Author Archives: soshow

Chris Inglis’ new White House office has a startup feel to it. There are desks, a few chairs, a coffee maker and a poster hanging on the wall.  But as the head of the newly established Office of the National Cyber Director, Inglis has to make due with what he has while still advising President Joe Biden on the smartest ways for the US to prevent and respond to cyberattacks.

Inglis has already had numerous conversations with the president, who has made clear that the government has a role to play in the defense of the private sector and in assisting the private sector in defending critical infrastructure.  And the president knows, says Inglis, that means the government needs to get its own cyber house in order. 

But like any real startup, Inglis’ resources are scarce.  More than three months after being confirmed by the Senate, he still doesn’t have the full staff he needs to take on his timely and critical mission.  That’s because the funding for his office – some $21 million, part of the $1 trillion infrastructure bill making its way through Congress – is still stuck in the political spin cycle.  Why does it matter?

“The threat is greater than I can ever remember,” Inglis told me during last month’s AFCEA and INSA Intelligence & National Security Summit in National Harbor, Maryland. “The audacity, the brazenness, the thresholds that have been crossed at every turn; we’re in a difficult place.”

While he’s waiting for Congress to act, he says he’s spending about fifty percent of his time defining his role, being careful not to duplicate the work already being done by other agencies and departments, while spending another fifty percent building relationships that will be important later.  Eventually, he’s expected to have a staff of some 75 people who will be expected to work hand in glove with CISA, the National Security Council’s cyber staff, the OMB and others.  The remaining fifty percent of his time, Inglis jokes, is spent figuring out how to attract the country’s best talent.   

“People are starting to flow into the organization. I’m confident that we’re coming up to a breakout moment, not for the National Cyber Director, but the contribution that we can and should make. I’m sobered by the nature of the challenge, I’m optimistic we can make a difference.”

Optimistic he is.  And he’s not even complaining about being given a critical task for US national security and then having to wait for politics to play out before being able to act on it.

“It has been a semi-silver lining in that we would not have had time to think about how we want to apply the resources coming our way.”

While Inglis has been waiting, he and his small team have had time to think about the four things they’d like to focus on right away. 

First, is streamlining the roles and responsibilities in government of who handles what when it comes to protecting the public and private sectors from cyberattacks.  He also spoke during his confirmation hearing about the importance of allocation of resources and while the Office of the National Cyber Director doesn’t have the authority to move money, it does have what Inglis calls the responsibility to account for cyber money.

“One of the most critical gaps in cyber is that the physical digital infrastructure is not built to a common standard. The executive order related to this requires that within a certain amount of time we have to install basic procedures like multifactor authentication and encryption of stored material. That is a challenge and a potential vulnerability for us. We need to make sure that we make these investments necessary to buy down the lack of investment for years.

The second gap is in talent related to number of people required to occupy these jobs. It’s not simply the folks with IT or cyber in their name, but general cyber awareness. There is some expenditure of resources of time, attention, and money to get awareness right on the part of the truly accountable parties like agency and department heads. We have to make sure they don’t see cyber as a cost center, but an enabler on the part of all the users as they understand what their roles are and what the accountability is.

He admits there is still a level of education needed within government to get there.

“That is usually the case in both the government and the private sector,” he said.  “We need to think this way about cyber and invest in cyber so that we can enable the mission, not hold it back. I think that education is the most important and effective way to handle this. Then, it is to make sure that the accountability is aligned and harmonized. We tend to take risk in one place and expect someone in another place to be the mitigator of a risk they don’t understand was taken in the first place. We need to operate in a collaborative fashion and get away from divisions of effort which are an agreement not to collaborate and allow adversaries to pick us off one at a time.”

Inglis says that unity of effort must start at home.  “The executive order issued in May has begun to lay out common expectations about the hardware, software, and practices that we need to begin in those spaces,” he said.  “Externally, if we have sector risk management agencies who engage the private sector for the purposes of supporting and engaging the critical components of that infrastructure, we need to make sure you don’t need a Ph.D. in government to know who to deal with and what you’re going to get from them.”

