Primer:
Stuart Madnick, who’s been professor of information technology at the Massachusetts Institute of Technology since 1972, tells Inverse that the FCC and ISPs are casting a double-edged sword in their rush to implement 5G.
“It’s like going from fireworks to dynamite sticks,” Madnick says. “5G encourages further evolution and expansion of Internet of Things related networks. All of the good news and bad news that comes along with this technology gets magnified.”
He’s especially concerned about the risk of denial of service attacks — or DDoS for short — becoming more powerful than ever before. One of the advertised benefits of 5G is that it will allow even more IoT devices, like refrigerators or light bulbs, to come online. This would allow users to remotely check the contents of their fridge or dim their bedroom lights using their phones, but these devices can also be harnessed for nefarious purposes.
One of the most notorious DDoS incidents in history — the 2016 Dyn cyberattack — was facilitated by unsecured IoT devices, like security cameras, printers, and baby monitors. Hacker groups Anonymous and New World Hackers allegedly took control of thousand of electronics that still had their default passwords to amass an army of zombie devices, known as a botnet.
This network was used to overwhelm the servers of internet performance management company, Dyn. Websites like Twitter, SoundCloud, Spotify, and Shopify were inaccessible for a day. Madnick believes this could happen again, to a degree that hasn’t even been imagined yet. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity.
*** Related reading: Lessons Learned from WannaCry attack
Ex-security minister Admiral Lord West calls for urgent government action after Chinese firms are banned in Australia and the US.
Security threats from Chinese companies building 5G networks could end up “putting all of us at risk” if they are not tackled quickly, according to a former security minister.
Speaking to Sky News, Admiral Lord West, a former First Sea Lord who served under Gordon Brown as a security minister, urged the government to set up a unit reporting directly to the prime minister to monitor the risk posed by Chinese equipment in 5G.
5G has been hailed as the next great leap for mobile communications, enabling everything from smart cities to hologram calls.
However, the best 5G technology comes from Chinese companies, raising the fear that China’s government could have ground-level access to – even control of – the UK’s critical data infrastructure.
“We’ve got to see there’s a risk,” Lord West said. “Yes, we want 5G, but for goodness sake we need to do all of these things to make sure it’s not putting all of us at risk.”
In April, the United States banned Chinese multinationals Huawei and ZTE – both specialists in 5G – from selling equipment to the federal government.
In August, the Australian government banned the same two firms from supplying technology for its 5G network, a decision foreign minister Marise Payne described as necessary for “the protection of Australia’s national security”.
In a statement, Huawei called the decision “politically motivated, not the result of a fact-based, transparent, or equitable decision-making process,” adding that “there is no fundamental difference between 5G and 4G network architecture… 5G has stronger guarantees around privacy and security protection than 3G and 4G”.
Robert Hannigan, former director of GCHQ, told Sky News an outright ban in the UK would not make 5G safe.
“The best companies in 5G are probably the Chinese ones and there aren’t many alternatives,” he said, before warning that new measures were needed to test the security of the network.
“We do need to find a way of scrutinising what is being installed in our network, and how it is being overseen and how it is being controlled and how it’s being upgraded in the future. And we have to find a more effective way of doing that at scale.”
In April, GCHQ’s National Cyber Security Centre warned ZTE could pose a national security risk to the UK.
Two months later, the UK’s Huawei Cyber Security Evaluation Centre, a group set up by the government to monitor the Chinese firm, announced that it had “only limited assurance” that Huawei posed no threat to national security
“It was a bit of a warning to Huawei,” said Mr Hannigan. “They needed to get better at cooperating and take this more seriously.”
The difficulty for the Huawei Cyber Security Evaluation Centre is knowing for certain that the code it vets and approves is the same code that is going into networks.
“That’s been a persistent problem,” said Mr Hannigan. “That needs more work.”
