Home
Forums
New posts
What's new
New posts
Latest activity
Log in
Register
What's new
New posts
Menu
Log in
Register
Install the app
Install
Home
Forums
Technology
Silicon Valley and tech news
The Decentralized and Alternate Tech Thread
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="CERN" data-source="post: 1456812" data-attributes="member: 21974"><p>If you do your research and use your better judgement I think you'll come to the same possible conclusions; i.e. cybersecurity seems highly exploited within itself and within the federal gov:</p><p>---</p><p>[URL unfurl="true"]https://fcw.com/articles/2021/02/01/einstein-rethink-supply-chain-hack.aspx[/URL]</p><p></p><p>[URL unfurl="true"]https://fcw.com/articles/2021/03/19/zero-trust-hacks-congress.aspx[/URL]</p><p>---</p><p>[URL unfurl="true"]https://thehill.com/policy/cybersecurity/542399-biden-appoints-clare-martorana-as-federal-cio[/URL]</p><p></p><p>[URL unfurl="true"]https://thehill.com/policy/cybersecurity/535912-biden-administration-appoints-chris-derusha-as-federal-ciso[/URL]</p><p>---</p><p>This is the media narrative of the hack: <strong>"SolarWinds Hack Victims: From Tech Companies to a Hospital and University"</strong></p><p></p><p>[URL unfurl="true"]https://www.wsj.com/articles/solarwinds-hack-victims-from-tech-companies-to-a-hospital-and-university-11608548402[/URL]</p><p></p><p>And it likely was a breach, but by Russian hackers'?</p><p></p><p>Long story short is this: the cybersecurity field is complex with multiple actors and few people who probably really understand the actual oversight and overeach occuring (potential overreach or otherwise) and cybersecurity is clouded in confusion. I would guess and say most politicans and the average person simply don't understand cybersecurity, and I don't claim too either, yet this whole setup is way off the normalcy scale. If a politican is acting as though they understand cybersecurity to me that raises redflags. Not because I don't think they don't understand their job, but that they understand it too well which potentially leads to knowing it for the wrong reasons. It's a case by case thing. Just because an individual has certain political ideologies it's not always black or white as to where the actual threat is coming from. Yet if any securiy threat is coming, it's coing from downstream within the cybersecurity field itself.</p><p>---</p><p>"Philip Reitinger, president and CEO of the Global Cyber Alliance, said, "The challenge with detecting activity like the SolarWinds hack is that the hack is accomplished through '<em>authorized</em>' malware."</p><p></p><p>To detect that malware, a defensive system would either have to deny all communications that are not explicitly whitelisted or establish a user activity baseline capable of singling out abnormalities for investigators to pursue. "That can be difficult to do and resource intensive," he added."</p><p></p><p>Michael Hamilton, a former vice chair for a government coordinating council focused on critical infrastructure protection, described a similar method as the most likely way forward for DHS to improve Einstein. Although its precise capabilities are classified, Hamilton speculated the program's age -- Einstein was originally developed in 2003 -- is a sign it may not be baselining user activity in the way he and Reitinger described.</p><p></p><p>Hamilton said that "it's not likely they throw it out and start over," noting the program's cost. "My understanding is that it cost $6 billion to develop."</p><p>---</p><p></p><p>What they're saying in so few words here is,"We can't re-structure everything because it would cost too much or require too many resources, either way we need more money."</p><p></p><p>And thats what this boils down too; control, money, resources, and illsuionary-security. The 'cloud' is only as 'secure' as the person running it.</p><p></p><p>Avril Haines - <a href="https://en.wikipedia.org/wiki/Avril_Haines#Torture_report" target="_blank">https://en.wikipedia.org/wiki/Avril_Haines#Torture_report</a> - read under "Targeted drone killings"...</p><p>---</p><h4>Targeted drone killings</h4><p>During her years in Obama White House, Haines worked closely with John Brennan in determining administration policy on extra-judicial "targeted killings" by drones. <em>Newsweek</em> reported Haines was sometimes called in the middle of the night to evaluate whether a suspected terrorist could be "lawfully incinerated" by a drone strike.