Mediaboss Marketing

Former presidential aide, Doyin Okupe, has advised the National Security Adviser, Maj-Gen. Babagana Monguno (retd.), to make use of satellite imaging to cover areas affected by banditry, kidnapping and insurgency.

He gave the advice in an article titled Ending Banditry, Kidnapping and Insurgency In Nigeria. Part II.

This was issued after the NSA, at a press briefing, yesterday said the Federal Government will not hesitate to use force to curb the menace of insurgents.

READ ALSO: Troops rescue 172 students abducted in Kaduna, many still missing

Okupe, in his article, commended the NSA for his commitment to the fight against insurgency in the country.

He called for the provision of rapid response capabilities and adequate funding as measures for the fight against insecurity.

The former presidential aide said, I want to publicly commend the NSA, Rtd General Monguno for his brilliant and highly hope-inspiring press briefing of yesterday 11th March 2021.

For once and for the first time, someone, though unelected, took charge and gave the Nigerian citizens some measure of hope.

Ordinarily, as a critic of the administration, I should say all he did was 2 make promises and that we have had too many unfulfilled promises both from this administration and those before it. But at the prevailing level of pervasive insecurity in the country, Promises may just suffice.

He said the security challenges will be dealt with in few weeks. We have lived with these challenges for 10 years, so even if the government can do it in few months instead of the few weeks promised, it will still be accepted and appreciated.

READ ALSO: Supreme Court upholds ex-Plateau gov Dariyes 10-year jail term

Personally, watching the NSA closely yesterday and looking beyond what he was saying, I saw some measure of commitment and veiled anger within him and this makes me believe him. But I may be wrong. However, I will like to suggest the following additional measures to the NSA.

Spend some money on 24 hrs satellite imaging and coverage of areas most affected by these challenges.

Increase ground intelligence and paid local intelligence monitors all over these areas.

Fund Police formations and tactical units in these areas. Increase force deplorability and create standby joint crack security teams in each local government area in the affected states.

In addition to State Police Commissioners working with military authorities, appoint military commanders in each state to jointly coordinate security within each state, with the state police Commissioners.

It takes no less than 1hr for any serious school kidnapping to be executed. It also takes travelling fairly long distances and noticeable mass movements before bandits arrive at their safe havens in the forests.

READ ALSO: Abductions: US ready to support Nigeria, says official

Therefore, after serious fortification of rapid response capabilities and adequate funding have been provided, any state where kidnapping is successfully executed, the Commissioner of Police and the military Commanders shall be held responsible.

Read more here:
Banditry: Cover affected areas with satellite imaging, Okupe tells NSA - Punch Newspapers

An analysis by Bloomberg Government from last summer showed agencies have spent only $500,000 on zero trust architecture tools and services since fiscal 2017.

To be clear, that research only looked for specific mentions of what has become a buzzword mentioned at every conference and vendor white paper over the last two years.

BGov readily acknowledges that there are hundreds of millions, if not billions, of dollars spent on components that would go into a zero trust architecture.

The evidence of that spending and push toward modernizing the federal approach to cybersecurity seems to be everywhere, especially over the past year as agency chief information officers and others have realized the value and potential of changing their approach to network defenses. The COVID-19 pandemic reminded and reinforced the power of identity and access management as a key piece to defend against cyber attacks.

The National Institute of Standards and Technology is reviewing concept papers for how to implement a zero trust architecture across six scenarios.

This project will focus primarily on access to enterprise resources. More specifically, the focus will be on behaviors of enterprise employees, contractors and guests accessing enterprise resources while connected from the corporate (or enterprise headquarters) network, a branch office, or the public internet, NISTs National Cybersecurity Center of Excellence wrote in the project description. Access requests can occur over both the enterprise-owned part of the infrastructure as well as the public/non-enterprise-owned part of the infrastructure. This requires that all access requests be secure, authorized, and verified before access is enforced, regardless of where the request is initiated or where the resources are located.

NIST said based on its review of the white papers, it plans to issue a cooperative research and development agreement (CRADA) to demonstrate different approaches to zero trust.

The Department of Homeland Security and the National Security Agency are among two of the agencies on the leading edge to do more than test these concepts.

Beth Cappello, the DHS deputy CIO, said the agency is using its target architecture initiative, which sets a common technology baseline to let programs adopt new technologies quickly, to implement zero trust components.

By rapidly implementing IT and security improvements to reduce risk, it will help the Office of the CIO address the remote work posture of our employees. Components have been able to take our target zero trust architecture and quickly customize or tailor it to field similar capabilities within their respective environments, Cappello said at the recent MicroStrategy World 2021 conference on Feb. 4. From a technology perspective, the zero trust architecture approach allow us to ensure we have a dynamic, on-demand chain of trust that is continually reassessed at each access point. Frankly, in our continued remote environment, this is incredibly important.