He is arguing for the government to also put ‘valuable material’ on the table.  “That could be our convening power,” said Inglis. “We could perhaps address and reduce liability or give companies a clue as to what might be around the corner because the government has access to exquisite intelligence. If that setup is possible, we also need a venue where collaboration takes place. Information doesn’t collaborate, people do.”

Inglis likes to point to the example of CISA and the Joint Cyber Collaborative.  “They put people from the private sector and the public sector side by side to co-discover threats that hold us at common risk. That project sets up the possibility of implicit collaboration in what we then do with that common operational picture. The government could take ideas that private sector companies turn into proprietary systems and enrich and classify them to deal with it in their system.”

Using what he calls “all the tools in the toolkit,” Inglis also notes the importance of international relationships, which fits nicely into the White House’s International Summit on Ransomware last week in Washington, which zeroed in on tighter cryptocurrency standards, among other things. “Beyond the Five Eyes, what do other like-minded nations think about what is expected behavior in this? What are governmental actions that are appropriate,” he asked.  

Inglis has been an active participant in the president’s recent actions in cyber.  He took part in a White House meeting with tech leaders in August that was hosted by President Biden, who Inglis says, spent the first hour sharing his vision about how the country should focus on collaborative integration.  “The companies represented weren’t only companies like Microsoft and Apple, but people who operate in the critical infrastructure space,” said Inglis.  “The people component, educators, were represented reflecting the president’s view that cyberspace is not just technology, it is also the people component. They are a major link in the chain, and we need to get the roles and responsibilities right.”

While he’s waiting for the funding he needs to get his office fully staffed, Inglis said he’s also putting thought into reconciling resources with aspirations.  Managing expectations is going to be important.  Frustration has been growing for years over what some see as a lack of government response to some of the largest hacks in history.  The phrase ‘time and place of our choosing’ as a definition of response has grown old and some Americans are weary of a government that isn’t responding in a more public way to the beating it sees the US taking in cyberspace.

So, I asked Inglis whether there should be red lines in cyber.

“Red lines are both good and bad,” he answered.  “They are clear and crisp, and everybody knows what they are. The downside is that because of that, an adversary knows exactly how far they can go. It means that you set up a somewhat permissive environment. Red lines also don’t have context; sometimes there is a reason that a defender would make the ransomware payment. As a matter of policy, the U.S. government does not pay ransomware, but I imagine there will be a situation at some point where a hospital is against the Russian state and actual life and safety is at risk. If there is no other way to get the material back, in order to get back in the business of saving lives, they would want to rethink if a red line is a red line in that particular situation. I think the right thing to do here is not to establish hard thresholds of things with scripted responses, but outline what we are prepared to defend and what principles we will exercise in defense of those things. We commit to defending the private sector when it is held at risk by a nation state in cyberspace as much as in the kinetic space and make that clear to adversaries. I think that would be more helpful in changing decision calculus and creating a useful ambiguity about when and where we will come in.”

Inglis said he’s also thinking a lot about present and future resilience.  It’s a worthwhile focus, given that the White House estimates that nearly half a million public and private sector cybersecurity jobs are currently unfilled. 

“That is a massive problem,” said Inglis. “However, the more insidious problem is that the 320 million people in the United States who use the internet who have no idea how to properly take their place on the front lines of this issue. There is an awareness issue that requires us not to make Python programmers out of them but to make sure they understand the nature of this space.”

Everyone has heard the old saying that time is money, but in Inglis’ case, time is security so I asked him point blank whether he thought government was moving has quickly as it should on the cyber problem.

“Government is moving at speed; the question is if it is at the necessary speed. I don’t think anyone is moving at the necessary speed. Some are moving at light speed, but at the end of the day, we need an integrated, collaborative approach. While we won’t have unity of command, I think there needs to be a universally felt sense of urgency so that we will all get our heads in the game.”

Congress, are you listening?  Oh, and by the way, that poster in Inglis’ office? It reads, ‘Hours Since the Last Surprise.”

