Archive for the ‘NSA’ Category

Companies Awarded JWCC Contract are ‘Receptive’ to Red … – GovernmentCIO Media & Research

DOD wants more visibility into the commercial cloud service provider side, rather than just the customer side.

The Defense Department said the companies that received contracts to support the agency's Joint Warfighting Cloud Capability (JWCC) in December of last year are "receptive" to red teaming and providing more visibility into the service provider side, not just the customer side.

"We have some work to do probably on the visibility of the service provider side of the equation. We've had some incidents recently that have shown that we probably need to shore some visibility issues where maybe we do some outside in looks at the clouds that they built for us," Dave McKeown, acting principal deputy CIO at DOD, said at AFCEA's TechNet Cyber conference in Baltimore, Maryland.

Earlier this year, CIOs from each military service traveled to the West Coast to tour all four cloud service providers that were awarded the JWCC contract.

"I have taken all of my CIOs in the department on field trips to each one of the cloud service providers where we can ask the tough questions about their architectures and their technologies and how they're securing specific aspects of their applications," McKeown said. "We know we are in a partnership with them. We have to both be successful cybersecurity-wise in order for us to continue to succeed together."

Around the time of the trip, it was reported that the DOD secured an exposed server hosted on Microsoft's Azure government cloud that was spilling internal military emails publicly after a misconfiguration left the server without a password and allowed access to sensitive government information, a lot of which was related to U.S. Special Operations Command.

McKeown said it's important to continue developing a close partnership with the cloud service providers and emphasize that the department wants to work with them, not "scare them off" or "bring the lawyers in." He added that the department is adopting the industry's best practices and products into its environment, something they would not be able to do on their own all the while satisfying customer demand.

"Let them believe that they're part of the team because they are and work together on securing these environments," McKeown said. "I see every time there's an incident. There's a lot of disparaging comments about putting all of our eggs in a cloud service providers' basket. I'll tell you what, I've witnessed when we are in charge of building things and securing them and defending them, we haven't historically done that great of a job either."

Meanwhile, the National Security Agency (NSA) is launching a series of attacks on the zero-trust security systems of the four cloud service providers to determine whether the companies implement zero trust correctly and are able to withstand attacks from the NSA red-team hackers.

These tests are not required for the JWCC contract, but are conducted as an independent experiment.

Continue reading here:
Companies Awarded JWCC Contract are 'Receptive' to Red ... - GovernmentCIO Media & Research

NSA Doval Assured Russian Counterpart of Indias Support in Multilateral Fora: Leaked US Intel – The Wire

New Delhi: National security adviser (NSA) Ajit Doval assured his Russian counterpart Nikolay Patrushev of Indias support for Russia in multilateral venues during a meeting at Moscow on February 22 this year, leaked classified US intelligence assessments show, according to a Washington Post report.

Doval, as per the leaked documents, also told Patrushev that New Delhi was working to ensure the Ukraine war did not come up during a Group of 20 meeting chaired by India, despite considerable pressure to do so. He also cited Indias resistance to pressure to support the Western-backed UN resolution over Ukraine, saying India would not deviate from the principled position it had taken in the past.

The documents were among a trove of US intelligence secrets leaked online through the Discord messaging platform. Several sensitive files were released by a 21-year-old IT specialist of the US Air National Guard, revealingUS concern over Ukraines military capacity against Russian forces and also instances ofalleged spying by Washington on its allies Israel and South Korea.

It is not clear how US intelligence agencies gained access to Dovals discussions with Patrushev.

Patrushev, a close confidante of Russian President Vladimir Putin, had officially met Indian Prime Minister Narendra Modi on March 29, when he was in Delhi for a Shanghai Cooperation Organisation meeting. Russias Security Council said in a readout cited by Russian news agencies after the meeting that Patrushev and Modi discussed issues of Russian-Indian bilateral cooperation and mutual interest, without providing further details.

Advertisement

Advertisement

A week after Dovals meeting, the Modi government had suggested removing any reference to the Ukraine war from a joint statement to be issued at the end of the meeting of G-20 foreign ministers in New Delhi. It claimed that this was in line with its neutral stance on the issue and a reiteration of its view that diplomatic channels should be employed to resolve the crisis.

