Archive for the ‘NSA’ Category

Iris ID to showcase contactless iris-based biometric systems at the National Sheriffs’ Association’s NSA 2021 Annual Conference and Exhibition -…

Iris ID, the globally renowned company in iris recognition technology for over 20 years, will showcase its top products for law enforcement agencies at the National Sheriffs Association's (NSA) annual conference and exhibition NSA 2021 Annual Conference and Exhibition, slated to take place from June 22-24, 2021, at the Phoenix Convention Center. Iris ID will occupy booth #114 at the exhibition.

The annual conference is an opportunity for the members of the nation's more than 3,000 sheriff's departments to learn and share information related to all parts of their mission, including law enforcement, jail operations, prisoner transport and courthouse security.

Tim Meyerhoff, Director, North America, Iris ID, said biometric technology plays an increasingly important role in helping sheriff's deputies complete their jobs daily. Tim said, Rapid and accurate identification of people is a major law enforcement need.

Tim adds, There is no room for error when it comes to booking and release of those charged with crimes. And our contactless iris-based biometric systems, the most accurate on the market, are ideal as departments continue battling the COVID-19 virus.

Among its many products, Iris ID will highlight three widely used by law enforcement organisations.

iCAM M300 is a lightweight, handheld device used by law enforcement to enroll and identify people in the field

The iCAM M300 is a lightweight, handheld device used by law enforcement to enroll and identify people in the field. The iCAM M300 offers access to the three primary modes of biometric identification iris, facial and fingerprint with communication protocols including NFC, Wi-Fi, Bluetooth, GPS, 4G LTE and more. The iCAM 300 also provides magstripe and contactless card support and offers an MRZ reader to verify ePassports.

Iris ID iCAM R100 readers replace the need for PINs, access control cards and RFID fobs to enter integrated smart lockers and key management cabinets protecting keys, weapons, evidence and other valuable assets stored by sheriff's departments.

Law enforcement agencies across the U.S., including the Los Angeles County Sheriff's Department, the York County (Penn.) Sheriff's Office and the U.S. Border Patrol use Iris ID biometric technology.

Iris ID iCAM 7S series product is currently included in the Los Angeles sheriff booking stations. It is used to add iris-based identity authentication capabilities, resulting in more accurate release of individuals as a persons iris is much less susceptible to damage than their fingerprints.

Read more:
Iris ID to showcase contactless iris-based biometric systems at the National Sheriffs' Association's NSA 2021 Annual Conference and Exhibition -...

Why did Denmark help the US spy on its European allies? – The Conversation UK

Systematic wiretapping of close allies is unacceptable, came a recent comment from Danish Defence Minister Trine Bramsen. And yet, it appears this is exactly what Denmark has been doing. Bramsen was responding to reporting that revealed the Danish Defence Intelligence Service (Forsvarets Efterretningstjeneste, or FE) had cooperated with the US National Security Agency (NSA) to enable spying on several European partners and close allies.

Considering the major reputational costs that would surely have been evident from the outset, why did Denmark agree to this partnership? Why would it allow the NSA to use Danish data cables to spy on senior officials in France, Germany, Norway and Sweden, including German chancellor Angela Merkel?

For a Danish audience this scandal is part of a longer story. In 2019, the independent board overseeing Danish intelligence services (Tilsynet med Efterretningtjenesterne, created in 2014 after the Edward Snowden leaks) received information about the FE collaborating with the NSA. The board produced a report in August 2020 criticising the intelligence service for serious wrongdoings.

Still little is known of the boards strictly confidential four-volume report, which was submitted to Bramsen, but its press statement publicly criticised the FE for initiating operational activities in violation of Danish law, including byobtaining and passing on a significant amount of information about Danish citizens.

As a result of the report, five top intelligence officials were removed from office. A few months later, media reports revealed that the collaboration had enabled the NSA not only to spy on neighbouring countries officials, but also Danish ministries and defence companies.

The exact nature of the retrieved information and how it was used is unclear but the fact that any information of this kind was gathered at all is in complete contrast to the FEs purpose to prevent and counter threats to Denmark and Danish interests.

The most recent media reporting suggests in more detail that the FE had collaborated with the NSA to allow the US to spy on neighbouring countries though Danish internet cables between 2012 and 2014. It was revealed that the NSA was purposefully targeting high-ranking European officials, using their phone numbers as selectors to identify data of interest.

