA Director Nakasone is not, in his words at the Senate Intelligence Committee hearing on the Intelligence Communitys Annual Threat Assessment, seeking legal authorities either for NSA or for US Cyber Command in response to Cozy Bears gambol. Nakasone did not make clear, however, what remedy he is seeking to the oft-touted blind spots in domestic networks, though he did reiterate that private sector incentives stymie information sharing. FCW notes that the Directors responses seemed to frustrate lawmakers, who for months have pressedfor direct and expedient answers on how to prevent another intrusion.

Nextgovs impression was that improved public-private partnership was indeed the recommended solution. While lending support to breach notification regulation, Senator Wyden (Democrat of Oregon) countered that Federal agencies have work of their own to do first, since the intrusion also went undetected on fully visible Government networks.

The World Economic Forum and Deloitte bring us a report intended to establish cyber standards for the aviation sector. Pathways Towards a Cyber Resilient Aviation Industry suggests the following global, domestic, and organizational strategies:

The document marks aviations crucial role in vaccine transport and the accompanying risk of targeted cyberattacks.

National Defense addresses common CMMC questions. The Industrial Association cleared up the following: Vendors should feel free to ignore the word pilot. It refers to all CMMC contracts through 2026. Theres no public record of pathfinder contracts or scheduled assessments of Third Party Assessor Organizations. Processing time for Level Three compliance will hang on factors like size and present compliance.

Current contracts are not affected, only new or amended ones. Just one assessment is needed per organization. Compliance could be very expensive, and who should cover the costs is hotly debated. There are worries that the new requirements will be impossible for some organizations. Theres concern that vendors wont have time to review CMMC rules with subcontractors. Its not clear what will happen if subcontractors cant comply.

CMMC does cover foreign vendors, but any suppliers of commercial-off-the-shelf goods that manage no controlled unclassified information (CUI) neednt apply. CUI standards are less rigorous than those for confidential information. What counts as CUI is unclear: some think it must originate from the Government, others, that it can be developed down the line.

Reuters reports that the Cyberspace Administration of China has set up a tip line for residents to report online posts disparaging the CCP in the run up to the partys one hundredth anniversary this summer. Casting anyone who distorts history, insults leaders and heroes, or rejects the excellence of advanced socialist culture as historical nihilists, the regulator encouraged the public to actively play their part in supervising societyand enthusiastically report harmful information. Beijing typically ramps up censorship in advance of national occasions; critics risk jail time.

Link:
Shame on you, Cozy Bear. Domestic surveillance authority. Aviation cyber resilience. Working with CMMC. Beijing doesn't like "historical...

Posted in NSA | Comments Off on Shame on you, Cozy Bear. Domestic surveillance authority. Aviation cyber resilience. Working with CMMC. Beijing doesn’t like "historical…

Congress’ Failure to Inform on Worldwide Threats – The Cipher Brief

Posted: at 9:47 am

Walter Pincusis a contributing senior national security columnist for The Cipher Brief. He spent forty years at The Washington Post, writing on topics from nuclear weapons to politics.

OPINION Last week, the Senate and House Intelligence Committees each held their Worldwide Threats hearings with Director of National Intelligence Avril Haines, CIA Director William Burns, FBI Director Christopher Wray, NSA Director Gen. Paul Nakasone, and DIA Director Lt. Gen. Scott Berrier there to answer members questions.

More than one past DNI and CIA Director has complained privately to me that Intelligence Committee public sessions are, and should be, forums to discuss serious issues, but that they are more often used by members for political purposes or to air an individual legislators personal gripes. The closed, classified sessions that always follow the open ones Im told were most of the time focused on serious problems, since there were no reporters or TV cameras present.

Last weeks sessions should have been the time for members to take up issues raised in the National Intelligence Councils Global Trends 2040, and several Senate and House members did, especially on climate change.

But several Republicans, including Ranking Member Rep. Devin Nunes (R-Calif.), made it appear that the greatest threats to the American people come from the FBI, the CIA and the NSA.

Nunes started off by attacking the committee press release that announced the hearing, which said the Trump administration refused to participate in open hearings because President Trump allegedly did not want intelligence agency directors contradicting his views of rival, foreign nations. The real reason Trump officials did not want to participate is that for years the committees Democrats hijacked our open hearings to advance conspiracy theories on the Trump administration being filled with Russian agents who colluded with Putin, and the 2016 election, among many other issues, said Nunes.

Addressing the IC leaders seated before him, Nunes said, I hope you plan on spending a reasonable amount of time in upcoming years on activities other than investigating conservatives and spying on Republican presidential campaigns.

That pretty much set the pattern for many of the Republican members who followed.

