Category Archives: NSA

Note: All information on this page is subject to change. The use of this website constitutes acceptance of our user agreement. Please read our privacy policy and legal disclaimer.

Trading foreign exchange on margin carries a high level of risk and may not be suitable for all investors. The high degree of leverage can work against you as well as for you. Before deciding to trade foreign exchange you should carefully consider your investment objectives, level of experience and risk appetite. The possibility exists that you could sustain a loss of some or all of your initial investment and therefore you should not invest money that you cannot afford to lose. You should be aware of all the risks associated with foreign exchange trading and seek advice from an independent financial advisor if you have any doubts.

Opinions expressed at FXStreet are those of the individual authors and do not necessarily represent the opinion of FXStreet or its management. FXStreet has not verified the accuracy or basis-in-fact of any claim or statement made by any independent author: errors and Omissions may occur.Any opinions, news, research, analyses, prices or other information contained on this website, by FXStreet, its employees, partners or contributors, is provided as general market commentary and does not constitute investment advice. FXStreet will not accept liability for any loss or damage, including without limitation to, any loss of profit, which may arise directly or indirectly from use of or reliance on such information.

Continue reading here:
Netherlands, The Consumer Price Index nsa (YoY) remains unchanged at 1.9% in April - FXStreet

MCLEAN, Va., May 11, 2021 /PRNewswire/ -- Onclave Networks, a global cybersecurity leader specializing in securing OT/IoT devices and systems, views the adoption of Zero Trust guidelines as essential for protecting critical infrastructure.

"Attackers are more sophisticated than ever," said Don Stroberg, CEO of Onclave. "Operational technology is too complex and diverse to protect with a passive approach or a continued reliance on IT security solutions. It also means a near-infinite number of attack vectors to exploit. Our platform is purpose-built to secure OT/IoT systems and is based on Zero Trust principles. Our solution greatly reduces the number of potential attack surfaces, and is the ideal choice for mitigating the risk of breaches to OT/IoT networks."

Critical infrastructure and healthcare facilities are particularly vulnerable targets. Power plants, refineries, and hospitals can have tens of thousands of non-IT devices as an example. A complex network of devices means a potentially innumerable number of vulnerable endpoints that can be exploited, increasing the risk and cost when it comes to ensuring the protection and integrity of the network.

Onclave recommends that businesses across industries should adopt a Zero Trustframework: the idea that trust is verified at each endpoint before access is granted to any device, system or user. "This is the core principle of the Onclave TrustedPlatform. Our unique solution continuously reassesses trust to ensure the integrity of your network," Stroberg said.

According to industry data:

*Interpol reports "an alarming rate of cyberattacks aimed at major corporations, governments, and critical infrastructure."

*Ransomware attacks are up 800%.

The National Security Agency (NSA) recently released the Cybersecurity Advisory, "Stop Malicious Cyber Activity Against Connected Operational Technology", for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) operational technology (OT) owners and operators. In the memo, the NSA stated, "While there are very real needs for connectivity and automating processes, operational technologies and control systems are inherently at risk when connected to enterprise IT systems. Seriously consider the risk, benefits, and cost before connecting (or continuing to connect) enterprise IT and OT networks."

The National Institute of Standards and Technology (NIST) recently published its Zero Trust Architecture (SP 800 - 207) for organizations to adopt the Zero Trust principles. It requires strong authentication and continuous monitoring for any anomalous behavior before access is given. This includes visibility as well as controlled communications between remote users, devices, applications, workloads, data centers and public cloud environments.

Onclavealigns with both NIST and NSA recommended guidelines. The Onclave TrustedPlatform creates cryptographically separate OT networks while still allowing them to share the IT infrastructure. Onclave also supports Zero Trust principles by moving away from "trust, then verify" to "never trust, verify first", providing continuous monitoring and offering the capability to isolate and contain threats. "We are pioneers in developing a proven solution that immediately protects trusted OT/IoT systems and devices - significantly improving your enterprise's overall network security and making it most resilient," Stroberg said.

About Onclave Networks, Inc.

Based intheWashington, D.C., area, Onclave Networks, Inc. is aglobal cybersecurity leader that specializes in securing operational technology (OT/IoT) through private networks. Onclave provides the first true, secure communications platform based on the Zero Trust framework. Our solution protects both legacy and new operational technologies from cyberattacks and other unauthorized access. Onclave makes trusted secure communications a standardfor all by providing the fastest path to a more secure, simplified, andcost-effective alternative to today's solutions. For more information, contact info@onclavenetworks.comor visit onclavenetworks.com.

