cyber_security   230

« earlier    

Reporter’s Phablet: Is It Time To Panic About Quantum Computing’s Dark Side? - CIO Journal. - WSJ
By Sara Castellanos
Sep 15, 2017

At the three-day Quantum Safe Workshop that wrapped up here Wednesday, the general consensus among cryptography experts is that cybersecurity as we know it will be completely upended when a powerful quantum computer comes to market. That is, unless enterprise executives and researchers start preparing now.

“CIOs need to be planning their requirements for quantum safety today,” said Mark Pecen, founder and chairman of a working group for quantum-safe cryptography at the European Telecommunications Standards Institute, one of organizations that hosted the workshop.

Preeminent cryptographers and mathematicians who attended the conference said that when a scalable, fault-tolerant quantum computer is built, it will be able to solve the algorithms that much of today’s encryption relies on. The popular RSA algorithm, which is used to secure e-mail, online banking, e-commerce and devices connected to the internet, is particularly at risk because it’s based on integer factorization. Quantum computers are capable of solving factorization problems perhaps trillions of times faster than a classical computer.

If a powerful quantum computer is built before new algorithms and encryption methods are deployed, “the cyberspace we’re living in right now (will be) chaos,”
CIOs  quantum_computing  dark_side  cyber_security  cryptography 
22 days ago by jerryking
Quantum Computing Will Reshape Digital Battlefield, Says Former NSA Director Hayden - CIO Journal. - WSJ
Jun 27, 2018 | WSJ | By Jennifer Strong.

In the ongoing battle between law enforcement and Apple Inc. over whether the company should assist the government in cracking into iPhones, Mr. Hayden says it “surprised a lot of folks that people like me generally side with Apple” and its CEO Tim Cook.

Do you believe there’s a deterrence failure when it comes to cyber threats?

Yes, and it’s been really interesting watching this debate take shape. I’m hearing folks who think we should be more aggressive using our offensive cyber power for defensive purposes. Now that’s not been national policy. We have not tried to dissuade other countries from attacking us digitally by attacking them digitally.

What are your current thoughts on quantum encryption or quantum codebreaking?

When machine guns arrived it clearly favored the defense. When tanks arrived? That favored the offense. One of the tragedies of military history is that you’ve got people making decisions who have not realized that the geometry of the battlefield has changed because of new weapons. And so you have the horrendous casualties in World War I and then you’ve got the French prepared to fight World War I again and German armor skirts the Maginot Line. Now I don’t know whether quantum computing will inherently favor the offense or inherently favor the defense, when it comes to encryption, security, espionage and so on, but I do know it’s going to affect something.

What other emerging technologies are you watching?

Henry Kissinger wrote an article about this recently in which he warned against our infatuation with data and artificial intelligence. We can’t let data crowd out wisdom. And so when I talk to people in the intelligence community who are going all out for big data and AI and algorithms I say, “you really do need somebody in there somewhere who understands Lebanese history, or the history of Islam.”
Michael_Hayden  security_&_intelligence  national_strategies  offensive_tactics  defensive_tactics  wisdom  quantum_computing  NSA  Henry_Kissinger  Apple  cyber_security  encryption  cyber_warfare 
22 days ago by jerryking
Trudeau urged to probe Chinese telecom giant Huawei’s role in Canada - The Globe and Mail
ROBERT FIFE , SEAN SILCOFF AND STEVEN CHASE
OTTAWA
PUBLISHED MAY 27, 2018

Andy Ellis, now chief executive of ICEN Group, said the Prime Minister should assemble a team of deputy ministers and top security officials to examine what − if any − threat that Huawei poses in its drive to scoop up and patent 5G technology that draws heavily on the work of Canadian academics.

“If I was Mr. Trudeau, I would say I want all of you in the intelligence community to tell me the length and breadth of what is going on here and to recommend to me some actions that mitigate it … [and] if we are at risk,” he said in an interview Sunday.
5G  Canada  Canadian  security_&_intelligence  telecommunications  China  Chinese  cyber_security  Justin_Trudeau  Huawei  intellectual_property  threats  patents  Colleges_&_Universities 
7 weeks ago by jerryking
Are you mentally prepared for a cyber attack?
JULY 5, 2017 | FT | by Madhumita Murgia.