Nunes also questioned Gen. Nakasone on why Michael Ellis, a last-minute Trump appointee to be NSA General Counsel, had been put on administrative leave while the Defense Department investigated his getting the job and possible misuse of classified information. The Ellis matter was picked up 15 minutes later by Rep. Michael Turner (R-Ohio), and a third time one hour later by Rep. Trent Kelly (R-Miss.). On Friday, Ellis resigned from NSA, writing that there was no sign that NSA will attempt to resolve his issues.

Rep. Kelly also used his time to accuse the CIA of spying on Congress. He introduced a John Solomon story from Just the News put out the morning of the hearing. It began:Imaad Zuberi, a major Democratic fundraiser facing 12 years in prison, has filed an extraordinary complaint with the CIAs chief watchdog [CIA Inspector General] alleging he witnessed flagrant problems, abuses, violations of law while working as an asset for U.S. intelligence, according to documents and interviews. Avril Haines told the committee she knew nothing about it. CIA Director Burns said he just heard about it that morning and that it was being investigated.

Some 20 minutes later, Rep. Chris Stewart (R-Utah) asked DNI Haines, Do you think the CIA should be spying on American citizens? She said no, and both CIA Director Burns and NSA Director Nakasone agreed. Stewart then stated, Its very clear the IC has no authority to turn your tools or your resources on American citizens. Stewart then referred to the four-page DNI report on domestic terrorism that Nunes had mentioned earlier, and argued that it represented collecting intelligence against Americans.

When Haines pointed out the National Counter Terrorism Center, a part of the DNI, has legal authority to receive domestic and foreign intelligence, analyze and produce such reports for policymakers, Stewart responded, I think the American people should be scared to death of this.

Rep. Brad Wenstrup (R-Ohio) raised with FBI Director Christopher Wray the June 14, 2017, shooters attack on some 24 GOP Congressmen preparing for the annual baseball game at a field in Alexandria, Va. Wenstrup said, That event concerns me just as much as the January event here at the Capitol. The Congressman, who was one of the members at the practice that day, described the shooter, James Thomas Hodgkinson, as anti-Trump and a Bernie Sanders supporter who had spent months planning the attack.

Closing his five minutes, Wenstrup said he had adored and trusted the FBI based on growing up watching the TV program on the Bureau starring Efrem Zimbalist Jr. He then lectured Wray saying, You had the opportunity to clear the FBI reputation and establish trust with the American people. Instead, I am concerted it seems further degraded, and I would ask what do you intend to do about it the reputation of the FBI and the mistrust the American people have.

The House public hearings purpose was to cast light on present and future worldwide threats to the United States, for the benefit of the legislators and the American public. It went far afield, and in its way showed that this small part of the democratic process is not delivering the way it should.

Read more expert-driven national security opinions, perspectives analysis in The Cipher Brief

Read the rest here:
Congress' Failure to Inform on Worldwide Threats - The Cipher Brief

Posted in NSA | Comments Off on Congress’ Failure to Inform on Worldwide Threats – The Cipher Brief

NSA to be slapped on three Remdesivir hoarders in Kanpur | Kanpur NYOOOZ – NYOOOZ

Posted: at 9:47 am

KANPUR: The Kanpur Nagar police will invoke the provisions of stringent National Security Act (NSA) against three persons arrested while carrying 265 Remdesivir injection vials on Thursday. The state government has instructed police to act tough against people who are black-marketing Covid-19 medicines, said a senior official at the city police commissionerate.

KANPUR: The Kanpur Nagar police will invoke the provisions of stringent National Security Act (NSA) against three persons arrested while carrying 265 Remdesivir injection vials on Thursday. The state government has instructed police to act tough against people who are black-marketing Covid-19 medicines, said a senior official at the city police commissionerate.

Its a crime against humanity and we will invoke NSA against the three persons arrested with Remdesivir injections on Thursday, police commissioner Asim Arun told TOI on Friday and added that no illegal activity would be tolerated in this time of crisis and would invite strictest punishment.

He said that the state government was fully committed to facilitating easy availability of vials and other Covid-related medicines to its people. Meanwhile, the STF sources said that their sleuths have been trying to crack the nexus to curb black- marketing of Covid vials. There were inputs that of the 265 Remdesivir injection vials were supposed to be supplied to local medicine dealers, besides Haryana resident Sachin Kumar.

We are zeroing in on the local pharma distributors, and expecting an early breakthrough. It also came to fore that the injections were sent to Kanpur local Mohan Soni by one Apoorva Mukherjee of West Bengal, who is associated with a pharma company. As Mohan was supposed to take back his Rs one lakh from Apoorva, the latter instead had sent him vials against the cash, the senior police official added.

