Category Archives: Industry Jobs Oil Economics

2016 A Tidal Wave of New Regulations

Posted on by

What’s Next on Gun Control: Obama and the Loophole

The White House will likely go around Congress and require background checks for all “in the business” of selling firearms.

Bloomberg: The next shoe to drop on gun control may come by mid-January, when President Barack Obama is expected to issue an executive order requiring everyone “in the business” of selling firearms to perform background checks.

Wait a second, you might be saying. Doesn’t federal law already oblige gun retailers to do computerized criminal checks via the Federal Bureau of Investigation’s data base? Yes and no.

Yes, when it comes to federally licensed dealers. But no, when you’re talking about people who lack federal licenses and sell guns from their personal collections.

The problem is that an awful lot of firearms are sold in the latter fashion by individuals who aren’t technically gun retailers but who sell weapons at weekend gun shows or from their homes. Forthcoming research by the Harvard School of Public Health estimates that 40 percent of all gun transfers occur without background checks (that’s the so-called gun show loophole). Presumably the background-check gap permits some criminals and mentally disabled people to buy guns who otherwise might be stopped.

Following another a year of shooting massacres of Americans, Obama has let it be known from his holiday retreat in Hawaii, through unidentified advisers, that soon after New Years Day he plans to follow through on plans to expand the definition of who’s “in the business” of selling firearms—and who’s thus required to perform background checks. Democratic presidential candidate Hillary Clinton, among others, has strongly backed this idea, and now Obama appears ready to make its implementation one of the first major acts of his final year in office.

Another fan of expanded background checks: Michael Bloomberg, owner of Bloomberg LP and founder of Everytown for Gun Safety, the nation’s leading nonprofit advocating tougher regulation of firearms. Bloomberg visited Obama at the White House last week to discuss gun-safety strategies.

The timing of the expected Obama move on background checks guarantees it will receive a hostile reaction from gun-rights advocates, thousands of whom will gather next month in Las Vegas for the firearm industry’s annual Shooting, Hunting & Outdoor Trade Show, known as SHOT.

An ironic twist is that many of the attendees at SHOT each year are federally licensed bricks-and-mortar gun dealers who sometimes concede privately that they have no real problem with all gun sellers being forced to do background checks. These full-time retailers resent competition from casual unlicensed sellers at gun shows.

But the National Rifle Association’s orthodoxy—that any additional gun control is merely a first step toward bans and confiscation—holds sway in the firearms world, making outward expressions of support among gun sellers for Obama’s proposal unlikely. While the enormous gathering in Las Vegas isn’t technically an NRA event, the group’s strong anti-Obama stance will almost certainly be evident there, and a fresh proposal to stiffen regulation may have the effect of pouring gasoline on a fire already burning hot.

There will probably be calls to challenge Obama’s authority to broaden the background check mandate without congressional involvement. Lawsuits and objections from pro-gun Republicans on Capitol Hill will likely follow, as has happened with other efforts by the administration to use executive authority in the environmental arena.

Another sure thing: Texas Senator Ted Cruz and other Republican presidential candidates will condemn the Obama proposal. In other words, the Great American Gun Debate will continue in 2016.

The Hill: President Obama is preparing to unleash a wave of new regulations in 2016 as he looks to shore up his legacy on public protection issues during his final year in office.

The Securities and Exchange Commission, the Food and Drug Administration and the Department of Labor are all expected to finalize major federal rules that critics say are long overdue. The regulations include a final rule from the 2010 Dodd-Frank financial reform law that will force companies to compare the paychecks of their top executives with company performance, final rules for cigars and electronic cigarettes proposed well over a year ago, and a final regulation to protect constructions workers from deadly silica dust.

Here’s a look at the top regulations expected to come from the administration in 2016.

Pay for performance

The Securities and Exchange Commission (SEC) is expected to finalize its “pay for performance” rule that will require publicly traded corporations to disclose how much their top executives are paid and compare that to the companies’ overall financial performance.

The agency, which first proposed the rule in May, set an October 2016 deadline for the final rule last month. The SEC contends it will allow shareholders to make more informed decisions when electing directors.

Arbitration

Regulatory experts are expecting the Consumer Financial Protection Bureau (CFPB) to propose new rules in 2016 to protect consumers’ right to file or join a class-action lawsuit against a financial company.

More and more companies are adding arbitration clauses to contracts that prevent consumers from resolving a dispute through the court system. Instead, the language, which can often be found in credit card and cellphone contracts, typically states that disputes about a product can only be resolved by privately appointed individuals or arbitrators.

