Page 4«..3456..1020..»

Category Archives: NSA

AI Identified as Emerging Threat in Cyber Crime by NSA Director – CoinGape

Posted: January 14, 2024 at 10:27 pm

Rob Joyce, the Director of Cybersecurity at the National Security Agency (NSA), highlighted the escalating role of artificial intelligence (AI) in cyberattacks. Joyces insights reveal a concerning trend: the adoption of AI by state-backed hackers and criminal entities.

Joyce underscored that various criminal and nation-state actors now leverage AI technologies to enhance their cyber operations. As he pointed out, these entities have access to major generative AI platforms, significantly enhancing their capabilities. This trend marks a shift in the landscape of cyber threats, where AIs role is becoming increasingly prominent.

In response, U.S. intelligence, according to Joyce, is also utilizing AI and machine learning techniques to detect and counter these threats. This dual-edged nature of AI in cybersecurity presents a new dynamic where both attackers and defenders are harnessing the power of advanced technology.

At the core of the NSAs strategy is using AI, machine learning, and big data to identify malicious activities. Joyce noted that these technologies have proven effective in detecting unusual activities, especially in critical U.S. infrastructure sectors like electricity and transportation. The ability of AI to discern patterns and behaviors that deviate from the norm provides U.S. intelligence agencies with an upper hand in identifying and countering threats.

The NSA focuses not only on detecting traditional malware, but also on identifying the exploitation of vulnerabilities and implementation flaws. These sophisticated attack vectors allow adversaries to infiltrate networks and operate undetected, posing significant challenges to cybersecurity defenses.

A particular focus of Joyces address was the recent activities of China-backed hackers. These hackers, as Joyce explained, are targeting U.S. critical infrastructure in what is believed to be preparations for potential geopolitical conflicts, such as an anticipated invasion of Taiwan. The use of Artificial Intelligence by these actors complicates the cybersecurity landscape, as their methods are more sophisticated and harder to detect.

The U.S. intelligence community, leveraging AI tools, actively monitors and responds to these threats. AI is instrumental in identifying and mitigating actions of state-backed hackers, especially in scenarios where they mimic legitimate network users.

Generative AIs ability to create convincing computer-generated text and imagery has introduced new challenges in cybersecurity. These tools are now employed in cyberattacks and espionage campaigns, making detecting and preventing such activities more complex.

Joyce highlighted that Artificial Intelligence technologies, while not making an incompetent individual capable, significantly enhance the effectiveness of those who use them. For instance, AI-driven tools craft more convincing phishing emails and conduct more sophisticated hacking operations. These developments necessitate a robust response from national security agencies.

Read Also: Bitcoin ETFs: Is Hong Kong Brewing Strategic East-West Capital War?

Maxwell is a crypto-economic analyst and Blockchain enthusiast, passionate about helping people understand the potential of decentralized technology. I write extensively on topics such as blockchain, cryptocurrency, tokens, and more for many publications. My goal is to spread knowledge about this revolutionary technology and its implications for economic freedom and social good.

The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.

Link:
AI Identified as Emerging Threat in Cyber Crime by NSA Director - CoinGape

Posted in NSA | Comments Off on AI Identified as Emerging Threat in Cyber Crime by NSA Director – CoinGape

AI is helping China-backed hackers but it’s also helping to hunt them down, NSA says – TechRadar

Posted: at 10:26 pm

Cybercriminals of all skill levels are using AI to enhance their abilities, but AI is also helping to hunt them down, security experts have warned.

At a conference at Fordham University, National Security Agencys director of cybersecurity, Rob Joyce, said that Chinese hacking groups are being assisted by AI to slip past firewalls when infiltrating networks.

Hackers are using generative AI to improve their use of English in phishing scams, and also using it for technical guidance when infiltrating a network or launching an attack, Joyce warned.

2024 is set to be a critical year for state-backed hacking groups, particularly those working on behalf of China and Russia. Taiwans presidential election kicks off in just a few days, which China will be looking to influence in its pursuit of reunification. But eyes will also be on the US elections coming up in November and the UK is expected to hold a general election in the second half of 2024.

China backed groups are already developing highly effective methods for infiltrating organizations and are using AI to do so. Theyre all subscribed to the big name companies that you would expect - all the generative AI models out there, Joyce says. Were seeing intelligence operators [and] criminals on those platforms.

The US experienced an increased number of attacks on critical energy and water infrastructure sites in 2023, which US government officials attributed to groups linked to China and Iran. One of the attack methods used by the China backed Volt Typhoon group involves accessing a network covertly and then using built-in network administration tools to perform attacks.

While no particular examples were given of recent attacks involving AI, Joyce points out, Theyre in places like electric, transportation pipelines and courts, trying to hack in so that they can cause societal disruption and panic at the time in place of their choosing.

China backed groups have been gaining access to networks by abusing implementation flaws - bugs caused by poorly implemented software updates - and then establishing themselves what would appear to be a legitimate user of the system. However, their activities and traffic within the network is often unusual.

Joyce explains that, Machine learning, AI and big data helps us surface those activities [and] brings them to the fore because those accounts dont behave like the normal business operators on their critical infrastructure, so that gives us an advantage.

