Overview: Cyber Risks

Read Article | Comments

Author: Paul Meyer

Chair, Canadian Pugwash Group | Senior Advisor, ICT4Peace

Cyberspace, the broad term for the system of networked computer systems for which the Internet is the chief embodiment, is a unique, human-created environment. The potential of information and communication technology to benefit humanity is vast and the growth in its use world-wide has been exponential. Today close to four billion people are connected to the Internet and a community of “netizens” has emerged.

Unfortunately, the growth of cyberspace has not been matched by a similar development of global governance for it. Even more worrisome, is the degree to which cyberspace has become “militarized” with states developing capabilities, not only for the defence of their own systems, but also offensive capabilities that threaten damage and destruction to entities beyond their borders. These trends within national security establishments of leading cyber powers have accelerated and the detrimental impact of cyber operations on civilian interests has grown. A narrative of “cyber war” has been espoused by major states, depicting this remarkable product of human ingenuity as just another “war-fighting domain”.

Read more

Video interview with Paul Meyer


Video credit: ICT4Peace Foundation. A longer interview is available on YouTube at https://youtu.be/BveJ3V1ADUo.

To Post a Comment

Please wait a few seconds for the comments to load at the bottom of this page. Then read the ideas other people have shared and reply or add your own knowledge. The space for comments is in a pale font. It’s good to give your comment a title by selecting it and clicking the “B” (for “boldface”). And you can italicize passages with the “I”, indent, add hyperlinks (with the chain symbol) or even attach a photo or graphic from your hard drive by clicking the paperclip at the right side of the space. Have fun with it!

54 Comments
Inline Feedbacks
View all comments

U.S. Nuclear Modernization: Security & Policy Implications of Integrating Digital Technology

8 December 2020 | NTI

“An expansive, complex undertaking to modernize the United States’ nuclear bombs and warheads, their delivery systems, and the command, control, and communications infrastructure around them is underway. It is a project that carries the potential for great benefits through an increase in digital systems and automation, as well as the addition of machine learning tools into the U.S. nuclear triad and the supporting nuclear weapons complex. But it also is one that carries significant risks, including some that are not fully understood. If it does not take the time to protect the new systems integrated with some of the deadliest weapons on earth from cyberattack, the U.S. government will be dangerously outpaced in its ability to deter aggressors.”

Given the stakes, why take on new risks at all? The reason to integrate digital technologies into U.S. nuclear weapons systems is clear: this is the first significant upgrade of U.S. nuclear weapons systems in nearly 40 years, and the old systems need replacing. The most efficient way to update the full nuclear triad of bombers, submarines, and ground-based missiles, as well as the bombs, warheads, and command, control, and communications network, is to use today’s technology, including digital tools. From digital displays on bomber aircraft to advanced early-warning sensors and machine-learning-enabled nuclear options planning tools, this U.S. nuclear weapons recapitalization, like past modernizations, will be a product of its time.Read more

Link: https://www.nti.org/analysis/reports/nti-modernization-report-2020

Last edited 3 months ago by Adam Wynne

Enough is enough. Here’s what we should do to defend against the next Russian cyberattacks

By Alex Stamos, Washington Post, Dec. 15, 2020

Alex Stamos is the director of the Stanford Internet Observatory and the former chief information security officer of Yahoo and Facebook.
The details are still trickling in, but it seems possible that the latest Russian cyberattacks against the Departments of Homeland Security, Treasury and State; the National Institutes of Health; and possibly dozens of companies and departments will turn out to be one of the most important hacking campaigns in history.

The current reporting suggests that the Russian Foreign Intelligence Service (SVR), long considered Russia’s most advanced intelligence agency in cyber operations, managed to compromise the servers of an important vendor of information technology software and implant a back door. This company, SolarWinds, services tens of thousands of corporate and government clients, and its products naturally have access to critical systems. Since March, we’ve now learned, the SVR has been able to use this toehold to jump into the networks of a variety of highly sensitive organizations. I expect the true impact of the overall campaign won’t be known for months or years as thousands of companies scramble to determine whether they were breached and what was stolen.
While we don’t have all the details, it is already clear that something is wrong with how our country protects itself against the hackers working for our adversaries in Russia, China, Iran and North Korea. As the Biden administration puts together its plan to secure the United States against these kinds of attacks, and Congress considers how to update the existing bipartisan cybersecurity consensus, I offer three initial fixes.