Dodd-Frank directed the CFPB to do a study of arbitration agreements and issue a report of its findings to Congress. After the agency completed the report in March, it announced plans to proceed with a rulemaking.

E-cigarettes

Industry and health groups may not agree on the rules, but both are exasperated by the delay in first-ever regulations from the Food and Drug Administration (FDA) for cigars and electronic cigarettes.

Health groups were frantic in the days leading up to the release of the $1.1 trillion government spending deal earlier this month, fearing that industry had successfully lobbied for a change that would have exempted many e-cigarette and cigar products from the restrictions.

Industry groups, however, came up empty-handed and will now wait to see if attempts to lobby the White House for last-minute changes paid off. Those organizations are most concerned about a provision in the proposed rule that would require all products that hit store shelves after Feb. 15, 2007, to apply retroactively for approval, a process that companies say would put them out of business.

The FDA originally said the final rules would be out last summer but changed the deadline to November. The White House Office of Management and Budget (OMB), which is reviewing the final rule, was still meeting with industry and health groups last week.

Silica dust

The Department of Labor is in the process of finalizing a years-in-the-making rule to protect workers from silica dust.

Peg Seminario, the AFL-CIO’s safety and health director, said the labor group has been awaiting the rule since 1997. Exposure to silica dust, common at construction worksites and shipyards, can cause an irreversible lung disease known as silicosis.

The Labor Department sent the final rule to the OMB last week for final review, a process that can take up to 90 days.

“I’m sure they will give it a thorough review and it’ll be issued sometime, we hope, in the first quarter of the year,” Seminario said.

Workplace injuries

The DOL is gearing up for a busy year, with plans to also finalize a rule that will require employers to report and keep records of workplace injuries and illnesses. Seminario said the draft of the final rule went to OMB in October. Labor groups are hoping to see a final rule in the first quarter.

Overtime pay

Perhaps the most sweeping action to in the new year will be a final rule to extend overtime pay to nearly 5 millions white-collar workers. The Labor Department proposed the rule in June as a result of an executive order President Obama issued in May. Under the rule, any worker earning up to $50,000 annually would be eligible for overtime.

Department spokesman Jason Surbey said the agency is reviewing the more than 270,000 comments it received.

“We’re on track to issue a final rule by July 2016, with an effective date sometime after that,” he said.

Predatory lending

The CFPB is planning a February rollout of its proposed rules to crack down on predatory payday lenders.

The agency released a framework for the rules in March that considered forcing lenders to ensure a borrower’s ability to repay a loan, limiting short-term credits to 45 days or less and establishing a 60-day “cooling-off” period for borrowers who take out three loans in a row.

Payday lenders have already balked at the rules, calling them unnecessary and damaging for consumers who have nowhere else to turn for their short-term lending needs.

Food safety

The FDA is expected to issue final requirements in March for the sanitary transportation of animal and human food.

The rules, which were are mandated by the Food Safety Modernization Act of 2011, establish requirements for shippers, carriers and receivers to use sanitary practices to ensure that that food does not become contaminated when being transported. The final rules were originally expected to be released in April 2015.

Financial advisers 


The Labor Department is also expected to issue a final rule in 2016 that would require financial advisers to disclose more information to their clients about the compensation they receive. 

In October, under mounting pressure from business groups, Labor Secretary Tom Perez said the department planned to make some changes to the contentious regulations — commonly called the “fiduciary rule” — but would not detail what those changes would be.

Methane

The Environmental Protection Agency is expected to finalize new rules to limit methane emissions from the oil and gas sector. The rule would require drillers to use new technologies to track and block both accidental and purposeful leaks when producing and transmitting oil and gas. The EPA has set a June deadline for the release of this final rule.

Every Registered Voter, Personal Data Leaked

Posted on by

191M Records Exposed In Data Leak: Personal Information Of ‘Every Registered U.S. Voter’ Said To Be Freely Available

In 2014, there were 142.2 million people registered to vote in the United States, according to the U.S. Census Bureau. Forbes is reporting that a database containing 191 million voter records, which includes personal data, has been found, available for anyone to access, online by a “whitehat hacker” named Chris Vickery.

It appears that the personal details of “every registered U.S. voter” are publicly available online. When asked to pull up details on random people by Forbes, Vickery was easily and quickly able to retrieve their names, addresses, birth dates, telephone numbers, and party affiliations, with data appearing to date as early as 2000. Reportedly, no financial information or social security numbers are included in the leaked information.

Vickery has reportedly been unable to pinpoint where the data came from and who might have made it available online. Some attributes of the database led Vickery and researchers with DataBreaches.net to pursue NationBuilder, which has been said to produce similar databases in the past. NationBuilder CEO Jim Gilliam has reportedly stated that IP addresses associated with the database were not associated with the group’s customers, but that it is possible that a customer working on a “non-hosted” system could have produced it.