Media Contact

Alexis Quintal

alexis@newswire.com

Related Images

onclave.png

Onclave

Onclave

View original content to download multimedia:http://www.prnewswire.com/news-releases/preventing-cyberattacks-and-the-risk-of-data-breaches-to-critical-infrastructure-301288224.html

SOURCE Onclave

Originally posted here:
Preventing Cyberattacks and the Risk of Data Breaches to Critical Infrastructure - Inside NoVA

Sometime in mid-2009 or early 2010 no one really knows for sure a brand new weapon of war burst into the world at the Natanz nuclear research facility in Iran. Unlike the debut of previous paradigm-shattering weapons such as the machine gun, airplane, or atomic bomb, however, this one wasn't accompanied by a lot of noise and destruction. No one was killed or even wounded. But the weapon achieved its objective to temporarily cripple the Iranian nuclear weapon program, by destroying gas centrifuges used for uranium enrichment. Unfortunately, like those previous weapons, this one soon caused unanticipated consequences.

The use of that weapon, a piece of software called Stuxnet widely concluded to have been jointly developed by the United States and Israel, was arguably the first publicly known instance of full-scale cyberwarfare. The attack deployed a software vulnerability or exploit, called a zero-day, buried so deeply in computer code that it remains undetected until someone a team of hackers, a criminal, an intelligence or law enforcement agency activates it. We've all heard of, and perhaps even been victimized by, criminal hacks that may have pilfered our credit card numbers and passwords, or been spammed by suspicious emails that invite us to claim supposed Nigerian fortunes. But zero-days operate on a different level entirely.

"Zero-days offer digital superpowers," New York Times cybersecurity reporter Nicole Perlroth writes in "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race."

"Exploiting a zero-day, hackers can break into any system any company, government agency, or bank that relies on the affected software or hardware and drop a payload to achieve their goal, whether it be espionage, financial theft, or sabotage. There are no patches for zero-days, until they are uncovered. It's a little like having the spare key to a locked building."

Such capabilities, says Perlroth, make zero-days "one of the most coveted tools in a spy or cybercriminal's arsenal."

As with any other highly coveted commodity, a vast covert global market has sprung up to meet the demand for zero-days. Perlroth explains that this invisible digital trade was nurtured and encouraged by the U.S. intelligence community. As former National Security Agency contractor Edward Snowden's leaked documents revealed, the NSA not only developed its own zero-days and hacking tools, but beginning in the 1990s started to pay out first thousands, then eventually millions of dollars to the world's most skilled hackers to ferret out security holes in widely used software packages, finding backdoors that could be used to overcome increasingly sophisticated security and encryption protections.

The vulnerabilities were cataloged, filed, and gathered into a closely held, superclassified stockpile a digital arsenal that could be used for espionage, surveillance, and actual cyberwarfare, all without any oversight or outside control. Among many other things, the NSA could now easily track anyone's iPhone at will, read their email, access their contacts, even tap into cameras and microphones.

The NSA truly began to exercise its digital superpowers during the post-9/11 war on terrorism. At first, many of the hackers laboring to develop those tools were kept mostly in the dark about how they were being used, but eventually that changed. "In the years following 9/11, the NSA decided to give its top analysts a glimpse into the fruits of their labors," Perlroth explains. "In a secure room at Fort Meade, the officials projected more than a dozen faces onto a bright screen. Each man on the screen, the analysts were told, was dead thanks to their digital exploits."

Snowden's revelations were only part of the story. As the U.S. sought to expand its stockpile to stay ahead of ever-changing technological upgrades and the capabilities of possible adversaries including Russia, China, and Iran, the American grip on the market began to slip away and other players began to get into the game. When Stuxnet inevitably spread from its narrow and carefully chosen Iranian target to work its way across the world's computers via the internet, the potential advantages of zero-days became clear to everyone and were available to any nation, any group, any organization willing to pay. Former NSA hackers set up shop, joining a burgeoning legion of international hackers looking to cash in, not all of them very picky about their clientele.

In effect, Perlroth explains, it has placed us in the midst of a new arms race, an ever-accelerating competition of offense vs. defense, move and countermove, nearly identical to the nuclear arms race of the Cold War. Former NSA director Michael Hayden noted in a 2013 speech at George Washington University that Stuxnet "has a whiff of August, 1945." "Somebody just used a new weapon,'' he continued, "and this weapon will not be put back in the box."

He was alluding to the first use of the atomic bomb on Hiroshima, but zero-days have proliferated around the world far easier and faster than nukes. "The internet has no borders," writes Perlroth. "No cyberattack can be confined to one nation's citizens anymore."

