Mediaboss Marketing

Cyber threats to national security and prosperity are today better understood, better prioritised and far better resourced than in decades past. Cyber as a domain, as a threat and as a key opportunity is now a firmly established and essential element of military strategy and capability.

Yet today, state, non-state and individual cyber actors have greater capability, capacity and willingness to use cyber tools aggressively for malicious purposes, and their tolerance for risk has grown.

In the view of former US National Security Agency and US Cyber Command boss Mike Rogers, despite the positives, the overall picture of the cyber domain is one of increased threat and complexity.

Most countries, even if they leverage all the power and capability of their military and defence cyber sectors, cant effectively respond to this complex threat environment alone. Many nations, Western and non-Western, democratic and non-democratic alike, now understand that their national capabilities and their private sectors are engaged in a competition that is fundamentally unfair.

For decades, countries with market-based economies, such as the United States, have sought to create national frameworks that enable their research and development ecosystems and free-market private sectors to pursue global competitive advantage, largely by keeping government out of their way.

The assumption that market-based economies by their nature could continue to enable the private sector to out-compete and out-innovate their rivals has been disproven. Rogers notes that the approach of an enabled and unencumbered free market served the US well for a time after the end of the Cold War; it led to the invention and dominance by the US and other Western nations of key capability areas like stealth technology, the internet and wireless connectivity.

But between the fourth and fifth generation of these technologies, the playing field has definitively tilted in favour of actors that exploit highly controlled, centralised and coordinated strategies leveraging all the resources and capability in their private and public sectors, including intelligence and espionage capabilities.

Chinanow openly described as a peer competitor and strategic rival to most Western countrieshas assessed that cyber and a range of critical and emerging technologies are game-changers with both domestic and international implications. Cyber is considered by China (and the US and others) as being among a range of technologies that can offer decisive strategic advantages for future prosperity and security.

The Chinese state has poured, and continues to pour, billions of dollars into building its cyber capabilities. Its strategy includes blatant theft of advanced Western intellectual property and excessive requirements for technology transfer from the West as a precondition for access to the lucrative Chinese market, and to the billions of dollars of Chinese state investment.

No company, R&D outfit, or sector of companies operating under free-market principles and on the assumption of a level playing field can compete with Chinas strategy. Competing under these circumstances requires a team approach bringing together government and the private sector, and working with partners and allies across national boundaries.

In no way should a team strategy between like-minded players emulate what China has done. Competing effectively doesnt necessitate cyber-enabled IP theft, the employment of state espionage capabilities to unfairly benefit Chinese state-owned and private companies, or forced technology transfer. But it does require policy settings that protect innovation and cutting-edge technology developed and commercialised in the US and other centres of technological excellence and dynamism (including and especially in the Indo-Pacific).

It also requires export-control and inward-investment regimes that differentiate between international actors with which technological cooperation is a strategic imperative and those that present significant strategic risks.

It certainly involves a clear articulation that competitionfair competition with clear rules for acceptable and unacceptable behaviouris the strategy. And it involves action to create a policy environment that enables competition in a way that protects and extends existing rules and norms and that safeguards IP and key sources of innovation.

It also requires forums and mechanisms that bring together the perspectives, incentives and imperatives that drive the activities of governments, the technology sector and civil society. These communities dont yet talk to one another effectively, dont harness their collective power for shared benefit, and dont align on common interests in a way that produces superior outcomes for them all.

The need to get to that is urgent. The Sydney Dialogue, an ASPI initiative, brings government, private-sector and civil-society leaders together at the highest levels and provides a platform for enhanced cooperation between international actors. It offers a constructive space for the urgent conversation needed to enable stronger, fairer, more integrated competitive strategies between countries that share a commitment to the rule of law and a vision for the use of existing and future technologies in the global good.

Rogers discussed the need for better, more integrated strategies to compete with China in key technology areas. He delved into the implications of the use of cyber capabilities in the Russian invasion of and ongoing war against Ukraine, and described it as a watershed moment. The growing reality of, and increasing calls for, decoupling of cyber and other technologies from China, Russia and other actors is also explored.