Just as generative AI is expected to help bridge the skills gap in cybersecurity by providing insights, definitions and advice to those working in the industry, it can also be reverse engineered or abused by cybercriminals to provide guidance on their hacking activities.

Joyce explained that AI is not a silver bullet that can suddenly make someone with no experience into a cybercriminal mastermind, but its going to make those that use AI more effective and more dangerous.

Via TechCrunch

View post:
AI is helping China-backed hackers but it's also helping to hunt them down, NSA says - TechRadar

Posted in NSA | Comments Off on AI is helping China-backed hackers but it’s also helping to hunt them down, NSA says – TechRadar

Top 10 misconfigurations: An NSA checklist for CISOs – The Stack

Posted: October 20, 2023 at 6:15 am

A new advisory from signals intelligence and cybersecurity experts at the National Security Agency (NSA) highlights the top 10 most common cybersecurity misconfigurations in large organisations including regular exposure of insecure Active Directory Certificate Services.

It comes as the NSAs Cybersecurity Director Rob Joyce warned that if your infrastructure cant survive a user clicking a link, you are doomed.

"Im the director of cybersecurity at NSA and you can definitely craft an email link I will click he added on X writing as generative AI models make it far easier for non-native speakers to craft convincing phishing emails and as such campaigns remain highly effective for threat actors.

The list is a useful guidebook to those seeking to secure IT estates and is no doubt based in part on the NSAs extensive experience of breaching services, as well as support defending CNI. To The Stack, it is also a crisp reminder that strict organisational discipline is critical for cyber hygiene.

Too many network devices with user access via apps or web portals still hide default credentials for built-in administrative accounts. (Cisco, were looking at you, you, you. (Others are also regularly guilty.) The problem extends to printers and scanners with hard coded default credentials on them but are set up with privileged domain accounts loaded so that users can scan and send documents to a shared drive).

NSA says: Modify the default configuration of applications and appliances before deployment in a production environment . Refer to hardening guidelines provided by the vendor and related cybersecurity guidance (e.g., DISA's Security Technical Implementation Guides (STIGs) and configuration guides)

More specifically on default permissions risks, NSA says it regularly says issues with configuration of Active Directory Certificate Services (ADCS); a Microsoft feature used to manage Public Key Infrastructure (PKI) certificates, keys, and encryption inside of AD environments.

Malicious actors can exploit ADCS and/or ADCS template misconfigurations to manipulate the certificate infrastructure into issuing fraudulent certificates and/or escalate user privileges to domain administrator privileges it warns, pointing to ADCS servers running with web-enrollment enabled; ADCS templates where low-privileged users have enrollment rights and other associated issues with external guidance on a handful of known escalation paths here, here and here.

Ensure the secure configuration of ADCS implementations. Regularly update and patch the controlling infrastructure (e.g., for CVE-2021-36942), employ monitoring and auditing mechanisms, and implement strong access controls to protect the infrastructure. Disable NTLM on all ADCS servers. Disable SAN for UPN Mapping. If not required, disable LLMNR and NetBIOS in local computer security settings or by group policy.

Already have an account? Sign in

Read this article:
Top 10 misconfigurations: An NSA checklist for CISOs - The Stack

Posted in NSA | Comments Off on Top 10 misconfigurations: An NSA checklist for CISOs – The Stack

CISA and NSA Issues New Identity and Access Management Guidance for Vendors – TechRepublic

Posted: at 6:15 am

The National Security Agency and the Cybersecurity and Infrastructure Security Agency published on October 4, 2023, a document titled Identity and Access Management: Developer and Vendor Challenges. This new IAM CISA-NSA guidance focuses on the challenges and tech gaps that are limiting the adoption and secure employment of multifactor authentication and Single Sign-On technologies within organizations.

The document was authored by a panel of public-private cross-sector partnerships working under the CISA-NSA-led Enduring Security Framework. The ESF is tasked with investigating critical infrastructure risks and national security systems. The guidance builds on their previous report, Identity and Access Management Recommended Best Practices Guide for Administrators.

SEE: 8 Best Identity and Access Management (IAM) Solutions for 2023

In an email interview with TechRepublic, Jake Williams, faculty member at IANS Research and former NSA offensive hacker, said, The publication (its hard to call it guidance) highlights the challenges with comparing the features provided by vendors. CISA seems to be putting vendors on notice that they want vendors to be clear about what standards they do and dont support in their products, especially when a vendor only supports portions of a given standard.

Jump to:

The CISA-NSA document detailed the technical challenges related to IAM affecting developers and vendors. Specifically looking into the deployment of multifactor authentication and Single-Sign-On, the report highlights different gaps.

According to CISA and the NSA, the definitions and policies of the different variations of MFAs are unclear and confusing. The report notes there is a need for clarity to drive interoperability and standardization of different types of MFA systems. This is impacting the abilities of companies and developers to make better-informed decisions on which IAM solutions they should integrate into their environments.

The CISA-NSA report notes that vendors are not offering clear definitions when it comes to the level of security that different types of MFAs provide, as not all MFAs offer the same security.

For example, SMS MFA are more vulnerable than hardware storage MFA technologies, while some MFA are resistant to phishing such as those based on public key infrastructure or FIDO while others are not.