Homeland Securitys approach to zero trust is all about reusable architecture guides that are focused on user needs and developed with the components in mind.

Cappello said policy templates, pattern libraries and reference implementations also help to ensure DHS is implementing zero trust concepts in a standard way. The DHS zero trust action group which is made up of experts from across the agency is leading the coordinating, developing and sharing of these documents and individual experiences.

Thus far, we have fielded seven zero trust use cases to enhance access to IT assets and systems, she said. These use cases augment security while also reducing the load on our VPN connection points. This zero trust architecture approach also increases our network performance by leveraging a cloud access security broker and cloud security gateway capabilities to give users secure, direct access to cloud managed applications thereby reducing traffic on that Homeland Security enterprise network.

NSA is taking a similar approach as DHS, providing policies and reusable components as part of its zero trust approach.

Timothy Clyde, the lead systems engineer for NSAs external identity solutions and service offerings, said at the recent SailPoint Evolution of Identity conference that the agency launched a zero trust pilot just over a year ago with the goal of figuring out how to get users the data they need when they need it no matter the current set of policies and rules.

What is the level of trust that needs to go with that identity? Clyde asked. Depending on what the level of trust is that needs to be with that identity, comes the governance above that identity. Weve used policy engines. We tag our data and have been doing it successfully now for well over a decade. Some people would argue once you have a solid identity for the person, the device and the data, the policy then becomes probably the most important piece of it. It does need to be dynamic enough, that depending on the environment, you may have two policies that are almost identical. But if you are in Environment A, you may have access, but if you are in Environment B, you may not.

Clyde said the initial phase and roll out of the zero trust pilot includes a lab to test technology components for DoD partners and NSA also is making its policy engines available for others to use in their environments.

Neal Ziring, the technical director for NSAs Cybersecurity directorate, said the agencies can use policy engines to underpin the process to decide who is granted access to information. He said the policy is at the heart of access control.

Policy administrators create the rules that allow (or not allow) people and systems to access data. In a zero trust architecture, when a user makes a request to access data, the request is sent to a policy information point (PIP). The PIP provides the user information (such as attributes, clearance level, where they are located, etc.) to a policy decision point (PDP). The PDP analyzes this information along with additional policy rules regarding who can access that data, and determines if that user on that device is allowed to access that data. The PDP then delivers this decision to a policy enforcement point (PEP) who is the final authority on whether or not that user or device gets access to that data and either allows or disallows access, Ziring said in an email to Federal News Network. These PIP, PDP and PEP sub processes, when combined, are commonly referred to as the zero trust policy engine.

The zero trust pilot is a joint effort amongst U.S. Cyber Command, the Defense Information Systems Agency and NSA where they are researching, developing, piloting and lab testing technologies.

The team has been able to demonstrate the effectiveness of zero trust at preventing, detecting, responding and recovering from cyberattacks, Ziring said. NSA is part of the joint team developing the DoD zero trust reference architecture. NSA is developing zero trust best practices and guidance to share with a broader set of US critical network owners, such as National Security System owners. NSA is working with the DoD CIO and DISA to update any existing cybersecurity policies as applicable to include zero trust principles to ensure that all of DoD is synchronized on zero trust, and implements zero trust in a secure and standard way across the department to protect critical information.

He added the DoDwide working group is partnering with NIST to ensure the guidance on zero trust are in alignment across government.

Under the pilot, NSA and U.S. Cyber Command established an unclassified lab at DreamPort, a public-private innovation partnership that hosts zero trust equipment and simulates customer environments where they test diverse configurations of zero trust implementations.

Ziring said it also serves as a location to hold unclassified discussions with zero trust stakeholders, such as government customers and vendors.

The ability to engage with our stakeholders at the lowest possible classification level allows for broader engagements across the community and an increased understanding of cybersecurity as it evolves, he said. We have a separate testbed with DISA that will host any anticipated classified information.

More here:
DHS, NSA creating reusable pieces to zero trust foundation - Federal News Network

A new petition issued from the American Civil Liberties Union (ACLU) has made it to the Supreme Court and aims to declare the historic male-only military draft to be unconstitutional.

Noting that the U.S. Department of Defense lifted the ban on women serving in combat in 2013, the petition specifies that the obligation for men to register upon turning 18 years old has yet to be applied to women.

Thousands of women have since served with distinction in combat positions across all branches of the military, the formal petition reads. The registration requirement has no legitimate purpose and cannot withstand the exacting scrutiny sex-based laws require.

Rooted in this argument is the 1981 case Rostker v. Goldberg, which argued that because American men are required to register under U.S. law and women are not, the male-only draft is discriminatory and unconstitutional.