Importantly, Rogers talked about the enormous potential of the technology priorities and objectives of the AUKUS partnership. Australia, the UK and the US have a real opportunity to demonstrate and enhance their ability to achieve effective integration between government, industry and civil society, and to work across national borders through a joined up, multi-sectoral technology strategy for national security.

To meet the objectives of partnerships like AUKUS, theres a need to move beyond cooperation to integration, including between parts of our systems that have operated independently for good reasons in the past. We must preserve the best and most productive characteristics of our free and open systems. But government, the private sector and civil society must also be brought into closer alignment for the benefit of all. It is past time to move beyond understanding the problem and start organising more effectively for the geostrategic technology competition that we know were now in.

The policy challenges posed by critical, emerging, cyber and space technology require a new approach. That starts with answering a key question Rogers asks: What is our vision of the key technologies, the most critical sectors that are really going to drive economic advantage and [that] if placed at risk would cause us harm, [and] what are the policies we need to create advantage for ourselves?

A new cybersecurity strategy based on what is required to become and remain competitive, secure and resilient should focus on this central question.

Continue reading here:
Former US Cyber Command and NSA chief makes the case for a cyber competition strategy | The Strategist - The Strategist

As a key outcome of the first India-Central Asia summit that took place in January this year, the inaugural National Security Advisors meet will take place in December this year in India.

The meeting takes place even as India and Central Asia celebrate 30 years of establishment of ties and focus on increasingengagement. Central Asia consists of fivecountries - Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistanand Uzbekistan with whom India has cultural and civilization ties.

The India Central Asia summit had taken place earlier withthe participation of PM Modi andall leaders of the five countriesandthe key outcomes of the meet included holding summit level meet every twoyears. Leaders also agreed on regular meetings of foreign ministers, trade ministers, culture ministers andsecretaries of the Security Council or NSAs as part of close cooperation.

India will also host the Shanghai Cooperation Organization (SCO) NSAmeeting in March of next year(2023). India will be taking over the chair of the group in September this year after the summit in Uzbekistan's Samarkand.

On Friday, India's deputy national security adviser Vikram Misri took part in 17th Secretaries of Security Councils meeting in the Uzbek capital Tashkent. During the meeting, the key focus of India was on Afghanistan as officials highlightedhow India has helped the Afghan people as itreiterated its call for the formation of an inclusive government, preserving the rights of women, children and minorities andcombating terrorism and drug trafficking.

While the Taliban's takeover of Afghanistan in August last year shocked the region and the world, the focus since then has been on aid to the Afghan people by New Delhi. India has sent 40,000 MT of wheat, 30 tons of medicines, 500,000 doses of COVID-19vaccine and 500 units of winter clothing so far. In the aftermath of the devastating earthquake in Patika province, Indian Air force planes delivered 28 tons of emergency relief assistance.

However, worries remain over Afghan territory being used by terrorists whichwas emphasised by India's deputy NSA who highlighted the threat posed by various terror groups including those designated by UNSC such as ISIS, Al-Qaeda, Lashkar -e-Taiba, Jaish -e-Mohammed among others. He pointed tothe recent attack on Karte Parwan Gurudwara in Kabul whileexpressing concerns over the increase in the number of terror attacks by ISIS affiliate Islamic State-Khorasan Province (ISKP).

This yearIndia is the Chair of the Council of Regional Anti-Terrorist Structure ( RATS) of the SCO andhas strongly taken up the issue of countering terror finance. It has chaired 24 meetings of various groups of the SCO RATS structure with five meetings held in India.

India will also be holding the SCO RATS council meeting on October 14th this year in Delhi.

During his Uzbekistan visit, Deputy NSA Misri held bilateral meetings with Uzbek NSA Viktor Makhmudov, Mongolian NSA J. Enkhbayar andcalled on the Acting Foreign Minister of Uzbekistan Vladimir Norov Imanovich.