First, we need to build a cyberspace equivalent of the National Transportation Safety Board. Such an agency would track attacks, conduct investigations into the root causes of vulnerabilities and issue recommendations on how to prevent them in the future. As things stand now, our only public account of this latest attack will come from the class-action lawsuits filed by lawyers acting on behalf of affected companies and shareholders. When I worked for Yahoo, I saw myself what happened after the company was attacked by the Russians. Legal teams produced dozens of depositions and reviewed hundreds of thousands of documents; then they collected their million-dollar payouts, and that was that. No public documentation resulted; no useful lessons were learned.

We should create a mechanism to handle cyberattacks the same way we react to serious failures in other complex industries; the NTSB offers a useful model. While voluntary transparency from technology companies such as FireEye has been helpful, it won’t provide the kinds of detailed reporting across dozens of victims that will enable other security teams to learn from this attack and thereby make the SVR’s job a bit harder.
And while we’re at it, let’s make sure Congress passes a federal data breach law that covers the thousands of secret breaches that occur every year but aren’t publicly discussed. Such attacks have included attempts to acquire critical vaccine datarocket designs or trade secrets. But there’s no law requiring that they be disclosed unless they include the credit card numbers, email addresses and other bits of personal information covered by state breach laws. Our society can’t respond to the overall risk as long as we’re discussing only a fraction of the significant security failures.

Second, Congress and the new administration can work together to put defensive cybersecurity on the same level as offensive cyber operations and intelligence gathering. The Cybersecurity and Infrastructure Security Agency (CISA) was created only two years ago to coordinate defending both the public and private sectors. While CISA quickly established itself under director Chris Krebs, who was fired by President Trump for his truthful statements regarding election security, the size and technical competence of the agency does not yet match up to that of its offensive cousins.

CISA has about 2,200 employees spread across its cyber and infrastructure responsibilities. By comparison, the National Security Agency, only one of 17 members of the U.S. intelligence community, has more than 40,000. Patching routers at the Interior Department isn’t as sexy as destroying Iranian centrifuges or reading the correspondence of the Chinese Communist Party, but it is certainly just as important when you consider that the United States has the largest, most technologically advanced, and therefore most vulnerable, economy in the world.

Third, the Biden administration can appoint individuals with practical, hands-on defensive experience to key roles in the White House and critical agencies. Official Washington has long disrespected cybersecurity expertise in a way that would be unthinkable in other complex professions. The Senate would never confirm a malpractice attorney to be a surgeon general, and the president would never ask a Judge Advocate General Corps officer to serve as chairman of the Joint Chiefs of Staff.
But this, in effect, is just how Washington has treated cybersecurity — as something best understood by the lawyers who prosecute cybercrime and defend breached companies. This isn’t to dismiss the contributions made by members of the legal profession; there are many smart, dedicated lawyers working in the cybersecurity field. Even so, the Biden cybersecurity team should include the voices of people who have real experience preventing, detecting and responding to crises like the one our country is facing today. It’s long overdue that we started treating cyberthreats with the seriousness they deserve.

Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace

19 October 2020 | Department of Justice, United States of America | https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and

“On Oct. 15, 2020, a federal grand jury in Pittsburgh returned an indictment charging six computer hackers, all of whom were residents and nationals of the Russian Federation (Russia) and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.

These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort. 

Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics. The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.

Read more

Last edited 5 months ago by Adam Wynne

“Democrats Push for More Transparency about Russian Election Interference”

By Joseph Marks

“Top Democrats are slamming the Trump administration for not sharing enough information with the public about Russian efforts to interfere in November’s election.”

“While intelligence officials have warned that U.S. adversaries are trying to hack into political campaigns and election systems – and cited Russia, China and Iran as the biggest threats — House Speaker Nancy Pelosi (D-Calif.) and Senate Minority Leader Chuck Schumer (D-N.Y.) say that’s not enough to help voters gird themselves against social media disinformation or the sort of hacking and leaking campaign that upended Hillary Clinton’s campaign in 2016.”

Read more

comment image

Beware Chinese Drones- They Might Be Spying on Us!

By: Joseph Marks

“Researchers are warning about cybersecurity vulnerabilities in an Android app that powers a popular Chinese-made drone they say could help the Chinese government scoop up reams of information. 
The accusation comes amid a diplomatic clash between Washington and Beijing over everything from trade to the search for a coronavirus vaccine and it’s sure to worsen U.S. distrust of a broad range of consumer technology.”