However, the Western countries did not agree to that suggestion and this disagreement resulted in a failure to forge a consensus on broader global challenges. In place of a joint statement, aG20 Chairs Summary and Outcome Documentwas released, underlining the positions expressed by member countries in relation to the Russia-Ukraine war.

Analysing leaks about positions that developing countries have taken regarding the USs rivalry with Russia and China, the Washington Post report says that JoeBidens global agenda faces significant challenges as major developing nations seek to evade the intensifying standoff and in some cases exploit that rivalry for their own gain.

Read more from the original source:
NSA Doval Assured Russian Counterpart of Indias Support in Multilateral Fora: Leaked US Intel - The Wire

UNCP launches cybersecurity pathway with Southeastern … – The Pine Needle

UNC Pembroke recently signed an articulation agreement with Southeastern Community College (SCC) to provide a seamless pathway for information technology students seeking to further their education in the cybersecurity field.

The new partnership will increase the pipeline of cybersecurity professionals across the region. Cybersecurity is among the most in-demand professions and fastest-growing career areas nationally. The partnership with SCC will address the national workforce shortage.

This pathway is the latest example of the long-standing relationship between our two institutions and another opportunity to change lives through education, Chancellor Robin Gary Cummings said during a signing ceremony at SCC on April 28.

It is vitally important for the continued growth of southeastern North Carolinas economy that we fully leverage the power and potential of SCC and UNCP to improve the lives of students, the lives around them, and move our region forward.

Through this new opportunity, a four-year degree in an extremely in-demand field becomes even more accessible for students to pursue, and that is the result of strong partnerships, Dr. Cummings said.

The agreement eases the transition for students who complete an Associate in Applied Science in information technology to transfer and complete a bachelors degree in information technology with a cybersecurity track.

According to national statistics, there were 600,000 cybersecurity job openings between April 2020 and March 2021. The new partnership will specifically target workforce development, according to SCC President Chris English.

Everything we do at SCC is about workforce development, Dr. English said. We take pride in knowing that we have this great partnership with UNCP, and it is evident that we keep leaning on UNCP, and you keep stepping up to the challenge. You understand our students needs and Columbus Countys needs.

I reassure you that our strong partnership with Whiteville City Schools and Columbus County Schools will be extended through this so that we can develop our youth into a great career, English continued.

UNCP offers cybersecurity tracks with undergraduate programs in computer science and information technology. These programs have shown significant growth since their inception. In fall of 2022, UNCP began offering a Bachelor of Science in cybersecurity.

The new degree program includes a strong math and computer science foundation, combining lectures with real-world case studies, hands-on experience in cyber labs and collaborative faculty-student research opportunities.

To further bolster the universitys cybersecurity programs, UNCP was recently designated as a National Center of Academic Excellence in Cyber Defense by the National Security Agency (NSA). UNCP also partnered with state and federal entities and established the Cyber Defense Education Center.

The designation opens the door for scholarships and internships with collaborative agreements established under NSA partnerships. Students will be eligible to participate in cyber competitions and work on NSA-funded research projects.

Originally posted here:
UNCP launches cybersecurity pathway with Southeastern ... - The Pine Needle

James Risen on Reining In the CIA – Washingtonian

Investigative reporter James Risen has been covering American intelligence agenciesthe CIA and the NSA, among otherssince the 1990s. Now hes written The Last Honest Man, a biography of Frank Church, the late senator from Idaho who risked his career to bring those agencies to heel. In the mid-1970s, Church chaired the Senates first investigation into the American intelligence community, which uncovered astonishing abuses of power: plots to assassinate foreign leaders, warrantless surveillance of Americans, and the FBIs harassment of Martin Luther King Jr., for example. The Church Committees work led to significant reforms.

