Archive for the ‘NSA’ Category

US NSA says will push China to be more transparent on COVID-19 – Oneindia

International

oi-Vicky Nanjappa

| Published: Tuesday, June 8, 2021, 10:59 [IST]

Washington, June 08: The United States in coordination with the international community will continue to press China to be transparent and forthcoming with information on the origins of COVID-19, National Security Advisor Jake Sullivan has said.

He also said that at the same time, the US will also launch its own review and process.

"We are going to continue to press in coordination with the international community, China to be transparent, to be forthcoming with data and information, we're not going to just stand by and accept that they've said they're not going to participate," Jake Sullivan told a White House news conference on Monday.

This would be also one of the topics of discussion with foreign leaders as President Joe Biden departs on his maiden overseas trip -- after assuming office -- this week, he said.

Biden is scheduled to leave on his maiden official overseas trip on Wednesday during which he will hold discussions with top global leaders, including at the G-7 summit in the UK and the NATO meetings.

Meanwhile, at a Congressional testimony, Secretary of State Tony Blinken said that there are two possible scenarios on the origins of the coronavirus.

One is that it emerged from a laboratory and the other is that it was naturally occurring, he said.

"President Biden has ordered a comprehensive government-wide review to try to get to the bottom of what happened," Tony Blinken said in response to a question from Congressman Steve Chabot, a member of the House Foreign Affairs Committee.

"He initiated an initial review back in March. The results concluded that it was likely to be one of these two scenarios. He's now asked on a 90-day basis for the entire government to really dig into everything we have, including working with experts to see if we can make a determination," he said.

Tony Blinken said that at the same time, the US is pressing the World Health Organization to move forward with its phase two study to understand the origins.

Congressman Chabot said the COVID-19 pandemic has made it clear that the economic interdependence with the Chinese Communist Party (CCP) threatens American lives and prosperity.

The CCP is continuing to poison economic ties that were previously thought to be benign, he said.

"They're degrading Hong Kong's legal and financial system, contaminating supply chains with Uyghur forced labour and extracting technology from corporations as the cost of admission to China's market," Chabot said.

Tony Blinken alleged that since the beginning of this crisis, China has failed to meet its basic responsibilities in terms of sharing information, providing access and doing that in real-time with transparency.

"That was true at the start. It remains true, unfortunately, today," he said.

"What you're seeing is, through the work that's being done, for example, at the WHO, the work that we're doing, and the concerns expressed by countries around the world that there is a strong chorus insisting that China will make good on its responsibilities to provide the information," Tony Blinken said.

He exuded confidence that there is going to be an increasing international demand that countries, including China, meet their responsibilities when it comes to providing information, access, and transparency on global health, including Covid.

"There are just many in Congress who are skeptical of whether or not China is going to grant access to the labs, and we're trying to understand what the next up is going to be if and when China says that lab access won't be granted," Congressman Lee Zeldin asked.

Congresswoman Ann Wagner said that as the US continues to combat the Covid pandemic, it must be united in ensuring that the Peoples' Republic of China cannot use this time of uncertainty to further undermine global prosperity, stability, and the rule of law.

"We should have acknowledged that right from the onset of this devastating crisis. The Chinese Communist Party, or CCP, suppressed, they misrepresented and they falsified information necessary to prevent a pandemic," she said.

Holding the CCP accountable is the only way to deter the release of another deadly virus on the global community in the future and to ensure that the communist party stops violating international law and provide compensation to millions of Americans who suffered tragic unthinkable losses over the course of this pandemic, Ann Wagner said.

Ann Wagner had introduced the Compensation for Americans Act in the 116th Congress, which establishes a compensation fund for those affected and allows the president to freeze Chinese assets to bring the communist party to this negotiating table.

"It also gives the United States a comprehensive toolbox of punitive measures to further incentivise China's cooperation. I will again be introducing this legislation in the 117th Congress and I hope my colleagues will support my efforts to ensure that the United States leads the way in holding the CCP accountable," she said.