Read more

Clueless governments

With such fast-paced technological advancement, how will governments keep up with policies that protect its citizens?

We need more government regulation on software controlled components…

If they sell it, they should be responsible for making it work

We should hold all conglomerates responsible for their faulty technology! Since they’re selling us these products, they have to ensure our safety as the consumer!

Why Our Nuclear Weapons Can Be Hacked

By Bruce G. Blair
New York Times, 14 March 2017

Article Excerpt(s):

“It is tempting for the United States to exploit its superiority in cyberwarfare to hobble the nuclear forces of North Korea or other opponents. As a new form of missile defense, cyberwarfare seems to offer the possibility of preventing nuclear strikes without the firing of a single nuclear warhead.

But as with many things involving nuclear weaponry, escalation of this strategy has a downside: United States forces are also vulnerable to such attacks.

Imagine the panic if we had suddenly learned during the Cold War that a bulwark of America’s nuclear deterrence could not even get off the ground because of an exploitable deficiency in its control network.

We had such an Achilles’ heel not so long ago. Minuteman missiles were vulnerable to a disabling cyberattack, and no one realized it for many years. If not for a curious and persistent President Barack Obama, it might never have been discovered and rectified.

In 2010, 50 nuclear-armed Minuteman missiles sitting in underground silos in Wyoming mysteriously disappeared from their launching crews’ monitors for nearly an hour. The crews could not have fired the missiles on presidential orders or discerned whether an enemy was trying to launch them. Was this a technical malfunction or was it something sinister? Had a hacker discovered an electronic back door to cut the links? For all the crews knew, someone had put all 50 missiles into countdown to launch. The missiles were designed to fire instantly as soon as they received a short stream of computer code, and they are indifferent about the code’s source.

It was a harrowing scene, and apprehension rippled all the way to the White House. Hackers were constantly bombarding our nuclear networks, and it was considered possible that they had breached the firewalls. The Air Force quickly determined that an improperly installed circuit card in an underground computer was responsible for the lockout, and the problem was fixed.

But President Obama was not satisfied and ordered investigators to continue to look for similar vulnerabilities. Sure enough, they turned up deficiencies, according to officials involved in the investigation.

Read more

Censored Contagion: How Information on the Coronavirus is Managed on Chinese Social Media

By Lotus Ruan, Jeffrey Knockel, and Masashi Crete-Nishihata
The Citizen Lab (University of Toronto), 3 March 2020

Article Excerpt(s): From the Key Findings Section:

1) “YY, a live-streaming platform in China, began to censor keywords related to the coronavirus outbreak on December 31, 2019, a day after doctors (including the late Dr. Li Wenliang) tried to warn the public about the then unknown virus.

2) WeChat broadly censored coronavirus-related content (including critical and neutral information) and expanded the scope of censorship in February 2020. Censored content included criticism of government, rumours and speculative information on the epidemic, references to Dr. Li Wenliang, and neutral references to Chinese government efforts on handling the outbreak that had been reported on state media.

3) Many of the censorship rules are broad and effectively block messages that include names for the virus or sources for information about it. Such rules may restrict vital communication related to disease information and prevention.”

From the Article Itself:

(Regarding one of the methods of censorship):

“YY censors keywords client-side meaning that all of the rules to perform censorship are found inside of the application. YY has a built-in list of keywords that it uses to perform checks to determine if any of these keywords are present in a chat message before a message is sent. If a message contains a keyword from the list, then the message is not sent. The application downloads an updated keyword list each time it is run, which means the lists can change over time.

WeChat censors content server-side meaning that all the rules to perform censorship are on a remote server. When a message is sent from one WeChat user to another, it passes through a server managed by Tencent (WeChat’s parent company) that detects if the message includes blacklisted keywords before a message is sent to the recipient. Documenting censorship on a system with a server-side implementation requires devising a sample of keywords to test, running those keywords through the app, and recording the results. In previous work, we developed an automated system for testing content on WeChat to determine if it is censored.”

[…]

“On December 31, 2019, a day after Dr. Li Wenliang and seven others warned of the COVID-19 outbreak in WeChat groups, YY added 45 keywords to its blacklist, all of which made references to the then unknown virus that displayed symptoms similar to SARS (the deadly Severe Acute Respiratory Syndrome epidemic that started in southern China and spread globally in 2003).