“As a startup with maybe too few resources at the start and who often didn’t understand how all the wickets are run, we have our occasional surprise,” said Inglis.  “When we encounter those surprises and go to someone with the deep and sharp expertise to help us navigate that, we get what we need. However, we are not a full functioning, full featured, fully capable organization yet. We’re trying to build somebody else’s airplane while we’re free falling from our own. We have a parachute, and we can land safely, but it is a bit of a challenge at times.”

Find out more about why experts like former NSA Director General Keith Alexander (Ret.), Mandiant CEO Kevin Mandia and others have joined The Cyber Initiatives Group, powered by The Cipher Brief

Read more expert national security insights, perspective and analysis in The Cipher Brief

The post Chris Inglis and the Gathering Cyber Storm appeared first on The Cipher Brief.

find more fun & mates at SoShow now !

Some voters in Germany’s capital, Berlin, may have to re-cast their ballots after the country’s federal election czar filed an official complaint over irregularities in a parliamentary vote held two months ago.

The election – which saw Berliners decide the makeup of the German parliament, the Bundestag, as well as select city representatives – was marred by irregularities at numerous polling stations, according to the official, Georg Thiel. 

Among the most common problems were ballot shortages and long lines, with waiting times of up to two hours. In some cases, voters were also seen casting their ballots past a 6pm cutoff – the time when all polling stations were supposed to have closed. Thiel, who was tasked with overseeing elections at federal level, saw all of the above as reason enough to raise an objection in the German capital, local media reported on Friday.

Read more

Thiel identified six Berlin constituencies where irregularities were allegedly rampant, potentially setting the stage for a re-do election in the city.  

It is now up to a special Bundestag committee to examine Thiel’s complaint and see if the reported violations ran afoul of German law or electoral procedures. For the vote to be repeated, however, at least one of those violations would have to be deemed serious enough to have affected the distribution of seats in the Bundestag.

The September 26 election saw outgoing Chancellor Angela Merkel’s conservatives take a historic beating, with the Social Democrats coming out on top. The Social Democratic Party (SPD) has been engaged in coalition talks with the Greens and the Free Democratic Party ever since, with the trio expected to announce a preliminary deal as early as next week.

Think your friends would be interested? Share this story!

find more fun & mates at SoShow now !

The EU’s drug regulator has backed the emergency use of Merck’s pill for the treatment for clinically vulnerable Covid-19 patients as cases surge across the continent.

On Friday, the European Medicines Agency (EMA) “issued advice” backing the emergency use of the drug developed by Merck in collaboration with Ridgeback Biotherapeutics, although it has not yet been authorized by national authorities.

Read more

In a statement, the drug regulator said the medicine called Lagevrio – also known as molnupiravir or MK 4482 – “can be used to treat adults with Covid-19 who do not require supplemental oxygen and who are at increased risk of developing severe Covid-19.”

It said the treatment should be administered as soon as possible after Covid-19 is diagnosed and within five days of the start of symptoms. The medicine should be taken twice a day for a period of five days.

The EMA listed the potential side effects of the capsules, including mild or moderate diarrhea, nausea, dizziness and headache. The treatment is not recommended for pregnant women.

The watchdog announced earlier on Friday that it had begun reviewing Pfizer’s medicine Paxlovid for Covid-19 with the same goal “to support national authorities” who may decide on its early use prior to marketing authorization in light of rising cases and deaths in Europe.

On Friday, Austria announced it would enter a new nationwide lockdown from Monday and make vaccination mandatory, while Germany’s health authorities claimed the country had turned into “one big outbreak.”

Both Pfizer and Merck have requested approval for their coronavirus medicines from the US Food and Drug Administration, but it is unclear when it might be granted.

Think your friends would be interested? Share this story!

find more fun & mates at SoShow now !

The Chinese envoy to the European Union has reiterated Beijing’s goal of peacefully reuniting Taiwan with the mainland but stated the country’s preparedness to use “decisive measures.”

Speaking on Tuesday, China’s ambassador to the EU, Zhang Ming, said Beijing would never change its position on Taiwan. “If anything changes, it is that the Chinese people’s resolve to realize complete reunification of our country grows even stronger,” Ming told an online think tank event in Brussels.

