Monthly Archives: May 2021

Note: All information on this page is subject to change. The use of this website constitutes acceptance of our user agreement. Please read our privacy policy and legal disclaimer.

Trading foreign exchange on margin carries a high level of risk and may not be suitable for all investors. The high degree of leverage can work against you as well as for you. Before deciding to trade foreign exchange you should carefully consider your investment objectives, level of experience and risk appetite. The possibility exists that you could sustain a loss of some or all of your initial investment and therefore you should not invest money that you cannot afford to lose. You should be aware of all the risks associated with foreign exchange trading and seek advice from an independent financial advisor if you have any doubts.

Opinions expressed at FXStreet are those of the individual authors and do not necessarily represent the opinion of FXStreet or its management. FXStreet has not verified the accuracy or basis-in-fact of any claim or statement made by any independent author: errors and Omissions may occur.Any opinions, news, research, analyses, prices or other information contained on this website, by FXStreet, its employees, partners or contributors, is provided as general market commentary and does not constitute investment advice. FXStreet will not accept liability for any loss or damage, including without limitation to, any loss of profit, which may arise directly or indirectly from use of or reliance on such information.

Continue reading here:
Netherlands, The Consumer Price Index nsa (YoY) remains unchanged at 1.9% in April - FXStreet

MCLEAN, Va., May 11, 2021 /PRNewswire/ -- Onclave Networks, a global cybersecurity leader specializing in securing OT/IoT devices and systems, views the adoption of Zero Trust guidelines as essential for protecting critical infrastructure.

"Attackers are more sophisticated than ever," said Don Stroberg, CEO of Onclave. "Operational technology is too complex and diverse to protect with a passive approach or a continued reliance on IT security solutions. It also means a near-infinite number of attack vectors to exploit. Our platform is purpose-built to secure OT/IoT systems and is based on Zero Trust principles. Our solution greatly reduces the number of potential attack surfaces, and is the ideal choice for mitigating the risk of breaches to OT/IoT networks."

Critical infrastructure and healthcare facilities are particularly vulnerable targets. Power plants, refineries, and hospitals can have tens of thousands of non-IT devices as an example. A complex network of devices means a potentially innumerable number of vulnerable endpoints that can be exploited, increasing the risk and cost when it comes to ensuring the protection and integrity of the network.

Onclave recommends that businesses across industries should adopt a Zero Trustframework: the idea that trust is verified at each endpoint before access is granted to any device, system or user. "This is the core principle of the Onclave TrustedPlatform. Our unique solution continuously reassesses trust to ensure the integrity of your network," Stroberg said.

According to industry data:

*Interpol reports "an alarming rate of cyberattacks aimed at major corporations, governments, and critical infrastructure."

*Ransomware attacks are up 800%.

The National Security Agency (NSA) recently released the Cybersecurity Advisory, "Stop Malicious Cyber Activity Against Connected Operational Technology", for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) operational technology (OT) owners and operators. In the memo, the NSA stated, "While there are very real needs for connectivity and automating processes, operational technologies and control systems are inherently at risk when connected to enterprise IT systems. Seriously consider the risk, benefits, and cost before connecting (or continuing to connect) enterprise IT and OT networks."

The National Institute of Standards and Technology (NIST) recently published its Zero Trust Architecture (SP 800 - 207) for organizations to adopt the Zero Trust principles. It requires strong authentication and continuous monitoring for any anomalous behavior before access is given. This includes visibility as well as controlled communications between remote users, devices, applications, workloads, data centers and public cloud environments.

Onclavealigns with both NIST and NSA recommended guidelines. The Onclave TrustedPlatform creates cryptographically separate OT networks while still allowing them to share the IT infrastructure. Onclave also supports Zero Trust principles by moving away from "trust, then verify" to "never trust, verify first", providing continuous monitoring and offering the capability to isolate and contain threats. "We are pioneers in developing a proven solution that immediately protects trusted OT/IoT systems and devices - significantly improving your enterprise's overall network security and making it most resilient," Stroberg said.