WATCH WION LIVE HERE

You can now write for wionews.com and be a part of the community. Share your stories and opinions with us here.

See the article here:
Inaugural India-Central Asia NSA meeting to be held in December - WION

The NSA released its Kubernetes Hardening Guidelines almost a year ago and made updates to it this March. The purpose of the document is to provide an overview of what Kubernetes users need to do to ensure security. As described within, the report is designed to help organizations handle Kubernetes-associated risks and enjoy the benefits of using this technology.

The guidelines are extensive; a 66 page document. There are some main categories that are covered throughout including pod security, network separation and hardening, authentication and authorization, audit logging, threat detection, upgrading and application security.

Within each section, the NSA outlines advice. For example, it explains that to ensure pod security, you should use containers built to run applications as non-root users. It says, By default, many container services run as the privileged root user, and applications execute inside the container as root despite not requiring privileged execution. Preventing root execution by using non-root containers or a rootless container engine limits the impact of a container compromise.

Another example is around locking down access. It says, [Role-based access control] RBAC, enabled by default, is one method to control access to cluster resources based on the roles of individuals within an organization. RBAC can be used to restrict access for user accounts and service accounts.

The list is extensive, which can feel overwhelming and might leave you wondering whether the NSAs advice is truly important or if its just overkill.

The CNCF says in its 2021 annual report that the usage of Kubernetes is continuing to grow and reached its highest level ever, with 96% of organizations using or evaluating the technology. However, security continues to be top of mind for organizations. In a Red Hat report, 94% of respondents stated they have experienced a security incident in their Kubernetes and container environments during the last 12 months.

Companies want to use and are adopting Kubernetes, but security must be a top priority. By producing this guide, the NSA is essentially endorsing the technology. It sees the value of using Kubernetes but wants it done securely. This is huge for the cloud-native landscape and for Kubernetes adoption. The guidelines provide not only U.S. federal organizations a path to secure usage of Kubernetes, but any company that wants to use the technology, too.

So, the next logical question is how to tick the boxes on the guide? With approximately 20 different requirements around the five categories, it can seem like a big undertaking.

The first step to complying with the guide is to understand your Kubernetes environment. For example, how many clusters do you have? Do you have any containers running as root? Do you have role-based access control in place? And are you doing all of this consistently? Many of the issues around Kubernetes involve a lack of visibility into the environment and ability to understand if policies are being implemented habitually.

Unfortunately for many organizations running environments with three or more clusters, it is too hard to answer this question. The genius of a Kubernetes environment is its ephemeral nature; the downside is things are constantly changing.

DevOps teams wanting to implement NSA hardening guidelines should spend time auditing their environment for misconfigurations. Many organizations fall into the trap of doing this manually but should look to tools that automatically scan clusters and infrastructure-as-code for misconfiguration and vulnerabilities.

Once a Kubernetes environment is understood, how do you achieve compliance? First, DevOps teams should look for tools that help them enable developers to use Kubernetes safely. This is where Kubernetes guardrails come into play. Guardrails enable DevOps teams to turn policy from a piece of paper into a safety net. Instead of moving to production with a manual review, guardrails can be put in place to guide the entire development life cycle. Developers can ensure container security configuration is set, for example, before it ever gets to production. It helps to free up DevOps time and enables developers to ship applications faster.

Next, by combining automated scans with guardrails, teams can document their journey to compliance. It becomes a much easier process as unknowns in Kubernetes become knowns.

Understanding the importance of the NSA hardening guidelines and knowing how to implement them are two different things. In my next article, Ill dig into some specific examples around the five main categories of the report.

Related

Here is the original post:
What Are the NSA K8s Guidelines and Why Should You Care? - Container Journal

Stringent National Security Act (NSA) and the Gangsters Act were invoked on Thursday against the main accused and four others in the case of the June 3 violence in Kanpurs Beckonganj area following a protest against remarks by a BJP leader about Prophet Mohammad.