The act gives U.S. presidents the power to require mandatory conscription of eligible adult males into the U.S. Army, but excludes women. Ultimately, the court held that the act does not violate equal protection clauses under the Fifth Amendment, and that the government is allowed to develop an army in times of national emergency.

Now, the petition asks the Supreme Court to overrule Rostker v. Goldberg since women are formally allowed to register for military service and in combat roles.

It is time to overrule Rostker. The registration requirement has no legitimate purpose and cannot withstand the exacting scrutiny sex-based laws require, the petition states, citing that military departments acknowledge that requiring both men and women to register would 'promote fairness and equity and further the goal of military readiness.

The Department of Defense has made strides in including women in combat roles, authoring a report in 2015 that called its own previous standards excluding women from military work outdated.

In 2017, a committee was established to review the draft policy within the Military Selective Service Act to evaluate if the draft should be expanded to incorporate women recruits. Despite a commission analysis that recommended the inclusion, Congress has yet to make the requirement for women official.

The Washington Post further notes that last week, a group of veterans who held military leadership roles asked the Supreme Court to take the case and rule the male-only draft requirement a violation of the equal protection clause.

The vast majority of men ... have no advantage in readiness over women, who the current statutory scheme forbid from registering, the brief, filed by former National Security Agency (NSA) director Michael Hayden, reportedly said.

Debate over whether or not the draft requirement for men is constitutional has ensued in multiple lower courts, but these revitalized petitions ask the Supreme Court to overturn their original 1981 ruling.

The petitions authors also note that by excluding women from draft registration requirements, it undermines their own equality as U.S. citizens.

Like many laws that have purported to privilege women over men, the men-only registration requirement burdens women too by perpetuating the notion that women are unworthy of full citizenship stature, the report concludes, citing another Supreme Court case regarding the treatment of women in the military. Excluding women from a duty characterized as a fundamental civic obligation conveys 'not only that they are not vital to the defenseof the country but also that they are not expected to participate in defending it.'

The Supreme Court could reportedly take months before deciding to revisit Rostker v. Goldberg.

Read the original post:
Supreme Court asked to declare the all-male military draft unconstitutional | TheHill - The Hill

Given that until recently the British government refused to acknowledge the existence of its World War IIera code-breaking organization, this informative official history of the Government Communications Headquarters, or GCHQ, one of the United Kingdoms leading intelligence agencies, is remarkable. Ferriss narrative takes on the breaking of the Nazis' Enigma code at Bletchley Park during World War II and the efforts to replicate that achievement during the Cold War. GCHQ now plays a major role in all areas of cybersecurity. Its activities, along with those of the U.S. National Security Agency, were compromised when a former NSA contractor, Edward Snowden, revealed them in 2013. Ferriss account avoids sensationalism. It provides a careful judgment of Bletchley Parks impact, points to how signals intelligence during the Cold War usefully illuminated the lower levels of the Soviet system, and shows GCHQs operational importance to the conduct of colonial and postcolonial conflicts, including the 1982 Falklands War.

Loading...Please enable JavaScript for this site to function properly.

The rest is here:
A Review of "Behind the Enigma" by John Ferris - Foreign Affairs

By Paul Rosenzweig, The George Washington University Law School

Generally, surveillance comes in three basic forms. First, there is physical surveillance, dating from the times of Alexander the Great and earlier, up to the Stasi State in post-World War II East Germany and to today. This is the traditional form of scrutiny that has always been the province of spies and intruders.

This is a transcript from the video series The Surveillance State: Big Data, Freedom, and You. Watch it now, on The Great Courses Plus.

When one thinks of physical surveillance, the first image that comes to our mind is that of an eavesdropper.

An eavesdropper could, for example, hear a conversation. Or, if he looks in a window, become a Peeping Tom, and see the subject of his surveillance. One could even contemplate surveillance of smellslike, say, the scent of burning cannabis.

As the nature of our physical environment changed, physical surveillance also evolved. The telegraph became a way to rapidly transmit messages around the globe, and governments began exploring ways to intercept those messages.

American electronic surveillance really came of age during the Cold War. It is said that for years, the CIA ran a joint electronic surveillance operation with the Chinese, in the western deserts of China, to monitor Soviet missile launches.

In the mid-1970s, the National Security Agency (NSA) conducted two programs involving electronic interceptions that have, since, proven quite controversial.

One of them, code-named SHAMROCK, involved U.S. communications companies giving the NSA access to all of the international cable traffic passing through their companies facilities. The second program, known as MINARET, created a watch list of U.S. persons whose communications were to be monitored.

To the above traditional forms of surveillance, we must add a third: the collection, and analysis, of personally identifiable data and information about individuals.