For Breaking News and Instant Updates

Allow Notifications

You have already subscribed

Story first published: Tuesday, June 8, 2021, 10:59 [IST]

Go here to see the original:
US NSA says will push China to be more transparent on COVID-19 - Oneindia

Zero Trust is the Only Way: President Bidens Executive Order Simplified – Security Boulevard

President Bidens May 12 Executive Order made into policy what the NSA and leading cyber experts have long been advocating. Zero trust is the fundamental cybersecurity principle for combatting sophisticated cyber attacks. The prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security, President Biden says in his Executive Order. The Federal Government must lead by example. To do so, President Biden calls upon federal agencies and contractors to remove barriers to sharing threat information, deploy multi-factor authentication and encryption, and move towards Zero Trust security systems. On February 25, the NSA issued similar guidance, Embracing a Zero Trust Security Model.Communication and collaboration systems, including email, file sharing, and messaging systems, are a favorite target of attackers. Its easy to see why communications are where sensitive data lives and a successful attack on a communication system can give an attacker access to a trove of valuable information. As such, communication and collaboration systems are the logical first place to apply Zero Trust principles for improved cybersecurity.But what is Zero Trust and how is it different from legacy cybersecurity systems? In short, Zero Trust assumes that hacks are inevitable. It eliminates trust in perimeter defenses and ensures that data is secure if and when the network is breached.The NSA correctly identifies that the majority of cybersecurity defense strategies are based on perimeter defenses. The NSAs guidance states traditional perimeter-based network defenses with multiple layers of disjointed security technologies have proven themselves to be unable to meet cybersecurity needs The Zero Trust model eliminates trust in any one element, node, or service by assuming that a breach is inevitable or has already occurred. They go on to say that the NSA strongly recommends that a Zero Trust security model be considered for all critical networks and Defense Industrial Base critical networks and systems.Legacy cybersecurity systems try to prevent breaches by strengthening the perimeter around data. In effect legacy systems build taller and taller walls around networks through password protections and firewalls. The SolarWinds and Microsoft Exchange Server hacks that dominated their respective news cycles earlier this year only succeeded because of that treacherous logical fallacy. Taller walls do not mean a secure system.Modern hackers are sophisticated and inventive; it is only a matter of time before they outwit even the most robust defenses and breach the network perimeter. With perimeter defense based systems, once that breach occurs data is exposed. SolarWinds and Microsoft assumed that robust perimeter defenses will work, that administrators will be secure, and that passwords will protect accounts. This years attacks demonstrate that those assumptions are incongruous with the reality of todays cyberthreat landscape.Communication systems, particularly email and file sharing, are the most frequent target of hackers. Zero Trust communication and collaboration systems assume that breaches are inevitable. Despite best efforts, hackers will make their way into the network. Zero Trust systems ensure that, even when that inevitable breach occurs, data is protected. Access is limited within the network, so that a single point of failure cant bring down the whole organization. In line with their name, Zero Trust systems trust nothing and no one. Passwords arent trusted. IT administrators arent trusted. Anonymous communications arent trusted.Here are the five fundamental ways in which a modern Zero Trust system differs from a Legacy system.

Emails and files are stored on servers. Legacy systems assume that it is possible to protect servers and thereby protect data. Countless hacks have demonstrated that to be a faulty assumption.A Zero Trust system assumes that the server will be breached. It employs end-to-end encryption, meaning that data is never decrypted on the server. The server is unable to decrypt data, so when an attacker succeeds in compromising the server they see nothing but encrypted gibberish. Theyre unable to read emails, unlike in the case of Microsofts Exchange Servers, and theyre unable to access intelligible data, unlike in the case of the SolarWinds attack.This is where we come to a clear deficit in President Bidens Executive Order. The order reinforced the very dangerous and widely held misperception that encryption in transit and at rest is zero trust. That is not the case. Most legacy systems already encrypt data in transit and at rest. But what they dont do is ensure that the server doesnt have access to the keys used to decrypt the data when its in use. When an attacker breaches the server, they can find those decryption keys and access the data despite its encryption at rest. End-to-end encryption ensures that the server is unable to decrypt the data. Period. When an attacker breaches the server there is no way for them to decipher the gibberish of encrypted data that they find. They have compromised the server, but your data remains secure.

Legacy systems authenticate user identity using passwords. If a hacker can compromise a users password, they can virtually assume their identity and access that users data.Zero Trust systems understand that having guessable, stealable, breachable passwords is an invitation to hackers. Instead of using passwords to authenticate user identity, Zero Trust systems use private encryption keys stored on users devices. These keys are unguessable and tied to users physical devices, thwarting the possibility of a remote attack.