Among the 45 censored keywords related to the COVID-19 outbreak, 40 are in simplified Chinese and five in traditional Chinese. These keywords include factual descriptions of the flu-like pneumonia disease, references to the name of the location considered as the source of the novel virus, local government agencies in Wuhan, and discussions of the similarity between the outbreak in Wuhan and SARS. Many of these keywords such as “沙士变异” (SARS variation) are very broad and effectively block general references to the virus.”

Read more

Six Reasons the Kremlin Spreads Disinformation About the Coronavirus [Analysis]

By Jakob Kalenský
Digital Forensic Research Lab (Atlantic Council), 24 March 2020

Article Excerpt(s):

“A recent internal report published by the European Union’s diplomatic service revealed that pro-Kremlin media have mounted a “significant disinformation campaign” about the COVID-19 pandemic aimed at Europe. Previous statements by Western officials, including acting U.S. Assistant Secretary of State for Europe and Eurasia Philip Reeker, warning of the campaign suggested that its contours were already visible by the end of February 2020.
The Kremlin’s long-term strategic goal in the information sphere is enduring and stable: undermining Western unity while strengthening Kremlin influence. Pro-Kremlin information operations employ six complementary tactics to achieve that goal, and the ongoing disinformation campaign on COVID-19 is no exception.

1. Spread anti-US, anti-Western, and anti-NATO messages to weaken them

Russian media started spreading false accusations that COVID-19 was a biological weapon manufactured by the United States in late January. The claim has appeared in other languages since then. This messaging is in line with decades of Soviet and Russian propaganda that has been fabricating stories about various diseases allegedly being a U.S. creation at least since 1949.
Read more

Cyberattacks on Our Wastewater?

I saw a video by Vice News about the vulnerability of water and wastewater (sewage) treatment plants. Apparently many of the systems are being digitized and monitored remotely. As such, they become increasingly vulnerable to cyberattacks. The video focused on some research in Israel around protecting these vital infrastructure locations and demonstrated how easy it is to hack the system. Alarming news to watch. What other infrastructure is vulnerable to cyber security threats?

Keeping your medical secrets

Wearable technology covers a broad area of devices. With its use becoming more common in the healthcare sector, the issue concerning privacy becomes more crucial. New devices can help physicians monitor patients’ vital signs; sleep patterns and heart rhythms remotely transforming the face of medicine as we know it. These developments in technology will help detect early signs of diseases and aid in diagnosing medical conditions. Essentially these devices are mini computers that send and receive data which can be used for further analysis.

This is a company that delivers iOT solutions…it might be worth investing in…
https://www.st.com/content/st_com/en.html

I don’t understand a word on their website except that they plan to hold a couple of open conferences soon — one in Barcelona and the other in Bengaluru, India.

Getting ahead of the Christchurch Call

By Alistair Knott, Newsroom, Oct 20, 2019
https://www.newsroom.co.nz/2019/10/10/850847/getting-ahead-of-the-christchurch-call

Instead of using what amounts to censorship, tech companies signed up to the Christchurch Call would be wise to adopt a more preventative tactic, writes the University of Otago’s Alistair Knott:

We have heard a lot recently from the world’s tech giants about what they are doing to implement the pledge they signed up to in the Christchurch Call. But one recent announcement may signal a particularly interesting development. As reported in the New Zealand Herald, the world’s social media giants ‘agreed to join forces to research how their business models can lead to radicalisation’. This marks an interesting change from a reactive approach to online extremism, to a preventative approach.

Until now, the tech companies’ focus has been on improving their methods for identifying video footage of terrorist attacks when it is uploaded, or as soon as possible afterwards. To this end, Facebook has improved its AI algorithm for automatically classifying video content, to make it better at recognising (and then blocking, or removing) footage of live shooting events. The algorithm in question is a classifier, which learns through a training process. In this case, the ‘training items’ are videos, showing a mixture of real shootings and other miscellaneous events.

The Christchurch Call basically commits tech companies to implementing some form of Internet censorship. The methods adopted so far have been quite heavy-handed: they either involve preventing content being uploaded, or removing content already online, or blocking content in user search queries. Such moves are always closely scrutinised by digital freedom advocates. Companies looking for ways to adhere to the Christchurch pledge are strongly incentivised to find methods that avoid heavy-handed censorship.

Read more

jd3NE4lym3nWkCzHAXVO.jpg

Solar Storms and Cyber-Security

What role would geomagnetic and solar storms have on cyber-security? In 1859, a large solar storm hit Earth – causing the electronics of the day (such as telegraphs) to go haywire. In more recent times (Cold War era, etc.) – atmospheric conditions and solar flares have almost sparked nuclear exchanges. Are current cyber systems shielded adequately from these phenomenon? Are operators able to identify these phenomenon vs. hostile attacks?