About Onclave Networks, Inc.

Based intheWashington, D.C., area, Onclave Networks, Inc. is aglobal cybersecurity leader that specializes in securing operational technology (OT/IoT) through private networks. Onclave provides the first true, secure communications platform based on the Zero Trust framework. Our solution protects both legacy and new operational technologies from cyberattacks and other unauthorized access. Onclave makes trusted secure communications a standardfor all by providing the fastest path to a more secure, simplified, andcost-effective alternative to today's solutions. For more information, contact info@onclavenetworks.comor visit onclavenetworks.com.

Media Contact

Alexis Quintal

alexis@newswire.com

Related Images

onclave.png

Onclave

Onclave

View original content to download multimedia:http://www.prnewswire.com/news-releases/preventing-cyberattacks-and-the-risk-of-data-breaches-to-critical-infrastructure-301288224.html

SOURCE Onclave

Originally posted here:
Preventing Cyberattacks and the Risk of Data Breaches to Critical Infrastructure - Inside NoVA

Almost two years since a Government of Ghana car vanished at the premises of a hotel in Kumasi, Police and authorities seem to have no clue.

The brand-new 2018 Toyota Hilux Pickup was allegedly stolen, a couple of months after it was acquired.

Angel FMs Saddick Adams tracks back events surrounding the loss of the vehicle and what we know so far.

Bankrupt NSA Has No Car

The National Sports Authority, the body mandated to regulated Sports in the country, has for some years, gone bankrupt. The body has been at the receiving end of several law suits.

In February 2017 for instance, had its bank accounts blocked after one of its creditors obtained a court order in bid to retrieve monies owed them over the past four years. The creditor won the suit and the only vehicle for the operations of the office confiscated. The Spokesperson Fredericka Davies-Mensah confirmed to newsmen that, Policemen stormed the premises with a bailiff and had the car taken away.

Top staff of the Authority had to do operational rounds in their private vehicle.In November 2018, the NSA acquired two new Toyota Hilux Pick up cars for the use by the body, costing around GHC310,000.

One of the vehicles was kept in a pool at the Authority while the other was handed over to the Director General of the Authority, Professor Peter Twumasi, who was appointed in December 2018, weeks after the vehicles arrived.

Vehicle Not Registered by GV

Despite a Government of Ghana Directive for all vehicles acquired in the name of GoG to be registered under GV, the two vehicles failed to adhere to the directives for unknown reasons.

The vehicle was registered GX6551-18. According to checks by Saddick Adams, the vehicle was first insured under a third-party agreement.

Disappearance of Vehicle and Drivers Narration

On September 5, 2019, the National Sports Authority Director was chauffeured to Kumasi by a driver of the NSA, by name Michael Andoh.

According to the driver, he had dropped the NSA Director at his residence near KNUST and proceeded to lodge at OWASS Hotel, some few kilometers from the KNUST Campus.

Mr Andoh narrated that, upon reaching the hotel, he was called by the aide to the NSA boss to drive to one hospital in the Ashanti Regional Capital, where a staff of the NSA was on admission.

Andoh, the driver drove in the company of the NSA Directors aide to see the ailing staff. They both returned to the Hotel around 7pm. He parked the car at the hotels premises and accompanied the Directors Personal Assistant to the road side where he picked a car.

Andoh then came back to the hotel, inspected the car and went into his room to sleep.

Between 3-4am on the dawn of 6th September 2019, Andoh says he heard loud knocks on his door only to open and meet the security man of the hotel. The NSA driver claim he was told by the security man that, the Directors Personal Aide had been calling for several times and he Andoh was not picking.

He then checked his phone to see several missed calls from the PA.

He called back and was told by the PA that, the Director General had ordered for the two to go back to the hospital again to transfer the ailing staff since his condition had deteriorated.

