Category Archives: NSA

The National Security Agency (NSA) is a member of the U.S. intelligence community and plays an integral role in safeguarding national interests and achieving military objectives by gathering, analyzing and sharing data and signals intelligence. The NSA is widely acknowledged as the countrys foremost authority on cryptanalysis and its role in preserving national security is twofold. Firstly, NSA analysts gather and decrypt intelligence from electronic communications and sources such as email, videos, photos, stored data, internet phone calls, chat, video conferencing, file transfers, and online social networking accounts. Subsequently, the NSA uses its gathered intelligence to protect the nations classified data and national security systems from unauthorized access and tampering by foreign and internal adversaries. Established by President Harry Truman with the express purpose of coordinating and improving the collection and analysis of intelligence communications, the NSA plays a significant role in protecting both the United States and the world at large; therefore, it is vital for individuals with a strong interest in international relations to gain an understanding of the functions of this critical intelligence agency.

The protection of communications and systems in the United States through the use of cryptology, cipher and other methods can be traced back to the American Revolution with the formation of the Secret Committee of Correspondence; however, it was after World War I with the advent of the radio that national security experienced a pronounced evolution. The Black Chamberor, the Bureau of Cipherwas established after the war and was disguised as a New York commercial code company. The Black Chamber used cryptanalysis to intercept foreign communications, notably monitoring and decoding communications sent to and from Japanese delegates during the Washington Naval Conference which first convened on November of 1921, giving U.S. negotiators a strong advantage. However, the organization was disbanded in 1929, when Secretary of State Henry Stimson famously quipped, gentlemen do not read each others mail.

During World War II, the group OP-20-G played an important role in providing vital intelligence on adversaries, such as the Japanese, thereby surpassing the information-gathering capabilities of all other agencies and allowing the U.S. military to be more effective and precise in its operations. OP-20-G was greatly respected, allowing it to metamorphose into the Army Security Agency (ASA) and later, the Armed Forces Security Agency (AFSA), which united all cryptologic activities of the Army and the Navy. However, the organization faced difficulty in its operations, mainly in centralizing data collection efforts, processing the communications intelligence and coordinating with other agencies. President Truman tasked New York attorney George A. Brownell with forming a committee that included representatives from the Department of State, Department of Defense, and the Central Intelligence Agency in order to find a solution to AFSAs operational woes; upon receiving the committees official recommendations regarding the United States Government Communications Intelligence (COMINT) in a five-part report, Truman established the National Security Agency on November 4, 1952.

Throughout the Cold War, the NSA expanded U.S. surveillance activities and was able to monitor and intercept the communications of various foreigners and U.S. citizens through programs such as Project MINARET. The project notably surveilled Americans traveling to Cuba and participating in the anti-Vietnam War movement, and resulted in thousands of citizens being placed on watch lists. The lack of clear legal constraints resulted in the severe violation of privacy: In 1972, the U.S. Supreme Courts Keith decision noted that, even though the government has the responsibility to protect the American people from disruptive activity, the government cannot use warrantless electronic surveillance devicesespecially for domestic espionage activities. NSAs Operation Shamrock was investigated by the Church Committee and in August of 1975, NSA director Lieutenant general Lew Allen testified to the House of Representatives, disclosing NSAs activities. This lead to the introduction of the Foreign Intelligence Surveillance Act in 1978 by Congress, which helped monitor and regulate the NSA and notably, established the need for acquiring warrants through the United States Foreign Intelligence Surveillance Court (FISC) prior to pursuing any clandestine efforts.

The NSA is known as the premier cryptology organization, and until the end of the Cold War, cryptography in the United States was solely the concern of the NSA (and the organizations that preceded it). The NSA, along with the National Bureau for Standards and IBM, played a significant role in the development of the Data Encryption Standard, an algorithm used in the encryption of data. The development of the DES launched cryptography as an academic discipline.

Operating under the purview of the Department of Defense, the NSA is tasked with two primary responsibilities. The first is producing SIGINT, or signals intelligence, and sharing it with various partiessuch as the military, members of the executive branch, government agencies and foreign allies. Signals intelligence is any information that has the potential to be intercepted and utilized by adversarial groups and is derived from various signals, sources, systems, and satellite communications. SIGINT can be used in a number of ways, including to help secure the nation and its allies; protect troops; prevent domestic and international terrorism, crime and narcotics; and assist with diplomatic negotiations and foreign relations. The NSAs second responsibility is information assurance, or the protection of national security systems crucial to intelligence, military operations and other government activities. The NSA helps prevent the theft of classified information and ensures that these materials are available to policymakers and others in government.