Denmarks geographical location makes the country attractive for the NSA, not least because it hosts several key underwater cables for neighbouring countries. These cables can be used to get information about not only internet access, chats and messaging services, but also text messages and phone calls.

When considering why Denmark would allow itself to become a conduit for espionage against its allies, its worth remembering that, as a small country, it is dependent on security guarantees from other states. Denmark has aligned itself closely with the US the worlds largest military superpower not just through NATO, but also bilaterally. For Denmark, the cooperation with the US and the NSA is crucial, both in terms of technology and access to intelligence.

The FE is highly dependent on the NSA to combat terrorism. Through the NSA, it gains access to advanced technology such as the program Xkeyscore, used to search through and filter the raw data from the cables. It also seems that the FE had access to information about planned terror attacks via the NSA.

Even though progress has been made on the European side in regard to increasing cooperation on security and defence matters, Nato and particularly the US continue to be Denmarks most important security guarantor.

Since the 1990s, but particularly since 9/11, Danish foreign policy has been described as super-atlanticist prioritising building common values and interests with the US. This strong and seemingly unwavering support for the American world order means Denmark is willing to pursue costly and risky policies to support the superpower.

Additionally, Denmark remains to a large extent outside European Union security and defence cooperation because of its defence opt-out. Negotiated after the Danish population rejected the Maastricht Treaty in a referendum in 1992, the defence opt-out prevents the country from participating in those parts of the EUs foreign and security policy that affect defence and any military cooperation at EU level.

This puts the relationship to the US (and Nato) at the forefront of Danish security and defence decision-making. Nor does the EU (yet) have the strength to defend itself against Russia and China should the need arise, which in part explains the draw of the US partnership.

The French government described the allegations against Denmark as extremely serious, with President Emmanuel Macron pointing out that this is not acceptable between allies, and even less between allies and European partners.

Merkel agrees, but has struck a more conciliatory tone, seeing a good basis not only for the resolution of the matter, but also to really come to trusted relations. However, Peer Steinbrck, former German opposition leader and candidate for chancellor, called it a political scandal.

Even closer to home, Norwegian Prime Minister Erna Solberg said it is unacceptable if countries which have close allied cooperation feel the need to spy on one another. Peter Hultqvist, Swedens defence minister, has demanded full information.

Much of these events date back to the time of the Snowden years, when it was revealed that even Germanys foreign intelligence agency cooperated with the NSA to spy on its neighbours. It thus remains to be seen how much damage will really be done to Denmarks relations with the rest of Europe. A government-commissioned investigation is due to report back later in 2021.

However, it may be that this scandal might provide an opportunity for Denmark to take an honest look at its security and defence priorities and its relations with European allies. A recent poll shows that 66% of Danes believe that Europe cannot always rely on the US and needs to look after its own defence capabilities. This puts Denmarks super-atlanticist orientation into question and suggests its most important strategic partners may lie closer to home.

Read more:
Why did Denmark help the US spy on its European allies? - The Conversation UK

Ushering in a Transparent Revolution in Cybersecurity – The Cipher Brief

Thomas Warrick was DHS Deputy Assistant for Counterterrorism Policy from August 2008 to June 2019 and is now Director of the Future of DHS Project at the Atlantic Council.

Javed Ali held senior counterterrorism positions at DHS, the FBI, the Office of the Director of National Intelligence, and the National Security Council. He is a Towsley Policymaker in Residence at the University of Michigan.

OPINION Eyebrows were raised when the Biden administration initially chose veterans of the usually secretive National Security Agency (NSA) for all four top cybersecurity positions in the most diverse administration in U.S. history.

The two leaders who face confirmation hearings on ThursdayChris Inglis as National Cyber Director and Jen Easterly as director of the Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA)deserve confirmation by the Senate. They, along with NSA senior executive Anne Neuberger, the Deputy National Security Adviser for cybersecurity, and Amit Mital, who in April replaced NSAs Michael Sulmeyer as senior director for cybersecurity, could be the right people to help lead what needs to be a transparent revolution in cybersecurity.