Like Church, Risen has tangled with the intelligence community in the course of his investigations. In 2006, he won a Pulitzer Prize for revealing the existence of the NSAs post-9/11 domestic-spying program, stirring a national civil-liberties firestorm. That same year, his book State of War enraged the US government by including the story of a bungled CIA operation against Iran. Prosecutors later opened a leak investigation into Risens source, believing that a former CIA officer had illegally provided him with classified information. (For seven years, Risen refused to reveal his source, and finally the government gave up.) We spoke with Risenwho lives in Montgomery County and currently works for the Interceptabout the legacy of Frank Church, the current state of the intelligence community, and how he protects sensitive sources.

Church had been radicalized by the Vietnam War. He saw Vietnam as a symptom of a larger problem that the United States was becoming too militaristicthis warmongering and mercenary imperialism. He was probably the first major politician to call out that America was becoming a militaristic empire. And very frequently, he compared what the United States was doing to what the Soviets were doing in Eastern Europe, which was incredibly dangerous for an American politician at that time. That led him to want to run the Church Committee, because he believed that the CIA was at the center of these immoral things the United States was doing.

I think the mass surveillance. The NSA found ways around FISA [the Foreign Intelligence Surveillance Act, passed in the wake of the Church Committee]. FISA was always flawed, but then it was not sufficiently updated in the age of the internet and social media and cell phones and everything. And the updates that have come have actually weakened it, even though theyre supposed to be in the name of protecting American privacy. So I think thats the main thing.

The other thing is that after 9/11, the CIA began to become much more of a paramilitary organizationtoday its more of an extension of the Pentagon. Its involved in targeted killing with drones. That was all new after 9/11, and there was no real pushback, either from Congress or from regulations in place. So I think the paramilitary role of the CIA and the expansion of NSA surveillance are the two that are the most urgent.

I think its hilarious. These Republicans are using the Church Committee name, but theyre using it in vainthey dont know what theyre talking about. You have Trump saying, Oh, the CIA is out to get me, theres a deep state. Theres this cabal of people in the intelligence community who want to overthrow the government. And so it became this weird conspiracy theory that a lot of Republicans now buy into. Unfortunately for them, the facts dont back that up.

The Democrats are now kind of trying to be the adults in the roomwhich Im glad somebody isbut as a result, theyre not willing to criticize the military or the intelligence community very much. So its a very different atmosphere than in the 70s, when the Church Committee came. Now the problem is that theres not a great constituency for [reform].

Its really hard. You have to learn to stay off electronic communications as much as possible. If you have to have electronic communications, just keep it to the first time you meet somebody: Tell them where you want to meet and then dont say anything else. I would meet somebody, and then at the end of the conversation we would agree on when and where to meet the next time. If either of us had to change, we would mail a letter anonymously to each other.

Never put anything after that first introduction on electronic communication. Never use credit cards. And always meet somewhere really remote. Theres no perfect way to avoid the FBI or electronic surveillance, but those are the best things you can do.

Yeah, absolutely. That was a big part of itpeople in the government have said that the reason for these leak investigations is to have a chilling effect. And it hasits made it much harder to do national-security reporting. I was just telling somebody a funny story the other day: I had this one longtime source in the middle of all this investigation who wouldnt talk to me anymore, wouldnt answer his phone. So I decided to go knock on his door in DC without warning. He opened the door and turned white looking at me. He looked out to see if anybody else was there, and then he pulled me in and said, Follow me. I followed him through the house, back to the kitchen. Then he opened the back kitchen door and looked out and said, Go. So I had to leave. He just walked me through the house, through the back door, to his alley.

He didnt say anything.

It is hard. Covering the CIA is, like, 90 percent figuring out who you should talk to and the logistics of meeting them and getting them to talk, and then 10 percent writing stories. But theres all kinds of tricks you can do [to develop sources]. Theres a whole network of retired CIA officers, so I started trying to meet with people who had just retired, and then they would tell me a story and I would write the story, and they would think it was balanced and fair. So then they would tell somebody else, Okay, you can talk to this guy. You slowly build a network of all these people.

One way I met somebody was doing a book signing. This CIA employee got in line. When they got up to me, they leaned over and told me they wanted to meet. They became a source. You never can tell how its going to happen.