“Cyber attacks are not benign. Even when no one suffers physical harm, the opportunity to cause anxiety and stress, instil fear and disrupt everyday life is immense,”.......journalists write about how companies and governments struggle to cope with the fallout from a cyber attack, but the longer-lasting impact on the human psyche has remained largely unexplored. Clearly, the anxiety prompted by cyber attacks is different from that associated with “traditional” acts of terrorism that cause deaths and injury to civilians. .... “Our analysis suggests that the psychological harm of cyber war can affect wellbeing nonetheless.” Identity theft, online threats of personal harm and the disclosure of confidential data such as medical records can cause significant distress........
........Samir Kapuria, a senior executive at Symantec, a global cyber-security company, is at the frontline of damage control, often helping clients after a cyber crime. He admitted that the corporate world was “in a state of urgency” when it came to dealing with the scale and virality of cyber attacks.

“The early 2000s was an era of mass cyber crime, when viruses like Stuxnet were released to disrupt with criminal intent. Today, with attacks like WannaCry and Petya, we are entering the era of intelligence,” says Kapuria, “moving from locks to surveillance to early detection.”
cyber_security  cyberattacks  psychology  stress  panic  malware  viruses  security_&_intelligence  Symantec  identity_theft  left_of_the_boom  hackers  cyberthreats  surveillance  human_psyche 
10 weeks ago by jerryking
Listening In: cyber security in an insecure age, by Susan Landau
April 8, 2018 | Financial Times | Kadhim Shubber 10 HOURS AG

Review of [Listening In: cyber security in an insecure age, by Susan Landau, Yale University Press, $25]

....so Landau’s latest work leaves the reader wishing for a deeper reckoning with these complex issues.

Landau is a respected expert in cryptography and computer security, with a long career both studying and working in the field. She was an engineer at Sun Microsystems for over a decade and is currently a professor in cyber security at Tufts University. Her clean, knowledgeable writing reflects the depth of her expertise — with just a trace of jargon at times — as she traces the tug of war that has played out between law enforcement and cryptographers in recent decades.....Landau persuasively argues that the increasingly digital and interconnected society and economy we inhabit creates vulnerabilities that we ignore at our peril.......Landau is an advocate for strong computer security, and uses this book to reject calls for “back doors” that would allow law enforcement access to encrypted hardware, like iPhones, or messaging apps, such as WhatsApp. But she also encourages governments to become better at proactive “front door” hacking. In the process, she warns, they should not rush to disclose security weaknesses they discover, which inevitably leaves them open for others to exploit......Yet we have seen that the government’s toolbox can also fall into the wrong hands. In 2016 and 2017, a powerful set of hacking tools built by the NSA were leaked by hackers.
books  book_reviews  cyber_security  FBI  Apple  nonficiton  vulnerabilities  hacking  Tim_Cook  Stuxnet  cryptography 
april 2018 by jerryking
Cyber security and information risk guidance for Audit Committees - National Audit Office (NAO)
"Audit committees should be scrutinising cyber security arrangements. To aid them, this guidance complements government advice by setting out high-level questions and issues for audit committees to consider."
auditing  risk_management  cyber_security  security  dopost 
march 2018 by niksilver
Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says
MARCH 15, 2018 | The New York Times | By NICOLE PERLROTH and DAVID E. SANGER.

The Trump administration accused Russia on Thursday of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.....Russian hacks had taken an aggressive turn. The attacks were no longer aimed at intelligence gathering, but at potentially sabotaging or shutting down plant operations.....Though a major step toward deterrence, publicly naming countries accused of cyberattacks still is unlikely to shame them into stopping. The United States is struggling to come up with proportionate responses to the wide variety of cyberespionage, vandalism and outright attacks.
Russia  security_&_intelligence  cyberattacks  vandalism  cyber_security  power_grid  infrastructure  NSA  vulnerabilities  hackers  U.S._Cyber_Command  David_Sanger  cyberphysical  physical_world 
march 2018 by jerryking
America’s intelligence agencies find creative ways to compete for talent - Spooks for hire
March 1, 2018 | Economist |