Given NSAs reputation for secrecy, this might seem odd. In fact, what these NSA veterans share, apart from strong individual qualities, is their knowledge that what is needed now in civilian cybersecurity is significantly increased transparency and an emphasis on enhanced information-sharing. As national security practitioners, they knowas do we (between the two of us we have more than fifty years experience) that while secrecy has its place, especially in protecting sources and methods, it also has its limits. And given the need in cybersecurity for information-sharing, speed, and strong collaboration between the public and private sectorsa critical feature that sets cybersecurity apart from other aspects of national securitydefaulting to a secretive and insular approach would be a mistake.

The first reason to expect a revolution in transparency is that strong cybersecurity requires a robust partnership between the government and the many technology stakeholders who own information technology infrastructure, platforms, and services that adversaries target.

Almost all the cyber infrastructure in the United States is outside the hands of the federal government, in the hands of private industry, state and local governments, academia, and other non-federal sectors. Conversely, much of the information about cyber threats or adversaries intentions and capabilities is in the hands of the federal intelligence and law enforcement communities. As both the Cyberspace Solarium Commission and the Future of DHS Project concluded, cyber operators in this non-federal space need high-fidelity, often classified intelligence to first identify threats to their networks and then to justify actions to their C-Suite executives to defend them. Increasing the speed of sharing is now vital. Recent attackslike those against Colonial Pipeline and JBS Foodsshow that government and private operators need to exchange information, including attribution, in real-time and at network speeds. Hostile nation-states and criminals will hold U.S. national security and prosperity at risk unless the federal government and private sector open up to each other.

Second, the federal cybersecurity enterprise needs the trust of the American people.

For the private sector and government to work together at network speeds, it is essential there be trust, communication, and a shared understanding of desired outcomes. This is one reason security veterans know that NSA is not the right agency to lead civilian cybersecurity. NSA is trusted within the government, but for historical reasons, not so much outside it. This is why the role of DHSs CISA is so important, and why confirming Jen Easterlywhose career spans both cyber and non-cyber threats, and both the government and private sectorsis critical.

Third, to keep the peoples trust, civilian cybersecurity effortsand the information that private citizens provide the government to help secure our networksmust never be used for partisan political purposes.

Like the military and the intelligence communitiesfrom which NSA comesthe federal cybersecurity enterprise needs to be, to the greatest extent possible, nonpartisan and above politics. The same needs to be said about election security, another CISA responsibility.

The fourth aspect of the coming transparency revolution is that the federal cybersecurity enterprise needs to adopturgentlya consumer-focused side that the American people can trust and rely on for impartial advice on personal cybersecurity.

Its good the federal cybersecurity enterprise works with corporations that provide our networks, social media platforms, and major software products. Increasingly, though, the American people need authoritative, understandable cybersecurity information.

In cybersecurity, every American is now on the front linestargetable by hostile nation-states, confidence tricksters, criminals intent on stealing money, and those wanting to sow hatred and division. This reality totally upends previous concepts of national security and political economy. In a bring your own device world, your iPhone or Android phone can be exploited to target you and your workplace, school, or neighbors. You need to know which apps transmit personal data overseas to servers under the effective control of the Chinese Communist Party, or how to instantly recognize the telltale signs of Russian or Iranian disinformation. Your social media feed can be manipulated in non-transparent ways to change how you vote, shop, or even think. Government cybersecurity needs to communicate effectively with individual Americans protect themselves from cyber threats without turning us into a nanny state.

Fifth, and most importantly, cybersecurity needs to be re-scaled by government, by non-federal stakeholders, and by everyday Americans.

The finest cybersecurity policies in the world are useless if theyre not adequately resourced. No matter what you may think of NSA, it is one of governments most successful examples of having learned the importance of scale.

The Cyberspace Solarium Commission said Congress must invest significant resources in CISA and the private sector needs to increase cybersecurity spending. Top cybersecurity experts Richard Clarke and Rob Knake found that successful companies spent 8% of their IT budgets on cyber defense. Today, most dont. CISAs current budget, enacted during the Trump administration, is $2billion, plus $650million added in President Bidens Covid-19 relief bill. In March, House Homeland Security ranking Republican John Katko called for CISA to become a $5billion agency. He is in the right ballpark.