“From what we’ve seen, the voter information included is already publicly available from each state government so no new or private information was released in this database,” Gilliam was quoted.

A long list of potential suspected political groups have denied responsibility for the voter data leak, including NGP VAN, Political Data, L2 Political, Aristotle, and Catalist.

Vickery and DataBreaches.net were reported to have made reports with the FBI in New York. Forbes reported that the FBI recommended making a report with the Secret Service, which was said to offer no response. DataBreaches.net was said to have made reports with the California Attorney General’s office as well, according to CNET.Information contained in voter records is a matter of public record in many states. South Dakota specifies that voter information may not be placed on the Internet for “unrestricted access” or “commercial purpose.” California has some of the strictest laws protecting voter information in the country, where records are private and may only be accessed “under certain circumstances.”

“I deal with criminals every day who know my name. The thought of some vindictive criminal being able to go to this site and get my address makes me uncomfortable,” an anonymous police officer was quoted. “I’m also annoyed that people can get my voting record. Whether I vote Republican or Democratic should be my private business.”

A Twitter user pointed out that an abusive ex-spouse could use the information to locate a previous partner who does not wish to be found. For that matter, with the information available on the Internet, just about anyone can.

The exposed voter records are said not to include who the voter actually voted for, but that party affiliations are available, which may make determining who an individual likely voted for a simple task. It is noted that the information could be particularly useful during an “issues-oriented campaign.”

Just last week, Chris Vickery exposed that the personal information, including e-mail addresses, user names, and password hints of 3.3 million users registered to the website of SanrioTown.com, home to Hello Kitty, was freely available online, according to CNET. Vickery also recently found a hole allowing the personal information, including usernames and e-mail addresses, of 13 million MacKeeper users to be freely accessed online, as reported by CNET. The MacKeeper software, perhaps ironically, is a suite of security programs aimed at making Mac users safe and secure online.

*** What to be concerned with in 2016: Gartner Report

Biggest Cyber Security Threats To Watch For In 2016; Gartner Forecasts 6.8B Devices Connected To Internet Of Things In 2016

    Harriet Taylor, in a December 28, 2015 article on CNBC’s website is the latest in a series of articles on the evolving cyber threat and what may be the top cyber threats next year.  “Headless worms, machine-to-machine attacks, jailbreaking, ghostware, and two-faced malware,” top the list of key cyber threats to prepare for next year.”   In the coming year,”hackers will launch increasingly sophisticated attacks on everything from critical infrastructure, to medical devices,” said Fortinet Global Security Strategist, Derek Manky.  “We are facing an arms race in terms of security.  Every minute we sleep, we are seeing about a half a million [cyber] attack attempts that are happening in cyber space,” he added.

Here’s How The 2016 Cyber Threat Landscape Looks To Some Experts:

The rise of machine-to-machine attacks:  Research company Gartner predicts there will be 6.8B connected devices in use in 2016; a 30 percent increase over 2015.  By 2020, that number will jump to more than 20B connected devices, the company forecasts.  That would mean an average of two to three Internet-connected devices for every human being on the planet.  The sheer number of connected devices, or ‘Internet of Things (IoT), presents an unprecedented opportunity for hackers.  “We’re facing a massive problem moving forward for growing attack surface,” said Manky.

     “That’s a very large playground for attackers, and consumer and corporate information is swimming in that playground,” he said.  In its 2016 Planning Guide for Security and Risk Management, Gartner said:  “The evolution of cloud and mobile technologies, as well as the emergence [maturation?] of the IoT,’ is elevating the importance of security and risk management foundations.”

     “Smartphones present the biggest risk category going forward,” Manky believes.  “They are particularly attractive to cyber thieves because of the sheer number in use, and multiple vectors of attack, including malicious apps and web browsing;

     “We call this drive-by-attacks — websites that will fingerprint your phone when you connect to them; and, understand what that phone is vulnerable to,” Manky said,.  “Apple devices are still the most secure,” he added.  But, he also cautioned that there is no such thing as a totally safe device connected to the IoT.