SEE: The 10 Universal Truths of Identity and Access Management (One Identity white paper)

The CISA and NSA say that the architectures for leveraging open standard-based SSO together with legacy applications are not always widely understood. The report calls for the creation of a shared, open-source repository of open standards-based modules and patterns to solve these integration challenges to aid in adoption.

SSO capabilities are often bundled with other high-end enterprise features, making them inaccessible to small and medium organizations. The solution to this challenge would require vendors to include organizational SSOs in pricing plans that include all types of businesses, regardless of size.

Another main gap area identified is MFA governance integrity over time as workers join or leave organizations. The process known as credential lifecycle management often lacks available MFA solutions, the CISA-NSA report stated.

The overall confusion regarding MFA and SSO, lack of specifics and standards and gaps in support and available technologies, are all affecting the security of companies that have to deploy IAM systems with the information and services that are available to them.

An often-bewildering list of options is available to be combined in complicated ways to support diverse requirements, the report noted. Vendors could offer a set of predefined default configurations, that are pre-validated end to end for defined use cases.

Williams told TechRepublic that the biggest takeaway from this new publication is that IAM is extremely complex.

Theres little for most organizations to do themselves, Williams said, referring to the new CISA-NSA guidance. This (document) is targeted at vendors and will certainly be a welcome change for CISOs trying to perform apples-to-apples comparisons of products.

Williams said another key takeaway is the acknowledgment that some applications will require users to implement hardware security modules to achieve acceptable security. HSMs are usually plug-in cards or external devices that connect to computers or other devices. These security devices protect cryptographic keys, perform encryption and decryption and create and verify digital signatures. HSMs are considered a robust authentication technology, typically used by banks, financial institutions, healthcare providers, government agencies and online retailers.

In many deployment contexts, HSMs can protect the keys from disclosure in a system memory dump, Williams said. This is what led to highly sensitive keys being stolen from Microsoft by Chinese threat actors, ultimately leading to the compromise of State Department email.

CISA raises this in the context of usability vs. security, but its worth noting that nothing short of an HSM will adequately meet many high-security requirements for key management, Williams warns.

The CISA-NSA document ends with a detailed section of key recommendations for vendors, which as Williams says, puts them on notice as to what issues they need to address. Williams highlighted the need for standardizing the terminology used so its clear what a vendor supports.

Chad McDonald, chief information security officer of Radiant Logic, also talked to TechRepublic via email and agreed with Williams. Radiant Logic is a U.S.-based company that focuses on solutions for identity data unification and integration, helping organizations manage, use and govern identity data.

Modern-day workforce authentication can no longer fit one certain mold, McDonald said. Enterprises, especially those with employees coming from various networks and locations, require tools that allow for complex provisioning and do not limit users in their access to needed resources.

For this to happen, a collaborative approach amongst all solutions is essential, added McDonald. Several of CISAs recommendations for vendors and developers not only push for a collaborative approach but are incredibly feasible and actionable.

McDonald said the industry would welcome standard MFA terminology to allow equitable comparison of products, the prioritization of user-friendly MFA solutions for both mobile and desktop platforms to drive wider adoption and the implementation of broader support for and development of identity standards in the enterprise ecosystem.

Create standard MFA terminology Regarding the use of ambiguous MFA terminology, the report recommended creating standard MFA terminology that provides clear, interoperable and standardized definitions and policies allowing organizations to make value comparisons and integrate these solutions into their environment.

Create phishing-resistant authenticators and then standardize their adoption In response to the lack of clarity on the security properties that certain MFA implementations provide, CISA and NSA recommended additional investment by the vendor community to create phishing-resistant authenticators to provide greater defense against sophisticated attacks.

The report also concludes that simplifying and standardizing the security properties of MFA and phishing-resistant authenticators, including their form factors embedded into operating systems, would greatly enhance the market. CISA and NSA called for more investment to support high-assurance MFA implementations for enterprise use. These investments should be designed in a user-friendly flow, on both mobile and desktop platforms, to promote higher MFA adoption.

Develop more secure enrollment tooling Regarding governance and self-enrollment, the report said its necessary to develop more secure enrollment tooling to support the complex provisioning needs of large organizations. These tools should also automatically discover and purge enrollment MFA authenticators that have not been used in a particular period of time or whose usage is not normal.

Vendors have a real opportunity to lead the industry and build trust with product consumers with additional investments to bring such phishing-resistant authenticators to more use cases, as well as simplifying and further standardizing their adoption, including in form factors embedded into operating systems, would greatly enhance the market, stated the CISA and the NSA.