Read more

“Some people in Europe seem to underestimate the Chinese people’s aspiration for a reunification of our country,” he added, noting also that the bloc must lift its sanctions if a new Sino-EU investment deal is to be ratified. 

In May, Brussels halted an investment pact agreed with China last December, after Beijing imposed sanctions on several members of the European Parliament. The EU responded, introducing its own sanctions related to the treatment of the Uyghur people and alleged genocide in Xinjiang. 

In recent years, China has become increasingly assertive about reuniting its wealthy island neighbor with the mainland. Beijing claims Taiwan is an inalienable part of the country and has called on Western parties to refrain from interfering in Chinese internal affairs. Western nations, notably the US and UK, have shown willingness to defend the democratic island. 

Taiwan considers itself to be independent of China since 1949 when the communist forces overthrew the government of the Republic of China on the mainland, forcing the Kuomintang-ruled state to relocate there.

If you like this story, share it with a friend!

find more fun & mates at SoShow now !

The children of families who were affected by the massive earthquake which devastated large parts of south-west Haiti in August this year are receiving free hot meals at school as part of an initiative by the UN’s World Food Programme (WFP) to support the recovery of the country’s most vulnerable communities.

Read the full story, “Hot meals helping Haiti’s children recover from the earthquake”, on globalissues.org →

find more fun & mates at SoShow now !

EXPERT PERSPECTIVE — On 16 June, US President Joe Biden and Russian President Vladimir Putin met for just under four hours in Geneva. This was Mr. Biden’s first meeting with Mr. Putin during his presidency and Biden is the fifth US President with whom Putin has held a summit.

Expectations for the summit were characterized as low by both sides in advance and assessed a bit more positively after the conclusion of the meeting. The meeting presented an opportunity for both leaders to present grievances and warnings to the other (and show toughness to their domestic constituencies).  Other than presenting the opportunity to blow off steam, the results of the meeting appear modest:  the agreement to return ambassadors to their posts, to resume bilateral arms control discussions, to conduct discussions on “strategic stability” and to hold unspecified consultations on cyber. In typical fashion, Mr. Putin rejected all of Mr. Biden’s assertions about Russian actions and made counter accusations referencing hostile US actions.

Of the deliverables from the summit, cyber will no doubt turn out to be the most problematic area for follow up. Mr. Biden apparently delivered to Mr. Putin a list of 16 US critical infrastructure sectors that should be considered “off limits” for cyberattacks, e.g., “red lines” not to be crossed without the risk of significant retaliation. For his part, Mr. Putin asserted that it is Russia that is the victim of cyberattacks originating from the territory of the US and it’s NATO partners and also is the victim of  attempts to interfere with Russian elections.  The challenge in cyber discussions going forward will center around three areas:  differing interpretations of the relevance of deterrence theory in today’s cyber environment, attribution, and control.

Mr. Biden’s firm comments to Mr. Putin on recent cyberattacks against the US such as the ransomware attack on Colonial Pipelines (Mr. Biden is said to have asked Mr. Putin how he would react if Russia’s pipelines were hit?) and his provision of a list of “off limits” US infrastructure entities suggests a deep belief in this administration that Russia can be deterred from engaging in future conduct of cyber operations against US targets or “sanctioning” attacks originating from the territory of the Russian Federation by criminal groups.

Unfortunately, it is highly likely that either Mr. Putin nor those who control the levers of Russian cyber operations agree that deterrence theory applies.  Deterrence only works when both sides know the other is capable of – and willing to – cause significant harm to the other.

The Russian side likely believes (and may have amply demonstrated) that the US is disproportionately vulnerable to cyber risk at every level of its economic, societal, and political infrastructure whereas Russia is not.  There is a reason the use of cyber tools has become a central feature of Russian strategic doctrine. They work and seem a legitimate tool that falls short of conventional war. Hybrid warfare using cyber tools, the Russian side would argue, is no different than the economic warfare Russia is experiencing from sanctions imposed by the US its allies.

For full access to the article, sign up to become a Cipher Brief member for just $10/mo.

