Dog Brothers Public Forum

HOME | PUBLIC FORUM | MEMBERS FORUM | INSTRUCTORS FORUM | TRIBE FORUM

Welcome, Guest. Please login or register.
September 25, 2017, 12:13:19 PM

Login with username, password and session length
Search:     Advanced search
Welcome to the Dog Brothers Public Forum.
104811 Posts in 2391 Topics by 1093 Members
Latest Member: Cruces
* Home Help Search Login Register
+  Dog Brothers Public Forum
|-+  Politics, Religion, Science, Culture and Humanities
| |-+  Politics & Religion
| | |-+  Cyberwar, Cyber Crime, and American Freedom
« previous next »
Pages: 1 ... 8 9 [10] Print
Author Topic: Cyberwar, Cyber Crime, and American Freedom  (Read 115082 times)
Crafty_Dog
Administrator
Power User
*****
Posts: 41104


« Reply #450 on: July 23, 2017, 09:07:44 PM »

What are you doing?
Logged
G M
Power User
***
Posts: 15171


« Reply #451 on: July 23, 2017, 09:11:33 PM »

What are you doing?


Moving away from an urban death zone.

Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 41104


« Reply #452 on: July 23, 2017, 09:17:27 PM »

Silly me, I was thinking electronically  cheesy e.g. storing this forum in some sort of device, unconnected to the internet so this forum can be resurrected with our work of all these years saved.
Logged
G M
Power User
***
Posts: 15171


« Reply #453 on: July 23, 2017, 10:20:37 PM »

Silly me, I was thinking electronically  cheesy e.g. storing this forum in some sort of device, unconnected to the internet so this forum can be resurrected with our work of all these years saved.


I'm planning on scenarios that put immediate concerns much lower on Maslow's hierarchy of needs.
Logged
G M
Power User
***
Posts: 15171


« Reply #454 on: July 24, 2017, 09:12:58 AM »

https://www.eenews.net/energywire/stories/1060057718/search

SECURITY
Grid threats require 'imagining the unimaginable' — report
Peter Behr, E&E News reporter Published: Friday, July 21, 2017
Power grid at sunset. Photo credit: Pixabay

A new National Academy of Sciences report has stark warnings for the U.S. electric power network. Pixabay
The U.S. electric power network is poorly equipped to restore electricity service to large areas blacked out by natural disasters or hostile attacks, a National Academy of Sciences panel warned yesterday in a report that looks into dark future scenarios that it says the nation and the public have not fully faced up to.

"The electricity system, and associated supporting infrastructure, is susceptible to widespread uncontrolled cascading failure, based on the interconnected and interdependent nature of the networks," the panel concluded in a 297-page report ordered by Congress and funded by the Department of Energy. "Despite all best efforts, it is impossible to avoid occasional, potentially large outages caused by natural disasters or pernicious physical or cyber attacks."

The panel, headed by M. Granger Morgan, an engineering professor at Carnegie Mellon University, proposed a long list of actions needed to create a "resilient" power grid that could recover from an unprecedented blow.

Morgan said the challenge should be a top priority, not in the sense of "do it tomorrow, or we're toast. But in the time scale of months, it's quite urgent."

"At present, planning for all types of hazards to public infrastructure is a disorganized and decentralized activity," the report said. "Too often in the past, the United States has made progress on the issue of resilience by 'muddling through,'" but that response is no longer tolerable, the report said. Multiple threats to the grid require authorities and industry to start "imagining the unimaginable" and planning for lower-probability but potentially catastrophic events.

The report comes as Energy Secretary Rick Perry's leadership team is completing a high-level review of power grid reliability and is working on a report on cybersecurity threats called for by President Trump. Both reports will set policy benchmarks for how the Trump administration will prioritize and fund federal responses to grid threats.

Travis Fisher, the DOE political appointee heading the reliability study, minimized the risk of a state-sponsored, large-scale cyber outage in a 2015 paper issued by the Institute for Energy Research, a pro-fossil-fuels advocacy organization. "Even though cyber threats do exist and are concerning, fears of catastrophic damage from a cyber attack are likely overblown," Fisher wrote then, saying that would-be attackers are deterred by the certainty of a U.S. in-kind response.

Some grid executives and federal security officials have said the same, but most cyber professionals conclude that the grid's exposure to potential attack is expanding constantly. Responding to a question yesterday, DOE spokeswoman Shaylyn Hynes said the IER paper "is not relevant to the grid study or cyber study."

The panel, whose members included academics, DOE laboratory scientists and a former regional grid chief executive, said the responsibility for recovery from a widespread power outage starts at the top.

Fragmented responsibility

"No single entity is responsible for, or has the authority to implement a comprehensive approach to assure the resilience of the nation's electricity system," the report said. "Even in federal programs focused explicitly on increasing grid resilience, planning and implementation of research and policy responses are fragmented across federal agencies. It is impossible to describe all of the relevant efforts succinctly."

The panel challenged DOE to fill that gap, leading longer-term federal, state and community actions to increase the grid's recovery capability. "No other entity in the United States has the mission to support such work," it said.