Andoh says he was hesitant, since he knew it was impossible to get a doctor to transfer a patient at that time of the night and even if they were successful, the patient would have to be transported via an ambulance and not the NSA pickup.

He however picked his keys and dressed up to go pick the car since the order was from his boss. He got down to the car par and lo and behold, the car had vanished without any breakages or traces of damage.

The security officer at the hotel claimed he inspected the compound around 2am and the vehicle was intact, but here, it had disappeared in less than an hour without the security man getting any hint.

Andoh called his boss to report the incident and the two made formal complaints at the KNUST Police Stations. The security man at the hotel and Michael Andoh, the driver, were detained for some few hours and released.

The missing vehicle had three original keys, two of which were with the driver of the vehicle. The other key was with the Transport Officer at the National Sports Authority in Accra. The two keys are still with the beleaguered driver till date.

Conflicting Accounts

In a sharp contradiction to the drivers narration, the Director General of the NSA, in an interview with Joy FM reporter Muftawu Nabila said the car was with his driver Michael Andoh and he was robbed.

Our reporters also gathered that, a facility near the Hotel of the incident had CCTV Cameras installed but when the driver with hotel management tried to access it to find out if they could trace the incident, the CCTV did not function that night, Michael claimed.

Drivers Hotel Changed

The driver, Michael Andoh reveals that, he has been driving at the NSA for over 12 years and anytime they travel to Kumasi, he lodges at the Eno Yeboah Hotel near the Kumasi stadium. He parks his car at the stadium for maximum security before he returns to the hotel to pass the night.

According to him, this had always been the practice.

But few months before the vehicle was stolen, his boss, Mr Twumasi instructed that he changes his hotel to sleep closer to him, at the KNUST Hostel, reason for the decision to lodge at this new hotel where the car was stolen.

When our reporters went to the OWASS Hotel in April 2021, the security man at the centre of events, had been relieved of his duties and no longer works at the hotel. His whereabout were not disclosed.The Police had also not invited Andoh, neither had they contacted the security man again, after they were released a day after the car disappeared.

NSA Institutes Internal Investigation

On 10th September 2019, the NSA Director set up a 3-member Committee to assist the investigative bodies and agencies with the following terms and references.

i.Unravel the circumstances that led to the disappearance of the of the vehicle;ii.Liaise with the National Security including the Police in their investigation.iii.Make recommendations to the management.

After few months of the committees investigations, the chairman of the committee was transferred from the head office to the Greater Accra NSA office, which caused delays in their operations.

As at 7th May 2021, before filing this story, the police had yet to submit any report to the Ministry of Sports or NSA.

When our reporters contacted the Director General Professor Twumasi, he indicated that matter was still with the Police and investigations underway.

He however added that, the car has been insured against theft so he is hopeful it would be replaced.

New Car Acquired

The National Sports Authority had to rent a Jeep car to be used by the Director General, at a cost of 500 cedis day for Accra and 800 cedis outside Accra, for nearly six months after the disappearance of the official vehicle.

Recently, the NSA acquired a Land Cruiser Prado to be used by the Director as his official car.

The controversial missing of the car, for almost two years, without any trace, is still a matter causing lot of musings and murmurings within and around the coffers of the debt-ridden NSA.

Here is the original post:
Scandal: How a brand-new Toyota Hilux car belonging to NSA vanished at a hotel in Kumasi - GhanaWeb

Sometime in mid-2009 or early 2010 no one really knows for sure a brand new weapon of war burst into the world at the Natanz nuclear research facility in Iran. Unlike the debut of previous paradigm-shattering weapons such as the machine gun, airplane, or atomic bomb, however, this one wasn't accompanied by a lot of noise and destruction. No one was killed or even wounded. But the weapon achieved its objective to temporarily cripple the Iranian nuclear weapon program, by destroying gas centrifuges used for uranium enrichment. Unfortunately, like those previous weapons, this one soon caused unanticipated consequences.