As with the atomic bomb, we've developed a weapon to protect ourselves which has now boomeranged back upon us. That's been demonstrated in recent years by high-profile incidents such as Russia's interference with the 2016 U.S. presidential election, Iranian attacks on Las Vegas casinos, North Korea's assault on Sony Pictures, the SolarWinds attack that the U.S. is still yet to recover from, and others that Perlroth details including a hacking attack on former First Lady Michelle Obama, and Russia's outright cyberwarfare campaign against Ukraine's power grid and infrastructure.

"Nations are now investing far more time and money in finding vulnerabilities than the commercial world, and the open-source community, is spending to fix them," writes Perlroth. "Russia, China, North Korea, and Iran are stockpiling their own zero-days and laying their logic bombs. They know our digital topography well; in too many cases, they are already inside."

"The world is on the precipice of a cyber catastrophe," she concludes.

Perlroth has been covering the cybersecurity beat for a long time and clearly knows her subject extremely well, which may be the reason that "This Is How They Tell Me the World Ends" feels long and somewhat meandering. It's a complex story with many players and parts, and she perhaps tries to cover a bit too much ground, to the extent that the book somewhat loses focus along the way. But it's a vitally important topic that requires far more attention and concern, before the U.S. finds itself blindsided when an adversary decides to unleash full-scale cyberwar on us.

Francis Ford Coppola's 1974 film "The Conversation," about a surveillance expert played by Gene Hackman, ends with Hackman's character so consumed with paranoia that he literally tears apart his own apartment searching for a nonexistent listening device. After reading Perlroth's book, I felt a little paranoid myself, eyeing my own laptop and iPhone. (Maybe that's why her author bio notes that she "increasingly prefers life off the grid" in her family's "cabin in the woods.")

This article was originally published on Undark. Read the original article.

Read the rest here:
The next frontier of warfare is online - Salon

Almost two years since a Government of Ghana car vanished at the premises of a hotel in Kumasi, Police and authorities seem to have no clue.

The brand-new 2018 Toyota Hilux Pickup was allegedly stolen, a couple of months after it was acquired.

Angel FMs Saddick Adams tracks back events surrounding the loss of the vehicle and what we know so far.

Bankrupt NSA Has No Car

The National Sports Authority, the body mandated to regulated Sports in the country, has for some years, gone bankrupt. The body has been at the receiving end of several law suits.

In February 2017 for instance, had its bank accounts blocked after one of its creditors obtained a court order in bid to retrieve monies owed them over the past four years. The creditor won the suit and the only vehicle for the operations of the office confiscated. The Spokesperson Fredericka Davies-Mensah confirmed to newsmen that, Policemen stormed the premises with a bailiff and had the car taken away.

Top staff of the Authority had to do operational rounds in their private vehicle.In November 2018, the NSA acquired two new Toyota Hilux Pick up cars for the use by the body, costing around GHC310,000.

One of the vehicles was kept in a pool at the Authority while the other was handed over to the Director General of the Authority, Professor Peter Twumasi, who was appointed in December 2018, weeks after the vehicles arrived.

Vehicle Not Registered by GV

Despite a Government of Ghana Directive for all vehicles acquired in the name of GoG to be registered under GV, the two vehicles failed to adhere to the directives for unknown reasons.

The vehicle was registered GX6551-18. According to checks by Saddick Adams, the vehicle was first insured under a third-party agreement.

Disappearance of Vehicle and Drivers Narration

On September 5, 2019, the National Sports Authority Director was chauffeured to Kumasi by a driver of the NSA, by name Michael Andoh.

According to the driver, he had dropped the NSA Director at his residence near KNUST and proceeded to lodge at OWASS Hotel, some few kilometers from the KNUST Campus.

Mr Andoh narrated that, upon reaching the hotel, he was called by the aide to the NSA boss to drive to one hospital in the Ashanti Regional Capital, where a staff of the NSA was on admission.

Andoh, the driver drove in the company of the NSA Directors aide to see the ailing staff. They both returned to the Hotel around 7pm. He parked the car at the hotels premises and accompanied the Directors Personal Assistant to the road side where he picked a car.

Andoh then came back to the hotel, inspected the car and went into his room to sleep.

Between 3-4am on the dawn of 6th September 2019, Andoh says he heard loud knocks on his door only to open and meet the security man of the hotel. The NSA driver claim he was told by the security man that, the Directors Personal Aide had been calling for several times and he Andoh was not picking.

He then checked his phone to see several missed calls from the PA.

He called back and was told by the PA that, the Director General had ordered for the two to go back to the hospital again to transfer the ailing staff since his condition had deteriorated.