---

“The Cipher Brief has become the most popular outlet for former intelligence officers; no media outlet is even a close second to The Cipher Brief in terms of the number of articles published by formers.” – Sept. 2018, Studies in Intelligence, Vol. 62 No.

Access all of The Cipher Brief’s national-security focused expert insight by becoming a  Cipher Brief Level I Member .  

 

 

The post After Geneva: US – Russia Strategy Moving Forward appeared first on The Cipher Brief.

find more fun & mates at SoShow now !

Israeli and UAE defense suppliers have agreed to jointly develop unmanned vessels that can be tailored for a range of military roles, including anti-sub warfare. The move comes after the two countries held naval drills last week.

Emirati state-owned weapons maker EDGE group and the government-run Israel Aerospace Industries (IAI) announced the partnership in Dubai on Thursday. In a joint statement, the firms said they would design the 170 m-USV (modular-unmanned surface vessels) series for both military and commercial applications.

The vessels, which can apparently operate remotely or with partial and complete autonomy, are expected to be used for “maritime security operations,” intelligence-gathering, surveillance, detecting and countering submarines and mines, and as a deployment platform for vertical take-off and landing (VTOL) aircraft such as helicopters and certain types of drones.

Read more

For commercial use, the manufacturers noted that they can be customized to serve in a variety of roles, including oceanography, pollution monitoring, oil and gas exploration, transportation, search and rescue, firefighting, and first interventions.

While not specifying the sources and amount of the project’s funding, or when production would begin, EDGE Chief Executive Faisal Al Bannai described the deal as an “important milestone” that would “open many doors” for the company in “local and global markets, military and commercial alike.”

According to the statement, the EDGE-owned Abu Dhabi Ship Building (ADSB) will design the vessel and integrate the platform’s control systems and payload. IAI will develop the autonomous control systems and provide various mission-requirement payloads to the control system units.

In March, the two companies had partnered up to develop an autonomous drone defense system to “detect, identify and intercept a broad range of threats.”

Last week, the UAE and Bahrain conducted their first-ever joint maritime drill with Israel’s navy. The US Fifth Fleet also participated in the five-day show of force in the Red Sea, which was reported by Israeli media outlets as sending a message to Iran.

The naval exercises came a little more than a year after Israel and the UAE established diplomatic ties in normalization agreements brokered by the Trump administration. The Abraham Accords broke decades of Arab consensus to not formally recognize Israel until the issue of a Palestinian state was settled.

If you like this story, share it with a friend!

find more fun & mates at SoShow now !

A gunman injured two civilians, one of them fatally, and two police officers before being shot dead by security forces near Jerusalem’s Western Wall on Sunday morning, Israeli police said.

The civilian victims were taken to Shaare Zedek Medical Center. One, who was in his 30s, succumbed to his injuries at the hospital. The other, a 46-year-old, is said to have suffered moderate injuries. Two police officers were hurt by shrapnel.

Two civilians were critically and seriously wounded this morning, Sunday, and two policemen were lightly wounded in a shooting attack in the area of the Chain Gate near the Western Wall and the entrance to the Temple Mount. pic.twitter.com/MRN6MLckj3

— Jerusalem Jane (@janekiel) November 21, 2021

In a video clip shared on social media and purportedly filmed at the scene, multiple gunshots could be heard amid agitated shouting. Security officers could then be seen standing around what appears to be a dead body. Witnesses speculated it was that of a “terrorist.”

Scenes and sounds of shooting in the Old City of Jerusalem captured on Live Cam.
Initial reports are attack is near the Temple Mount area 2 Israelis wounded one apparently seriously the terrorist has been neutralised pic.twitter.com/UKWSOqCu8D

— ElBluemountain MossadDolphin 🇮🇱🐬🇮🇱🐬🇮🇱 (@EBluemountain1) November 21, 2021

The gunman, whose identity was not immediately disclosed, was killed during the incident. Police said he had used a homemade submachine gun.

DETAILS TO FOLLOW

find more fun & mates at SoShow now !

France’s education minister has announced plans to boost the teaching of ancient Greek and Latin in an effort to fight the proliferation of wokeism and “develop the culture” of the country’s younger generations.