Follow this link:
CISA and NSA Issues New Identity and Access Management Guidance for Vendors - TechRepublic

Posted in NSA | Comments Off on CISA and NSA Issues New Identity and Access Management Guidance for Vendors – TechRepublic

How to Protect Against Evolving Phishing Attacks – National Security Agency

Posted: at 6:15 am

FORT MEADE, Md. - The National Security Agency (NSA) and U.S. partners have released a new report describing the latest techniques in phishing attacks and the defenses organizations can deploy against them. The Cybersecurity Information Sheet (CSI) Phishing Guidance: Stopping the Attack Cycle at Phase One outlines tailored cybersecurity controls for Information Technology (IT) departments to reduce phishing attacks, also known as electronically delivered social engineering. The Cybersecurity and Infrastructure Security Agency (CISA), NSA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) co-authored the CSI. Knowing how to navigate phishing danger is essential because anyone can fall victim to these attacks, said Eric Chudow, NSAs Cybersecurity System Threats & Vulnerability Analysis Subject Matter Expert. Cyber threat actors are constantly evolving their techniques and harnessing new technologies to their advantage, including artificial intelligence. They are also finding it easier to deceive people who have transitioned to hybrid work environments and have fewer-face-to-face interactions. Cyber actors employ a wide range of technologies and platforms to conduct phishing attacks. Common vectors include short messaging system (SMS) text messages and chats in platforms such as Slack, Teams, Signal, WhatsApp, iMessage, and Facebook Messenger. Such attacks may lure users into divulging their login credentials or clicking a malicious hyperlink or attachment which then executes malware. The CSI provides detailed mitigations to protect against login credential phishing and malware-based phishing, as well as steps for identifying and remediating successful phishing activity. It lists more than a dozen best practices for IT professionals to follow to avoid their organization being compromised, including phishing-resistant multi-factor authentication (MFA), phishing filters for links and attachments, protective DNS, application allow-lists, and remote browser isolation. Additional guidance in the CSI focuses on software manufacturers implementing secure by design and default tactics and techniques. Software manufacturers should develop and supply software that is secure against the most prevalent phishing threats. The co-authoring agencies urge organizations to hold software manufacturers to a secure-by-design technology standard and build these and other mitigations directly into products to protect users and organizations from phishings malicious effects. Read the full report here. Read NSAs secure-by-design guidance. Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations MediaRelations@nsa.gov 443-634-0721

Link:
How to Protect Against Evolving Phishing Attacks - National Security Agency

Posted in NSA | Comments Off on How to Protect Against Evolving Phishing Attacks – National Security Agency

NSA Shares Recommendations to Advance Device Security Within … – National Security Agency

Posted: at 6:15 am

FORT MEADE, Md. - The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) to enable federal agencies, partners, and organizations to assess devices in their systems and be better poised to respond to risks associated with critical resources. Cybersecurity threats continue to increase, and traditional defenses cannot scale to provide effective security against these threats. Transitioning to a Zero Trust security framework places defenders in a better position to secure sensitive data, systems, applications, and services against nation-state actors and malicious actors seeking quick financial gains. The Advancing Zero Trust Maturity Throughout the Device Pillar CSI provides recommendations to effectively ensure all devices meet an organizations access criteria and security policies. The NSA advises National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network owners and operators to implement the recommendations in the CSI to increase maturity levels of the device pillar capabilities. These include device identification, inventory, and authentication, device authorization using real time inspection, and remote access protection. Traditional security defenses have been shown to be insufficient to address the current threat environment said Alan Laing, NSAs Vulnerability Analysis Subject Matter Expert. Government organizations and critical system owners need to enhance management of their device inventories to improve detection of sophisticated threats as part of comprehensive cybersecurity strategy integrating effective and scalable solutions to secure sensitive data, applications and services. As indicated in the CSI, the device pillar is a foundational component of the Zero Trust security framework. It ensures devices within an environment or attempting to connect to resources in such environment are located, enumerated, authenticated, and assessed. A device is only authorized access if it meets the environments security policies. The device pillar is one of the seven pillars defined in the DoD Zero Trust Reference Architecture. The capabilities discussed in this CSI complement on the Advancing Zero Trust Maturity Throughout the User Pillar published on 14 March 2023. NSA advises progression of the capabilities in each of the seven pillars in the Zero Trust security framework should be seen as a cycle of continuous improvement based on evaluation and monitoring of threats. The NSA Zero Trust security framework adheres to the Presidents Executive Order of Improving the Nations Cybersecurity (EO 14028) and National Security Memorandum 8 (NSM-8), which direct Federal Civilian Executive Branch (FCEB) agencies and NSS owners and operators to develop and implement strategic plans to adopt a Zero Trust cybersecurity framework. Read the full report here. Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations MediaRelations@nsa.gov 443-634-0721

Visit link:
NSA Shares Recommendations to Advance Device Security Within ... - National Security Agency

Posted in NSA | Comments Off on NSA Shares Recommendations to Advance Device Security Within … – National Security Agency

Nansemond-Suffolk tennis falls to Norfolk Academy Thursday – The … – Suffolk News-Herald

Posted: at 6:15 am

Published 6:34 pm Thursday, October 19, 2023

Nansemond Suffolk Academy fell to Norfolk Academy 1-8 in a conference match today at NSA courts. NSAs Kayla Kosiorek knocked off Anderson Legume 6-1, 6-2. Kosiorek and Emma Morgan fell in a hard-fought 8-6 doubles match to Legume and Nora Clingenpeel.

NSA falls to 9-4 overall, 6-2 in conference and #4 ranking in VISAA D-2 rankings.