</p><p></p><p>The ACLU criticized the Obama policy on drone killings as failing to meet international human rights norms. Haines was instrumental in establishing the legal framework and policy guidelines for the drone strikes, which targeted suspected terrorists in Somalia, Yemen and Pakistan, but also resulted, according to human rights groups, in killing innocent civilians. An editor for <em>In These Times</em> said the policy guidelines "made targeted killings all over the world a normal part of US policy".</p><p></p><p><em><strong>Critics of Haines's drone policy guidelines said though the guidelines stipulate "direct action must be conducted lawfully and taken against lawful targets," </strong></em>the <em>guidelines</em> do not reference any international or domestic law that might permit extrajudicial <em>killings outside an active war zone</em>. Opponents of US drone warfare have noted that Haines redacted the minimum criteria for an individual to be "nominated" for lethal action, that the term "nominated" is a deceptive euphemism for targeting people for assassination, and that the drone guidelines allow for the assassination of US citizens without due process.</p><p>---</p><p>[URL unfurl="true"]https://defensesystems.com/articles/2021/03/24/senate-solarwinds-cyber-hearing.aspx[/URL]</p><p></p><p>"Wales said CISA this week provided federal agencies with detailed guidance on how to <strong><em><strong>evict hostile actors</strong></em></strong> from their networks as well as a forensic scanning tool to be deployed on any device that was running a compromised version of SolarWinds Orion."</p><p>---</p><p></p><p>Ultimately the speculation leads one to infer that federal cybersecurity is co-opted via silicon valley and they're profiting off of private buisnesses while reviewing all of their data and more so figuring out who and or what actual groups are <em>threats </em>and who aren't. It more or less explains how private entities, buisnesses are being managed through the government, almost explictly. At first one might have thought,"well, thinktanks and global elite are playing inside baseball and you can't get rid of them." Which is obviously happening, yet the indirect/direct approach with the government having complete 24/7 access to buisnesses secruity infracturature more or less explains the whole story if actually true on a large scale, which Gartner's would have us believe. They claim it's just 'predictions' and 'trends' from a security consulating serivce, yet consultating firms are by far and away the shadiest groups out there.</p><p></p><p>---</p><p>Gartner’s top 10 govt tech trends for 2021</p><p>[...]</p><p></p><ol> <li data-xf-list-type="ol">Adaptive security</li> </ol><p></p><p>Adaptive security is about meeting the needs of modern dispersed infrastructure as opposed to the traditional perimeter approach.</p><p></p><p></p><p>It anticipates and mitigates constantly <em><strong>evolving threats </strong></em>using <em><strong>prediction, prevention, detection and response.</strong></em>"</p><p></p><ol> <li data-xf-list-type="ol">Anything as a service (XaaS)</li> </ol><p></p><p><strong><em><strong>Government </strong></em></strong>will <strong><em>not </em></strong>be immune to the trend toward <em><strong>subscription services</strong></em>.</p><p></p><p></p><p>XaaS offers an alternative to legacy infrastructure modernisation, provides scalability and reduces time to deliver digital services.</p><p></p><p></p><p>According to Gartner, <em><strong>95 percent of new IT investments made by government agencies will be made as a service solution by 2025</strong></em>.</p><p></p><p></p><p>Gartner has <em><strong>predicted </strong></em>that <em><strong>75 percent of government CIOs will be directly responsible for security outside of IT by 2025</strong></em>, including operational and mission-critical technology environments."</p><p></p><p>[...]</p><p></p><ol> <li data-xf-list-type="ol"><strong><em>Citizen digital identity</em></strong></li> </ol><p></p><p>A hot-topic already, governments are looking at ways to allow citizens to prove their identity via any digital channel, which is <strong><em>critical for inclusion and access to government services</em></strong>.</p><p></p><p></p><p>Gartner has stated that a <em><strong>true global, portable, decentralised identity standard will emerge in the market by 2024</strong></em>, to address <em><strong>business, personal, social and societal, and identity-invisible use cases</strong></em>.</p><p>---</p><p>You have to read the whole list and anyone in the 5 eyes should be following our allies local gov news, needless to say, it's what's coming down the pipeline most likely so those with some actual sway and skin in the game should take note and try to offset some of these cybersecurity measures, yet it might be too little too late.</p></blockquote><p></p>