Are you nurturing a headless worm?:  “The new year will likely bring entirely new [cyber] worms and viruses able to propagate from device-to-device,” predicts Fortinet.  the new year will see the first “headless worms” — malicious code — targeting “headless devices,’ such as smartwatches, smartphones, and medical hardware;”  “These are nasty bits of code that will float through millions, and millions of computers,” Manky warns.  “The largest we’ve seen to date, is about 15 million infected machines, controlled by one network — with an attack surface of 20B devices.  Certainly that number can spike to 50M, or more.  You can suddenly have a massive outage globally, in terms of all these consumer devices just simply dying and going down [dark];”

Jailbreaking the cloud:  “Expect a proliferation of attacks on the cloud, and cloud infrastructure, including so-called virtual machines, which are software-based computers.  There will be malware specifically built to crack these cloud-based systems  “Growing reliance on virtualization; and both private and hybrid clouds — will make these kind of attacks even more fruitful for cyber criminals,” according to Fortinet.  “At the same time, because apps rely on the cloud, mobile devices running compromised apps will provide a way for hackers to remotely attack public and private clouds and gain access to corporate networks.”

Hackers will use Ghostware to conceal attacks:  “As law enforcement boosts its [cyber] forensic capabilities, hackers will adapt to evade surveillance and detection,  [Stealth] malware designed to penetrate networks, steal information, then cover up its tracks will emerge in 2016.  So-called Ghostware, will make it extremely difficult for companies to track exactly how much data has been compromised, and hinder the ability of law enforcement to prosecute cyber criminals.”  

     “The attacker and the adversaries are getting much more intelligent now,” Manky said.

     “Alongside Ghostware, cyber criminals will continue to employ so-called “blastware,” which destroys and disables a system/s when detected.  “Blastware can be used to take out things like critical infrastructure, and it’s much more of a damaging attack,” he added.

     “Because attackers may circumvent preventative controls, detection and response capabilities are becoming increasingly critical,” advises Gartner in its report.

Two-Faced malware:  “Many corporations now test software in a safe environment called a sandbox, before running it on their networks.”  “A sandbox is designed  to do deeper inspection to catch some of these different ways that they’re trying to change their behaviors,” Manky said.  “It’s a very effective way to look at these new threats as we move forward.”

     “That said,” Ms. Taylor writes, “hackers in turn, are creating malevolent software that seems benign under surveillance; but, morphs into malicious code, once it’s no longer under suspicion.  It’s called……two-faced malware.”

WHAT FORTINET DID NOT ADDRESS
 
     Lots to think about with these 2016 predictions in the cyber realm.  Clearly, there is no such thing as a digital Maginot Line; and, even if there were — we all know how that worked out for France.  Stealth malware, malware that goes dormant when under surveillance; and/or changes like a chameleon, infected clouds, deceptive clouds, combat clouds, hijack clouds — one is to some degree only limited by one’s imagination.  It truly is a digital wilderness of mirrors.
     Fortinet did not address encryption and the Dark Web.  What nasty surprises will the Dark Web have for us in 2016?  Will we be able to develop something akin to a router that cleans out our pipes at home — in the digital world?  How will we ever really know if our systems are ‘clean?’  How are stay-behinds, also known as the gifts that keep on giving — likely to evolve?  What about downloading, or stealing information in an encrypted and clandestine mode?  And, one must not forget the widespread practice of denial, and deception.  How will the field of digital forensic attribution evolve?  Will it get ‘easier’ to pin the tail on the donkey?; or, more complicated and difficult?  What about the purposeful; but, sophisticated corruption of data?
    Fortinet did not address the growing threat of ransomware.  Kaspersky Labs, in  its 2016 forecast, “expects to see the success of Ransomweare to spread to new frontiers.”  “Not only does Kaspersky lab expect Ransomware to gain ground on banking trojans; but, Kaspersky also expects it to transition to other platforms; i.e., cross the rubicon — to not only target Macs; but, also charge ‘Mac prices.  Then, in the longer term, there is the likelihood of the IoT ransomware — begging the question, how much would you be willing to regain acces to your TV programming?  Your fridge?  Your car?,” Kaspersky asks.  
     Kaspersky Labs also “expects the trend of cyber ‘guns-for-hire,’ to continue to evolve and grow.”  Will we see white-hat cyber mercenaries — i.e., a different version of Anonymous — or cyber militias for hire to ‘fight’ against the bad guys?  What about black-hat cyber mercenaries, and the potential emergence of a ‘Dr. No’ in the digital world. 
Will we see the emergence of lethal, offensive cyber weapons — where the objective is to cause loss of of life?  Or, will we see the emergence of a cyber weapon of mass disruption?  A Stuxnet on steroids?  
 
    What about cyber ‘bomb damage assessment?  Can we/have we achieved the ability to conduct elegant, targeted, offensive cyber offensive operations, that do not cause excessive digital collateral damage?
 
     Will 2016 finally see a larger-scale cyber attack here in the U.S. and abroad?  
 