Singles Kayla Kosiorek (NSA) beat Anderson Legume (NA) 6-1 6-2 Emma Morgan (NSA) lost to Nora Clingenpeel 6-0 6-0 Emma Graves (NSA) lost to Rhea Khanna (NA) 6-1 6-1 Izzy Rose (NSA) lost to Reagan Szakaly (NA) 7-5 6-0 Aubrey Council (NSA) lost to AR Furr (NA( 6-1 6-2 Paige Dowd (NSA) lost to Leighton Soderberg (NA) 6-1 6-1

Doubles Kosiorek/Morgan (NSA) lost to Legume/Clingenpeel (NA) 8-6. Rose/Council (NSA) lost to Szakaly/Khanna (NA) 8-2 Dowd/Rylea Nelms (NSA) lost to Furr/charlotte shumadine (NA) 8-0

Read more:
Nansemond-Suffolk tennis falls to Norfolk Academy Thursday - The ... - Suffolk News-Herald

Posted in NSA | Comments Off on Nansemond-Suffolk tennis falls to Norfolk Academy Thursday – The … – Suffolk News-Herald

NSA calls for a ‘root and branch’ review of Red Tractor – Farmers Guardian

Posted: at 6:15 am

The National Sheep Association (NSA) has called for a root and branch review of Red Tractor following the announcement of the assurance body's Greener Farms Commitment last week.

The association said the industry had been sideswiped' and that it was deeply concerned none of the detail of the new environmental bolt-on which requires farmers to adopt five environment standards.

Following an extraordinary meeting of the NSA English Committee earlier this week, the association has demanded a root and branch review of the assurance scheme and its governance.

NSA chief executive Phil Stocker said the NSA continued to support the concept of farm assurance as an open gate declaration of good practice'. But he continued: "We have long been frustrated that the scheme is losing its way and has become less relevant to sheep farmers with little acceptance of the unique nature of our sector.

"Most of the nation's sheep farms are not big businesses with layers of management, but are family farms and single operators, many with little land of their own, and our sector still offers a valuable first step on the farming ladder for young new entrants. Becoming Red Tractor Assured presents a huge hurdle for many sheep farms, and for most of the sector's routes to market it adds no value."

See also: Red Tractor crossed the 'red line on environmental module introduction

NSA said it believed the Greener Farms Commitment takes Red Tractor into the realm of setting environmental policy in isolation rather than getting behind the key environmental and sustainable farming schemes being introduced by Defra.

Following the meeting of the NSA English Committee on Monday, chair Kevin Harrison added: "It is quite telling that those responsible for the governance of the assurance scheme felt the need to work on this behind closed doors without even consulting their boards or technical advisory committees." NSA Chief Executive Phil Stocker continued:"Anyone who has had any contact with NSA will recognise that we are pro-environment, but the recent announcement of the Greener Farm Commitment, developed with no practical input from ourselves or the farming sector, is flawed and simply a step too far. We do not accept this will remain a voluntary scheme and additionality like this comes with a cost that needs to be supported via market premiums or by full alignment with Defra's Sustainable Farming Incentive (SFI) and Countryside Stewardship schemes.

"We are frustrated by the fact there has been no consideration for the hundreds of sheep farmers who operate as graziers on other people's land and have no influence on wider land management decisions, or direct access to SFI and similar schemes, yet do a great job within the boundaries of their authority. We are not prepared to put at risk the social and cultural makeup of our industry in this drive for more industrialisation, supposed professionalisation, and red tape."

See also: Red Tractor defends 'greenwashing' slur

Earlier this week, the NFU passed a resolution highlighting members' concerns around the detail of Red Tractor's new green module. The union was forced to act following the proposal of a resolution from the Midlands (Transitional) Region which called for an independent review of Red Tractor governance and a pause to further bolt-ons'.

According to the NFU, while members still recognised and embraced' the increasing role of sustainability in farm assurance, some felt more granular, technical and practical elements of the GFC' should have been consulted on more widely before the module was unveiled.

NFU deputy president Tom Bradshaw said: "Red Tractor has been a positive thing for our members and, indeed, is an organisation we helped establish for that very reason... We all accept the roll-out of the GFC has not been as any of us would have wished, but the issue is about procedures, not principles. We can and should work together to address those issues, get past this and move on for the benefit of farmers, growers, the wider supply chain and, crucially, consumers."

A spokesperson for Red Tractor said: "NFU Council have raised the importance of involving farmers in the continued development of Red Tractor's environment module. We agree about how important this is, and that there are benefits for farmers, growers, and the wider supply chain, from a common industry approach.

"Work to this point included trials with 25 farms last year, for example. As the main Red Tractor board agreed last month, our existing Technical Advisory Committees and Sector Boards are meeting over coming weeks to provide their feedback on technical and practical considerations.

"But we recognise there is always more we can do to listen to farmers' feedback and understand their point of view. The new Development Advisory Panel (DAP) is being created and will meet for the first time next month and will have a critical role to ensure that the Greener Farms Commitment (GFC) takes full account of the first-hand experience of farmers."