To protect national security interests, the NSA engages in mass surveillance and the collection of metadata, which includes the gathering and tracking of American and foreign citizens phone calls, text messages, social media posts, emails, internet browser history and more. Mass surveillance by the United States was initially conducted as part of WWI security efforts, such as when the U.S. government monitored telegrams sent to and received by the United States. This surveillance was allowed to continue on into peacetime to help ensure that the U.S. government was kept abreast of pressing domestic and international affairsespecially those related to the expansionist policies of rival nations, like Japan.

By their very nature, the NSAs methods of data collection are shrouded in secrecy. The NSA has been known to install listening posts around the world in order to gather foreign intelligence, thereby creating considerable controversy. To wit, there exists a special division within the NSA named the Special Collection Service; this classified body installs eavesdropping devices in places such as foreign embassies and government buildings and is dubbed the Mission Impossible task force. The NSA was embroiled in significant international controversy when it was exposed as having conducted surveillance on the German government, including monitoring the cell phone of German Chancellor Angela Merkel through an antenna installed on the roof of the U.S. Embassy. The United States justified its actions on the basis that some of the terrorists involved in the planning and execution of the September 11th attacks had operated out of Hamburg, Germany, and the revelation created tension between the U.S. and German governmentswho had long considered one another to be strong allies.

The NSA has also courted controversy with American citizens, coming under fire for the unconstitutionality of its surveillance and data collection activities, which critics argue impinge on privacy laws and violate the Fourth Amendment. The NSA reportedly collaborates with technology and Internet companies to obtain access to phone records, emails, and cloud-stored files, though some of these companies (such as Google and Yahoo) insist that they require a court order before releasing information; however, Sprint, AT&T and others have reportedly handed over millions of records on ordinary citizens not suspected of any wrongdoing, all without a court order. Such records are now housed in the NSA call database in perpetuity. The NSA, for its part, has continuously argued that its surveillance activities are in full compliance with the law; that it takes civil liberties very seriously and only collects critical information necessary for policymakers to ensure the security of the U.S. and its allies.

The NSA is able to conduct its data collection thanks to laws such as the Communications Assistance for Law Enforcement Act, which requires communications companies to make their facilities available to law enforcement agencies or to supply consumer information following a court order. Since the September 11 attacks, provisions in the Patriot Act have allowed the NSA to expand its widespread surveillance of suspected terrorists in an effort to fight domestic and international terror.

One of the undisclosed programs covered under the Patriot Act is Planning Tool for Resource Integration, Synchronization, and Management (PRISM). Operating under the Foreign Intelligence Surveillance Act (FISA), PRISM allows the NSA to solicit technology companies to gain access to phone, email and other records of foreign citizens in the event that certain search terms or phrases trigger red flags. However, information has since come to light indicating that these searches often extend to U.S. citizens and that the NSA paid technology companies millions of dollars for their disclosures. PRISM and other programs were unveiled in a series of revelations by former NSA contractor Edward Snowden in 2013.

Since its inception, the Patriot Act has been criticized by many in government and the public sphere, and programs such as PRISM have faced litigation from the ACLU. Critics believe that these programs have been abused and have rarely succeeded in foiling terrorist plots; such was the case with the Boston Marathon attacks, as the terrorists were found to have visited an Al-Qaeda website. Foreign governments, especially members of the European Union, have expressed outrage at the mass surveillance of their citizens and their Internet activities. The NSA and its proponents (including former President Barack Obama), however, have argued that these surveillance programs are effective, having thwarted a plot against the New York City subway, for instance. They also argue that such programs face rigorous bipartisan Congressional scrutiny and are subject to extensive oversight. The Patriot Act has elicited so much criticism that a compromise was reached in the form of the Freedom Act in 2005, which reinforced certain segments of the Patriot Act while limiting the information the NSA can gather without a warrant.

The National Security Agency plays an important role in ensuring national security; facilitating foreign, military and diplomatic affairs; and fortifying classified information and national security systems. The NSA does not carry out its duty without a significant amount of scrutiny, however, as the constitutionality of its measures is often called into question. Given the important work of the NSA and growing public interest in the agencys sometimes controversial activities, it is essential for individuals studying international relations to fully comprehend its operations and outcomes in order to anticipate and address future challenges.

As the nations oldest private military college, Norwich University has been a leader in innovative education since 1819. Through its online programs, Norwich delivers relevant and applicable curricula that allow its students to make a positive impact on their places of work and their communities.

