recentpopularlog in

jerryking : white_hats   5

Japan gears up for mega hack of its own citizens
February 5, 2019 | Financial Times | by Leo Lewis.

Yoshitaka Sakurada, Japan’s 68-year-old minister for cyber security, stands ready to press the button next week on an unprecedented hack of 200m internet enabled devices across Japan — a genuinely imaginative, epically-scaled and highly controversial government cyber attack on homes and businesses designed as an empirical test of the nation’s vulnerability. A new law, fraught with public contention over constitutionally-guaranteed privacy, was passed last May and has just come into effect to give the government the right to perform the hack and make this experiment possible. The scope for government over-reach, say critics, cannot be overstated. Webcams, routers and other devices will be targeted in the attacks, which will primarily establish what proportion have no password protection at all, or one that can be easily guessed. At best, say cyber security experts at FireEye, the experiment could rip through corporate Japan’s complacency and elevate security planning from the IT department to the C-suite.

The experiment, which will run for five years and is being administered through the Ministry of Internal Affairs and Communications, is intended to focus on devices that fall into the broadly-defined category of “internet of things” (IoT) — anything from a yoga mat that informs a smartphone of your contortions, to remotely controlled factory robots. And while cyber experts say IoT security may not be the very top priority in the fight against cyber crime and cyber warfare, they see good reasons why Japan has chosen to make its stand here.....warnings that the rise of IoT will create a vast new front of vulnerability unless the security of, for example, a web-enabled yoga mat is taken as seriously by both manufacturers and users as the security of a banking website. The big cyber security consultancies, along with various governments, have historically relied on a range of gauges to calculate the scale of the problem. The Japanese government’s own National Institute of Information and Communications Technology (NICT) uses scans of the dark web to estimate that, of the cyber attacks it detected in 2017, 54 per cent targeted IoT devices.
C-suite  cyberattacks  cyber_security  cyber_warfare  dark_web  experimentation  hacks  Industrial_Internet  Japan  overreach  preparation  privacy  readiness  testing  vulnerabilities  white_hats 
february 2019 by jerryking
They’re Tracking When You Turn Off the Lights - WSJ - WSJ
Oct. 20, 2014

Tech companies have used the technologies and techniques collectively known as big data to make business decisions and shape their customers’ experience. Now researchers are bringing big data into the public sphere, aiming to improve quality of life, save money, and understand cities in ways that weren’t possible only a few years ago....Municipal sensor networks offer big opportunities, but they also carry risks. In turning personal habits into digital contrails, the technology may tempt authorities to misuse it. While academics aim to promote privacy and transparency, some worry that the benefits of big data could be lost if the public grows wary of being monitored... Anthony Townsend, author of the book “Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia.”...The goal isn’t to sell products or spy on people, the academics say, but to bolster quality of life and knowledge of how cities function
cities  massive_data_sets  sensors  urban  privacy  smart_cities  predictive_analytics  books  quality_of_life  customer_experience  open_data  community_collaboration  white_hats 
october 2014 by jerryking
L. Gordon Crovitz: White Hats vs. Black Hats -
August 4, 2013 | WSJ | By L. GORDON CROVITZ.

The NSA says 42 terror-related plots have been disrupted, thanks to its surveillance program.

In the language of computer hacking, the good guys are "white hats," who identify weaknesses in systems so they can be fixed. "Black hats" are the ones who take advantage of weaknesses in systems.......A white-hat hacker would point out what happens when intelligence agencies fail to monitor communications data. Gen. Alexander pointed out that the 9/11 plots succeeded because of avoidable intelligence failures, citing the example of an intercept of a phone call from Yemen involving one of the 9/11 hijackers. "We didn't have the tools and capabilities to see that he was actually in California," Gen. Alexander said. "The intelligence community failed to connect those dots."
black_hats  NSA  security_&_intelligence  surveillance  9/11  privacy  L._Gordon_Crovtiz  terrorism  U.S._Cyber_Command  connecting_the_dots  white_hats 
august 2013 by jerryking
Business continuity: Making it through the storm
Nov 10th 2012 | The Economist |Anonymous.

Hurricane Sandy was another test of how well businesses can keep going when disaster strikes...GOLDMAN SACHS’S latest shrewd investment was in sandbags and back-up electricity generators. As Hurricane Sandy approached New York, the bags were stacked around its headquarters. It was one of the few offices in downtown Manhattan to remain dry and well-illuminated as “Frankenstorm” battered the city.

Meanwhile, a block farther down West Street, the headquarters of Verizon were awash with salty flood water, soaking cables delivering phone and internet services to millions of customers. The firm was able to reroute much of the traffic through other parts of its network, but local service was disrupted....Sandy is the latest catastrophic event to test the readiness of the world’s leading firms to cope with disaster. Most firms have improved “business continuity” preparations over the years. The Y2K scare at the turn of the century moved IT risk high up the list of worries. The attacks of September 11th 2001 warned firms of the danger of putting all their computers (and staff) in the same place (jk: concentration risk; SPOF)....“Firms are increasingly reliant on networks, but often fail to understand the risks that networks bring,” says Don Tapscott, a management guru. Global supply chains, just-in-time and shifting to the “cloud” tend to bind once unrelated activities ever closer together, making them more prone to failing at the same time. The current fad for moving data to the “cloud” may appear to reduce risk because there is so much spare capacity in the web. Yet some firms offering cloud services have more concentrated operations than (jk: concentration risk).

Firms are starting to recognise their vulnerability to cyber-attack, but few have much idea what they would do if it happened. Mr Tapscott thinks boards should have a committee explicitly focused on understanding IT and network risks and ensuring they are properly managed....Dutch Leonard, a risk expert at Harvard Business School, says that the best-prepared firms use a combination of planning for specific events and planning to cope with specific consequences, such as a loss of a building or supplier, regardless of the cause. He also recommends copying an approach used by the armed forces: using a group of insiders to figure out how the firm could be brought down [ jk: white hats]....Firms should make lobbying government to invest heavily in upgrading that infrastructure a core part of their risk-management strategy, argues Irwin Redlener of the National Centre for Disaster Preparedness at Columbia University.

Goldman Sachs has long been a leader in disaster planning because it understands that the situations in which it might not be able to function are exactly the sort of events when very large changes in the value of its investments could occur, says Mr Leonard. Yet too many firms underinvest in planning for disaster because they don’t think it will pay, at least within the short-term timeline by which many now operate, reckons Yossi Sheffi of MIT.
beforemath  boards_&_directors_&_governance  business-continuity  catastrophes  compounded  concentration_risk  crisis  cyberattacks  cyber_security  disasters  disaster_preparedness  Don_Tapscott  Goldman_Sachs  Hurricane_Sandy  isolation  natural_calamities  networks  network_risk  New_York_City  optimism_bias  preparation  readiness  red_teams  resilience  risks  risk-management  short-term  SPOF  step_change  supply_chains  surprises  underinvestments  valuations  vulnerabilities  white_hats 
november 2012 by jerryking

Copy this bookmark:

to read