The Russian Sunburst hack into SolarWinds in 2020 and recent ransomware attacks from Russian-based criminal groups show what capable, well-resourced adversaries can do against systems that are vulnerable to cyber exploitation. We should be deeply concerned about adversaries exploiting gaps and seams in the ability of overseas-focused agencies like NSA to collect cyber intelligence inside the United States. Just because there hasnt been a cyber Pearl Harbor or a cyber 9/11 doesnt mean that one is impossible. It means only that weve been luckyso far. Cybersecurity today takes serious resources, trust, and transparency. Swift Senate confirmation of Inglis and Easterly is essential to help bring this revolution about.

Read more expert-driven national security perspectives, insight and analysis in The Cipher Brief

Visit link:
Ushering in a Transparent Revolution in Cybersecurity - The Cipher Brief

Native breed enthusiasts win first NSA giveaway – The Scottish Farmer

Cumbrian father and son farming team, Andrew and Matthew Tomkins, are the recipients of the first of this year's National Sheep Association membership prizes.

Having recently joined the association as joint members, Andrew and Matthew have won a new Solway lamb adopter, donated by recycled product manufacturer Solway Recycling, as part of the 2021/22 membership prize giveaway.

Alongside the rest of the Tomkins family, they farm 300 acres of upland just outside of Longtown, Cumbria, running a flock of 300 Llanwenog and Llanwenog cross Berrichon ewes, plus a small pedigree flock of Oxford Down sheep and a herd of pedigree Beef Shorthorn cattle. The farm supplies their onsite butchery, online sales and catering business Hallsford farm produce with native breed beef and lamb.

Matthew said: We were surprised to hear we had been selected as winners as we had only recently joined NSA but of course we are very pleased with the news. We joined NSA as we believe it is one of the farming organisations that is having a real positive impact on farming. We have been impressed by how forward-thinking and progressive it is.

NSAs current work on heritage breeds and marketing of UK lamb, mutton and hogget really caught our attention. We believe this differentiation is key to helping to bring market control back to the farmer.

The useful piece of sheep farming equipment was very welcome, he added: We are currently increasing our sheep flock so the chance to win this equipment was fantastic it will be a godsend come lambing time next year and we are sure it will come in useful for many years to come.

All new members signing up to join NSA between February 2021 and the middle of February 2022 will be entered into the future prize draws. There are now three further chances for new members of NSA to win a lamb adopter or lamb warming box and sheep pens donated by Solway Recycling.

Existing NSA members also have the chance to win by recommending a friend, family member or neighbour sign up too. There is no limit to the number of entries for existing members, the more recommendations made, the more entries earnt. Find out more at http://www.nationalsheep.org.uk/draw.

Follow this link:
Native breed enthusiasts win first NSA giveaway - The Scottish Farmer

Heres How The IRS Could Have Prevented The Tax Data Leak – Forbes

If the IRS had wanted to prevent the leak of tax returns recently reported by Propublica, they could have done it. The methods are simple, effective and in use. They just didnt implement leak prevention methods. Why? The problem isnt money; the IRS spends billions of dollars a year on computer systems. Will this embarrassment get them to fix things? Ive read through the IRS Integrated Modernization Business Plan, the April 2019 document that describes how the IRS will spend many billions over the next 5 years to modernize their computer systems, and nowhere in the document is there a hint that theyll do anything but spend more money to implement more of the ineffective security systems they already have.

The IRS doesnt create or invent cybersecurity methods; they try to adhere to all the security regulations, follow the standards and take the advice of agencies that specialize in cybersecurity. These other agencies employ top experts who set the standards that institutions follow to protect their computer systems and confidential data. So whats going on here? Did the IRS suffer the tax data leak because they failed to implement one of these clear standards? Or is there something missing or wrong with the standards that affects the IRS and all the other organizations that are guided by them? Lets see.

Cybersecurity is a complex issue. Ive used the metaphor of a gated community to explain general computer security; while the walls and gates of a gated community tend to be secure and well-maintained, the equivalent in the computer world is a patch-work of incompatible wall sections from different manufacturers which are never built properly and often need fixes to be applied, which the computer managers too often take months to apply if they do the work at all.

Its possible that a hacker broke into the IRS. But what probably happened is that an IRS employee or contractor with legitimate access to IRS data decided to make a political statement by grabbing the files of ultra-wealthy Americans, smuggling them out of the agency and giving them to Propublica. This is known as an insider threat. Heres the shocker: modern corporate and government cybersecurity standards and regulations fail to prevent or even detect insider threats!

