Tag Archive for: require

Election security threats require more federal resources, officials say

/in


State and local election officials warned during a Senate Rules and Administration Committee hearing on Wednesday that nefarious uses of emerging technologies, hacking attempts and the harassment of election workers risk undermining the public’s faith in the accuracy of U.S. elections without more federal intervention.

Since the 2020 presidential election, Arizona Secretary of State Adrian Fontes said his state has live-streamed equipment certifications to promote transparency and worked with the National Association of Secretaries of State and federal agencies to instill trust in the voting process. But he added that “there’s still more that can be done” at the federal level, including providing local jurisdictions with more election-related funding and guidance to safeguard their systems and personnel. 

He said artificial intelligence, for instance, “has the potential to confuse voters and wreak havoc on the administration of elections,” including allowing deepfakes of election officials to spread misinformation on social media.

“If I were to go on TV afterwards, or even Instagram Live, to debunk these deepfakes, who would know which was the real me?” he added. “Foreign actors from hostile states such as Iran, China, Russia and North Korea appear ready to take advantage of this nightmare scenario.”

Lingering conspiracies about the accuracy of U.S. elections are also resulting in new challenges for election officials. Some jurisdictions are being overwhelmed with what Fontes called “analog” distributed denial-of-service — or DDoS — attacks, which he said “comes in overly voluminous and unnecessary public records requests that have absolutely nothing at their end.”

“We hear of a DDoS attack against an electronic system where hackers will come in and absolutely flood a system with digital attacks,” Fontes said, adding that he supports rigorous transparency but that these types of constant requests often represent “a coordinated effort to undermine the democracy that upholds our republic.”

While not all officials at the hearing voiced support for more federal involvement in the voting process or expressed concerns about the intimidation of election…

Source…

Federal computer chip funding to require security restrictions, worker benefits

/in


WASHINGTON (AP) — The Commerce Department is opening the application process for computer chip manufacturers to access $39 billion in government support to build new factories and expand production.

All companies seeking the funds will need to show how they plan to develop a local workforce, with firms getting $150 million or more also required to provide affordable and accessible child care for their workers.

WATCH: Biden touts semiconductor technology policy in California amid tight midterm race

The funding is part of the CHIPS and Science Act, which President Joe Biden signed into law last August. Grants, loans and loan guarantees are meant to revive domestic production of computer chips.

It’s aimed at sharpening the U.S. edge in military technology and manufacturing while minimizing the kinds of supply disruptions that occurred in 2021, after the start of the coronavirus pandemic, when a shortage of chips shut down factory assembly lines and fueled inflation.

“This is fundamentally a national security initiative,” Commerce Secretary Gina Raimondo said as the application process began Tuesday. “We are not writing blank checks to any company that asks.”

WATCH: Biden gives speech in Ohio on boosting American manufacturing

The money is meant to support private investment in new factories and can be clawed back if companies use it on stock buybacks instead. Major companies such as Intel, TSMC, IBM, Micron and Texas Instruments have already launched aggressive expansions tied to the support, which will total $52 billion when coupled with funding for research.

Raimondo said that any company that receives support cannot expand its manufacturing capacity in foreign countries that are a source of national security concerns, a restriction that would appear to apply to China. Nor could recipients partner with firms based in those countries for the purposes of developing advanced technologies.

The Commerce Department said companies can start submitting their statements of interest on Tuesday. That’s the first step in a process that includes a draft proposal, a final proposal and a government evaluation of the proposal before reaching a final award.

Source…

IRS Will Soon Require Selfies for Online Access – Krebs on Security

/in


If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device.

The IRS says it will require ID.me for all logins later this summer.

McLean, Va.-based ID.me was originally launched in 2010 with the goal of helping e-commerce sites validate the identities of customers who might be eligible for discounts at various retail establishments, such as veterans, teachers, students, nurses and first responders.

These days, ID.me is perhaps better known as the online identity verification service that many states now use to help staunch the loss of billions of dollars in unemployment insurance and pandemic assistance stolen each year by identity thieves. The privately-held company says it has approximately 64 million users, and gains roughly 145,000 new users each day.

Some 27 states already use ID.me to screen for identity thieves applying for benefits in someone else’s name, and now the IRS is joining them. The service requires applicants to supply a great deal more information than typically requested for online verification schemes, such as scans of their driver’s license or other government-issued ID, copies of utility or insurance bills, and details about their mobile phone service.

When an applicant doesn’t have one or more of the above — or if something about their application triggers potential fraud flags — ID.me may require a recorded, live video chat with the person applying for benefits.

Since my credentials at the IRS will soon no longer work, I opted to create an ID.me account and share the experience here. An important preface to this walk-through is that verifying one’s self with Id.me requires one to be able to take a live, video selfie — either with the camera on a mobile device or a webcam attached to a computer (your webcam must be able to open on the device you’re…

Source…

API-First Strategies Require API-First Security

/in


API security concept; Arrows pointing to a Post It with API Security written on it

Editor’s note: This post was originally published in July 2021 in ToolBox.

Back in 2017, Gartner predicted that API abuse would be the most frequent attack vector for data breaches by 2022. Two years later, when exposed APIs already made up 40% of the attack surface for web-enabled applications, the research and advisory company estimated that figure to soar to 90% by 2021. 

And based on a Q1 2021 State of API Security study from API security company Salt Security, it does look like we’ll simply hurtle past all those predicted milestones.  

Here’s the low-down on the key findings of the study, compiled from survey data from security, application, and DevOps professionals and anonymized, aggregated data from the firm’s API security platform. 

Of the survey respondents, 91% suffered an API security incident over the previous 12 months. Over the same period, the platform data showed that not a single customer experienced zero attacks (though every attack was foiled), with more than half being subject to an average of 10 to 50 attacks per month. 

API traffic has been growing exponentially over the years. For instance, Google Cloud’s Apigee API Platform registered 2.21 trillion calls last year, an annual increase of nearly 50% that parallels growth in API call volumes on the Salt platform.

Applications Powered by APIs bar graph from Apigee reportSource Apigee State of API Economy 2021 Report

APIs are also being deployed for a wide array of applications. According to a 2021 State of the API Economy research, larger companies use APIs more often to power mobile applications and more mature users are widely adopting API-powered application development for automation and IoT. 

Most companies have shifted to an API-first strategy to power digital transformation, accelerate innovation and build digital ecosystems that enhance productivity and value. However, the API attacks, breaches and abuse just keep getting bigger and more frequent. In just the past couple of months, there have been reports of an unsecured API at consumer credit bureau Experian leaking the credit scores of tens of millions of Americans, fitness brand Peloton’s leaky API exposing private account data and invite-only chat app Clubhouse essentially becoming…

Source…