[QUOTE="CERN, post: 1456812, member: 21974"] If you do your research and use your better judgement I think you'll come to the same possible conclusions; i.e. cybersecurity seems highly exploited within itself and within the federal gov: --- [URL unfurl="true"]https://fcw.com/articles/2021/02/01/einstein-rethink-supply-chain-hack.aspx[/URL] [URL unfurl="true"]https://fcw.com/articles/2021/03/19/zero-trust-hacks-congress.aspx[/URL] --- [URL unfurl="true"]https://thehill.com/policy/cybersecurity/542399-biden-appoints-clare-martorana-as-federal-cio[/URL] [URL unfurl="true"]https://thehill.com/policy/cybersecurity/535912-biden-administration-appoints-chris-derusha-as-federal-ciso[/URL] --- This is the media narrative of the hack: [B]"SolarWinds Hack Victims: From Tech Companies to a Hospital and University"[/B] [URL unfurl="true"]https://www.wsj.com/articles/solarwinds-hack-victims-from-tech-companies-to-a-hospital-and-university-11608548402[/URL] And it likely was a breach, but by Russian hackers'? Long story short is this: the cybersecurity field is complex with multiple actors and few people who probably really understand the actual oversight and overeach occuring (potential overreach or otherwise) and cybersecurity is clouded in confusion. I would guess and say most politicans and the average person simply don't understand cybersecurity, and I don't claim too either, yet this whole setup is way off the normalcy scale. If a politican is acting as though they understand cybersecurity to me that raises redflags. Not because I don't think they don't understand their job, but that they understand it too well which potentially leads to knowing it for the wrong reasons. It's a case by case thing. Just because an individual has certain political ideologies it's not always black or white as to where the actual threat is coming from. Yet if any securiy threat is coming, it's coing from downstream within the cybersecurity field itself. --- "Philip Reitinger, president and CEO of the Global Cyber Alliance, said, "The challenge with detecting activity like the SolarWinds hack is that the hack is accomplished through '[I]authorized[/I]' malware." To detect that malware, a defensive system would either have to deny all communications that are not explicitly whitelisted or establish a user activity baseline capable of singling out abnormalities for investigators to pursue. "That can be difficult to do and resource intensive," he added." Michael Hamilton, a former vice chair for a government coordinating council focused on critical infrastructure protection, described a similar method as the most likely way forward for DHS to improve Einstein. Although its precise capabilities are classified, Hamilton speculated the program's age -- Einstein was originally developed in 2003 -- is a sign it may not be baselining user activity in the way he and Reitinger described. Hamilton said that "it's not likely they throw it out and start over," noting the program's cost. "My understanding is that it cost $6 billion to develop." --- What they're saying in so few words here is,"We can't re-structure everything because it would cost too much or require too many resources, either way we need more money." And thats what this boils down too; control, money, resources, and illsuionary-security. The 'cloud' is only as 'secure' as the person running it. Avril Haines - [URL]https://en.wikipedia.org/wiki/Avril_Haines#Torture_report[/URL] - read under "Targeted drone killings"... --- [HEADING=3]Targeted drone killings[/HEADING] During her years in Obama White House, Haines worked closely with John Brennan in determining administration policy on extra-judicial "targeted killings" by drones. [I]Newsweek[/I] reported Haines was sometimes called in the middle of the night to evaluate whether a suspected terrorist could be "lawfully incinerated" by a drone strike. The ACLU criticized the Obama policy on