AMERICA’S intelligence agencies are struggling to attract and retain talent. Leon Panetta, a former Pentagon and CIA boss, says this is “a developing crisis”......The squeeze is tightest in cyber-security, programming, engineering and data science.....Until the agencies solve this problem, he says, they will fall short in their mission or end up paying more for expertise from contractors. By one estimate, contractors provide a third of the intelligence community’s workforce.....Part of the problem is the demand in the private sector for skills that used to be needed almost exclusively by government agencies, says Robert Cardillo, head of the National Geospatial-Intelligence Agency (NGA). To hire people for geospatial data analysis, he must now compete with firms like Fitbit, a maker of activity-measurement gadgets. .....The NGA now encourages certain staff to work temporarily for private firms while continuing to draw a government salary. After six months or a year, they return, bringing “invaluable” skills to the NGA, Mr Cardillo says. Firms return the favour by quietly lending the NGA experts in app development and database security. .....
war_for_talent  talent  data_scientists  security_&_intelligence  cyber_security  Leon_Panetta 
march 2018 by jerryking
Risk Management Collection - NCSC Site
"Welcome to the NCSC's guidance on Risk Management for Cyber Security. In this collection, we'll be outlining the fundamentals of risk management, and describing techniques you can use to manage cyber security risks."
security  risk  risk_management  guidelines  government  cyber_security  dopost 
january 2018 by niksilver
Marty Chavez Muses on Rocky Times and the Road Ahead
NOV. 14, 2017 | - The New York Times | By WILLIAM D. COHAN.

Mr. Chavez is about as far from the stereotypical Wall Street senior executive as you can imagine, and that is one reason his musings about the future direction of Wall Street are listened to carefully.

He grew up in Albuquerque, one of five children, who all went to Harvard. He got a doctorate in medical information sciences from Stanford University. (At that time, he was known by his full name Ramon Martin Chavez.)

In 1990, Mr. Chavez came out, the day after he defended his doctoral dissertation. – “Architectures and Approximation Algorithms for Probabilistic Expert Systems.” He is one of the few openly gay executives on Wall Street. ......In his current role as Goldman's CFO, Marty views his job as a simple one that is hard to get right: “I’m not paid or evaluated on the accuracy of my crystal-ball predictions,” he said. “I’m paid to enumerate every possible outcome and do something about every possible outcome well in advance, when it’s still possible to do something, because once it’s happened it’s too late.”....Unlike many of his peers on Wall Street, Mr. Chavez does not complain about the extent of the regulation that hit the financial industry as a result of Dodd-Frank. Generally speaking, he says, the regulations have helped banks “confront their problems and capitalize and bolster their liquidity,” making them “stronger as a result,” and the financial system safer and more profitable.....Instead of complaining about the extra expense and manpower required to comply with the mountain of new regulations, Mr. Chavez chooses instead to think about it differently. “If you approach the regulations as ‘Oh, we’ve got to comply,’ you’ll get one result,” he said. He prefers thinking about the regulations as, “This makes us and the system and our clients safer and sounder, and yes it’s a lot of work, but what can we learn from this work and how can we use this work in other ways to make a better result for our shareholders and our clients? Everywhere we look we’re finding these opportunities and they’re very much in keeping with the spirit of the times.”

Like any good senior Goldman executive, he does worry. (Lloyd Blankfein, the Goldman chief executive, once told me he spent 98 percent of his time worrying about things with a 2 percent probability.)

His biggest concern at the moment is the risk of “single points of failure” in the vast world of cybersecurity. He worries about any individual “repository of information” that does not have a backup and that can “be hacked.”

He does not even trust Goldman’s own computer system; he treats it as a potential enemy.

.....What also makes Goldman different from its peers is the firm’s love affair with engineers. At the moment, he said, engineers comprise around 30 percent of Goldman’s work force of about 35,000. It’s what drew him to Goldman in the first place — to work on Goldman’s in-house software, “SecDB,” short for “Securities Database,” an internal, proprietary computer system that tracks all the trades that Goldman makes and their prices, and regularly monitors the risk that the firm faces as a result.

He said the system generates some million and a half points of data that were used to calculate, for the first time, the firm’s “liquidity coverage ratio” — now 128 percent — and that were shared with regulators every day. He’s been busy trying to figure out how the newly generated data can be used to help him understand what the firm’s liquidity will be a year from now.