The use of that weapon, a piece of software called Stuxnet widely concluded to have been jointly developed by the United States and Israel, was arguably the first publicly known instance of full-scale cyberwarfare. The attack deployed a software vulnerability or exploit, called a zero-day, buried so deeply in computer code that it remains undetected until someone a team of hackers, a criminal, an intelligence or law enforcement agency activates it. We've all heard of, and perhaps even been victimized by, criminal hacks that may have pilfered our credit card numbers and passwords, or been spammed by suspicious emails that invite us to claim supposed Nigerian fortunes. But zero-days operate on a different level entirely.

"Zero-days offer digital superpowers," New York Times cybersecurity reporter Nicole Perlroth writes in "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race."

"Exploiting a zero-day, hackers can break into any system any company, government agency, or bank that relies on the affected software or hardware and drop a payload to achieve their goal, whether it be espionage, financial theft, or sabotage. There are no patches for zero-days, until they are uncovered. It's a little like having the spare key to a locked building."

Such capabilities, says Perlroth, make zero-days "one of the most coveted tools in a spy or cybercriminal's arsenal."

As with any other highly coveted commodity, a vast covert global market has sprung up to meet the demand for zero-days. Perlroth explains that this invisible digital trade was nurtured and encouraged by the U.S. intelligence community. As former National Security Agency contractor Edward Snowden's leaked documents revealed, the NSA not only developed its own zero-days and hacking tools, but beginning in the 1990s started to pay out first thousands, then eventually millions of dollars to the world's most skilled hackers to ferret out security holes in widely used software packages, finding backdoors that could be used to overcome increasingly sophisticated security and encryption protections.

The vulnerabilities were cataloged, filed, and gathered into a closely held, superclassified stockpile a digital arsenal that could be used for espionage, surveillance, and actual cyberwarfare, all without any oversight or outside control. Among many other things, the NSA could now easily track anyone's iPhone at will, read their email, access their contacts, even tap into cameras and microphones.

The NSA truly began to exercise its digital superpowers during the post-9/11 war on terrorism. At first, many of the hackers laboring to develop those tools were kept mostly in the dark about how they were being used, but eventually that changed. "In the years following 9/11, the NSA decided to give its top analysts a glimpse into the fruits of their labors," Perlroth explains. "In a secure room at Fort Meade, the officials projected more than a dozen faces onto a bright screen. Each man on the screen, the analysts were told, was dead thanks to their digital exploits."

Snowden's revelations were only part of the story. As the U.S. sought to expand its stockpile to stay ahead of ever-changing technological upgrades and the capabilities of possible adversaries including Russia, China, and Iran, the American grip on the market began to slip away and other players began to get into the game. When Stuxnet inevitably spread from its narrow and carefully chosen Iranian target to work its way across the world's computers via the internet, the potential advantages of zero-days became clear to everyone and were available to any nation, any group, any organization willing to pay. Former NSA hackers set up shop, joining a burgeoning legion of international hackers looking to cash in, not all of them very picky about their clientele.

In effect, Perlroth explains, it has placed us in the midst of a new arms race, an ever-accelerating competition of offense vs. defense, move and countermove, nearly identical to the nuclear arms race of the Cold War. Former NSA director Michael Hayden noted in a 2013 speech at George Washington University that Stuxnet "has a whiff of August, 1945." "Somebody just used a new weapon,'' he continued, "and this weapon will not be put back in the box."

He was alluding to the first use of the atomic bomb on Hiroshima, but zero-days have proliferated around the world far easier and faster than nukes. "The internet has no borders," writes Perlroth. "No cyberattack can be confined to one nation's citizens anymore."

As with the atomic bomb, we've developed a weapon to protect ourselves which has now boomeranged back upon us. That's been demonstrated in recent years by high-profile incidents such as Russia's interference with the 2016 U.S. presidential election, Iranian attacks on Las Vegas casinos, North Korea's assault on Sony Pictures, the SolarWinds attack that the U.S. is still yet to recover from, and others that Perlroth details including a hacking attack on former First Lady Michelle Obama, and Russia's outright cyberwarfare campaign against Ukraine's power grid and infrastructure.