drone killings as failing to meet international human rights norms. Haines was instrumental in establishing the legal framework and policy guidelines for the drone strikes, which targeted suspected terrorists in Somalia, Yemen and Pakistan, but also resulted, according to human rights groups, in killing innocent civilians. An editor for [I]In These Times[/I] said the policy guidelines "made targeted killings all over the world a normal part of US policy". [I][B]Critics of Haines's drone policy guidelines said though the guidelines stipulate "direct action must be conducted lawfully and taken against lawful targets," [/B][/I]the [I]guidelines[/I] do not reference any international or domestic law that might permit extrajudicial [I]killings outside an active war zone[/I]. Opponents of US drone warfare have noted that Haines redacted the minimum criteria for an individual to be "nominated" for lethal action, that the term "nominated" is a deceptive euphemism for targeting people for assassination, and that the drone guidelines allow for the assassination of US citizens without due process. --- [URL unfurl="true"]https://defensesystems.com/articles/2021/03/24/senate-solarwinds-cyber-hearing.aspx[/URL] "Wales said CISA this week provided federal agencies with detailed guidance on how to [B][I][B]evict hostile actors[/B][/I][/B] from their networks as well as a forensic scanning tool to be deployed on any device that was running a compromised version of SolarWinds Orion." --- Ultimately the speculation leads one to infer that federal cybersecurity is co-opted via silicon valley and they're profiting off of private buisnesses while reviewing all of their data and more so figuring out who and or what actual groups are [I]threats [/I]and who aren't. It more or less explains how private entities, buisnesses are being managed through the government, almost explictly. At first one might have thought,"well, thinktanks and global elite are playing inside baseball and you can't get rid of them." Which is obviously happening, yet the indirect/direct approach with the government having complete 24/7 access to buisnesses secruity infracturature more or less explains the whole story if actually true on a large scale, which Gartner's would have us believe. They claim it's just 'predictions' and 'trends' from a security consulating serivce, yet consultating firms are by far and away the shadiest groups out there. --- Gartner’s top 10 govt tech trends for 2021 [...] [LIST=1] [*]Adaptive security [/LIST] Adaptive security is about meeting the needs of modern dispersed infrastructure as opposed to the traditional perimeter approach. It anticipates and mitigates constantly [I][B]evolving threats [/B][/I]using [I][B]prediction, prevention, detection and response.[/B][/I]" [LIST=1] [*]Anything as a service (XaaS) [/LIST] [B][I][B]Government [/B][/I][/B]will [B][I]not [/I][/B]be immune to the trend toward [I][B]subscription services[/B][/I]. XaaS offers an alternative to legacy infrastructure modernisation, provides scalability and reduces time to deliver digital services. According to Gartner, [I][B]95 percent of new IT investments made by government agencies will be made as a service solution by 2025[/B][/I]. Gartner has [I][B]predicted [/B][/I]that [I][B]75 percent of government CIOs will be directly responsible for security outside of IT by 2025[/B][/I], including operational and mission-critical technology environments." [...] [LIST=1] [*][B][I]Citizen digital identity[/I][/B] [/LIST] A hot-topic already, governments are looking at ways to allow citizens to prove their identity via any digital channel, which is [B][I]critical for inclusion and access to government services[/I][/B]. Gartner has stated that a [I][B]true global, portable, decentralised identity standard will emerge in the market by 2024[/B][/I], to address [I][B]business, personal, social and societal, and identity-invisible use cases[/B][/I]. --- You have to read the whole list and anyone in the 5 eyes should be following our allies local gov news, needless to say, it's what's coming down the pipeline most likely so those with some actual sway and skin in the game should take note and try to offset some of these cybersecurity measures, yet it might be too little too late. [/QUOTE]
Insert quotes…
Verification
Post reply
Home
Forums
Technology
Silicon Valley and tech news
The Decentralized and Alternate Tech Thread
Top