     Will the cyber threat to our stand-alone systems become even more profound?  It has already been demonstrated by researchers at Ben Gurion University in 2014 — that stand-alone systems could be breached using the effluent heat coming off the system.
 
     Will the cyber/digital decision tree on when to respond, how, where, why, with what, come to the fore in the strategic realm?
 
     How will cyber tradecraft evolve and mature?
     Will the Islamic State, al Qaeda, other terrorist groups attempt to launch a major cyber attack on the U.S.?
  

Muslim Brotherhood, Cameron: No Obama: Yes

Posted on by

The topic of the Muslim Brotherhood, the mac-daddy umbrella jihad organization globally with a terror history, Cameron is right, Obama is wrong.

The United Kingdom has an epic Islamic issue in country and the United States is a close follow. The worst part for our homeland is the UK and Europe are part of the United States visa waiver program. Travel freely, no questions asked. We must now rely on U.S. Customs and Border Patrol assigned to the UK to work the issues.

Couple Guilty Of Plotting Major Terror Attack

‘Silent Bomber’ Mohammed Rehman and his wife were days from building a bomb that would have caused multiple casualties in London.

Mohammed Rehman court case

Couple Guilty Of Terror Attack Plot

SkyNews: Would-be suicide bomber Mohammed Rehman and his wife Sana Ahmed Khan have been found guilty of planning a major terror attack in London.

Rehman, 25, had stockpiled bombmaking materials at his Reading home and using the Twitter username ‘Silent Bomber’ he asked his followers which targets they thought suitable for a massive terror attack; Westfield shopping centre or the London Underground.

Rehman used a profile picture of Jihadi John’ Mohammed Emwazi, to post: “Westfield shopping centre or London underground? Any advice would be appreciated greatly,” accompanied by a link to an al Qaida media release about the 7/7 bombings.

The same day, he searched YouTube for ‘London bombings’ and ‘Shehzad Tanweer’ – one of the 7/7 bombers who he referred to as his “beloved predecessor”.

Prosecutors claimed Rehman proved he was “intent on martyrdom” when he also tweeted: “Now I just make explosives in preparation for kuffar lol and when I’ve made the required amount I’ll be wearing them on my chest.” More details here.

So for Prime Minister David Cameron, he has work to do starting with the Muslim Brotherhood, an organization that Barack Obama remains supportive of and quite loyal.

Statement by David Cameron on the findings of the internal review to improve the government’s understanding of the Muslim Brotherhood.

I have today laid before both Houses the main findings of the internal review I commissioned in the last Parliament to improve the government’s understanding of the Muslim Brotherhood; establish whether the Muslim Brotherhood’s ideology or activities, or those of individual members or affiliates, put at risk, damaged, or risked damaging the UK’s national interests; and where appropriate inform policy.

The review involved substantial research and wide consultation including Muslim Brotherhood representatives in the UK and overseas, and an open invitation to other interested parties to submit written contributions.

Read the Muslim Brotherhood review.

It is a complex subject: the Muslim Brotherhood comprises both a transnational network, with links in the UK, and national organisations in and outside the Islamic world. The movement is deliberately opaque, and habitually secretive.

Since the authors completed their initial research in 2014, and during the course of the government’s examination of the findings, further allegations of violence carried out by supporters of the Muslim Brotherhood have surfaced, which the government will continue to investigate, taking action as appropriate.

As the Muslim Brotherhood continues to evolve, so must our understanding of it. The findings have revealed much that we did not know but work will continue to ensure we keep up to date with developments.

The government considers the following the most important findings.

The Muslim Brotherhood’s foundational texts call for the progressive moral purification of individuals and Muslim societies and their eventual political unification in a Caliphate under Sharia law. To this day the Muslim Brotherhood characterises Western societies and liberal Muslims as decadent and immoral. It can be seen primarily as a political project.

Parts of the Muslim Brotherhood have a highly ambiguous relationship with violent extremism. Both as an ideology and as a network it has been a rite of passage for some individuals and groups who have gone on to engage in violence and terrorism. It has stated its opposition to al-Qaida (AQ) but it has never credibly denounced the use made by terrorist organisations of the work of Sayyid Qutb, one of the Brotherhood’s most prominent ideologues. Individuals closely associated with the Muslim Brotherhood in the UK have supported suicide bombing and other attacks in Israel by Hamas, an organisation whose military wing has been proscribed in the UK since 2001 as a terrorist organisation, and which describes itself as the Palestinian chapter of the Muslim Brotherhood.