See original here:
NSA calls for a 'root and branch' review of Red Tractor - Farmers Guardian

Posted in NSA | Comments Off on NSA calls for a ‘root and branch’ review of Red Tractor – Farmers Guardian

Israel’s NSA warns of US intervention as Gaza conflict escalates – IndiaTimes

Posted: at 6:15 am

In a significant development, Israel's national security adviser, Tzachi Hanegbi, has warned that the United States may intervene if the ongoing Gaza conflict escalates further and draws in Iran and Hezbollah in support of Hamas. This warning comes in the wake of expressions of support from U.S. President Joe Biden. During a televised briefing, Hanegbi highlighted President Biden's actions, which include deploying U.S. naval forces in the Mediterranean and publicly cautioning both Hezbollah and Tehran to stay out of the hostilities. "He is making clear to our enemies that if they even imagine taking part in the offensive against the citizens of Israel, there will be American involvement here," Hanegbi stated, emphasizing that "Israel will not be alone." The heightened tensions are palpable on both sides of the Israeli-Lebanese border. Israeli and Lebanese residents in the region have begun to evacuate their homes due to the fear that their towns could become the main battleground in a conflict between Israel and Hezbollah. Smadar Azoulai, a displaced resident of Kiryat Shmona in Israel, expressed the anxiety felt by many, stating, "This time it's a whole different kind of anxiety - terrible fear." Meanwhile, in Lebanon, residents of towns and cities near the border have fled north in anticipation of potential Israeli military action. Uncertainty looms over the region as it could become a second front in a broader Middle Eastern conflict, with Israel's expected invasion of Gaza in response to a surprise attack by Hamas potentially provoking a strong response from regional adversaries. The recent attack on October 7th, resulting in more than 1,300 Israeli casualties, marked the deadliest single day in Israel's 75-year history. In retaliation, Israel has initiated its most intense bombardment of the blockaded Gaza Strip, resulting in over 2,700 Palestinian casualties, with plans for a large-scale ground offensive. As the situation unfolds, the northern border with Lebanon, a hilly region by the sea, stands in stark contrast to the Gaza Strip, located 200 kilometers (130 miles) to the southwest. While the two areas may seem distant, Iran's support for Hamas and Hezbollah has raised concerns. Iran has recently warned of "preemptive action" against Israeli assaults on Gaza, further escalating tensions. Israel has taken precautionary measures, including the evacuation of 28 villages near Lebanon, relocating affected families to tourist resorts in the south. Lebanese residents have sought refuge further north, hoping to avoid Israeli military operations. With the situation in flux, the region remains on edge, and the potential for further escalation keeps residents and observers on high alert. The memory of the 2006 war between Hezbollah and Israel, which began suddenly and without warning, still looms large, with fears of a similar conflict mounting since October 7th. At the Sea of Galilee, hundreds of Israelis from northern kibbutzes are living out of suitcases indefinitely. The prevailing mood is one of fear and uncertainty as people anxiously await the resolution of the crisis and wonder about the future of those affected by the conflict. Amidst these developments, there have been reports of continued violence in the border areas, with Israel's military announcing the killing of individuals attempting to plant an explosive device on the Lebanon-Israel border. Both sides have exchanged fire and targeted military posts and equipment, further heightening the tensions. The situation remains fluid, with the risk of escalation persisting, as regional powers and international actors closely monitor the evolving crisis. (with inputs from Reuters)

Visit link:
Israel's NSA warns of US intervention as Gaza conflict escalates - IndiaTimes

Posted in NSA | Comments Off on Israel’s NSA warns of US intervention as Gaza conflict escalates – IndiaTimes

The U.S. government is still in its Tumblr era. – Slate

Posted: at 6:15 am

A few months ago, as a debate was heating up over whether to renew an FBI surveillance authority known as Section 702, I was looking for an unsealed court document from the Foreign Intelligence Surveillance Court (FISC). I asked a colleague if FISC had a website where I could find these opinions. Oh, thats easy, my colleague said. Just check their Tumblr.

Sure enough, I found the document on the Tumblr in question: IC on the Record, a website created at the direction of the President of the United States and maintained by the Office of the Director of National Intelligence, which promised direct access to factual information related to the lawful foreign surveillance activities of the U.S. Intelligence Community.

How did the Office of the Director of National Intelligencea senior-level agency representing the entire intelligence community including the CIA and the National Security Agencycome to host some of the most important docson a platform better known for cat gifs, LGBTQ+ discourse, and indie sleaze? And why, 10 years later, after the internet moved beyond the cat gifs, Tumblr alienated its queer communities, and Gen Z went through a cycle of Tumblr-aesthetic nostalgia, is the government still in its Tumblr era?

That era began in 2013, when a 29-year-old National Security Agency contractor named Edward Snowden leaked thousands of highly classified documents revealing sprawling global surveillance programs carried out by the United States and several allies. It was the biggest leak in intelligence history. The fallout was swift and the public outcry loud. James Clapper, the director of national intelligence at the time, publicly apologized and admitted that his testimony to Congress earlier that year, in which he claimed that the NSA did not collect data on millions of Americans, had been clearly erroneous.

The Snowden disclosures created a huge crisis of legitimacy for intelligence agencies in the public mind, and it was very clear to us that we needed to be more proactive in getting information out to the public, remembered Alex Joel, who led the Office of Civil Liberties, Privacy and Transparency at the Office of the Director of National Intelligence at the time.