Speaking on Monday, Education Minister Jean-Michel Blanquer, a leading figure in France’s war on woke, said that ancient Greek and Latin would become available to sixth formers pursuing vocational courses next year, as well as middle school students. 

Blanquer wants sixth formers to have the opportunity to “develop their culture” by reading ancient philosophers while gaining the technical qualifications that the economy demands. 

Read more

Speaking at a charter signing, alongside counterparts from Italy, Greece, and Cyprus, the minister claimed their joint commitment to the promotion of the classics came at a time when ancient languages were being threatened by American wokeism.

The targeting of the dead languages has been most prominent in the US with Princeton University announcing this summer that it would no longer require classics students to study ancient Greek and Latin; the two vernaculars are often considered the core pillars of the discipline.

Dan-el Padilla Peralta, an associate professor of classics at Princeton, claimed the ancient languages had been used as a justification of slavery, colonialism, and fascism for 2,000 years.

In a similar move, a Massachusetts high school boasted that it had removed Homer’s Odyssey from the school curriculum as it conflicted with the anti-racist agenda it wanted to teach. “Very proud to say we got the Odyssey removed from the curriculum this year,” a teacher wrote on social media. 

Blanquer told Le Point that such interpretations of the classics were “completely mind boggling.” “To stick categories and a contemporary world view on writings dating back two millennia is an abyssal absurdity,” he added, noting that these civilizations brought us “openness and a search for the universal.”

The minister believes that ancient languages are a common bond for contemporary European nations, noting that the “common linguistic fund” would help spread “common values.”

Blanquer also claimed the classics respond to a demand for logos (language as a tool for reason), in a world where “a lack of reason is spreading like wildfire.”

Last month, the education minister set up a think tank dedicated to President Emmanuel Macron’s war on wokeism.

The liberal or woke agenda, which some in France claim is an Anglo-Saxon import, is likely to be a major feature in the 2022 presidential election, where Macron’s main competitor is likely to hail from the far right of the political spectrum.

If you like this story, share it with a friend!

find more fun & mates at SoShow now !

Instagram is looking to channel the anger of its users by introducing a new feature that allows them to report various problems with the app by shaking their phones.

“Have you ever used Instagram and it wasn’t working like it was supposed to? It was just really getting you… really just pissing you off?” Instagram’s head Adam Mosseri asked his followers in a clip uploaded to Twitter on Wednesday.

Well, precisely for infuriating situations like that, the platform has developed a feature it’s calling “rage shake,” he announced.

Covering ✌️ this week:
– Carousel Deletion (finally!)
– Rage Shake

Did you know about these 💎s? Any other features you’d like me to cover? Let me know 👇 pic.twitter.com/Yx0q4UGFfb

— Adam Mosseri 😷 (@mosseri) November 17, 2021

Shaking your phone will, from now on, cause a special form to pop up on screen, allowing you to instantly report issues such as photos not uploading or audio not playing.

Read more

The form is also the perfect place to let out “all the emotions and feels you’ve got going on,” Mosseri insisted, assuring Instagrammers that these reports would be promptly dealt with.

Thanks to their feedback, Instagram will be able to optimize its bug-fixing process, he said. The option, which he described as a “hidden gem,” is so far available only in the US, on both iOS and Android.  

The Instagram boss gently shook his own cellphone in the clip to demonstrate the feature in action. However, it’s likely upset users may well end up rage-shaking with a good deal more passion, which could increase the risk of a gadget being damaged, or their owner or even a passerby being struck should the phone fly out of their hand.

Mosseri also didn’t advise the public what to do with their rage over media revelations about alleged shady practices by Instagram and the platform’s owner, Facebook.

Among the trove of papers recently leaked by former Facebook employee Frances Haugen was an internal study from 2020 reporting that Instagram was causing many of its young users, particularly teen girls, to suffer mental health issues and suicidal thoughts. However, the platform kept operating in the same manner despite this finding, with changes being promised only after the study made headlines this September.

Like this story? Share it with a friend!

find more fun & mates at SoShow now !