Andoh says he was hesitant, since he knew it was impossible to get a doctor to transfer a patient at that time of the night and even if they were successful, the patient would have to be transported via an ambulance and not the NSA pickup.

He however picked his keys and dressed up to go pick the car since the order was from his boss. He got down to the car par and lo and behold, the car had vanished without any breakages or traces of damage.

The security officer at the hotel claimed he inspected the compound around 2am and the vehicle was intact, but here, it had disappeared in less than an hour without the security man getting any hint.

Andoh called his boss to report the incident and the two made formal complaints at the KNUST Police Stations. The security man at the hotel and Michael Andoh, the driver, were detained for some few hours and released.

The missing vehicle had three original keys, two of which were with the driver of the vehicle. The other key was with the Transport Officer at the National Sports Authority in Accra. The two keys are still with the beleaguered driver till date.

Conflicting Accounts

In a sharp contradiction to the drivers narration, the Director General of the NSA, in an interview with Joy FM reporter Muftawu Nabila said the car was with his driver Michael Andoh and he was robbed.

Our reporters also gathered that, a facility near the Hotel of the incident had CCTV Cameras installed but when the driver with hotel management tried to access it to find out if they could trace the incident, the CCTV did not function that night, Michael claimed.

Drivers Hotel Changed

The driver, Michael Andoh reveals that, he has been driving at the NSA for over 12 years and anytime they travel to Kumasi, he lodges at the Eno Yeboah Hotel near the Kumasi stadium. He parks his car at the stadium for maximum security before he returns to the hotel to pass the night.

According to him, this had always been the practice.

But few months before the vehicle was stolen, his boss, Mr Twumasi instructed that he changes his hotel to sleep closer to him, at the KNUST Hostel, reason for the decision to lodge at this new hotel where the car was stolen.

When our reporters went to the OWASS Hotel in April 2021, the security man at the centre of events, had been relieved of his duties and no longer works at the hotel. His whereabout were not disclosed.The Police had also not invited Andoh, neither had they contacted the security man again, after they were released a day after the car disappeared.

NSA Institutes Internal Investigation

On 10th September 2019, the NSA Director set up a 3-member Committee to assist the investigative bodies and agencies with the following terms and references.

i.Unravel the circumstances that led to the disappearance of the of the vehicle;ii.Liaise with the National Security including the Police in their investigation.iii.Make recommendations to the management.

After few months of the committees investigations, the chairman of the committee was transferred from the head office to the Greater Accra NSA office, which caused delays in their operations.

As at 7th May 2021, before filing this story, the police had yet to submit any report to the Ministry of Sports or NSA.

When our reporters contacted the Director General Professor Twumasi, he indicated that matter was still with the Police and investigations underway.

He however added that, the car has been insured against theft so he is hopeful it would be replaced.

New Car Acquired

The National Sports Authority had to rent a Jeep car to be used by the Director General, at a cost of 500 cedis day for Accra and 800 cedis outside Accra, for nearly six months after the disappearance of the official vehicle.

Recently, the NSA acquired a Land Cruiser Prado to be used by the Director as his official car.

The controversial missing of the car, for almost two years, without any trace, is still a matter causing lot of musings and murmurings within and around the coffers of the debt-ridden NSA.

Here is the original post:
Scandal: How a brand-new Toyota Hilux car belonging to NSA vanished at a hotel in Kumasi - GhanaWeb

MORE than two thirds of the UKs sheep farmers responding to a recent survey have experienced an increase in sheep worrying attacks by dogs during the past year.

This troubling statistic is part of a concerning set of findings released by the National Sheep Association (NSA) from its recent farmers survey assessing the incidence and impact of sheep worrying by dog attacks across the UK.

NSA received a record-breaking response for its 2021 survey specifically aimed at farmers who had experienced dog attacks in the past year. The increase in contributions indicates the scale of the serious problem. On average, each respondent to the survey experienced seven cases of sheep worrying during the past year resulting in five sheep injured and two sheep killed per attack. Estimated financial losses through incidents of sheep worrying of up to 50,000 were recorded, with an average across all respondents of 1570. However, most respondents received no or very little compensation.

NSA Chief Executive Phil Stocker says: There is still much work to do to continue the education of the dog owning public to ensure the future safety and welfare of both farmers sheep flocks and pet owners much loved dogs and this needs to come from strengthened countryside use guidelines and stricter legislation.

Original post:
National Sheep Association (NSA) survey reveals alarming trend in sheep worrying by dog attacks | News and Star - News & Star

In the face of repeated major exploitations of critical U.S. networks, it is past time for the U.S. government to recognize that traditional security systems such as perimeter entry controls or whitelists are no longer adequate. As the SolarWinds hack proved, any security system can be penetrated with enough time and effort. Cybersecurity must be based on zero trust, which assumes that threats exist continually both inside and outside a network or cloud environment. A strategy of zero trust is based on the need to continuously monitor and validate the presence of every individual, organization, device, and piece of information on a network.