Our online Master of Arts in International Relations program offers a curriculum that evolves with current events to help you face the future of international affairs. Norwich Universitys masters degree in international relations covers many subjects to give you a look at the internal workings of international players, examine the role of state and non-state actors on the global stage, and explore different schools of thought. You can further strengthen your knowledge by choosing one of five concentrations in International Security, National Security, International Development, Cyber Diplomacy, or Regions of the World.

Recommended Readings: Isolationism & U.S. Foreign Policy After World War I7 Components of Liberalism

Sources:

Communications Assistance for Law Enforcement Act, Federal Communications Commission

NSAs Role in the Development of DES, RSA Conference

A Brief History of Cryptography Policy, The National Academies of Sciences Engineering Medicine

National Cryptologic Museum, National Security Agency

NSA Timeline 1791 2015, Electronic Frontier Foundation

Spies, Wiretaps, and Secret Operations: An Encyclopedia of American Espionage, Google Books

Trove of Stolen NSA Data Is Devastating Loss for Intelligence Community, Foreign Policy

PRISM is Legal, The Verge

NSA Scandal: What data is being monitored and how does it work?, The Guardian

Secret Committee of Correspondence / Committee for Foreign Affairs, 1775-1777, Office of the Historian, Bureau of Public Affairs

Foreign Relations of the United States 1950-1955, The Intelligence Community 1950-1955, Office of the Historian, Bureau of Public Affairs

Context of 1967-1975: Project MINARET Illegally Monitors American Subversives, Creative Commons

The Foreign Intelligence Surveillance Act of 1978 U.S. Department of Justice, Office of Justice Programs

NSA Tapped German Chancellery for Decades, The Guardian

Original post:
What is the National Security Agency? - Norwich University

Cyber Security Today, Oct. 19, 2022 A warning from the NSA about nation-state attacks, and more  IT World Canada

Read the original:
Cyber Security Today, Oct. 19, 2022 A warning from the NSA about nation-state attacks, and more - IT World Canada

A timely update on the NSA and the AEOB.

In August, the administration published the final final rule on the No Surprises Acts Independent Dispute Resolution (IDR) process. The IDR is the arbitration process for deciding the reimbursement for claims for which out-of-network providers are prohibited from balance billing patients.

The final rule aligned with a February decision from a Texas District Court that a plans median in-network rate, or Qualifying Payment Amount (QPA) should not be given more weight by arbitrators in deciding an appropriate out-of-network rate. Rather, the QPA should be weighed equally with other factors such as the training or quality of the provider and the market share of either party.

After that final final rule in August, the industry held its breath. Would the seven lawsuits that providers had filed against the No Surprises Acts IDR now go away?

Yes and no. The AMA and the AHA dropped their lawsuit, though they continue to argue that the final final rule still does not meet the intent of Congress.

You see, in the final final rule, while the administration said that the QPA should not be weighed heavier than other considerations, the rule did say that the QPA, being the only quantitative factor, should be the first factor to be considered.

That does not sit well with the Texas Medical Association (TMA) which filed a new lawsuit late last month against the NSA IDR process. The TMAlawsuit asserts that, by putting the QPA first among many, the rule continues to unfairly favor insurers. Notably, the TMA lawsuit was filed in the Eastern District of Texas with the same judge that sided with providers last February. So, the plot thickens.

In other NSA news, lets check in on the Advanced Explanation of Benefits (AEOB). This is a requirement in which, for allscheduled services for all insured patients, allproviders will be required to provide good faith estimates to health plans which, in turn, would be required to provide.

That AEOB would list both the providers Good Faith Estimate plus any patient financial responsibility.

In late September, the administration published a Request for Information (RFI) asking for public comments on the Good Faith Estimate (GFE), and the AEOB.

On its regulatory schedule,, the government says that it will offer a proposed rule on the AEOB on Jan. 1, 2023. Given that comments on AEOBs Request for Information are just coming in now, it is highly unlikely that there will be a January proposed rule on the AEOB. Most likely, such a rule would be published late next year, if at all.

In the meantime, the standards development organization (SDO) HL7 has published a draft of an Implementation Guide for the Good Faith Estimate and AEOB. However, it will take some time for HL7 and other standard development organizations to develop and approve the needed data transaction standards for the Good faith estimate and AEOB; it will also take some time for the government to adopt any such standards. Finally, the administration has promised that it will also give some time for plans and providers to build the infrastructure to accommodate the GFEs and AEOBs.