Insiders stealing the data of the company or agency they work for has happened many times. The famous Edward Snowden case is a classic example of an insider stealing secret information and leaking it for publication. Snowden was a contractor who worked at the super-secret NSA (National Security Agency). He saw the surveillance of citizens that was being performed by the agency and didnt think it was right, so he gathered lots computer files documenting the behavior and sent the files outside the agency for publication.

Snowden did electronically what Daniel Ellsberg did decades ago physically. Ellsberg was a military officer who had helped create reports describing in detail secret operations the US conducted during the Vietnam war. While working at the Top Secret RAND Corporation he gained access to a copy of the reports and walked out the door with them in his briefcase. He gave them to the press, where they were headlined as the Pentagon Papers.

The NSA has a positive reputation for cybersecurity. The cover story in Wired Magazine in June 2013 featured a description of a visit to NSA HQ in Fort Meade with its elaborate security measures. The strong impression given is that an organization that has so many strong walls, locks and cameras must be able to do the equivalent in the invisible world of computers. The timing of the cover story was perfect. Edward Snowden started leaking secret NSA documents in December 2012; the leaked documents were published shortly after the publication of the Wired Magazine issue praising the ultra-security of the NSA.

There are systemic issues that result in most of the successful hacks of governments and large companies which I describe here. What it comes down to is two main factors: the people in charge dont understand the world of computers; the people in charge take a slow, regulatory approach to security, while the opposition is fast and creative.

For the IRS, the data loss is similar to books being taken from a library without being checked out, and can be fixed using electronic versions of methods that librarians use: check the books anyone walks out with!

Personal tax information is valuable, like the goods sold by high-end retailers. Think about jewelry stores; nearly anyone can go in the store, but all the valuable jewels are closely watched as they are taken out of display cases, tried on and put down. You dont get away with slipping a diamond into your pocket and walking out of the store. Systems like this can be and have been implemented in the world of computers. I go into more detail here.

Going beyond basic monitoring of the behavior of computer users, its possible to translate methods that are in production today for catching credit card fraud to the problem of data leaks. Basically what you do is use machine learning to model everyones normal behavior concerning data access. When someone does something that is not normal for them, the model immediately notices and calls software to stop them and raise an alert.

In the case of the IRS the general behavior monitoring behavior could be refined, since IRS employees work on cases that have been assigned to them. The software would look at each file a user accesses and make sure that file is relevant to a case theyre working on; if not, the software would prevent access and raise an alarm. That way an errant employee who tried to pull Warren Buffets tax data who wasnt specifically assigned to the case wouldnt be allowed to do so. And the person working on Warren Buffets case wouldnt be able to access Elon Musks case.

Its less likely but possible that instead of the bad guy being an employee, it was a hacker who gained access to internal systems using methods similar to the ones that resulted in financial records of 147 million Americans being stolen from Equifax in 2017. I describe that hack here.

If the internal monitoring systems I have described were in place, it would also catch a person who had gotten into the IRS by hacking the beauty of the method is that you dont worry about who the actor is you just worry about what they do, just like in a library or jewelry store.

The cybersecurity problem isnt limited to giant government bureaucracies with outdated computer systems. Its widespread, in part because they all follow experts, standards and regulations that ignore the insider threat. I analyzed in detail the various experts who were quoted in articles published by the New York Times about the Wannacry ransomware attacks based on software that had been leaked from the NSA. I found that the experts were simply wrong about the reasons, methods and responses to the attack.

It is ironic that the same government authorities who force everyone to follow ineffective regulations they craft by the ton are spending even more money training young people in their methods. My local community college was conducting training sponsored jointly by the NSA and DHS (the Department of Homeland Security); when I looked into it I found that the experts couldnt even build functioning, secure websites with accurate information.

I sincerely hope that the ongoing flood of illegal leaks and ransomware attacks will end soon. But so long as the current batch of bureaucrats, regulators and experts are in charge of things, were likely to spend ever-increasing amounts of money on cybersecurity with ever-worsening results.

The rest is here:
Heres How The IRS Could Have Prevented The Tax Data Leak - Forbes