I think perhaps one of the earliest examples of cyber-warfare was the intercepted Zimmerman telegram in 1917 – between Germany and Mexico. Are there other examples of pre-internet “cyber” (electric, digital, etc.) warfare that should be considered within these contexts?

The NSA Must Share More Info (with YOU?)

Maybe the NSA is good for something. At least now they are intending to share more information. (With whom?) Here’s another piece in the Washington Post by Joseph Marks, who certainly is following these affairs closely. ]
“New NSA cyber lead says agency must share more info about digital threats,” Sept. 5.

THE KEY

The NSA is the U.S. government’s premier digital spying agency and it has a well-earned reputation for keeping secrets. But the agency needs to stop keeping so many things confidential and classified if it wants to protect the nation from cyberattacks.

That’s the assessment from Anne Neuberger, director of NSA’s first Cybersecurity Directorate, which will launch Oct. 1 and essentially combine the work of many disparate NSA divisions dealing with cybersecurity, including its offensive and defensive operations.

The directorate’s mission is to “prevent and eradicate” foreign hackers from attacking critical U.S. targets including election infrastructure and defense companies, Neuberger said yesterday during her first public address since being named to lead the directorate in July.

Read more

Hybrid Warfare

Excerpt:
“Misinformation poses the most serious risk, says Futter, to “those ICBMs in the US and Russia that only need a few minutes to go.” Simple interference in communications – Unal points to satellites as a potential weak point – could be enough to stop the most important military decisions being made with a cool head. “Keeping weapons on high alert in a cyber environment,” says Futter, “is an enormous risk.”

Beyza Unal recalls the story – related memorably in David E. Hoffman’s Pulitzer-winning investigation of automatic nuclear systems, Dead Hand – of the most cool-headed decisions of the Cold War. The Russian lieutenant-colonel Stanislav Petrov was in charge of the Serpukhov-15 early warning station on the night in September 1983 when the Soviet Union’s satellites, sending data to the country’s most powerful supercomputer, registered a nuclear attack by the US. Despite being warned that five ICBMs were on their way to the USSR, Petrov told the decision-makers above him that the signals were a false alarm. “And he was right,” says Unal. “But a cyberattack could look like that, a spoofing of the system. Some say that humans are the weakest link in cyber issues. I say humans are both the weakest link and the strongest link. It depends on how you train them.””

and

“In the spring of 2013, a Ukrainian army officer called Yaroslav Sherstuk developed an app to speed up the targeting process of the Ukrainian army’s Soviet-era artillery weapons, using an Android phone. The app reduced the time to fire a howitzer from a few minutes to 15 seconds. Distributed on Ukrainian military forums, the app was installed by over 9,000 military personnel.

“By late 2014, however, a new version of the app began circulating. The alternate version contained malware known as X-Agent, a remote access toolkit known to be used by Russian military intelligence. The cyber security firm Crowdstrike, which discovered the malware, said that X-Agent gave its users “access to contacts, SMS, call logs and internet data,” as well as “gross locational data”. In the critical battles in Donetsk and Debaltseve in early 2015, the app could have shown Russian forces where Ukraine’s artillery pieces were, who the soldiers operating them were talking to, and some of what they were saying. It may be, then, that Russia’s concern – Futter describes it as “panic” – about the risks of hybrid warfare is based on the knowledge that it has been used in battle, and it works.”

Spreading Political Misinformation

We’d better worry, not only about the military application of Internet skulduggery, but even the inadvertent consequences of its normal use. This research shows that Bolsonaro’s victory in Brazil may be largely caused by the spread of misinformation from YouTube through WhatsApp among Brazil’s poor. So what kind of action can be taken against this?

https://www.nytimes.com/column/the-interpreter/

From Paul Meyer:

ICT4Peace

This is the submission by ICT4Peace, written by Paul Meyer for the UN Open-Ended Working group on Cyber Security, which will begin its work in September. (The UN Office of Disarmament Affairs has now posted it to the official site for the OEWG: https://www.un.org/disarmament/open-ended-working-group/ .)
Here is the submission itself:

1ICT4Peace Submission to theUNOpen Ended Working Group (OEWG)on ICT and International Security

We commend the OEWG’s openness to input from civil society, academia and the private sector and ICT4Peace will look forward to contributing to its work through a sustained dialogue. The 2015 report of theUNGroup of Governmental Experts (GGE) noted that even as ICTs have grown in importance for the international community, “there are disturbing trends that create risks to international peace and security. Effective cooperation amongst states is essential to reduce these risks”. More recently, the Secretary General, in connection with his Agenda for Disarmament, has warned that malicious activity in cyberspace has already been directed at critical infrastructure with serious consequences for international peace and security.