In the past year, we have seen just how bad things can get when a lack of planning leads to the worst-case scenario becoming the new reality. A country without a contingency plan for an epidemic has disrupted life as we know it for more than a year. An electric grid without weatherproofing devastates an entire state. Networks without proper security are readily hacked. Planning and preparation for the so-called once in a century event should be standard for all critical infrastructure, given how frequently such events actually occur.

While not acts of God, devastating attacks on our cybersecurity infrastructure can produce results as bad as or worse than any pandemic or natural disaster. Recent intrusions, from the SolarWinds breach to an attack on a Florida towns water supply, continue to expose U.S. industry and government as desperately ill-prepared.

For years, there have been calls for comprehensive cybersecurity planning in the public and private sector to stave off attacks by domestic and international threats. Progress has been mixed. While the Department of Defense (DoD) has made strides in defining requirements and implementing solutions that will strengthen and protect IT networks, there is much that needs to be done.

We heard about some of this progress during the recent hearing on Future Cybersecurity Architectures before the Senate Armed Services Committee (SASC). Senators and witnesses from the National Security Agency (NSA) and the DoD focused heavily on zero trust architecture, a cybersecurity framework that continually assesses the trustworthiness of access requests to information resources. Testimony from DoD witnesses, NSA Director of Cybersecurity Rob Joyce, Senior Information Security Officer/Chief Information Officer for Cybersecurity David McKeown, and Senior Military Advisor for Cyber Policy to the Under Secretary of Defense for Policy Rear Admiral William Chase extolled the virtues of zero trust as the new waypoint on the journey to a secure future.

The National Security Agency, a strong advocate of the new approach, explained it this way: Zero Trust is a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgment that threats exist both inside and outside traditional network boundaries. The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information fed from multiple sources to determine access and other system responses.

Though far too soon for a victory lap, DoD has created programs to field much-needed capabilities that will strengthen cybers defenses. Likewise, Congress has driven the pace and funding for these programs since at least 2017. As noted in the Senate hearing referenced above, Rear Admiral Chase highlighted Comply-to-Connect (C2C) as an important foundational component of the DoDs Zero Trust initiative predicated on a simple principle: you can only protect what you know you have.

C2C establishes a framework of tools and technologies operating throughout a network infrastructure. This framework discovers, identifies, characterizes, and reports on all devices connected to the network. C2C does not require network managers or users to trust that the network is secure, as all users are both authorized access and are compliant with the minimum standards of security. This way, C2C allows for an environment of zero trust. In essence, all C2C users and devices must prove their legitimacy to be allowed to operate on DoD networks. Those devices that may be authorized but lack the proper security software can be remediated.

The bigger challenge, largely absent in the SASC hearing, is how to protect everything that is not what we would consider to be an Information Technology asset. The majority of these assetsmany of which can be easily deemed as criticalare part of Industrial Control Systems (ICS) used by the military. Simply put, even if IT networks were protected, every air conditioning unit, power outlet, and water main under DoD is a potential risk to mission readiness at every base, post, camp, and station across the Services. Arguably, C2C should be part of a broader cyber strategy for ICS as well as networks and nodes. The problem is that the managers for ICS do not naturally look to IT security folks to address the security of these other systems.

Despite the U.S. armed services investment in cybersecurity, the country still lacks a thorough cybersecurity strategy for securing the ICS environment. C2C is helping here, as some solutions provide the means to identify ICS vulnerabilities. But the defense department needs to do more of the hard work of securing ICS.

Our adversaries are getting smarter and constantly looking for vulnerabilities in our defenses. What better way to cut us off at our knees than by infiltrating a military bases electric grid and killing the power for the entire installation? Congress is watching to see how the DoD accounts for military ICS security, and will probably become more directive in the next NDAA. In addition, the Biden Administration has identified critical infrastructure cybersecurity as a priority, which is an indicator that military ICS will be a factor in any future federal cybersecurity planning.

In cybersecuritys age of innocence, it was assumed that electronic walls could be built sufficiently high and wide to be made impregnable. The reality is that for a variety of reasons, any network, ICS, and cloud environment can be hackedif not from the outside, then from within. Today, with the rose-colored glasses falling from our eyes, it is clear that only a strategy based on zero trust offers any chance of successful cyber defense.