That way, he said, in his principal role as Goldman’s chief financial officer, he can perceive a problem in plenty of time to do something about it. “We’re able to get much better actionable insights that make the firm a less risky business because we’re able to go much further out into the future,” he said......
Goldman_Sachs  Martin_Chavez  Wall_Street  SPOF  CFOs  jujutsu  actionable_information  engineering  databases  information_sources  SecDB  proprietary  Dodd-Frank  regulation  cyber_security  improbables  think_differently  William_Cohan 
november 2017 by jerryking

« earlier    

related tags

5g  actionable_information  alumni  apple  arms_race  auditing  autocrats  bank_of_canada  bf  big_law  bitcoin  black_markets  black_swan  blacklists  blackmail  blindfla  blockchain  boards_&_directors_&_governance  book_reviews  books  bounties  brands  business-continuity  c-suite  campaign_2016  campaigns  canada  canadian  capabilities  ceos  cfos  china  chinese  cia  cios  cloud_computing  coding  colleges_&_universities  competitiveness_of_nations  conglomerates  connected_devices  containers  counterespionage  counterintelligence  counterintuitive  crisis  crisis_management  cryptography  cse  cyber_security_https  cyber_security_tls  cyber_warfare  cyberattacks  cybercrime  cyberintrusions  cyberphysical  cyberrisks  cyberthreats  cyberweapons  danish  dark_side  dark_web  darpa  data  data_breaches  data_scientists  databases  david_sanger  deception  defensive_tactics  delegitimization  denmark  destabilization  deterrence  digital_currencies  digitalization  disappointment  disclosure  disinformation  disruption  dnc  dodd-frank  domain  donald_trump  dopost  drones  e-commerce  economic_warfare  edward_snowden  encryption  engineering  espionage  europe  exploits  fbi  fedex  financial_institutions  financial_markets  financial_system  five_eyes  from  fsb  ft  game_changers  goldman_sachs  government  gru  guidelines  hacker  hackergate  hackers  hacking  hacks  hedge_funds  henry_kissinger  high-frequency_trading  hillary_clinton  huawei  human_psyche  humint  identity_theft  idf  idt  improbables  inaugurations  industrial_espionage  industrial_internet  influence_campaigns  information_sources  information_systems  information_warfare  infrastructure  insurance  intellectual_property  internal_communications  international_system  internet  interpretative  iphone  iran  isight  isis  israel  israeli  it  ivey  james_clapper  james_comey  jujutsu  justin_trudeau  kellyanne_conway  konrad_yakabuski  ktp  law_firms  left_of_the_boom  leon_panetta  lessons_learned  letters_to_the_editor  london  london_bridge  m&a  maersk  malware  manhattan_project  martin_chavez  massive_data_sets  masters  mcafee  media  mergers_&_acquisitions  metrolinx  michael_hayden  michael_mcderment  microsoft  mobile_phones  moles  mondelez  motivations  my  mydata  national_security  national_strategies  nato  network_risk  neuroscience  nicholas_kristof  noise  nonficiton  north_korea  nsa  nyt_how_to  obama  offensive_tactics  oil_industry  one-size-fits-all  outcomes  outsourcing  overreach  panic  paranoia  passwords  patents  patrick_martin  pentagon  personal_data  philip_delves_broughton  phishing  physical_world  pilot_programs  ports  post-deal_integration  power_grid  pre-emption  preet_bharara  privacy  professional_service_firms  proprietary  psychology  public_sector  punitive  putin  quantum_computing  ransomware  regulation  regulators  remote_monitoring  retailers  retaliation  retribution  risk-management  risk  risk_management  risks  rogue_actors  russia  saas  samsung  sanctions  scenario-planning  sean_spicer  sec  secdb  security  security_&_intelligence  sensors  sent  sharing_economy  shin_bet  shipping  sigint  small_business  smes  social_media  software  software_bugs  sony  spof  spycraft  spymasters  start_ups  stress  stuxnet  subscriptions  surveillance  symantec  talent  tanzania  telecommunications  terrorism  text_fingerprint  think_differently  think_threes  thinking_holistically  threat_intelligence  threats  tim_cook  tips  tls  tools  traders  transparency  trump  twitter  u.s.  u.s._cyber_command  uk  unit_8200  vandalism  vault7  virtual_currencies  viruses  vladimir_putin  vulnerabilities  wall_street  war_for_talent  white_house  wikileaks  william_cohan  wiretap  wisdom  wpp  wwii 

Copy this bookmark:



description:


tags: