Tag Archive for: building

Schrödinger’s Hacking Law And Cyber Burnout: Capacity Building in U.S. Cybersecurity


In 2021, more than 2.7 million jobs in cybersecurity were unfilled. The dearth of cybersecurity experts serving anywhere in government and private industry has been described as a national security threat and an imperative. There are two reasons for this severe shortage of people in cybersecurity: bad law, and missing mental health support. 

First, the bad law–which makes it arguably illegal to learn to be a computer security expert–has a villain’s backstory. In 1986, thanks to policymakers who were overly terrified by a 1983 fictional movie starring Matthew Broderick called Wargames (to be fair, this movie along with 1992’s Sneakers and 1995’s Hackers is beloved among the cybersecurity community), the United States got stuck with a truly terrible law called the Computer Fraud and Abuse Act (CFAA). And every day since, every person who’s been recruited to serve as a cyber warrior by the U.S. government has no idea whether they are a de facto multiple felon. There’s no real way to determine whether a CFAA violation has or will actually happen if you’re practicing on almost any computer using almost any technology, because interpretations of that law are up to the individual understanding of any local prosecutor, and local criminal prosecutors do not, in my sadly-more-than-typical involvement in CFAA prosecutions, have a great deal of understanding of the finer points of computer network access. 

More on:

Cybersecurity

Technology and Innovation

This lack of prosecutorial technical knowledge makes the CFAA uniquely problematic. Most prosecutors and juries can intuitively understand things like assault, drugs, and theft, but prosecutorial discretion in tech crimes, when those prosecutors do not understand the tech itself, means that many prosecutors rely on their emotions and politics to determine whether to prosecute someone under the CFAA. The CFAA, and the lack of technical knowledge of prosecutors combined with the range of discretion it offers them, makes learning offensive cyber techniques a kind of Schrödinger’s felony.

Source…

Purdue building better cybersecurity for ransomware | News


WEST LAFAYETTE, Ind. (WLFI) — A growing number of Russian cyberattacks have targeted businesses, schools and federal agencies in the U.S. The Department of Defense is putting pressure on software producers to be more transparent about what is inside their products.

Many of these hacks stem from software operators and service providers not knowing the specifics of what is in their infrastructure, making it harder to determine what the problem is during an attack.

Santiago Torres-Arias, an assistant professor of electrical and computer engineering at Purdue University, said that it is near impossible to create hack-proof software.

Because of this, he believes better processes and tools need to be developed to minimize damage when cyberattacks happen.

“Software doesn’t follow the same quality standards that other critical services and products such as say food or medicine.  As we see, this compromises surface, we’re starting to identify software equality as the crucial point in the general supply chain,” said Torres-Arias.

Click HERE to learn more about Purdue’s research into cyber defense.

Source…

Dallas municipal court building closed as ransomware recovery continues


Dallas’ municipal court building is closed this week as impacts from a ransomware attack 19 days ago have stopped hearings, trials and jury duty, and blocked the city from accepting nearly all forms of citation payments.

An online notice on the city’s court and detention services website Monday said the municipal court building at 2014 Main Street isn’t planned to reopen until May 30. People can mail in payments for citations or documents, but they won’t be processed until after the court’s system is restored.

The building remained open in the two weeks since the May 3 ransomware attack to provide general information on citations while the system was down. All hearings that were scheduled since May 3 will be rescheduled, and people haven’t been able to make payments in person, online or by phone.

Politics

Political Points

Get the latest politics news from North Texas and beyond.

The court hears cases for people accused of violations, including city ordinances, traffic infractions and class C misdemeanors. Warrants can be issued for people who don’t pay fines and fees collected by the court.

The city said new court dates will be mailed once the system is restored.

Source…

Building cyber resilience in HE needs everyone’s commitment


UNITED KINGDOM

When it comes to cyber threats in 2023, no sector is safe. While the financial, insurance and consumer industries have traditionally been some of the worst hit by breaches, higher education has fast become a new favourite target for attackers in recent years.

According to the United Kingdom government’s 2022 Cyber Security Breaches Survey, of the educational institutions surveyed, higher education employees were the most likely to identify breaches or attacks, with 92% reporting an incident within the last 12 months.

The consequences have been extreme. A ransomware attack impacting the University of York in 2021 resulted in sensitive data being encrypted and held captive by hackers for weeks without resolution. At other universities, sophisticated attacks such as phishing emails and distributed denial of service (DDoS) have run havoc – intercepting confidential logins, tampering with student data and forcing downtime during valuable learning hours.

A vulnerable sector

It’s unsurprising, then, that higher education institutions face a variety of challenges that render them at higher risk for such attacks.

For starters, the ongoing digital skills shortage has meant a lack of experienced candidates capable of safeguarding universities from today’s cyber threats.

In the private sector, 51% of businesses have reported a shortage of “basic technical cybersecurity skills”. In the public sector, additional budget constraints heightened by the global economic downturn have made matters even worse.

‘Head of Cybersecurity’ salaries are currently being advertised at a fraction of what they would be in a private firm, which makes cyber recruitment an uphill battle for many public sector organisations, including universities.

There has also been a surge in the number of devices being used by both students and staff on a daily basis. Laptops and mobile phones became staples of remote learning during the pandemic due to lockdowns and social distancing protocols. Internet of Things (IoT) devices – including assistive technology and ID scanners – have also become commonplace across university campuses.

While these devices boost efficiency and support learning, they…

Source…