Dataveillance is an inevitable product of our increasing reliance on the Internet and global communications systems. As the available storehouse of data has grown, so have governmental and commercial efforts to use this data for their own purposes.

To further frame the context, lets take a look at two surveillance exercises.

Learn more about surveillance in America.

The key to finding Osama bin Laden came from tracking, one of his couriers: Abu Ahmed al-Kuwaiti, who lived in Abbottabad, Pakistan. To track him, the CIA initially used sophisticated geo-location technology that helped pinpoint his cell phone location.

That allowed the CIA to determine the exact type of car that al-Kuwaiti droveit was a white SUV. Using physical and electronic surveillance, the CIA began tracking the vehicle. One day, a satellite captured images of the SUV pulling into a large concrete compound in Abbottabad. Agents used aerial surveillance to keep watch.

The residents of the Abbottabad compound were also extremely cautious. They burned their trashprobably to frustrate a search of that trash that might have yielded DNA samples of the residents.

The United States also learned that the compound lacked a phone or an Internet connection. Again, why? Almost certainly because the residents understood that phone and Internet communications could be tracked, traced, and intercepted.

It was observed that a man, who lived on the third floor, never left. He stayed inside the compound, and underneath a canopy, frustrating overhead surveillance by satellite.

In addition to satellites, the government flew an advanced stealth drone, the RQ-170, over Pakistan to eavesdrop on electronic transmissions from the compound.

The CIA made any number of efforts to identify this man. They tried to collect sewage from the compound to identify fecal matter and run a DNA analysis, but as the sewage contained the effluence of other houses, they couldnt isolate a good sample.

At one point, the CIA got a Pakistani doctor to pretend he was conducting a vaccination program. Nurses tried to get inside the compound and vaccinate the children, which would have allowed them to get a DNA sample, but again without success. To get a closer look, CIA spies also moved into a house on the property next door.

It has been reported that this surveillance operation cost so much money that the CIA had to ask for supplemental funding from Congressfunding that it, of course, received.

In short, during the hunt for bin Laden, the United States employed physical and electronic surveillance and sophisticated data analysis. The result, from an intelligence standpoint, was a success.

By now, most Americans are pretty familiar with the long lines, thorough pat-downs, and X-ray inspections that are part of the process.

But that physical screening comes at the back end of a process that begins much earlier when you first make a reservation to fly. The Transportation Security Administrations (TSAs) security directives require airline passengers to present identification when they make a reservation.

Later, if youre selected for secondary screening, you and your bags will be taken out of line for additional scrutiny. And why is it that we ask for a passengers name along with gender and date of birth?

Learn more about hacking and surveillance.

The reason is because that data is used for a form of dataveillance-screening, known as Secure Flight. Your name and date of birth are checked against a terrorist screening database.

Screenings include flights that overfly but dont land in the continental U.S. This was a key recommendation of the 9/11 Commission, created by the Congress and the president after the September 2001 terror attacks to identify security lapses, and ways to strengthen U.S. defenses.

The Secure Flight program has not, so far as is publicly known, ever actually spotted a terrorist.

There are ways one might legally challenge this kind of surveillance. In 2006, a traveler named John Gilmore challenged the TSAs identification requirement. He asserted that he had a right to travel and that his right to travel included the right to do so anonymously without providing identification.

The federal Ninth Circuit court of appeals agreed, provisionally, that he had a right to travel. But, it said that if he wanted to travel by air, then Gilmore was consenting to the requirement that he provide identification before boarding the plane. If he didnt want to do that, he was free to travel by some other means.

The story doesnt end there, however. For years, ten U.S. citizens were unable to fly to, or from, the United Statesor even over American airspacebecause they were on the governments top-secret No Fly List.

They were never told why theyd made to the list, they didnt have much chance of getting off of it, either. In June 2010, the American Civil Liberties Union filed a lawsuit on behalf of a disabled Marine veteran named Ayman Latif, who was living in Egypt, and the nine others.

Latif won the case. The court concluded that he did have a right to challenge his inclusion on the no-fly list, and was entitled to a process by which he could seek to be removed from it.

It didnt help the governments case that Latif had probably been put on the list by mistake, and should have been removed long before his lawsuit came to court.

The above polar cases bring us full circle to a set of concepts that we need to think about: the balance between transparency and effectiveness.

Some of the physical and traditional forms of surveillance include eavesdropping, looking at the object, or prying over someone, and using smell to do surveillance.

The CIA used drones, satellites, and physical surveillance in the hunt for Osama bin Laden.

Dataveillance is a type of surveillance that includes the collection, and analysis, of personally identifiable data and information about individuals.

See more here:
Surveillance: Types, Uses, and Abuses - The Great Courses Daily News