Officials said that Hayat Zafar Hashmi, the main accused in the case, has been booked under the NSA, while four others, including Mukhtar Ahmad Baba, the owner of city-based restaurant chain Baba Biryani, have been booked under the Gangsters Act.

The Kanpur Police have registered three FIRs in connection with the violence and arrested 60 people so far.

Kanpur Police Commissioner Vijay Singh Meena said, On June 3, an incident happened in Kanpur and an attempt was made to disturb communal harmony. Taking swift action, the police have so far arrested 60 people. In continuation of that, the main accused who provided funding for the violence and gathered people in an attempt to disturb peace have been booked under the Gangsters Act.

Those booked under the Gangsters Act are Haji Mohammad Wasi, Mukhtar Ahmad Baba, Akeel Khichdi and Shafiq. District Magistrate Vishak G said, A report was received from the Kanpur Police Commissioner about the main accused Hayat Zafar Hashmi. An order was passed to invoke Section 3(2) of the National Security Act against him on Thursday.

The police said that Hashmi, who is the chief of a local outfit, Maulana Mohammad Ali Jauhar Fans Association, is the main accused in the violence, while the others were involved in the conspiracy leading to the incident.

According to the MMA Jauhar Fans Associations Facebook account, the outfit was founded in 2007 by Hashmi with the aim of raising voice for social and civic problems like water supply, power crisis, roads and traffic issues.

Mukhtar Baba, who is accused of financing Hashmi, was arrested on June 21.

A week later, at least three outlets of Baba Biryani in the city were sealed by the administration stating that samples collected from them allegedly failed the quality test in an Agra laboratory. Haji Mohammad Wasi, a city-based realtor, was also arrested for allegedly funding Hashmi.

Several of his properties are under the scanner of the Kanpur Development Authority (KDA) and notices have been served on at least nine buildings belonging to him. The police had said that Wasi was one of the main conspirators and during questioning of several accused it came to light that he played a vital role in the violence. Wasis son Abdul Rehman was also arrested in the same case.

View post:
Kanpur violence: NSA, Gangster's Act invoked against main accused, 4 others - The Indian Express

A group known as Arewa Youth Assembly (AYA) has called for the resignation of Babagana Monguno, national security adviser (NSA), over the insecurity in the country.

Mohammed Danlami, spokesman of the group, in a statement on Monday said the NSA has run out of ideas in tackling the security challenges in the country, and therefore should resign or be sacked by the president.

The Arewa Youth Assembly shares in the pain and agony of the immediate families and friends of those in captivity and pray God to intervene through His supernatural power and set them free, Danlami said.

The AYA notes that the growing audacity of non state actors which led to the invasion of Kuje Maximum Prison, Abuja which led to the release of numerous arrested Boko Haram Commanders shows that even Mr President in the Presidential Villa is not safe, it is just a matter of time, these ragtag elements will draw inspiration from the Afghanistan Terrorist and take over leadership of our country.

We have observed that this insult to our country sovereignty would not have been possible if the National Security Adviser, who is supposed to guide Mr President had not run out of ideas.

Since Mongunos appointment over seven years, we strongly believe that the man has run out of steam and does not have anything new to offer, hence, the honourable thing for him to do is to pack his luggage and return to his retirement destination, where he fails to, Mr. President should urgently sack him and get him replaced.

The youths will not participate in activities in the build up to 2023 general elections and the election proper if our brothers and sisters in captivity are not released.

Also most of our Local Government Areas and communities that are now under the control of either Ansaru terrorists in North Central and North West or ISWAP in North East should be recovered.

In other words, politicians are only welcome to our region, when we have every reason to believe that our forests are free from bandits and terrorist.

The assembly strongly believes that if the amount of monies budgeted for security and defence were deployed for such purposes, the terrorists in our bushes would not have been able to withstand our armed forces for three days.

View post:
'He has run out of ideas' -- CSO demands Monguno's resignation as NSA - TheCable