Moreover, despite the Egyptian Muslim Brotherhood’s public condemnation of violence in 2012/13 and afterwards, some of their supporters have been involved in violent exchanges with the security forces and other groups. Media reports and credible academic studies indicate that in the past 12 months a minority of Muslim Brotherhood supporters in Egypt have engaged alongside other Islamists in violent acts. Some senior leaders have publicly reiterated the Muslim Brotherhood’s commitment to non-violence, but others have failed to renounce the calls for retribution in some recent Muslim Brotherhood statements.

Muslim Brotherhood-associated and influenced groups in the UK have at times had a significant influence on national organisations which have claimed to represent Muslim communities (and on that basis have had a dialogue with government), charities and some mosques. But they have also sometimes characterised the UK as fundamentally hostile to Muslim faith and identity; and expressed support for terrorist attacks conducted by Hamas.

Aspects of the Muslim Brotherhood’s ideology and activities therefore run counter to British values of democracy, the rule of law, individual liberty, equality and the mutual respect and tolerance of different faiths and beliefs. The Muslim Brotherhood is not the only movement that promotes values which appear intolerant of equality and freedom of faith and belief. Nor is it the only movement or group dedicated in theory to revolutionising societies and changing existing ways of life. But I have made clear this government’s determination to reject intolerance, and to counter not just violent Islamist extremism, but also to tackle those who create the conditions for it to flourish.

The main findings of the review support the conclusion that membership of, association with, or influence by the Muslim Brotherhood should be considered as a possible indicator of extremism.

We will therefore keep under review the views that are promoted and activities that are undertaken by Muslim Brotherhood associates in the UK, in Arabic as well as English. We will consider whether any action under the Counter-Extremism Strategy or as part of our wider work may be appropriate, including action in line with the new engagement policy the government will develop to ensure central and local government does not inadvertently provide legitimacy or a platform for extremists. We will challenge extremists’ poisonous narratives and promote positive alternatives that show vulnerable people that there are better ways to get on in life.

We will continue to:

  • refuse visas to members and associates of the Muslim Brotherhood who are on record as having made extremist comments, where this would be conducive to the public good and in line with our existing policy guidelines and approach to extremism in all forms
  • seek to ensure charities that have links to the Muslim Brotherhood are not misused to support or finance the Muslim Brotherhood instead of their lawful charitable purpose
  • strengthen liaison arrangements with international partners to ensure that allegations of illicit funding or other misuse of charities are robustly investigated and appropriate action taken
  • enforce the EU asset freeze on Hamas
  • keep under review whether the views and activities of the Muslim Brotherhood meet the legal test for proscription

We will also intensify scrutiny of the views and activities that Muslim Brotherhood members, associates and affiliates (whether based in the UK or elsewhere) promote overseas. As our Counter-Extremism Strategy makes clear, insights from our overseas posts will help the government better understand drivers, networks and ideologies. We will continue to consult, and share information and analysis with, governments in the Middle East and North Africa as appropriate. We will then take further decisions and actions as needed.

 

Normalized Cuba Relations Forces 8000 Cubans on U.S.

Posted on by

Fusion: Sidestepping Nicaraguan intransigence, Costa Rica and five other countries have announced a secret deal to airlift some 8,000 Cuban immigrants out of Costa Rica and into El Salvador, where they’ll be put on buses and transported up to Mexico in the last leg of their harrowing 5,000-mile journey to the United States.

The decision to leapfrog Nicaragua comes nearly six weeks after the Sandinista government decided to militarize its southern border and prevent Cubans from continuing their journey north through Central America. Cuban immigrants have been piling up on the border ever since, as their numbers swelled from 1,500 to some 8,000, according to the number of temporary visas issued by Costa Rican authorities.

More details:

FoxLatino:

SAN JOSE, Costa Rica (AP) –  Central American nations have reached a deal to let the first of thousands of stranded Cuban migrants continue their journey north toward the United States next month, officials said Monday.

The humanitarian transfer will airlift an unspecified number of Cubans the first week of January from Costa Rica to El Salvador, from where they will continue by bus toward Mexico, Costa Rica’s Foreign Ministry said in a statement.

The Guatemalan government, which hosted a diplomatic meeting earlier in the day to consider the issue, described it as a “pilot” program and said a work group has been tasked with coordinating logistics.

The two governments did not immediately release further details, citing some nations’ desire for discretion on what has become a diplomatic flashpoint between Costa Rica and neighboring Nicaragua.

The number of Cubans stranded in Costa Rica has reached at least 8,000 since Nicaragua closed its border to them weeks ago. The islanders say they are trying to reach the United States, where favorable migratory policies toward Cubans mean nearly all are allowed to stay and apply for residency.

On Sunday, Pope Francis called for their plight to be resolved.

