Tag Archive for: council

Industry launches hacking policy council, legal defense fund to support security research and disclosures

/in


Google and other companies will develop and stand up a pair of new initiatives that will provide policy guidance to governments and legal protection to security researchers engaged in “good faith” vulnerability research and disclosure, while the tech giant also said it would formalize an internal policy to be publicly transparent when bugs in Google products are exploited in the wild.

The moves include the establishment of an industry-led Hacking Policy Council, which would be designed to bring “like minded organizations and leaders who will engage in focused advocacy new policies and regulations support best practices for vulnerability management and disclosure and do not undermine our user’s security,” as well as a planned nonprofit that would fund legal costs for security researchers who are sued or prosecuted while conducting vulnerability research and disclosure, according to a blog published alongside the announcements Wednesday.

The council will include representatives from bug bounty firms HackerOne, BugCrowd, Intigriti and Luta Security, as well as Venable, a law firm that specializes in cybersecurity law and policy matters, and Intel.

“I think it’s very much a coalition of the willing,” said Charley Snyder, head of security policy at Google, when asked how the council chose its initial membership. “There was no real criteria [for membership]…this is a fairly specialized area of policy, and these companies are ones that are really invested in getting it right.”

Snyder and Tim Willis, head of Google’s Project Zero, which conducts research on zero-day vulnerabilities, mentioned a trio of information security standards from the International Organization for Standardization (ISOs 27001, 27002 and 30179) as examples of the kind of standards and best practices that will guide the council’s recommendations.

The formation of the council comes at a time when the United States and other nations are showing an increased willingness to regulate the cybersecurity choices of businesses and other entities to prevent cyberattacks from significantly disrupting or spreading through a particular sector, critical infrastructure and other essential services.

The use of…

Source…

Remarks at a UN Security Council Briefing on Nord Stream Pipeline Attacks Called by Russia

/in


John Kelley
Political Minister Counselor
New York, New York
February 21, 2023

AS DELIVERED

Thank you, Mr. President, and we thank Under-Secretary-General DiCarlo for her briefing. We listened carefully to the other briefers today. We recognize their past history and service, though we question their relevant knowledge to speak as an expert briefer on the topic at hand.

Mr. President, the United States is deeply concerned by the sabotage that took place on Nord Stream 1 and Nord Stream 2 pipelines last September.  Deliberate actions to damage critical infrastructure cannot be tolerated.

But let’s be clear why we are really here in the Council today.  Later this week, as we near the one-year anniversary, the General Assembly will debate the impact of Russia’s illegal and full-scale invasion of Ukraine. Today’s meeting is a blatant attempt to distract from this. As the world unites this week to call for a just and secure peace in Ukraine consistent with the UN Charter, Russia desperately wants to change the subject.

This is not the first time that Russia has used its seat on this Council to amplify conspiracy theories from the internet. We wish it would apply the same urgency shown over the past three days instead to the myriad credible reports of human rights abuses and violations of international humanitarian law caused by its invading forces.

However, let me state clearly and plainly: Accusations that the United States was involved in this act of sabotage are completely false. The United States was not involved in any way.

Competent authorities in Denmark, Germany, and Sweden are investigating these incidents in a comprehensive, transparent, and impartial manner. Resources for UN investigations should be preserved for cases when states are unwilling or unable to investigate genuinely.

Let us not be fooled by Russia’s claim it only wants an “impartial” investigation. Its draft resolution clearly implicates the United States and mischaracterizes statements by U.S. officials. Russia does not seek an impartial investigation. It seeks to prejudice ongoing ones toward a predetermined conclusion of its choosing.

The expedited timeline on which the Russian delegation…

Source…

Tourism Council plagued by ransomware

/in


Those who have looked at the Block Island Tourism Council’s website lately may have noticed something odd – slightly dated content and inaccurate business listings. Those trying to reach the office of council Director Jessica Willi by email also have encountered difficulties. That’s because the company that hosts the website was a victim of a ransomware attack.
“The site’s been locked down since New Year’s Eve,” Willi revealed at the council’s meeting on January 24. As for emails, those received an automatic bounceback message for the first two weeks, but the system is functioning now
according to Willi.
(First Warden
Keith Stover revealed last week after a closed session of the Town Council that the town had experienced some trouble “months ago.” “There was an attempt to get into the town’s computer system,” said Stover. “It didn’t constitute a breach.”)
Willi said the hosting company, CC Inspire, was working to correct the problem and that a 2019 version of the Tourism Council’s website had been uploaded, thus the 2019 travel planner. She has also been getting numerous calls about incorrect business listings and telephone numbers. The Glass Float Project link where people can register their found orbs has also been affected. Of the interruption, Willi said, “It’s a bummer.”
The Tourism Council will be migrating its website over to another platform, however, not in reaction to the incident but at the request of the state. Willi said the state’s tourism council, and three of the five regional tourism councils are using Simple View, a company that specializes in travel, or “destination branding.”
“I love this company,” said Willi. “There’s nothing bad to say about them.”
She did however add that they were kind of like “driving a Ferrari on a Block Island dirt road.” They also will cost the Tourism Council a lot more money in annual fees.
There is grant money from the state that may help, although Willi said the timing was such that they would need to expend their own money and hope their grant application was accepted. If the money comes in later, it probably could
be applied to the annual fees.
Implementation of a new website…

Source…

Tomball experiences ransomware attack; council authorizes city manager to spend money for recovery of city systems, data

/in


During an emergency City Council meeting Dec. 30, Tomball City Council unanimously authorized City Manager David Esquivel to spend the necessary funds for the recovery of city systems and data following a ransomware attack.

Esquivel said the cost for the recovery of city systems and data is projected to be over $50,000.

“That’s why the authorization was asked for today because we know it’s going to be over $50,000,” Esquivel said in an interview following the emergency meeting.

The ransomware attack took place on the morning of Dec. 20 and affected a majority of the city’s networks, according to a Dec. 30 news release provided by the city.

Esquivel said the interruption in certain services was first noticed by the police department.

“Trying to reestablish some of those things that were not working [is when] we noticed that there was an issue,” Esquivel said.

Emergency services such as 9-1-1, dispatch, police, fire and public works are still operational but there are ongoing issues with the city’s online payment systems. The city is waiving all late fees for utility bills due Dec. 30 as a result, according to the news release.

The city is working with outside law enforcement, including the U.S. Department of Homeland Security and the Federal Bureau of Investigation to investigate the attack, according to the news release.

“That was the next step,” Esquivel said about notifying outside agencies. “Once we saw that it was that type of issue that we were dealing with, that was the first response because, at that point, it’s an outside attack into our systems so that’s standard protocol.”

The city does not have a timeline for when services and systems will be fully restored, according to the news release.

“It’s going to be one of those [things] where not everything comes back all at once,” Esquivel said. “It’s going to come in stages.”

Esquivel said he cannot comment on whether utility customers’ passwords or credit card information was compromised.

“Getting the network back up is going to be the crucial piece to get that connectivity,” Esquivel said. “Once we have that, getting the software back up and running and different servers and stuff like…

Source…