The government has put £200m into the development of 5G. Last month, the first 5G pilot centre launched in the West Midlands, testing the technology before a national roll-out.
BT, which uses Huawei to supply parts for its network, told Sky News that it would “apply the same stringent security measures and controls to 5G when we start to roll it out, in line with continued guidance from government”.
Category Archives: China
GAO Report on Weapons Systems Hacking Vulnerabilities
Cant make this up and further there is a huge element of deniability that such vulnerabilities exists.
GAO: In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected.
DOD’s weapons are more computerized and networked than ever before, so it’s no surprise that there are more opportunities for attacks. Yet until relatively recently, DOD did not make weapon cybersecurity a priority. Over the past few years, DOD has taken steps towards improvement, like updating policies and increasing testing.
Federal information security—another term for cybersecurity—has been on our list of High Risk issues since 1997.
Today’s weapon systems are heavily computerized, which opens more attack opportunities for adversaries (represented below in a fictitious weapon system for classification reasons). The full report here.
*** From Wired in part:
In other cases, the report states that automated systems did detect the testers, but that the humans responsible for monitoring those systems didn’t understand what the intrusion technology was trying to tell them.
Like most unclassified reports about classified subjects, the GAO report is rich in scope but poor in specifics, mentioning various officials and systems without identifying them. The report also cautions that “cybersecurity assessment findings are as of a specific date so vulnerabilities identified during system development may no longer exist when the system is fielded.” Even so, it paints a picture of a Defense Department playing catch-up to the realities of cyberwarfare, even in 2018.
Edelman says the report reminded him of the opening scene of Battlestar Galactica, in which a cybernetic enemy called the Cylons wipes out humanity’s entire fleet of advanced fighter jets by infecting their computers. (The titular ship is spared, thanks to its outdated systems.) “A trillion dollars of hardware is worthless if you can’t get the first shot off,” Edelman says. That kind of asymmetrical cyberattack has long worried cybersecurity experts, and has been an operational doctrine of some of the United States’ biggest adversaries, including, Edelman says, China, Russia, and North Korea. Yet the report underscores a troubling disconnect between how vulnerable DOD weapons systems are, and how secure DOD officials believe them to be.
“In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic,” the report reads. DOD officials noted, for instance, that testers had access that real-world hackers might not. But the GAO also interviewed NSA officials who dismissed those concerns, saying in the report that “adversaries are not subject to the types of limitations imposed on test teams, such as time constraints and limited funding—and this information and access are granted to testers to more closely simulate moderate to advanced threats.”
It’s important to be clear that when the DOD dismisses these results, they are dismissing the testing from their own department. The GAO didn’t conduct any tests itself; rather, it audited the assessments of Defense Department testing teams. But arguments over what constitutes a realistic testing condition are a staple of the defense community, says Caolionn O’Connell, a military acquisition and technology expert at Rand Corporation, which has contracts with the DOD.
Google Doc Notes Tech Media Censorship
The Good Censor – GOOGLE LEAK by on Scribd
The other cyber war…censorship.
Primer:
Google should refuse to develop a censored search engine for China, Vice President Mike Pence said Thursday while criticizing the Communist regime.
“Google should immediately end development of the ‘Dragonfly’ app that will strengthen Communist Party censorship and compromise the privacy of Chinese customers,” Pence said at the Hudson Institute in Washington, D.C.
Pence’s recommendation came amid a broad criticism of China’s domestic repression and international aggression. But his turn towards Google attests to how U.S. leaders also see Beijing’s relationship with American institutions as a source of unwarranted strength for Chinese leaders, even as President Trump takes a more confrontational posture towards the rising Asian power. More here.
Summary background on the 85 page document authored by Google and published by Breitbart:
Leaked Google documents suggest the tech giant wants increased censorship of the internet and believes other internet firms should police debate online.
The 85-page paper, leaked by a Google employee, claims that cyber harassment, racism and people venting their frustrations are ‘eroding’ free speech online.