Dan Gour, Ph.D., is a vice president at the public-policy research think tank Lexington Institute. He has a background in the public sector and U.S. federal government, most recently serving as a member of the 2001 Department of Defense Transition Team. You can follow him on Twitter at @dgoure and the Lexington Institute @LexNextDC.

Image: Reuters.

Go here to read the rest:
A Zero Trust Mindset Replacing the Age of Innocence in Cybersecurity - The National Interest

The National Security Agency (NSA), the United Kingdoms National Cyber Security Centre (NCSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released an unclassified cybersecurity advisory, Further TTPs associated with SVR cyber actors today. This advisory expands on the NSA, CISA, and FBI joint advisory released in April, Russian SVR Targets U.S. and Allied Networks, by outlining additional techniques the Russian Foreign Intelligence Service (SVR) leveraged to gain footholds into victim networks.

Visit NCSCs reports and advisories page to read the advisory.

The advisory provides mitigation guidance and detection strategies to help network defenders prioritize patching and further protect their networks against nation-state exploitation.

The document explains that the SVR continues to exploit publicly known vulnerabilities. It also details how SVR actors have targeted mailbox administrators to acquire further network information and access.

The advisory also notes the malware and command and control (C2) tools SVR has used in its various cyber activities, including a newly discovered use of an open source C2 tool called Sliver.

Mitigating against these vulnerabilities remains critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors. This joint advisory provides actionable information to the cybersecurity community and government-affiliated network defenders, helping them gain a more comprehensive understanding of the threats and the mitigation advice and guidance to protect their networks.

Read more at NSA

(Visited 108 times, 17 visits today)

Visit link:
NSA, CISA, FBI, and the UK NCSC Further Expose Russian Intelligence Cyber Tactics Homeland Security Today - HSToday

The National Security Agencys 2007 guide to the internet begins with a description of an ancient Persian library and a fragment of analysis of a Jorge Luis Borges short story. This introduction to the 650 page document, titled Preface: The Clew to the Labyrinth, contains 8 footnotes and ends on a word of caution. As we enjoy, employ, and embrace the Internet, it is vital we not succumb to the chauvinism of novelty, that is, the belief that somehow whatever is new is inherently good, is better than what came before, and is the best way to go or the best tool to use, the NSA said of the internet.

We did not listen.

Untangling the Web is a massive and comprehensive guide for the internet designed for the NSA. It covers the basics of search engines (Yahoo is good, but Google is best), tools for uncovering the hidden internet, and 100 pages dedicated to improving your privacy online. Much of the advice is practical and useful for the average person as well as spooks. Its also a remarkably prescient document, the kind of thing I find myself nodding along with 13 years after it was written.

Though the document was originally made public in 2013, it's been getting some new attention on The Government Attic, a repository of government documents.

Its primary author is obsessed with magical realist writer Borges and references his work several times throughout. After explaining the plot of Borges short story The Aleph, a story about a mythical center point of the universe that allows anyone present to view anywhere else in the universe, the NSA author said that all technology comes at a cost and that the internet would not primarily cost money. We pay for the benefits of the internet less in terms of money and more in terms of the currencies of our age: time, energy, and privacy.

Its not that the people at the NSA were cutting edge thinkers, they just knew things that the rest of the world didnt at the time. World government, especially D.C. and Beijing, were using the internet to build massive surveillance states. The companies we relied on to give us information and keep us safe were monetizing our every thought and action. The domestic spying apparatus born after 9/11 was using the internet to supercharge itself and compile vast amounts of information on the American public.

Muckrock first uncovered Untangling the Web in May of 2013. A month later, The Guardian would publish the first story about Edward Snowden and reveal just how much the NSA knew about the internet. Over the next year, various media outlets would feed the world a steady drip feed of news about programs with names like PRISM, MYSTIC, and Boundless Informant. The NSA recognized early how life altering the internet would be and it spent its time quietly building systems that would allow it to monitor anyone who touched the web.

The 2007 edition of Untangling the Web is the twelfth edition of a book that started as a small handout, according to the NSA. The uncredited author constantly reaffirms the inability of the NSA or any agency to catalogue, coallate, and track everything thats happening on the internet. That doesnt mean it isnt trying.

There is surely a new edition of this book at the NSA. Things have changed dramatically in the 14 years since it was written. For one thing, the NSA has gotten a lot better at using the connections we built between each other to keep tabs on us all. The overall implications of the internet for how we work and how we play are just beginning to be discussed and understood, the NSA said in the conclusion to Untangling the Web. No one is out of reach of this powerful, invasive technology.

Follow this link:
This Is the NSAs 650-Page Guide to the Internet - VICE

Get inside Wall Street with StreetInsider Premium. Claim your 1-week free trial here.