Legacy systems have all-powerful administrators who can independently carry out privileged actions, like accessing user accounts. Given their immense power, these IT administrators can serve as a single point of failure to bring down a whole network.Zero Trust systems understand that administrators are humans and humans are fallible. Administrators can be compromised or even go rogue. Zero Trust systems dont make their security dependent on the absence of human error. Instead, Zero Trust systems cryptographically distribute trust among a group of administrators.Similar to the strategy used to secure nuclear launch codes, cryptographic distribution of trust breaks up users access keys into fragments. Each admin gets a fragment and all the fragments together are required in order to carry out administrative activities. No single administrator can expose data or endanger the network.

Traditional email systems give attackers unlimited access to users. The attacker can flood the user with a barrage of phishing or spoofing attempts over an unbounded period of time and it only takes one user falling for one of those endless attempts to cause a breach.Zero Trust systems restrict communications to only pre-approved and authenticated communication partners, protecting against human error. A user cant fall for a phishing/spoofing attack if that communication is never able to reach them in the first place.The principle of restricting communication to only pre-approved people already exists everywhere from popular social media applications like LinkedIN and Facebook to secure communication applications like Whatsapp and Signal. For enterprises, PreVeil protects your teams communications from outside individuals. Making your team inaccessible to bad actors prevents data exfiltration more effectively than even the best corporate cyber hygiene policy.

Legacy systems are ineffective at exposing network infiltrators. As seen in the SolarWinds attack, hackers can enter a network and then cover up their tracks. This allows them to hide out as ghosts in a system, siphoning data over long periods of time before anyone even notices that the network is compromised.A good Zero Trust system employs tamper-proof logs to ensure that bad actors can be swiftly identified and cannot erase their tracks during an attack. All actions in the system must be logged automatically. Moreover, Zero Trust logs use cryptographic techniques similar to those used in blockchains to ensure that log entries are tamper-proof and cannot be deleted by anyone.These security principles arent theoretical constructs. Many Zero Trust principles, like end to end encryption and restricting access, are widespread in consumer systems like WhatsApp and Signal. These messaging systems are not designed for enterprises, however, so they dont have a concept of IT administrators or activity logs.PreVeil, an enterprise email and file sharing system, employs all five of the Zero Trust principles outlined above. Like consumer messaging systems WhatsApp and Signal, PreVeil is easy to deploy, intuitive to use, and inexpensive. PreVeil can be added to legacy communication systems, like Gsuite and Outlook365, without any changes to the existing IT system. The user experience is seamless for email and file sharing, with the simple addition of an encrypted inbox to existing accounts. Theres no new interface to learn, no new email address to update. Most importantly, in addition to bringing state of the art security, PreVeil helps organizations meet CMMC, NIST800-171, and ITAR compliance requirements for storing and sharing controlled unclassified information in email and files.In response to major breaches like those seen earlier this year with SolarWinds and Microsoft Exchange there is increased regulation for the defense and healthcare industries, as well as any industries handling financial and personal data. Organizations often respond to increased regulation by taking the steps required to become compliant without addressing the fundamental information security weaknesses that necessitated these new regulations. As the old adage goes, they miss the forest for the trees.This is a major moment in cybersecurity. The widespread accessibility of user-friendly, affordable Zero Trust systems like PreVeil makes achieving compliance and upgrading to true security easily achievable in one fell swoop. Ask us your questions on security or compliance our experts are ready to help.

The post Zero Trust is the Only Way: President Bidens Executive Order Simplified appeared first on PreVeil.

*** This is a Security Bloggers Network syndicated blog from Blog PreVeil authored by Orlee Berlove. Read the original post at: https://www.preveil.com/blog/zero-trust-is-the-only-way-president-bidens-executive-order-simplified/

More here:
Zero Trust is the Only Way: President Bidens Executive Order Simplified - Security Boulevard

NSA Leaker Reality Winner’s Family Pleads For a Pardon: ‘Continued Silence From This Administration is a Continued Persecution’ – Mediaite

The family of Reality Winner, the former NSA translator who in 2018 was sentenced to over five years in prison for leaking a top-secret report on Russian interference in the 2016 election, said Sunday that President Joe Biden owes Reality gratitude and should pardon her.

In an interview with Mehdi Hasan, the convicted intelligence contractors sister Brittany Winner said her actions directly contributed to the fact that the 2020 elections were the most secure presidential elections in American history.

Reality Winner was sentenced under the Espionage Act, and prosecutors told The New York Times she received the longest sentence ever imposed in federal court for an unauthorized release of government information to the media.

