Documentarian Alex Gibney has directed stirring investigative documentaries on everything from Enron to Steve Jobs. His upcoming film, Zero Days, is a look at digital warfare, focused on the Stuxnet cyberattack. From The Hollywood Reporter, we now have the first trailer for the film, which premiered today at the Berlin International Film Festival.
Zero Days, even before its wide release, has already broken some news. The film reportedly outlines how the US created a cyberattack contingency plan, known as Nitro Zeus, in case nuclear negotiations with Iran failed. The plan, which reportedly cost tens of millions of dollars and would have knocked out critical parts of Iran’s infrastructure, has since been shelved.
The Defense Information Systems Agency unveiled a cybersecurity review process on May 9 that takes an agile, “outside-in” assessment of the resources and technologies the Department of Defense Information Network (DODIN) needs to defend itself against attack.
DISA calls the effort NSCSAR, short for NIPRNet/SIPRNet Cyber Security Architecture Review.
Pete Dinsmore, DISA’s risk technology executive, said the framework looks at all aspects of cybersecurity, from endpoints to the internet.
In a May 9 article on Chips, the Department of the Navy’s IT magazine, Dinsmore was quoted as saying, “NSCSAR is trying to answer three questions: Which cybersecurity solution do we need, how much is enough, and where can we take risk?”
As government leaders increasingly prioritize cyberspace’s role in national security, a critical deficiency has begun to reveal itself: The best and brightest IT security professionals all too frequently migrate to the presumably greener — or at least more equitable — pastures of the private sector.
That doesn’t bode well given the fact that the federal government needs to hire an estimated 10,000 cybersecurity experts in the next several years. Stopping the brain drain of existing federal IT security talent is imperative, especially as national security threats increasingly take place not on land but in the complex and obscure world of cyberspace. And while the challenge is real, potential solutions are within grasp.
Hundreds of millions of hacked usernames and passwords for email accounts and other websites are being traded in Russia’s criminal underworld, a security expert told Reuters.
The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru
, Russia’s most popular email service, and smaller fractions of Google , Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security.
It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago.
The U.S. House of Representatives has passed H.R. 699, the Email Privacy Act, sending it on to the Senate and from there, hopefully anyhow, to the President. The yeas were swift and unanimous.
The bill, which was introduced in the House early last year and quickly found bipartisan support, updates the 1986 Electronic Communications Privacy Act, closing a loophole that allowed emails and other communications to be obtained without a warrant. It’s actually a good law, even if it is arriving a couple of decades late.
Sen. Sheldon Whitehouse (D-R.I.) wants to crack down on botnets and strengthen the cyber defenses for critical infrastructure. And both he and FBI Director James Comey agree that better government-industry cooperation will be critical to those efforts.
Both Comey and Whitehouse spoke at an April 26 cybersecurity event at Georgetown University.
“We simply must get better at working with the private sector,” the FBI director said on April 26. “This is at the core of our being effective.” Comey acknowledged that the FBI’s standoff with Apple over accessing encrypted iPhones had been fairly adversarial, but stressed that, “It would be bad if the conversation this started ended.”
The Defense Advanced Research Projects Agency, better known as DARPA, is looking for a “secure messaging and transaction platform” that would use the standard encryption and security features of current messaging apps such as WhatsApp, Signal, or Ricochet, but also use a decentralized Blockchain-like backbone structure that would be more resilient to surveillance and cyberattacks.
DARPA’s goal is to have “a secure messaging system that can provide repudiation or deniability, perfect forward and backward secrecy, time to live/self delete for messages, one time eyes only messages, a decentralized infrastructure to be resilient to cyber-attacks, and ease of use for individuals in less than ideal situations,” according to a notice looking for proposals, which was recently posted on a government platform that offers federal research funds to small businesses.
In other words, as a security researcher put it, DARPA wants “a public wall anyone can monitor or post messages on, but only correct people can decrypt.”
Government leaders of Japan and Germany announced a new partnership between the two countries to establish an Internet of Things (IoT) standard for commercial and industrial organizations.
Germany, a leader in the IoT market, will sign a memorandum of understanding for cooperation with Japan sometime this month, according to Nikkei, establishing the two nations as IoT allies.
In looking to leverage that wealth of knowledge of and experience with cyber security attacks, President Barack Obama appointed a number of former and current tech executives to a 12-person Commission on Enhancing National Security.
Among those pulled from the tech world, including former IBM CEO Sam Palmisano, is Uber’s Chief Security Officer Joe Sullivan. Sullivan, who joined Uber in 2015, handled security at Facebook prior to that for five years and at eBay before that.
From the outside, it’s tough to say what Sullivan has done in his time at Uber because much of his job goes on behind the scenes. The most recent forward-facing project that would have fallen under Sullivan’s purview is the bug bounty for which Uber would reward $10,000 to the hacker who could find a bug in the app.
Most seasoned entrepreneurs will tell you that starting a business is one of the most rewarding experiences in life. At the same time, many will caveat that getting a business off the ground is harder than most people think.
For founding startup teams, a bit of preventive care and planning can go a long way.
When it comes to legal issues, the natural reaction is to put them off and hope they never happen or go away. Hard-to-understand “gotcha” rules and regulations, the odd language of “legalease” and the high hourly rates most lawyers charge are just a few things that make the law intimidating.