While many recommendations centered on the federal government, others pointed at the power industry.

"There has been a tendency among utilities and other commercial entities not to share information about cyber breaches and to look inward rather than seeking help, which limits potential for collaboration across organizations. Most utilities are not likely to have adequate internal staff directly experienced in large-scale cyber restoration," the report said.

It also urged more research on how electric vehicles, customer-owned solar power and microgrids could help the grid recover. In worst-case scenarios, customers might have to endure lengthy recoveries in which power is rationed, the study said. Families that have home systems able to use limited power supplies to run refrigerators and furnaces might avoid evacuation after a disaster, the authors said.

The report urged more financial support for DOE offices that fund research, development and demonstration programs on cybersecurity defenses and power grid monitoring and control systems. Trump's fiscal 2018 budget request proposed 41 percent spending cuts for both DOE's Office of Electricity Delivery and Energy Reliability and its Office of Energy Efficiency and Renewable Energy, two centers of that research.

"If funding is not provided by the federal government, the committee is concerned that this gap would not be filled either by states or by the private sector," the panel said.

It called on DOE to lead in the stockpiling of crucial grid power transformers, to complement industry programs.

Much more technology is needed to deal with wide-area outages, the panel said, including control room software to help grid operators recognize and respond to fast-moving outages. "During a major event such as Hurricane Katrina or Superstorm Sandy, thousands of alarms can overwhelm the system operator" in control rooms, it said. "Artificial intelligence could help quickly prioritize these alarms."

Several recommendations addressed what the panel saw as a lack of understanding among government officials and the public about the consequences of a widespread emergency — including deliberate, targeted blackouts of some areas to protect vital equipment that would be needed to bring the grid back up.

In an uncontrolled, cascading grid collapse, parts of the interstate grid would automatically break into smaller subdivisions called "islands," resulting in significant outages, the panel said. Planned "islanding" in an emergency could limit the damage and speed recovery, the report said.

DOE and DHS should create a "visioning" process to portray and assess plausible large-area, long-duration grid disruptions that could have major impacts on the public, to help hospitals, communications providers, first responders and other critical resources prepare, the report said.

The Federal Energy Regulatory Commission and the North American Energy Standards Board should do more to coordinate operations of natural gas pipelines and the power companies that depend on gas to run generators, it said.

The recovery challenge must be recognized at the state level, too, the panel said.

In one case in point, a new cybersecurity strategy issued last week by Connecticut Gov. Dannel Malloy (D) describes critical infrastructure as the state's "Achilles' heel," noting that "experts have called our electric grid the glass jaw of American industry." The document concludes, "There are potential attackers, vulnerable places they could attack and many ways to amplify the effects of a cyber attack by combining it with other emergencies."

"I can't give you concrete, specific, best solutions for all these problems," said Art House, Connecticut's chief cybersecurity risk officer and a former utility regulator there. "But I think that what we have to do is recognize the vulnerability, recognize that there has to be a culture of cybersecurity, and then go about finding the answers to it."

Twitter: @PeteBehrEENews Email: pbehr@eenews.net
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 41104


« Reply #455 on: August 09, 2017, 11:00:30 PM »

https://fas.org/sgp/crs/homesec/R43604.pdf
___________________________________________________

https://www.csmonitor.com/World/Passcode/Passcode-Voices/2017/0320/How-China-is-preparing-for-cyberwar


Preparing for informationized wars

The 2015 Chinese Military Strategy White Paper states that the PLA must prepare for “informationized local wars” against technologically advanced adversaries. As a result, Chinese hackers breach Defense Department networks in order to better understand US military capabilities, accelerate the modernization of the People’s Liberation Army, and prepare of military conflict and the disruption of US forces.

Two PLA groups, Units 61938 and 61486, have reportedly stolen information from over two dozen Defense Department weapons programs, including the Patriot missile system and the US Navy’s new littoral combat ship. The most high-profile case has been the hacking of defense contractors involved in the F-35, which have forced the redesign of specialized communications and antenna arrays for the stealth aircraft. Department of Defense officials say that the most sensitive flight control data were not taken because they were stored offline, but the fuselage of China’s second stealth fighter jet, the J-31, is very similar to that of the F-35. In response to a question about attacks on defense contractors, Lieutenant General Vincent Stewart, director of the Defense Intelligence Agency, told a congressional hearing, “I do not believe we are at this point losing our technological edge, but it is at risk based on some of their cyberactivities,” referring to China.

Chinese hackers also break into US networks in preparation for a potential military conflict. Chinese military analysts often write of the PLA’s need to seize information dominance at the beginning stages of a conflict with a technologically advanced adversary through cyber attacks against command and control computers as well as satellite and communication networks. The PLA would also attempt to disrupt US forces in the Western Pacific through attacks on transportation and logistics systems. Preparing for these attacks requires cyber espionage.