But the civil libertarians werent the only ones up in arms. Everyday Americans began to pressure the Obama administration for greater transparency on the surveillance programssomething the intelligence community wasnt accustomed to doing. Before the Snowden leaks, agencies like the CIA and NSA prioritized the protection of classified information and national security secrets, not public access to that information. The question was less about where and how to disclose information, but whether to disclose anything at all.

I remember being enormously frustrated, Joel told me. Because there might be a story circulating that was clearly overblown and false in terms of concerns about some intelligence activities that people speculated were going on, and I wanted to be able to respond to those publicly. And the answer typically was, No, were better off just letting it die down.

It soon became clear that the Snowden story wasnt going to die down. The leaks raised serious questions about surveillance programs undertaken in the name of national security, and the government had to answer themespecially if these agencies wanted to retain the programs in whole or in part. Transparency has become the new buzzword in intelligence circles as officials attempt to preserve as much of their post-9/11 surveillance powers as they can from congressional restrictions, read one Guardian story at the time.

For Joel and others at the ODNI, the Snowden revelations urgently exposed the need to get ahead of disclosures and respond in real time, and the refrain shifted from let it lie to weve got to get ahead of the story. But they couldnt seem to get ahead of the Snowden story, no matter how many carefully crafted statements by Clapper they released on their website. Their public engagement options were limited: They could issue a no comment, write a long statement, or write a short statementand that was about it.

It became clear that people needed to read more than statementsthey needed to read the actual underlying documents. How could we get these documents efficiently cleared and released? Joel remembered asking. And where would we post them? Publishing documents on their own website was a laborious process that moved at the speed of bureaucracythat is, painfully slowly.

The idea to post everything on Tumblr came from Michael Thomas, who joined the ODNI from the private sector in 2012 to head up social media and digital strategy. By using Tumblr, which allowed virtually anyone to spin up a ready-to-go website quickly, ODNI could circumvent the clunky process of posting documents on their own site by getting them up quickly and reactively on an accessible, easy-to-navigate website.

As Thomas got to work on creating the first-ever public-facing blog for the intelligence community, the president gave him an unexpected push. On Aug. 9, 2013, Obama addressed the growing controversy at a press conference in which he promised a few steps to move the debate forward on transparency and public confidence in the surveillance programs. In addition to the appointment of a civil liberties and privacy officer at the NSA, Obama announced, The intelligence community is creating a website that will serve as a hub for further transparency. And this will give Americans and the world the ability to learn more about what our intelligence community does and what it doesnt do, how it carries out its mission, and why it does so. At that point, no one could have guessed that the website would have a Tumblr.com URL.

Well, no one outside of the ODNI. As Clapper wrote in his 2018 memoir, as soon as Obama announced the website, our social media manager, Michael Thomas, realized the president had just announced live on national television the Tumblr site he was in the process of building. He gaped at the TV screen, as Public Affairs Director Shawn Turner patted him on the back, asking, So, hows that website coming?

The ODNI launched Obamas promised hub on Aug. 21, less than two weeks after Obamas speech. Tumblr had enabled the office to quickly build a minimal viable product, in Silicon Valleyspeak, because the road map to a better tool would have been impossibly long. But the buzzy social media platform had other advantages, too. Tumblr allowed users to hack the site by creating banners and design elements, and a built-in community satisfied one of the guiding tenets of digital communication: You cant wait for people to come to your websiteyou have to go where the people are.

By the end of September, the ODNI had declassified and published 1,800 pages of FISC opinions on IC on the Record. This wasnt simply a pile of unclassified documents wed been sitting on, or a collection of improperly overclassified papers, but actual classified court opinions, including requests for surveillance warrants, wrote Clapper. We knew our adversaries would see them, and that making them public, to some degree, posed a risk to national security. But we judged that if we didnt take drastic steps like this, national security could be undermined more by the erosion of trust of the American public and its elected representatives.

Above all, simply choosing Tumblr was a benefit in and of itself. It was a mic drop moment, to borrow a popular term from the era. If you put this stuff on the ODNI or NSA website, no one cares, Thomas told me. But if you put it on Tumblr the, buzzy, hot place full of ironic mustaches and cat gifs, its gonna be a record-scratch in the conversation. Tumblr gave us an opportunity to reenter a public conversation that had fully run away from us.

The gamble seemed to pay off, as a chastened ODNI won media attention, much of it positive, for its unorthodox choice. NSA and Intelligence Community Turn to TumblrWeird but True, read one CNET headline. Even mainstream media seemed bemused enough to cover the blogs launch. If surveillance from government intelligence agencies has you concerned, now you can at least follow them backif only on Tumblr, read one New York Times story. Liba Rubenstein, who was Tumblrs director of causes and politics, doubted the viral potential of IC on the Records posts, but called the move really smart.

Of course, not all the attention was good. Some Tumblr users felt the intelligence communitys How Do You Do, Fellow Kids?style entry onto the platform had ushered in its premature death. The feds are using tumblr. So thats over now, read one Tweet at the time. Other problems included heavy redactions, a lack of search function, and the inability to copy and paste. One TechCrunch journalist remained skeptical, writing, The site is a good idea on the surface, but such great portions of the declassified documents are (and, I presume, will continue to be) redacted that it wont end up being a big help. After mentioning the sites accompanying Twitter handle, the journalist quipped, Hopefully the office will be able to string together 140 characters without redacting anything.