"Nations are now investing far more time and money in finding vulnerabilities than the commercial world, and the open-source community, is spending to fix them," writes Perlroth. "Russia, China, North Korea, and Iran are stockpiling their own zero-days and laying their logic bombs. They know our digital topography well; in too many cases, they are already inside."

"The world is on the precipice of a cyber catastrophe," she concludes.

Perlroth has been covering the cybersecurity beat for a long time and clearly knows her subject extremely well, which may be the reason that "This Is How They Tell Me the World Ends" feels long and somewhat meandering. It's a complex story with many players and parts, and she perhaps tries to cover a bit too much ground, to the extent that the book somewhat loses focus along the way. But it's a vitally important topic that requires far more attention and concern, before the U.S. finds itself blindsided when an adversary decides to unleash full-scale cyberwar on us.

Francis Ford Coppola's 1974 film "The Conversation," about a surveillance expert played by Gene Hackman, ends with Hackman's character so consumed with paranoia that he literally tears apart his own apartment searching for a nonexistent listening device. After reading Perlroth's book, I felt a little paranoid myself, eyeing my own laptop and iPhone. (Maybe that's why her author bio notes that she "increasingly prefers life off the grid" in her family's "cabin in the woods.")

This article was originally published on Undark. Read the original article.

Read the rest here:
The next frontier of warfare is online - Salon

MORE than two thirds of the UKs sheep farmers responding to a recent survey have experienced an increase in sheep worrying attacks by dogs during the past year.

This troubling statistic is part of a concerning set of findings released by the National Sheep Association (NSA) from its recent farmers survey assessing the incidence and impact of sheep worrying by dog attacks across the UK.

NSA received a record-breaking response for its 2021 survey specifically aimed at farmers who had experienced dog attacks in the past year. The increase in contributions indicates the scale of the serious problem. On average, each respondent to the survey experienced seven cases of sheep worrying during the past year resulting in five sheep injured and two sheep killed per attack. Estimated financial losses through incidents of sheep worrying of up to 50,000 were recorded, with an average across all respondents of 1570. However, most respondents received no or very little compensation.

NSA Chief Executive Phil Stocker says: There is still much work to do to continue the education of the dog owning public to ensure the future safety and welfare of both farmers sheep flocks and pet owners much loved dogs and this needs to come from strengthened countryside use guidelines and stricter legislation.

Original post:
National Sheep Association (NSA) survey reveals alarming trend in sheep worrying by dog attacks | News and Star - News & Star

In the face of repeated major exploitations of critical U.S. networks, it is past time for the U.S. government to recognize that traditional security systems such as perimeter entry controls or whitelists are no longer adequate. As the SolarWinds hack proved, any security system can be penetrated with enough time and effort. Cybersecurity must be based on zero trust, which assumes that threats exist continually both inside and outside a network or cloud environment. A strategy of zero trust is based on the need to continuously monitor and validate the presence of every individual, organization, device, and piece of information on a network.

In the past year, we have seen just how bad things can get when a lack of planning leads to the worst-case scenario becoming the new reality. A country without a contingency plan for an epidemic has disrupted life as we know it for more than a year. An electric grid without weatherproofing devastates an entire state. Networks without proper security are readily hacked. Planning and preparation for the so-called once in a century event should be standard for all critical infrastructure, given how frequently such events actually occur.

While not acts of God, devastating attacks on our cybersecurity infrastructure can produce results as bad as or worse than any pandemic or natural disaster. Recent intrusions, from the SolarWinds breach to an attack on a Florida towns water supply, continue to expose U.S. industry and government as desperately ill-prepared.