Costa Rican Foreign Minister Manuel Gonzalez said the measure will be available only to Cubans who are already in Costa Rica. Ministry spokeswoman Melissa Duran told The Associated Press it will be up to the migrants to pay the costs of their travel, but did not give more specifics.

On Dec. 18, Costa Rica stopped issuing transit visas for Cuban migrants and announced that any who arrived after that without a visa would be deported.

Cuba has seen a spike in outward migration in the year since it and Washington announced they would re-establish diplomatic ties after more than five decades of open hostility. Many Cuban migrants say they chose now to emigrate out of fear that detente could bring about an end to the U.S. policies that benefit them — although U.S. officials say no change is in the works.

Cuba and its close ally Nicaragua argue that the U.S. policies toward Cubans encourage them to attempt dangerous migratory routes and cause a brain drain on the island.

More from NPR:

A U.S. Coast Guard crew (foreground) with six Cubans who were picked up in the Florida Straits in May. A larger Coast Guard vessel is in the background. The number of Cubans trying to reach the U.S. has soared in the past year. Many Cubans believe it will be more difficult to enter the U.S. as relations improve, though U.S. officials say there will be no rule changes in the near term.

Softest Target, Powergrid: Hacked Often

Posted on by

Report: U.S. electrical grid hacked repeatedly over past decade

WashingtonExaminer: State-backed hackers have probed and gained control of networks in parts of the electrical grid at least a dozen times over the last decade, according to officials.

“The grid is a tough target, but a lucrative target,” Keith Alexander, a former director of the National Security Agency, told the Associated Press. “The number of sophisticated attacks is growing. There is a constant, steady upbeat.”

Intrusions have come from China, Russia and Iran. Rather than trying to inflict immediate damage, officials say, the perpetrators have been trying to probe for vulnerabilities and stow away in critical systems.

“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” Robert Lee, a former U.S. Air Force cyberwarfare operations officer, told the AP. “It will also help them stay quiet and stealthy inside.”

One specific incident cited by the AP involved Calpine Corp., a power producer with 100 power plants operating in 18 states and Canada. Experts say that information stolen from one of Calpine’s contractors was used to gain access to the company’s systems in 2013, and added that to the best of their knowledge, the perpetrator may still have access to Calpine’s systems today.

Citing another incident, the Wall Street Journal reported on Sunday that Iranian hackers gained control over the operating system of a small dam less than 20 miles from New York City. Officials from the FBI looked into the incident at the Bowman Avenue Dam in Rye, New York, in 2013.

The Department of Homeland Security would not confirm that event, but said in a statement that it was continuing “to coordinate national efforts to strengthen the security and resilience of critical infrastructure” and “working to raise awareness about evolving threats and promote measures to reduce risks.”

Part of the problem is that the technology powering critical infrastructure is often decades old.

“Some of the control systems boot off of floppy disks,” said Patrick Miller, who formerly performed hydroelectric dam cybersecurity for the U.S. Bureau of Reclamation and Army Corps of Engineers. “Some dams have modeling systems that run on something that looks like a washing machine hooked up to tape spools. It looks like the early NASA stuff that went to the moon.”

Intelligence officials have consistently cited the nation’s critical infrastructure as its most significant modern vulnerability in cyberspace. “My No. 1 threat that I see here is the threat to our critical infrastructure,” National Counterintelligence Executive William Evanina told the Washington Examiner in November.

Adm. Mike Rogers, the director of the National Security Agency and head of U.S. Cyber Command, has expressed the same sentiment.

“It is only a matter of ‘when’ that someone uses cyber as a tool to do damage to the critical infrastructure of our nation,” Rogers said in October. “I’m watching nation-states, groups within some of that infrastructure.

“At the moment, it seems to be really focused on reconnaissance and attempting to understand the characteristics of the structure, but it’s only a matter of time I believe until someone actually does something destructive,” Rogers added.

***

How it was found?

SAN JOSE, California (AP) — Security researcher Brian Wallace was on the trail of hackers who had snatched a California university’s housing files when he stumbled into a larger nightmare: Cyberattackers had opened a pathway into the networks running the United States’ power grid.

 

Digital clues pointed to Iranian hackers. And Wallace found that they had already taken passwords, as well as engineering drawings of dozens of power plants, at least one with the title “Mission Critical.” The drawings were so detailed that experts say skilled attackers could have used them, along with other tools and malicious code, to knock out electricity flowing to millions of homes.

Wallace was astonished. But this breach, The Associated Press has found, was not unique.

About a dozen times in the last decade, sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on, according to top experts who spoke only on condition of anonymity due to the sensitive nature of the subject matter.