An analogy would be the many years it took for standard development, government adoption, and industry implementation of ICD-10 and X12 5010.

In other words, the industry is a long way from having to implement the AEOB.

Programming note: Listen to Matthew Albrights legislative update every Monday on Monitor Mondays at 10 Eastern.

More here:
In the Alphabet Soup of Regulations, the NSA, GFE and AEOB Have Yet to Coalesce - RACmonitor

PM Modi said there were instances when notes from the National Security Council Secretariat were not given due importance

PM Modi said there were instances when notes from the National Security Council Secretariat were not given due importance

Prime Minister Narendra Modi has told all ministers and secretaries not to ignore background notes or other communication shared by National Security Council Secretariat (NSCS) and National Security Advisor (NSA), and to take them seriously, sources said on Sunday.

Stressing that while framing any policy, there is a need to look at it from India's strategic point of view, PM Modi said there were instances when notes from the national security council were not given due importance.

During a five-hour long meeting of the council of ministers held on Friday that was also attended by all secretaries in the Union government, PM Modi cited the case of the dependence on imported Active Pharmaceutical Ingredients (APIs) used for manufacturing drugs, which was highlighted by the NSCS several years back, the sources said.

Thereafter, on the instruction of Prime Minister Modi, Deputy NSA Vikram Misri gave a presentation on NSCS to apprise Ministers about the Secretariat, they said.

In the presentation, Mr. Misri shared the details about changes taking place across the world, especially in Europe, Russia, and the U.S., and their impact on India, the sources added.

According to sources, Mr. Misri's presentation was not originally scheduled and was added on the intervention of the Prime Minister, sources said.

Before Mr. Misri, Finance Secretary T.V. Somanathan and Commerce Secretary B.V.R. Subrahmanyam also gave their presentations.

During the meeting, PM Modi also underlined that the policy-making process is dynamic and it needs to be modified with changing times.

Citing an example from his tenure as Gujarat Chief Minister, the Prime Minister said there were some rules related to a ministry that were named after some other state and this was changed only after he pointed it out to officials, the sources said.

He told the meeting that there is a tendency of being complacent in framing and implementing policies and this should be avoided.

Policies should be customised with changing times, the sources quoted the Prime Minister as saying.

More here:
Do not ignore any communication shared by NSCS, NSA: PM Modi to ministers - The Hindu

FORT MEADE, Md. The National Security Agency (NSA) is pleased to announce the Grand Opening of the National Cryptologic Museum (NCM) at 10:00 a.m. on Saturday, October 8, 2022. As NSAs principal gateway to the public, the newly renovated museum will provide a unique opportunity to engage with cryptologic history in fresh and innovative ways - transporting visitors on a journey from the ancient world to present day exploring the dynamic role of cryptology in shaping our history.

Located at the edge of NSA in Annapolis Junction, Maryland, the museum staff is busy preparing for the October opening. The October 8 grand opening event is open to the public and will include a variety of special events and offerings for visitors. Starting at 10:00 a.m. visitors will have the opportunity to see historic displays and artifacts spanning our Nations history from the Civil War, WWII, up through the Cold War. There will also be a Breakout Room, swag handouts, NSA K9 Police dog demonstrations, and so much more. Staff and docents will be there to answer your questions. And, if youre staying a while to take it all in, you might want to take a break and visit some of the food trucks that will be on-site for this special event.

First opened to the public in 1993, the NCM was the first public museum in the Intelligence Community (IC) and remains the only fully public museum in the IC. Originally designed to preserve and house artifacts from the NSA, the museum has evolved over the years and recently underwent its first complete interior renovation since opening almost thirty years ago.

So why a Grand Opening for an institution that first opened its doors nearly thirty years ago, instead of a re-opening?

After being closed for two and a half years - and having gone through a complete makeover - aside from the physical structure, the museum now features an all new interior, complete with all new layouts, displays, and many never before seen artifacts that played critical roles protecting American national security, according to Dr. Vince Houghton, Director,National Cryptologic Museum.

Location: 8290 Colony Seven Rd, Annapolis Junction, MD 20701Event: Grand Opening on Saturday, October 8, 2022 at 10:00 a.m.Admission: Admission is free no reservation or ticket required

SUNDAY | ClosedMONDAY | ClosedTUESDAY | 10:00am 4:00pmWEDNESDAY | 10:00am 7:00pmTHURSDAY | 10:00am 4:00pmFRIDAY | 10:00am 4:00pmSATURDAY | 10:00am 4:00pm

For further information, please contact NSA Public Affairs at 443-634-0721. You can also email us at mediarelations@nsa.gov.