We believe that she released information that America needed to know and that Americans needed to know about the 2016 presidential election, Brittany Winner told Hasan. And so knowing that and given that, we believe that Reality should be released. She should be given clemency.

She should be given a pardon and President Biden owes Reality gratitude, she continued, because Realitys actions directly contributed to the fact that the 2020 elections were the most secure presidential elections in American history and so Mr. Biden is president because of Reality Winners actions and, therefore, he should pardon her.

When asked whether the push to grant her clemency had gained any traction with the Biden administration, Brittany Winner said its been radio silence.

Reality Winners mother Billie Winner-Davis added that she had been writing and calling the White House every day to no avail, aside for a form letter that said the issue was being forwarded to another agency.

That was very heartbreaking to me because it told me that they werent listening, Winner-Davis said. That perhaps even President Biden hadnt seen my messages, hadnt heard what I was asking for, because this really is in his hands right now. My daughter has a petition for clemency with the United States pardon attorney, and all its going to take is his signature to commute her sentence, to bring her home to us.

She continued, I believe that she deserves this. You know, the Trump administration persecuted Reality so strongly because of the information she released. And the continued silence from this administration is a continued persecution.

Watch above, via MSNBC.

Have a tip we should know? tips@mediaite.com

Continued here:
NSA Leaker Reality Winner's Family Pleads For a Pardon: 'Continued Silence From This Administration is a Continued Persecution' - Mediaite

Reps threaten to sanction CBN Governor, NIMASA DG, NSA – The Nation Newspaper

By Tony Akowe, Abuja

The House of Representatives on Monday threatened to invoke the relevant sections of the Nigerian constitution to deal with Head of government agencies that has formed the habit of disregarding invitations from the parliament.

The House adhoc committee investigating the management of recovered loots by government agencies made the threat at its resumed sitting, insisting that disregard to invitations from the parliament was a direct insult on the institution of the National Assembly.

However, a member of the Committee, Rep. Isiaka Ibrahim (APC, Ogun) said the parliament must find a way of causing Heads of government agencies to respect invitations from the National Assembly or shut down.

Ibrahim said the lawmakers have no business being in the parliament if agencies of government who are creations of the parliament refuse to respect the institution that created them.

Chairman of the Committee, Adejoro Adeogun who was disappointed by the action of the agencies however said the Governor of the Central Bank of Nigeria, Inspector General of Police, the National Security Adviser and the Director-General of NIMASA has between Monday and Thursday to appear before the committee.

He said this Committee has passed a motion that the governor of CBN, Inspector General of Police, the National Security Adviser and the Director-General of NIMASA have between now and Thursday to appear before this Committee. Otherwise, the parliament will invoke its powers to deal with them according to the constitution of the Federal Republic of Nigeria.

I am appalled by the actions of the agencies because it is indirectly insulting the National Assembly, not my person and I need you to communicate that to the Heads of the agencies that it is not the Chairman of the committee that you are being impolite to.

I dont want to use the word insult or rude. Your indirect action is undermining the entire parliament, not just the House of Representatives, but the entire institution of the National Assembly and that will not be taken by this parliament.

The Committee Chairman had told the representatives of the Central Bank of Nigeria and NIMASA that since they had no letter from the Head of the agencies to appear before the committee, the parliament regards them as impersonators.

Read the original post:
Reps threaten to sanction CBN Governor, NIMASA DG, NSA - The Nation Newspaper

What does NSA, FWB, MBA mean? Modern dating lingo …

Call me a noob, but I dont usually get modern chatting jargons. Years ago, it took me a while to decode ROFL and TIA (thanks in advance), and then later I had to break my head over lingo modern parents used. DD, DS, DH are all darling daughter, darling son and darling husband respectively, and there are loads like these! It wasnt surprising, therefore, when I learnt of a few abbreviations people use on chats and dating platforms now and was totally clueless about what those meant. If you do not want to feel like an ancient caveman, you need to be up to date about the language people speak nowadays, and that includes knowing the terms people use. So to help you not feel lost, here is a list of terms that you need to know before you start swiping on tinder. Also Read - The strength of solo: Science-backed benefits of singlehood

Have you come across any terms that you would like to share? Please post it in the comments below. Also Read - This dating app uses DNA to find your true love

Image: Shutterstock

Published : January 27, 2017 10:17 am

Go here to see the original:
What does NSA, FWB, MBA mean? Modern dating lingo ...