It says that the ability to post anonymously has ’empowered’ online commenters to express their views ‘recklessly’ and ‘with abandon’.
Censoring the internet could make comment sections safer and more civil for everyone, the report concludes.
The report reads: ‘When they’re angry, people vent their frustrations.
‘But whereas people used to tell friends and family about bad experiences, the internet now provides a limitless audience for our gripes.’
Anonymity of users is also earmarked as a potential danger online, claiming that people were more likely to share abhorrent or radical views due to the lack of accountability.
Racism, hate speech, trolling and harassment are also mentioned in the extensive report, which was leaked to Breitbart.
It adds: ‘Although people have long been racist, sexist and hateful in many other ways, they weren’t empowered by the internet to recklessly express their views with abandon.’
Groups which were once minority have been emboldened to discuss their radical views online as the internet provides them with a safe space to communicate, the report suggests.
In response to the leak, Google insisted the document was not company policy, though it admitted the research was something being considered by top bosses.
Internet rights advocates said that censoring online debate risks hampering free speech and creating an environment in which the views of some groups are not tolerated by big technology firms.
Of harassment, Google says: ‘From petty name-calling to more threatening behaviour, harassment is an unwelcome component of life online for all too many users.’
It goes on to suggest that Google should monitor the tone of what is said as opposed to the content, and that the firm should not adopt a political standpoint in arguments.
‘Shifting with the times’, depending on the mood around censorship, is also not ruled out.
***
Trump Admin Trying to Get a Cyber Doctrine
October is national cyber awareness month, frankly every month and every day should be an awareness day.
So, back in late 2017, the House passed by a voice vote H.R. 3559 – Cybersecurity and Infrastructure Security Agency Act of 2017. As you may guess, it is stalled in the Senate.
Meanwhile, in an effort to mobilize and consolidate cyber operations for the United States, there is no consensus within Congress. Should every government agency has a cyber division? Should the United States be able to perform counter cyber attacks? What kind of a cyber attack on the United States constitutes an act of war?
Just last month, Politico published a piece stating in part:
Recent reports that Russia has been attempting to install malware in our electrical grid and that its hackers have infiltrated utility-control rooms across America should constitute a significant wakeup call. Our most critical infrastructure systems are vulnerable to malicious foreign cyberactivity and, despite considerable effort, the collective response has been inadequate. As Director of National Intelligence Dan Coats ominously warned, “The warning lights are blinking red.”
A successful attack on our critical infrastructure — power grids, water supplies, communications systems, transportation and financial networks — could be devastating. Each of these is vital to our economy, health and security. One recent study found that a single coordinated attack on the East Coast power grid could leave parts of the region without power for months, cause thousands of deaths due to the failure of health and safety systems, and cost the U.S. economy almost $250 billion. Cyberattacks could also undermine our elections, either by altering our voter registration rolls or by tampering with the voting systems or results themselves.
The op-ed was written by retired General and former CIA Director David Petraeus who is arguing: “Our grab-bag approach isn’t working. Gen. David Petraeus says it’s time to go big.”
Actually, I agree with General Petraeus on his position. Last month also, John Bolton on the White House National Security Council declared that the U.S. is going on the offensive. Yet in an interesting article, Forbes offers a point and counter-point to that argument.
Last week, President Trump spoke to world leaders about how China is interfering in U.S. elections via the cyber realm. While no evidence has been offered, that is not to say there is no evidence, it is a common tactic of China. Additionally, the United States is offering robust assistance to NATO allies.
Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official.
The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers on Wednesday and Thursday.
Katie Wheelbarger, the principal deputy assistant defense secretary for international security affairs, said the U.S. is committing to use offensive and defensive cyber operations for NATO allies, but America will maintain control over its own personnel and capabilities.