It is incumbent on the international community to work to counter such threats and to ensure the “secure and peaceful ICT environment” that your authorizing resolution (A/RES/73/27) stipulates. The OEWG represents the latest installment of the 20-yearUN endeavour to address developments in ICTs in the context of international security. This effort has yielded some important results, notably the consensus GGE reports of 2010, 2013, 2015. Yet these positive findings have not been adequately reflected in the actual conduct of states in pursuit of a “militarization” of cyberspace. With increasing reports of state-conducted offensive cyber operations including the targeting of critical infrastructure in other countries, promoting adherence in practice to UN identified norms of responsible state behaviour is vital. If the international community is to foster digital human security alongside cybersecurity for states it will need to keep pace with these developments and ideally steer them towards cooperative ends.
2It is our hope and expectation that the OEWG will deliver results that tangibly contribute to conflict prevention and preserve cyberspace as a realm for peaceful purposes. In doing so it will need to build on the accomplishments of the past, while “further developing” these and promoting their implementation. ICT4Peace believes the following norms merit priority attention:

1.Non-targeting of critical infrastructure including devising common understandings as to what constitutes such infrastructure.
Read more

Canadian Security

I had only learned recently of the CSA(Canadian Security Agency) recently as my education in Information security demanded it. I did search on it and realized the agency’s name might have been miscommunicated or misinterpreted by me…and it was actually the CSE(Communications Security Establishment which I found the website for.

It has a very interesting site (https://www.cse-cst.gc.ca/en/careers-carrieres) which I briefly looked over. The gist of it all is I am happy to know we have such an agency to watch over our national boundaries and protect us from Cyber threats abroad from Russia and China and even some of our friendly neighbors whoever they may be. So many conflicting technical standards produce wide gaping holes in our technical information communication infrastructures not to mention software bugs and malicious virus activity. The average computer user is in a difficult position and has to make use of available protection software to keep themselves safe. That requires an awareness of what products are available and learning how they are used. Products like AVAST, AVGand McAfee are offering now not just antivirus but tool suites to cope with potential computer intrusions. And it seems like new tools are rolled out quickly and I find myself doing searches on browsers that have high security …like epic, brand and the like that don’t track my information. Connection through vpn’s seems to be encouraged but all these things if free usually cost the price of sales pitches and repeated upgrade offers. Choose your tools wisely and guard your IT footprint.

Bugs in the Plane

The Cybersecurity 202: Hackers just found serious vulnerabilities in a U.S. military fighter jet

By Joseph Marks (From Washington Post‘s The Cybersecurity 202) Aug 14.

And they did it with the Air Force’s blessing.

Read more

Building Ethics, Not Bombs

The Role of Scientists and Engineers in Humanitarian Disarmament

By E. Golding
So is a scientist responsible for the harms caused by the military uses of their discoveries and inventions? How about the medical principle: “Do no harm”?

Read more

Importance of Real-Time Reports and Traceability in Software Testing

In this rather technical article for coders, Somesh Roy discusses the factors that cannot be resolved unless there are good reports kept that can be traced. (Or: How are you going to fix it if you can’t find it?)

https://www.kovair.com/blog/importance-of-real-time-reports-and-traceability-in-testing/?fbclid=IwAR1s9kVGSyRFgf7Mk4p695_iB6ohT-6BAbjxnzu9ZR8ttxlJG3wKNY2lJzE

Software companies rush to get their products to market, buggy or not

Yes, accidents do happen, even to careful people. But careful programmers and their demanding bosses can greatly reduce the bugginess of software. They will do so only when the law holds them responsible for bad results.

Should Trump wage cyber war?

There have been several news stories reporting speculations or insider information that Trump had used a cyberattack against Iran.

They did not seem to get much press coverage and no outrage at all. Whether you like Iran’s government or not, it will pay to think carefully about this kind of quasi-warfare. It if gets to be considered normal, we will have a much harder time putting a stop to it.