The public almost never learns the details about these types of attacks — they’re rarer but also more intricate and potentially dangerous than data theft. Information about the government’s response to these hacks is often protected and sometimes classified; many are never even reported to the government.

These intrusions have not caused the kind of cascading blackouts that are feared by the intelligence community. But so many attackers have stowed away in the largely investor-owned systems that run the U.S. electric grid that experts say they likely have the capability to strike at will.

And that’s what worries Wallace and other cybersecurity experts most.

“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” said Robert M. Lee, a former U.S. Air Force cyberwarfare operations officer.

In 2012 and 2013, in well-publicized attacks, Russian hackers successfully sent and received encrypted commands to U.S. public utilities and power generators; some private firms concluded this was an effort to position interlopers to act in the event of a political crisis. And the Department of Homeland Security announced about a year ago that a separate hacking campaign, believed by some private firms to have Russian origins, had injected software with malware that allowed the attackers to spy on U.S. energy companies.

“You want to be stealth,” said Lillian Ablon, a cybersecurity expert at the RAND Corporation. “That’s the ultimate power, because when you need to do something you are already in place.”

The hackers have gained access to an aging, outdated power system. Many of the substations and equipment that move power across the U.S. are decrepit and were never built with network security in mind; hooking them up to the Internet over the last decade has given hackers new backdoors in. Distant wind farms, home solar panels, smart meters and other networked devices must be remotely monitored and controlled, which opens up the broader system to fresh points of attack.

View gallery

This image obtained by The Associated Press in September …

This image obtained by The Associated Press in September 2015 shows a portion of a computer networki …

Hundreds of contractors sell software and equipment to energy companies, and attackers have successfully used those outside companies as a way to get inside networks tied to the grid.

Attributing attacks is notoriously tricky. Neither U.S. officials nor cybersecurity experts would or could say if the Islamic Republic of Iran was involved in the attack Wallace discovered involving Calpine Corp., a power producer with 82 plants operating in 18 states and Canada.

Private firms have alleged other recent hacks of networks and machinery tied to the U.S. power grid were carried out by teams from within Russia and China, some with governmental support.

Even the Islamic State group is trying to hack American power companies, a top Homeland Security official told industry executives in October.

The attack involving Calpine is particularly disturbing because the cyberspies grabbed so much, according to previously unreported documents and interviews.

Cybersecurity experts say the breach began at least as far back as August 2013.

Calpine spokesman Brett Kerr said the company’s information was stolen from a contractor that does business with Calpine. He said the stolen diagrams and passwords were old — some diagrams dated to 2002 — and presented no threat, though some outside experts disagree.

Kerr would not say whether the configuration of the power plants’ operations networks — also valuable information — remained the same as when the intrusion occurred, or whether it was possible the attackers still had a foothold.

The hackers stole user names and passwords that could be used to connect remotely to Calpine’s networks, which were being maintained by a data security company. Even if some of the information was outdated, experts say skilled hackers could have found a way to update the passwords and slip past firewalls to get into the operations network. Eventually, they say, the intruders could have shut down generating stations, fouled communications networks and possibly caused a blackout near the plants.

They also took detailed engineering drawings of networks and power stations from New York to California — 71 in all — showing the precise location of devices that communicate with gas turbines, boilers and other crucial equipment attackers would need to hack specific plants.

Cylance researchers said the intruders stored their stolen goods on seven unencrypted FTP servers requiring no authentication to access details about Calpine’s plants. Jumbled in the folders was code that could be used to spread malware to other companies without being traced back to the attackers’ computers, as well as handcrafted software designed to mask that the Internet Protocol addresses they were using were in Iran.

Calpine didn’t know its information had been compromised until it was informed by Cylance, Kerr said.

Iranian U.N. Mission spokesman Hamid Babaei did not return calls or address questions emailed by AP.

Cylance notified the FBI, which warned the U.S. energy sector in an unclassified bulletin last December that a group using Iran-based IP addresses had targeted the industry.

Homeland Security spokesman SY Lee said that his agency is coordinating efforts to strengthen grid cybersecurity nationwide and to raise awareness about evolving threats to the electric sector through industry trainings and risk assessments. As Deputy Secretary Alejandro Mayorkas acknowledged in an interview, however, “we are not where we need to be” on cybersecurity.

That’s partly because the grid is largely privately owned and has entire sections that fall outside federal regulation, which experts argue leaves the sector poorly defended against a growing universe of hackers seeking to access its networks.

As Deputy Energy Secretary Elizabeth Sherwood Randall said in a speech earlier this year, “If we don’t protect the energy sector, we are putting every other sector of the economy in peril.”