The decision comes on the heels of the NATO summit in July, when members agreed to allow the alliance to use cyber capabilities that are provided voluntarily by allies to protect networks and respond to cyberattacks. It reflects growing concerns by the U.S. and its allies over Moscow’s use of cyber operations to influence elections in America and elsewhere.
“Russia is constantly pushing its cyber and information operations,” said Wheelbarger, adding that this is a way for the U.S. to show its continued commitment to NATO.
Wheelbarger told reporters traveling to NATO with Mattis that the move is a signal to other nations that NATO is prepared to counter cyberattacks waged against the alliance or its members.
Much like America’s nuclear capabilities, the formal declaration of cyber support can help serve as a military deterrent to other nations and adversaries.
The U.S. has, for some time, considered cyber as a warfighting domain, much like air, sea, space and ground operations. In recent weeks the Pentagon released a new cybersecurity strategy that maps out a more aggressive use of military cyber capabilities. And it specifically calls out Russia and China for their use of cyberattacks.
China, it said, has been “persistently” stealing data from the public and private sector to gain an economic advantage. And it said Russia has use cyber information operations to “influence our population and challenge our diplomatic processes.” U.S. officials have repeatedly accused Moscow of interfering in the 2016 elections, including through online social media.
“We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of a crisis or conflict,” the new strategy states, adding that the U.S. is prepared to use cyberwarfare along with other military weapons against its enemies when needed, including to counter malicious cyber activities targeting the country. Read more here.
Not to be left out is North Korea.
The Department of Homeland Security, the Department of the Treasury, and the Federal Bureau of Investigation have identified malware and other indicators of compromise used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
For more information, see:
Yup, in closing…..we agree with General Petraeus….it is long overdue to go big and go NOW.
Senator Feinstein’s Loyalty to China First
Now, this is the woman that concocted the while Dr. Ford v. Brett Kavanaugh chaos event in Washington DC and refused to hand that pesky letter over to Chairman Grassley…
Personally, she should be brought up before the Senate Ethics Committee, it would be a gesture for sure but then we could have a Senate vote of no confidence in Di-Fi…another gesture, but tactics nonetheless.
Meanwhile:
Senator Cruz is not well liked by many Democrats in the Senate because he exposes them, that is if anyone is listening. It was not too long ago that Ben Shapiro published in his DailyWire that Senator Cruz proposed some legislation to rename a road and Feinstein earnestly objected. Hah, it is an interesting story found here.
Related reading: Chinese spy who defected tells all
Now, just before that, a scandal that went away real fast was that lil miss Dianne had an American aide working for the Chinese (read spy) on her payroll for years. BUT, that was not the first time the FBI came knocking on her door for much the same reason. Really you say? Yes….
Only back in 1997 as explained by the LATimes: federal investigators have detected that the Chinese government might attempt to seek favor with Feinstein. Last year, she was one of six members of Congress who received warnings from the FBI that China might try to improperly influence them through illegal campaign contributions.
The article has another interesting paragraph: At the same time, far from the spotlight, Feinstein’s husband, Richard C. Blum, has expanded his private business interests in China–to the point that his firm is now a prominent investor inside the communist nation.
For years, Feinstein and Blum have insisted that they maintained a solid “firewall” between her role as an influential foreign policy player and his career as a private investor overseas.
But such closely coinciding interests are highly unusual for major figures in public life in Washington. And now, as controversy heats up over improper foreign influence in the U.S. political process, the effectiveness of the firewall between those interests could be called into question.
Firewall eh?