For years, there have been calls for comprehensive cybersecurity planning in the public and private sector to stave off attacks by domestic and international threats. Progress has been mixed. While the Department of Defense (DoD) has made strides in defining requirements and implementing solutions that will strengthen and protect IT networks, there is much that needs to be done.

We heard about some of this progress during the recent hearing on Future Cybersecurity Architectures before the Senate Armed Services Committee (SASC). Senators and witnesses from the National Security Agency (NSA) and the DoD focused heavily on zero trust architecture, a cybersecurity framework that continually assesses the trustworthiness of access requests to information resources. Testimony from DoD witnesses, NSA Director of Cybersecurity Rob Joyce, Senior Information Security Officer/Chief Information Officer for Cybersecurity David McKeown, and Senior Military Advisor for Cyber Policy to the Under Secretary of Defense for Policy Rear Admiral William Chase extolled the virtues of zero trust as the new waypoint on the journey to a secure future.

The National Security Agency, a strong advocate of the new approach, explained it this way: Zero Trust is a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgment that threats exist both inside and outside traditional network boundaries. The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information fed from multiple sources to determine access and other system responses.

Though far too soon for a victory lap, DoD has created programs to field much-needed capabilities that will strengthen cybers defenses. Likewise, Congress has driven the pace and funding for these programs since at least 2017. As noted in the Senate hearing referenced above, Rear Admiral Chase highlighted Comply-to-Connect (C2C) as an important foundational component of the DoDs Zero Trust initiative predicated on a simple principle: you can only protect what you know you have.

C2C establishes a framework of tools and technologies operating throughout a network infrastructure. This framework discovers, identifies, characterizes, and reports on all devices connected to the network. C2C does not require network managers or users to trust that the network is secure, as all users are both authorized access and are compliant with the minimum standards of security. This way, C2C allows for an environment of zero trust. In essence, all C2C users and devices must prove their legitimacy to be allowed to operate on DoD networks. Those devices that may be authorized but lack the proper security software can be remediated.

The bigger challenge, largely absent in the SASC hearing, is how to protect everything that is not what we would consider to be an Information Technology asset. The majority of these assetsmany of which can be easily deemed as criticalare part of Industrial Control Systems (ICS) used by the military. Simply put, even if IT networks were protected, every air conditioning unit, power outlet, and water main under DoD is a potential risk to mission readiness at every base, post, camp, and station across the Services. Arguably, C2C should be part of a broader cyber strategy for ICS as well as networks and nodes. The problem is that the managers for ICS do not naturally look to IT security folks to address the security of these other systems.

Despite the U.S. armed services investment in cybersecurity, the country still lacks a thorough cybersecurity strategy for securing the ICS environment. C2C is helping here, as some solutions provide the means to identify ICS vulnerabilities. But the defense department needs to do more of the hard work of securing ICS.

Our adversaries are getting smarter and constantly looking for vulnerabilities in our defenses. What better way to cut us off at our knees than by infiltrating a military bases electric grid and killing the power for the entire installation? Congress is watching to see how the DoD accounts for military ICS security, and will probably become more directive in the next NDAA. In addition, the Biden Administration has identified critical infrastructure cybersecurity as a priority, which is an indicator that military ICS will be a factor in any future federal cybersecurity planning.

In cybersecuritys age of innocence, it was assumed that electronic walls could be built sufficiently high and wide to be made impregnable. The reality is that for a variety of reasons, any network, ICS, and cloud environment can be hackedif not from the outside, then from within. Today, with the rose-colored glasses falling from our eyes, it is clear that only a strategy based on zero trust offers any chance of successful cyber defense.

Dan Gour, Ph.D., is a vice president at the public-policy research think tank Lexington Institute. He has a background in the public sector and U.S. federal government, most recently serving as a member of the 2001 Department of Defense Transition Team. You can follow him on Twitter at @dgoure and the Lexington Institute @LexNextDC.

Image: Reuters.

Go here to read the rest:
A Zero Trust Mindset Replacing the Age of Innocence in Cybersecurity - The National Interest