Companies are working toward January 1, 2022 effective date

BEDMINSTER, N.J.--(BUSINESS WIRE)--H.R. 3630 or The No Surprises Act (NSA), which was signed into law on December 27, 2020, provides protection nationwide for patients from surprise medical bills and prohibits balance billing for certain out-of-network care. Although this is good news for patients facing crippling and often unexpected medical bills, healthcare insurers and providers must hustle to adjust systems, processes, and technological capabilities to comply beginning January 1, 2022.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20210506005273/en/

Unpacking the No Surprises Act (Photo: Business Wire)

According to a recent survey by Zelis, the leading payments company in healthcare, nearly all (95%) healthcare insurers expressed concern about the ability of the healthcare system to achieve compliance with the NSA by the deadline.1 While some states - Colorado, New Mexico, Texas and Washington - have existing balance billing laws to protect patients from unexpected and excessive healthcare costs, the NSA brings more complexity to the pricing, negotiation and settlement, and arbitration processes at a national level.

In the survey of more than 100 executives representing 85 U.S. healthcare payers:

The No Surprises Act impacts all healthcare organizations, from large health plans and systems to small medical offices and individual providers, said R. Andrew Eckert, Zelis CEO. Like Zelis, leaders across our industry are convening to dissect the details of the legislation because understanding the law and implementing it are equally important. Insurers will need tools and to invest resources into operationalizing the requirements.

From the patient-facing Advanced Explanation of Benefits through to adjudication, arbitration and settlement, alignment with the NSA requirements will require companies to adapt internal capabilities or outsource solutions, most likely a combination. Companies may have to alter their infrastructure and processes to administer all aspects of the law.

The multiple requirements mandated in these policies will be a very difficult lift for providers and payers. The healthcare industry at large will have to move quickly to understand and implement the data, technology and process requirements necessary to comply, said Matthew Albright, Zelis Chief Legislative Affairs Officer.

According to proprietary research, the ability to provide accurate advanced explanation of benefits to member-patients and the tight timelines of within 160 days post-service which providers and insurers must complete adjudication, remediation and arbitration will be the most challenging areas for the system to tackle, particularly for substantial claims.

For more unpacking of the NSA from legislative and clinical experts at Zelis, the leading healthcare payments company, visit the Zelis No Surprises Act Information Hub.

About Zelis

As the leading payments company in healthcare, we price, pay and explain healthcare for payers, providers, and healthcare consumers. Zelis was founded on a belief there is a better way to determine the cost of a healthcare claim, manage payment-related data, and make the payment because more affordable and transparent care is good for all of us. We partner with more than 700 payers, including the top-5 national health plans, Blues plans, regional health plans, TPAs and self-insured employers, 1.5 million providers and millions of members, enabling the healthcare industry to pay for care, with care. Zelis brings adaptive technology, a deeply ingrained service culture, and an integrated pre-payment through payments platform to manage the complete payment process. For more information, visit us at http://www.zelis.com and follow us on LinkedIn.

1 Survey of 116 healthcare payer executives representing 85 payer health plans, third-party administrators (TPAs) and health planned-owned TPAs, conducted by Zelis in January 2021

View source version on businesswire.com: https://www.businesswire.com/news/home/20210506005273/en/

Thuy-An WilkinsZelis908.389.8756thuy-an.wilkins@zelis.com

Source: Zelis

Read the rest here:
95% of Healthcare Insurers Report Concern on Achieving Compliance with the No Surprises Act - StreetInsider.com

The Biden administration was guardedly silent last week after news broke that an explosion had blacked out Irans nuclear enrichment program.

Joe Bidens reticence was understandable. His former boss, President Barack Obama, had shown the world what cyberweapons could do when he ordered U.S. intelligence to step up Bush-era cyberattacks on Irans uranium centrifuges. Obama made the move to avert airstrikes by Israeland it worked, setting back Irans enrichment program by 18 months to two years.

In her harrowing new book, This Is How They Tell Me the World Ends (Bloomsbury, 528 pages, $30), New York Times cybersecurity reporter Nicole Perlroth warns that the United States, whose arsenal of cyberweapons is the largest, most sophisticated in the world, has fostered a global market in computer hacks that now makes it the most digitally vulnerable nation on earth. Its a troubling topic Perlroth will address May 21 at TechfestNW, a virtual one-day technology festival (see more at techfestnw.com).

Once derided by Donald Trump as somebody sitting on their bed who weighs 400 pounds, elite hackers are now treated like rock stars at international conferences that rival Cannes for glamour. And zero-daysthe bugs they find lurking in software used by smartphones and computers all over the worldcan bring not only street cred but duffel bags stuffed with cash.