Well there is this other thing in California called the ‘California Asia Business Council’. See Di-Fi’s husband in the photo?
back row in the middle
Recipients of Cal-Asia’s prestigious New Silk Road Award include: Ms. Weili Dai, President and Co-founder of Marvell Technology Group; Dr. Chong Moon Lee, Founder, Diamond Multimedia; The Asia Foundation (presented to Dr. David Arnold, President); Alexander D. Calhoun, Senior Counsel, Squire Sanders & Dempsey; Daniel K. H. Chao, Chairman of Bechtel Greater China (retired); John S. Chen, Chairman, CEO, and President of Sybase; Hon. Dianne Feinstein, US Senator; Dr. Ta-Lin Hsu founder and chairman of H&Q Asia Pacific; C. Richard Kramlich, chairman and co-founder of New Enterprise Associates; G. Paul Matthews, Founder, Matthews International Capital Management; Dr. William F. Miller, SRI International, Stanford, and Silicon Valley visionary; Hon. George P. Shultz, Former Secretary of State; Washington SyCip, Founder of SGV & Co. and “Asia’s Wise Business Owl”; Amb. Linda Tsao Yang, former US Director, Asian Development Bank.
(Senator Feinstein got an award….firewall?)
Cal-Asia’s Mission
…is to promote commerce between the U.S. and Asia. We are proud to have received two awards for our efforts from the US Department of Commerce.Other Cal-Asia News
–Foreign Direct Investment in ASEAN
–APEC Meetings for 2015 started in January in Hanoi and will culminate with the Manila summit. Meeting locations and dates: APEC Events Calendar. General info on APEC outcomes, plans: http://www.apec.org/—EXIM BANKReport to the U.S. Congress on the Export-Import Bank of the United States and global export credit competition, 2014
–OECD list of export credit agencies
—Asian ExIm Banks
Ah, but there is more:
SAN FRANCISCO, May 4, 2017 — Richard C. Blum, founder and chairman of Blum Capital Partners, delivers remarks at Asia Society Northern California’s Fourteenth Annual Dinner.
Going back to 2009 and swell company here at this event:
April 23, 2009 – Blum Center Groundbreaking with Vice President Al Gore. (Peg Skorpinski)The groundbreaking ceremony for the new home of the Blum Center will take place on Thursday, April 23 at 1:30 pm PST – with Center Founder and UC Regents Chair Richard C. Blum joined by Former Vice President Al Gore, UC Berkeley Chancellor Robert Birgeneau, College of Engineering Dean S. Shankar Sastry, and University of California President Mark Yudof. The ceremony will be followed by a reception where faculty and students will present a wide range of innovations aimed at making lasting change for the nearly three billion people that live on less than two dollars a day.
That Center is for developing countries like China….really? Yup…interesting, there are more friends…
Four years ago, Mr. Blum founded the Global Economy and Development Center at The Brookings Institution and the Brookings Blum Roundtable Conference, to develop policy research and new strategies to alleviate poverty. He is also a trustee and a member of the executive committee of The Carter Center, founded by former President Jimmy Carter, and serves on the boards of William J. Clinton Foundation and The Wilderness Society.
More?
Feinstein and Shanghai Mayor Jiang Zemin reportedly visited each other regularly in the 1980s, with Jiang once spending Thanksgiving in San Francisco with Feinstein and her husband. Jiang supposedly danced with Feinstein during one such visit, which surely must have been a propaganda coup for the CCP a la Ted Kennedy and the Soviets.
The Federalist has an interesting summary, yet this stuck out:
In a June 2010 interview with the Wall Street Journal covering a trip to China in which she met with old pals Jiang and former premier Zhu Rongji, Feinstein seemed to further downplay and even alibi the Tiananmen Square massacre:
I think that was a great setback for China in the view of the world. And I think China has also – as we would – learned lessons from it.
It just so happens I was here after that and talked to Jiang Zemin and learned that at the time China had no local police. It was just the PLA [People’s Liberation Army]. And no local police that had crowd control. So, hence the tanks.
Clearly none of that made good sense. But that’s the past. One learns from the past. You don’t repeat it. I think China has learned a lesson.
That year, Feinstein also challenged the Obama administration’s $6.4 billion arms sale to Taiwan, calling it a “substantial irritant” to U.S.-China relations. Be sure and read all of Ben Weingarten’s piece here.