The government will always say that some report in the press was horribly damaging, but thats never true. I dont think theres ever been a newspaper story that damaged American national security, because by the time we find out about stuff, theres so many other people who already know it. And we dont print things that would really put American personnel in harms way. During the Iraq or Afghan war, the really important secret is, like, where an American convoy is going to be in 15 minutes, which would let somebody plant an IED. Thats not ever going to be in the press.

What we write about are policy disagreements. There was a huge policy debate going on over the NSA spying program. What we revealed was that this program existed, that it was illegal and unconstitutional, and that a lot of people in the government knew that. I think they lose credibility with these over-the-top claims that the press harms national security. But thats one problem we have as reportersits so easy to make us look like were traitors or evil or something, when all were doing is revealing what the American public should know.

This interview has been edited and condensed.This article appears in the May 2023 issue of Washingtonian.

Join the conversation!

Continue reading here:
James Risen on Reining In the CIA - Washingtonian

The AI message at RSAC was long on hype and short on specifics – SC Media

I spent almost all of last weeks 2023 RSA Conference (RSAC) on the show floor as a technical asset, which has been my usual role for many years.

It was very clear that the pandemic was still affecting overall attendance in show attendees and in how vendors approach the show.As usual, there were a range of vendors from mature incumbent companies that have been fixtures for many years to small startups that were making their first appearance at RSAC. Even with the recent financial uncertainty, the attitude in general remains positive. While there have been a lot of layoffs in the tech sector overall, cybersecurity remains a priority for many organizations and the lack of qualified technical talent remains an issue.

One of the major topics of discussion at the show was artificial intelligence. There were several technical sessions that delved into the promise and challenges of AI technology, while there were a lot of conversations on the show floor about the subject as well. Its a hot topic and it doesnt seem like the hype will quiet down any time soon.

AI and machine learning have been factors in security products for many years, with various levels of emphasis versus actual effectiveness, but the ChatGPT conversation being the interface thats caught the publics imagination has taken center stage. Its a different conversation than in previous years where it felt like AI or machine learning were just buzzwords that were added more for marketing purposes than as a functional part of the product. MLwasa functional part of a lot of products, but it wasnt as powerful as it was often promised.

Now, numerous vendors mentioned that they were exploring how they could incorporate generative AI into their products, or how it was already on the roadmap. Though, at this point, I found that very few vendors had anything specific to show. The consensus was that generative AI can offer multiple benefits in the cybersecurity world, but were still having to figure out exactly where and how it will fit into our security stacks.

In talking to people from a range of specialties, industries, and technical capacities, there was some frustration with trying to pick the valid benefits and threats out of the media hype cycle. To paraphrase, the most common take I heard was that it could give some real advantages in triage as a kind of Intelligent SOC Assistant, and for helping with education and dealing with common security issues that the average users face.

Theres also a place for AI in dealing with the data overload a lot of security teams face. As machine learning and related fields improve, they get better at drawing connections out of disparate data. The generative AI aspects can help draw insights out of that parsed and filtered information. Were seeing this already in some areas, and itll continue to grow.

Some, myself included, have expressed worry about this latest generation of AI being used for social engineering, but there was much less concern about threat actors using it to develop malware. Overall, the impression was that those of us in cybersecurity had more to gain from this than the threat actors we are trying to stop will. Also, the hype about it being used to create unstoppable malware was highly exaggerated.Theres no doubt that AI will continue to make waves, and I expect well see a lot more of it over the rest of the year.

Overall, the mood was positive, with a general feeling that even with the downturn, there was still a positive need for investment in cyber. Though thats tempered with organizations needing to use their sometimes-limited resources to the best effect.On some level that best effect idea was apparent in the show booths. While the show was well attended, the displays were subtly toned down from years past.

A personal highlight was the National Security Agency (NSA) booth. The NSA has been bringing one of their vintage Enigma machines to RSA for years, and this year they broughttwoof the three-rotor machines with matching rotors. Having two machines with the same rotors let people use them to send encrypted messages, a rare treat for anyone interested in cryptography.

Mike Parkin, senior technical engineer, Vulcan Cyber

Original post:
The AI message at RSAC was long on hype and short on specifics - SC Media