Zero-days are so called because thats how long software engineers have to patch them once theyre used to break into a system. Coupled with exploitselaborate lines of codezero-days allow digital spies to sneak in the backdoors of the worlds most sensitive networks, steal stuff and break things.

This Is How penetrates a clandestine world where hackers, spy agencies, cybersecurity firms, software vendors, mercenaries, cybercriminals, terrorist organizations, and hostile nation-states buy and sell zero-day exploits that can turn off electrical grids, poison water supplies, steal industrial secrets, destroy hospital and banking records, sabotage nuclear facilities, interfere with elections, and empower nations to spy on their own citizens.

Perlroth traces the underground trade in zero-day exploits back to the Cold War under Reagan, when the U.S. National Security Agency figured out the Soviets had bugged IBM Selectric typewriters (ha! Remember those?) at the U.S. embassy in Moscow to steal typed messages before they could be encrypted. As technology shifted from analog to digital, Perlroth writes, the NSA took what it learned from the Soviet playbook to begin stockpiling the worlds largest arsenal of zero-day exploits.

In 2013, Edward Snowden blew the whistle on the NSAnot only tipping off other countries to the intelligence value of zero-day exploits coming available on a burgeoning world market, but suggesting the U.S. tacitly approved of their use to spy on friends as well as enemies, sabotage adversaries, and surveil a nations own citizens. (Perlroth spent six weeks locked inside Arthur Sulzbergers storage closet, poring through the Snowden leaks. Her assignment was to find out if the NSA was hacking data encryption; instead she found the agency was hacking around ita bigger story that would send her trotting the globe for the next seven years.)

Post-Snowden, North Korea figured out it could bypass international sanctions by robbing global banks of tens of millions online, and shut down a Hollywood studio, Sony Pictures, when it made a bad Seth Rogen comedy in 2014 poking fun at Kim Jong-un. After arch-conservative billionaire Sheldon Adelson suggested the U.S. nuke the Iranian desert, hackers cost the gambling impresario $40 million when they bricked (made useless) the computers at his Sands casino. (OK, maybe that wasnt such a bad thing.)

But Snowden had merely sounded the alarm: The Shadow Brokers, a phantom group of hackers whose identities remain unknown to this day, broke into the NSAs cyber arsenal and, in 2016, began leaking the agencys zero-day exploits online.

Russia had digitally harassed Ukraine ever since the former Soviet republic overthrew its Russian puppet government in 2014. In 2017, it used NSA code stolen by the Shadow Brokers to turn off the lights in Kyiv, shut down ATMs, railways, government agencies, gas stations and the postal service, even switch off radiation monitors at Chernobyl. (Then the attack boomeranged on companies doing business with Ukraine, ranging from a state-owned Russian oil giant to a Cadbury chocolate factory in Tasmania.)

For Russia, Perlroth explains, Ukraine has always been just a testing ground for its cyberweapons, a smaller neighborhood kid Vladimir Putin can smack around without fear of reprisal. Putins real objective is to drive a wedge between the U.S. and NATO by undermining support for Western democratic institutions. This is why Russia set its cyber sights on the U.S. presidential elections in 2016 and 2020.

Perlroths verdict on the success of Putins election meddling is mixed: Yes, Russia hacked the DNCs emails and trolled social media to influence swing-state voters, but no, the Russian bear probably never infiltrated U.S. voting systems in sufficient force to throw an election. But it didnt have toit merely had to sow enough distrust in election integrity to further split an already divided nation and fuel unfounded conspiracy theories that would embolden a fading president to incite a raid on the U.S. Capitol.

The larger menace for the United States, Perlroth argues, is that the arsenal of computer bugs amassed by the top cyberspies of one of the most technology-dependent nations on earth ultimately makes us less safe, not more. The NSA holds on to its zero-day exploits for far too longin one disastrous case, more than five years.

Among other fixes, Perlroth urges that the U.S. adopt protocols that would turn over unused zero-days much more quickly to Microsoft and Apple to be patched. Until it does, Perlroth warns, click on those software updates and, for Gods sake, change your passwords. This Is How They Tell Me the World Ends is the book everyone will want to read the day after the world ends how Nicole Perlroth told us it would.

STREAM: Nicole Perlroth speaks at TechfestNW on May 21. Tickets to the virtual one-day festival are $25 at techfestnw.com.

See the article here:
New York Times Reporter Nicole Perlroth Writes How the U.S. Amassed an Arsenal of Computer Hacks That Makes It the Most Digitally Vulnerable Nation on...