While some had hailed the choice of Tumblr as a brilliant marketing maneuver, others attacked it as just that: a rebranding exercise to distract from the sprawling and at times illegal surveillance program that had just been revealed to the public. In March 2014, national security journalist Spencer Ackerman criticized IC on the Record for failing to add critical disclosures and other important context, including the many instances when the government published declassified documents to the Tumblr only after it lost a transparency case. Marcy Wheeler, a journalist who writes about national security and civil liberties, quickly dubbed the effort I Con the Record.

As Wheeler told an interviewer at the time about the intelligence community, They said, heres where you can come for facts, suggesting that if you go to the Guardian or the Washington Post, youre going to get something that isnt the facts. Problem is, you know, every time they roll out these documents, we learn more and more about the deceit and misrepresentations of the government. But at least the public didnt have to rely on a massive leak every now and then to take a look at these classified opinions. Though often reactive, by April 2015, IC on the Record had released more than 4,500 pages of documents, exceeding the 3,710 pages collected and leaked by Snowden.

Though Tumblr may have seemed out of left field to observers at the time, Taylor Lorenz, a Washington Post columnist covering technology and online culture, pointed out that Tumblr may not have been that odd of a choice in 2013. Theres no other platform that it would have started on at that time, except Tumblr, Lorenz told me. That was peak Tumblr, in terms of its utility to reach the public. When IC on the Record launched, Tumblr already hosted over 30 U.S. government blogs, including sites for the White House, Department of Defense, and the IRS. Lorenz described a heady techno-optimism at the time, especially in the Obama administration, which maintained a cozy relationship with tech companies and a social team in the White House experimenting with different platforms and technologies.

To be fair, the Obama administration officials werent the only ones going all-in on tech and social media, nor were they the first. As journalist Vincent Bevins chronicles in his new book If We Burn, this thinking was pervasive. The Atlantic published a piece titled The Revolution Will Be Twittered, and in the New York Times, Nicholas Kristof wrote that in the quintessential 21st-century conflict on the one side are government thugs firing bullets on the other side are young protesters firing tweets. One former deputy national security adviser in the Bush administration wanted to award Twitter the Nobel Peace Prize. Former U.K. Prime Minister Gordon Brown suggested that the 1994 genocide in central Africa would not have happened in an age of social media.

Today, that period of techno-optimism may seem like a quaint fever dream. But in that era, some people found it exciting to feel like they had direct access to government agencies and the bureaucrats who populated them. In February 2016, for example, Clapper hosted an AnswerTime, a Tumblr equivalent of Reddits Ask Me Anything. Around 2014, while IC on the Record remained on Tumblr, most government agencies migrated to Twitter as the platform rose to prominence. At the time, Twitter provided the government agencies the ability to interact with the public in a controlled space that was difficult to find on other social media sites.

In the early 2010s, it was this novelty to interact with the White House or a politician online, said Lorenz. Like, Oh my god, this government official is Tweeting. But now, the novelty has worn off, and people want accountability. On social media, attempts at accountability can range from speaking truth to power through journalistic disclosures to dunking on power using well-known history and humor. Some dunks have grown into memes and, on occasion, hallowed annual traditions. For example, the FBI often chooses to honor Martin Luther King Jr. on MLK Day on Twitter, leaving out the Bureaus extensive spying and harassment of the civil rights herohistorical context that Twitter users are all too eager to provide. Lorenz suspects the novelty has worn off for the government as well.

A downside of picking a social platform is you may be subject to the reputation of that platform that may not be associated with what youre doing, Joel told me. You dont want it to seem like you deliberately made a choice to use this platform because of its reputation. Though IC on the Record has remained on Tumblr and ODNI on Twitter, other government agencies are now seriously debating whether to stay on the website now known as X.

As Government Technologys Lindsay Crudele wrote last November, It took years for Twitter to evolve from a platform for casual lunch updates to a vital tool for public information exchange [but] it took just days for [Elon Musks] chaotic, profit-driven strategy to dismantle the personnel and security functions that supported a once-reliable public resource. The Twitter chaos has thrown government agencies into crisis. At the annual Government Social Media Conference this summer, several government communications professionals bemoaned the hellscape Twitter had become, and openly wondered when it was time to time to pull the plug.

Today, hellscape feels like an apt description not just of Twitter, but of wide swaths of the internet. In 2013, choosing Tumblr to launch a serious, high-profile response to the Snowden allegations felt incongruous because of the reputation of the platform itself; today, it feels incongruous because the whole internet seems to be falling apart. Ultimately, this is a disservice to the public, which deserves information, accountability, and responsiveness from our public officials, said Lorenz. But its probably more of a headache than anything else in 2023, in this weird, fragmented, fraught platform ecosystem.

As the promise of social media and the open web fades, is there a limit to what we can expect to solve by posting documents online?

Future Tense is a partnership of Slate, New America, and Arizona State University that examines emerging technologies, public policy, and society.

See the original post:
The U.S. government is still in its Tumblr era. - Slate

Posted in NSA | Comments Off on The U.S. government is still in its Tumblr era. – Slate

Page 4«..3456..1020..»