Chinese military writings also suggest that cyberattacks can have a deterrent effect, given American dependence on banking, telecommunication, and other critical networks. A highly disruptive or destructive attack on these networks might reduce the chances that the United States might get involved in a regional conflict. Some Chinese intrusions into critical infrastructure may intentionally leave evidence behind to act as a warning that the US homeland may not be immune to attack in the case of a conflict over Taiwan or the South China Sea.
______________________________________

http://www.indiandefencereview.com/spotlights/acupuncture-warfare-chinas-cyberwar-doctrine-and-implications-for-india/

If there is another conflict with China, it can be visualised that the war will begin in cyberspace much before a single shot is fired or the first missile is launched. In fact, frequent hacking attempts, some of them successful, are ongoing on a daily basis even now when there is peace at the border

Read more at:
http://www.indiandefencereview.com/spotlights/acupuncture-warfare-chinas-cyberwar-doctrine-and-implications-for-india/
Logged
G M
Power User
***
Posts: 15171


« Reply #456 on: August 09, 2017, 11:45:01 PM »

http://www.eiscouncil.com/EarthEx

Today’s lifeline infrastructures are interconnected and resourced on unprecedented scales, with supply chains spanning the nation and, increasingly, the world.  With this growing integration and global reach, they have brought us remarkable capabilities.

At a price.   

Concerns have grown over the potential for severe malicious or natural “Black Sky” hazards associated with subcontinent scale, long duration power outages, with cascading failure of all our other increasingly interdependent infrastructures.  This creates a grim and difficult dilemma:  Restoration of any sector will only be possible with at least minimal operation of all the others. 
To deal with this deadlock, careful sector by sector and cross-sector resilience planning is crucial.  However, such plans, to be effective, must be exercised.  With the diversity and the national and global scale of the infrastructures we now depend on, this requires an unprecedented, multi-sector, national and international exercise series.

WHAT IS EARTH EX?
EARTH EX is an evolving, distributed, collaborative partner-developed exercise designed to meet this need.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 41104


« Reply #457 on: September 21, 2017, 08:44:07 AM »

https://www.wsj.com/articles/sec-discloses-edgar-corporate-filing-system-was-hacked-in-2016-1505956552

« Last Edit: September 22, 2017, 07:16:35 AM by Crafty_Dog » Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 41104


« Reply #458 on: September 22, 2017, 07:16:59 AM »

The SEC’s Cyber Embarrassment
The agency that lectures private companies can’t secure its own files.
Photo: istock/Getty Images
By The Editorial Board
Sept. 21, 2017 7:16 p.m. ET
16 COMMENTS

The Securities and Exchange Commission let slip Wednesday evening—nearly half way into a 4,000-word statement on cybersecurity—that it learned last month that a hacking “incident previously detected in 2016 may have provided the basis for illicit gain through trading.” In journalism, this is known as burying the lead.

The SEC’s four-line disclosure provides few details other than that the breach affected its EDGAR system, which receives and processes more than 1.7 million electronic filings a year. Hackers were able to exploit a software vulnerability in the system to obtain nonpublic information. The agency says the weakness was patched promptly, though its investigation is “ongoing.”

So the SEC waited weeks after learning that its filing system had been penetrated for potentially illicit gain to disclose the break-in. And then it discreetly dropped the news into a lengthy memo advising companies and exchanges about their regulatory obligations to manage and disclose cyber risks.

A few questions: Why didn’t the agency report the incident when it occurred last year—and exactly when?—and what took it so long to figure out that the hack might have resulted in illegal trading activity?

The SEC provides no explanation but notes that there are “frequent attempts by unauthorized actors to disrupt access to our public-facing systems, access our data, or otherwise cause damage to our technology infrastructure” and “in certain cases cyber threat actors have managed to access or misuse our systems.” This suggests that there been other successful hacks that the SEC has not disclosed, perhaps because it doesn’t have evidence that they resulted in securities fraud.

One hypothesis is that the SEC was worried that disclosing the hack would raise questions about the security of its Consolidated Audit Trail, a centralized database that will give the agency access to “significant, nonpublic, market sensitive data and personally identifiable information.” The system, in the works for seven years, is supposed to come online this fall. But executives from U.S. financial exchanges have warned that it will be a rich target for hackers.

The SEC might also fear undermining its authority on cybersecurity. In 2014 the SEC issued regulations requiring exchanges and clearinghouses to “take corrective action with respect to systems disruptions, compliance issues and intrusions” and notify the SEC. It has also threatened legal action against public companies that don’t make adequate disclosures.

Yet the SEC has been rebuked several times by the Government Accountability Office and its own Inspector General for lax cyber controls. A 2014 review by its IG found that some SEC laptops that may have contained non-public information couldn’t be located. Agency staff have also transmitted non-public information through non-secure personal email accounts.

The SEC disclosure is particularly embarrassing in the wake of the Equifax data breach, which is being investigated by federal and state regulators amid much political outrage. Before regulators in glass houses take legal action against private companies, they can at least secure their own cyber walls.
Logged
ccp
Power User
***
Posts: 7429


« Reply #459 on: September 24, 2017, 08:20:59 AM »

As I have said for years from my own experience.

But no one cares unless you piss off the Democrat Party bosses:

https://www.hackread.com/hacking-offline-computer-and-phone/
Logged
Pages: 1 ... 8 9 [10] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!