Pete Recommends – Weekly highlights on cyber security issues, November 21, 2021

Subject: You Are the Object of a Secret Extraction Operation
Source: NYT Opinion via beSpacific
https://www.bespacific.com/you-are-the-object-of-a-secret-extraction-operation/

New York Times Opinion, Dr. Shoshana Zuboff, professor emeritus at Harvard Business School and the author of The Age of Surveillance Capitalism –  “Facebook is not just any corporation. It reached trillion-dollar status in a single decade by applying the logic of what I call surveillance capitalism — an economic system built on the secret extraction and manipulation of human data — to its vision of connecting the entire world. Facebook and other leading surveillance capitalist corporations now control information flows and communication infrastructures across the world. These infrastructures are critical to the possibility of a democratic society, yet our democracies have allowed these companies to own, operate and mediate our information spaces unconstrained by public law. The result has been a hidden revolution in how information is produced, circulated and acted upon. A parade of revelations since 2016, amplified by the whistle-blower Frances Haugen’s documentation and personal testimony, bears witness to …[NB at the end of the Opinion, this appears:]

Follow The New York Times Opinion section on Facebook, Twitter (@NYTopinion) and Instagram.


Subject: New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks
Source: CISA
https://us-cert.cisa.gov/ncas/current-activity/2021/11/16/new-federal-government-cybersecurity-incident-and-vulnerability

The White House, via Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, tasked CISA, as the operational lead for federal cybersecurity, to “develop a standard set of operational procedures (i.e., playbook) to be used in planning and conducting cybersecurity vulnerability and incident response activity” for federal civilian agency information systems. In response, today, CISA published the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. The playbooks provide federal civilian executive branch (FCEB) agencies with operational procedures for planning and conducting cybersecurity incident and vulnerability response activities. The playbooks provide illustrated decision trees and detail each step for both incident and vulnerability response.


Subject: Analyzing News Manipulation by State Actors
Source: Homeland Security Digital Library
https://www.hsdl.org/c/analyzing-news-manipulation-by-state-actors/

In a recently released report, Bad Actors in News Reporting: Tracking News Manipulation by State Actors, RAND Corporation details national government’s efforts to manipulate COVID-19 (coronavirus disease 2019) pandemic information to further their own global agendas. The report found that all nations analyzed, which included China, the U.S., the U.K., and Russia, participated in some form of politically charged COVID reporting. Russia, for example, used the pandemic to promote anti-U.S. conspiracy theories.Ultimately, this practice has further exacerbated “truth decay” around the world. This phenomenon describes “disagreements over the established truth” which is driven by:

  • an increasing disagreement about facts and analytical interpretations of facts and data;
  • a blurring of the line between opinion and fact;
  •  an increasing relative volume, and resulting influence, of opinion and personal experience over fact;
  • [and] a declining trust in formerly respected sources of factual information

Tags from Aspen Institute:


Subject: Privacy experts say to choose vaccination apps wisely
Source: NPR via WHYY
https://whyy.org/npr_story_post/theres-an-app-to-help-prove-vax-status-but-experts-say-choose-wisely/

“What I would say to anyone is, ‘Do you trust the maker of that app, do you recognize it?’ ” says Dr. Brian Anderson, chief digital health physician at MITRE and a co-founder of VCI, a coalition of public and private groups that have created a voluntary standard for digital proof of vaccination.

The diversity of apps is a problem for large venues. The federal government has kept its distance from the regulation of these apps, in part for fear of political blowback. “There will be no federal vaccinations database and no federal mandate requiring everyone to obtain a single vaccination credential,” White House press secretary Jen Psaki said in April.

But the sheer diversity of apps is a problem for large venues, such as sports arenas, as they try to get thousands of people through the gates quickly. Many have embraced the CLEAR Health Pass, offered by the same company that sells shortcuts through airport security. It combines proof of vaccine and photo ID on one color-coded screen, designed to be checked at a glance.


Subject: Ransomware is now a giant black hole that is sucking in all other forms of cybercrime. File-encrypting malware is where the money is — and that’s changing the whole online crime ecosystem.
Source: ZDNet
https://www.zdnet.com/article/ransomware-is-now-a-giant-black-hole-that-is-sucking-in-all-other-forms-of-cybercrime/

Ransomware is so lucrative for the gangs involved that other parts of the cybercrime ecosystem are being repurposed into a system for delivering potential victims.

“The gravitational force of ransomware’s black hole is pulling in other cyberthreats to form one massive, interconnected ransomware delivery system — with significant implications for IT security,” said security company Sophos in a report.

Ransomware is considered by many experts to be most pressing security risk facing businesses — and its extremely lucrative for the gangs involved, with ransom payouts increasing significantly.


Subject: How Facebook and Google fund global misinformation
Source: MIT Technology Review
https://www.technologyreview.com/2021/11/20/1039076/facebook-google-disinformation-clickbait/

“In a country where Facebook is synonymous with the internet, the low-grade content overwhelmed other information sources.” [T]he sheer volume of fake news and clickbait acted like fuel on the flames of already dangerously high ethnic and religious tensions. It shifted public opinion and escalated the conflict, which ultimately led to the death of 10,000 Rohingya, by conservative estimates, and the displacement of 700,000 more. In 2018, a United Nations investigation determined that the violence against the Rohingya constituted a genocide and that Facebook had played a “determining role” in the atrocities. Months later, Facebook admitted it hadn’t done enough “to help prevent our platform from being used to foment division and incite offline violence.” Over the last few weeks, the revelations from the Facebook Papers, a collection of internal documents provided to Congress and a consortium of news organizations by whistleblower Frances Haugen, have reaffirmed what civil society groups have been saying for years: Facebook’s algorithmic amplification of inflammatory content, combined with its failure to prioritize content moderation outside the US and Europe, has fueled the spread of hate speech and misinformation, dangerously destabilizing countries around the world.


Subject: Leaders agree that cybersecurity is a business risk, but are they acting on that belief?
Source: TechRepublic
https://www.techrepublic.com/index.php/article/leaders-agree-that-cybersecurity-is-a-business-risk-but-are-they-acting-on-that-belief/

A Gartner survey of the members of various boards of directors finds that, while 88% believe that cybersecurity should be classified as a business risk instead of a technology one, the actions they’ve taken don’t necessarily reflect that.

Organizations that classify cybersecurity as a business risk would naturally have a senior-level non-IT person accountable for it, but only 10% of leaders reported that to be the case in their organizations.


Subject: The US government just launched a big push to fill cybersecurity jobs, with salaries to match
Source: ZDNet
https://www.zdnet.com/article/the-us-government-just-launched-a-big-push-to-fill-cybersecurity-jobs-with-salaries-to-match/

The US Department of Homeland Security, a key cybersecurity agency, has just announced a new system that will help it recruit, develop and retrain cybersecurity pros in the federal government.

The DHS’s new recruitment system, dubbed the Cybersecurity Talent Management System (CTMS), launches amid a tight labor market for cybersecurity professionals who are in extremely high demand and can therefore command big salaries.

DHS is just one federal department, but it plays a special role in responding to major cyberattacks on US critical infrastructure. It hopes the new system will help it hunt for and can keep talent for mission critical-critical roles, with the aim of hiring 150 priority roles across 2022.

Posted in: Big Data, Criminal Law, Cybercrime, Cybersecurity, Economy, Financial System, Government Resources, KM, Privacy, Social Media, Spyware