To recall, the Kanpur unit of Special Task Force (STF) had on Thursday arrested three people with 265 Remdesivir injections meant for sale in blackmarket. Ramdesivir is a key medicine, used in the treatment of coronavirus. Taking advantage of the shortage, some people have been selling the medication at high prices. DCP South Raveena Tyagi had stated that one Prashant Shukla of Naubastas Pashupati Nagar and Baktauri Purwa resident Mohan Soni were initially arrested.

NYOOOZ SUPPORTER

NYOOOZ FRIEND

Your support to NYOOOZ will help us to continue create and publish news for and from smaller cities, which also need equal voice as much as citizens living in bigger cities have through mainstream media organizations.

Link:
NSA to be slapped on three Remdesivir hoarders in Kanpur | Kanpur NYOOOZ - NYOOOZ

Posted in NSA | Comments Off on NSA to be slapped on three Remdesivir hoarders in Kanpur | Kanpur NYOOOZ – NYOOOZ

Shareholders Of National Storage Affiliates Trust (NYSE:NSA) Must Be Happy With Their 162% Total Return – Simply Wall St

Posted: April 19, 2021 at 6:49 am

When you buy shares in a company, it's worth keeping in mind the possibility that it could fail, and you could lose your money. But on the bright side, if you buy shares in a high quality company at the right price, you can gain well over 100%. One great example is National Storage Affiliates Trust (NYSE:NSA) which saw its share price drive 113% higher over five years. Also pleasing for shareholders was the 17% gain in the last three months. But this could be related to the strong market, which is up 8.6% in the last three months.

See our latest analysis for National Storage Affiliates Trust

In his essay The Superinvestors of Graham-and-Doddsville Warren Buffett described how share prices do not always rationally reflect the value of a business. One flawed but reasonable way to assess how sentiment around a company has changed is to compare the earnings per share (EPS) with the share price.

During the last half decade, National Storage Affiliates Trust became profitable. That kind of transition can be an inflection point that justifies a strong share price gain, just as we have seen here.

The company's earnings per share (over time) is depicted in the image below (click to see the exact numbers).

It's probably worth noting that the CEO is paid less than the median at similar sized companies. But while CEO remuneration is always worth checking, the really important question is whether the company can grow earnings going forward. This free interactive report on National Storage Affiliates Trust's earnings, revenue and cash flow is a great place to start, if you want to investigate the stock further.

As well as measuring the share price return, investors should also consider the total shareholder return (TSR). The TSR incorporates the value of any spin-offs or discounted capital raisings, along with any dividends, based on the assumption that the dividends are reinvested. It's fair to say that the TSR gives a more complete picture for stocks that pay a dividend. As it happens, National Storage Affiliates Trust's TSR for the last 5 years was 162%, which exceeds the share price return mentioned earlier. The dividends paid by the company have thusly boosted the total shareholder return.

We're pleased to report that National Storage Affiliates Trust shareholders have received a total shareholder return of 71% over one year. That's including the dividend. That's better than the annualised return of 21% over half a decade, implying that the company is doing better recently. Someone with an optimistic perspective could view the recent improvement in TSR as indicating that the business itself is getting better with time. While it is well worth considering the different impacts that market conditions can have on the share price, there are other factors that are even more important. Like risks, for instance. Every company has them, and we've spotted 3 warning signs for National Storage Affiliates Trust (of which 1 shouldn't be ignored!) you should know about.

We will like National Storage Affiliates Trust better if we see some big insider buys. While we wait, check out this free list of growing companies with considerable, recent, insider buying.

Please note, the market returns quoted in this article reflect the market weighted average returns of stocks that currently trade on US exchanges.

PromotedIf youre looking to trade National Storage Affiliates Trust, open an account with the lowest-cost* platform trusted by professionals, Interactive Brokers. Their clients from over 200 countries and territories trade stocks, options, futures, forex, bonds and funds worldwide from a single integrated account.

This article by Simply Wall St is general in nature. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned. *Interactive Brokers Rated Lowest Cost Broker by StockBrokers.com Annual Online Review 2020

Have feedback on this article? Concerned about the content? Get in touch with us directly. Alternatively, email editorial-team (at) simplywallst.com.

Read more here:
Shareholders Of National Storage Affiliates Trust (NYSE:NSA) Must Be Happy With Their 162% Total Return - Simply Wall St

Posted in NSA | Comments Off on Shareholders Of National Storage Affiliates Trust (NYSE:NSA) Must Be Happy With Their 162% Total Return – Simply Wall St

Page 39«..1020..38394041..5060..»