Original post:
NSA Announces Date of the National Cryptologic Museum Grand Opening - National Security Agency

As the Supreme Court prepares to begin its next term, experts in privacy and national security law are watching closely for hints about whether justices will take up a potentially precedent-setting challenge to the governments use of a state secrets law to avoid scrutiny of its surveillance programs.

The Wikimedia Foundation, the organization that runs Wikipedia, last month asked the nations highest court to hear arguments on its lawsuit over the National Security Agencys warrantless surveillance of Americans international phone and email communications. The organization, represented by the American Civil Liberties Union, has been fighting the NSA in court over such upstream surveillance for the past seven years.

At the heart of the case is a question about how broadly the government can invoke its state secrets privilege to block civil cases from moving forward if they involve disclosing information that is reasonably likely to cause significant harm to the national defense or the diplomatic relations of the United States. The NSAs critics argue that the agencys definition of such information has expanded over time, without apparent justification.

On one side, there is one of the largest archives of human information, maintained and edited by millions of people across the world. On the other is the U.S. government invoking a law that is specifically designed to curtail the spread of information or at least information it deems unfit to be shared.

Corbin Barthold, internet policy counsel at the nonprofit group TechFreedom, said that the focus of the case on the scope and expansion of the state secrets privilege makes it catnip for the Supreme Court, with potential interest from both members of the courts conservative majority and its liberal minority. For example, Justice Neil Gorsuch, appointed by then-President Donald Trump, has pushed for stronger protections under the Fourth Amendment, which protects people from unreasonable searches and seizures. Moreover, the 4th Circuit Court of Appeals the last body to weigh in on the case split on the matter.

Barthold also noted that it has been years since the high court has heard a case examining how broadly the government can apply the national security law.

But as with most things when it comes to the Supreme Court, nothing is a given.

Weve always seen mass surveillance as a really significant threat to the privacy and free expression rights not just of Wikimedia users, but internet users in general, said James Buatti, senior manager for legal, governance and risk at Wikimedia. Weve always believed that nobody should have to worry about their government looking over their shoulder when theyre deciding whether to read an article or contribute to a controversial topic. So filing this case back then was kind of an easy decision.

The Department of Justice declined to comment, citing the ongoing litigation.

Details of the NSAs behind-the-scenes practices and its exhaustive surveillance of people in the U.S. and elsewhere burst into public view in 2013, when former intelligence contractor Edward Snowden disclosed them to multiple news organizations.

The Wikimedia suit centers on one of these methods, upstream surveillance. It entails collecting all communications that people in the U.S. have with parties outside of the country. This type of dragnet, authorized under Section 702 of 2008 amendments to the Foreign Intelligence Surveillance Act of 1978, pulls in things like emails, search engine entries and what people browse online. The government is able to collect this information by tapping into the internet backbone, which includes the high-capacity cables and routers our data travels across to make the internet function around the world. The NSA searches this information using thousands of keywords, the results of which the government says it further analyzes to pick up on potential threats to national security. But thats not always where use of the information stops.

Its easy to lose sight of the way that data that was originally collected in the name of national security can potentially flow to police or any number of investigations, said Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project (STOP). All thats stopping it is the belief in the goodwill of agencies that have systematically violated our trust at every turn.

Wikimedia contends that given this surveillance, it cannot ensure the confidentiality of the tens of millions of people who read, edit and communicate about Wikipedia, one of the largest repositories of human information to ever exist.

Aeryn Palmer, legal director of compliance at the Wikimedia Foundation, said that the ability to read and to contribute to Wikipedia under a pseudonym has been important since the projects earliest days.

When we think about what we might be collecting from anyone who visits the site, when we think about how we do research with our readers or with our contributors to better understand what sorts of features they might like to see and how they want the projects to evolve, were continually thinking about how we can best protect their privacy, said Palmer.

Wikimedias suit hinges on state secrets privilege, which the government has repeatedly used to fend off legal challenges to upstream surveillance. It has argued, in this case and others, that upstream surveillance is so secret that legal challenges to it cannot proceed.

The NSA has vacuumed up Americans and international communications using upstream surveillance, and to date not a single challenge to that surveillance has been allowed to go forward, said Patrick Toomey, deputy director of the American Civil Liberties Unions national security project and one of the attorneys representing Wikimedia. The Supreme Court must make clear that NSA surveillance is not beyond the reach of our public courts.

He argued that the government has continued to expand its use of the state secrets law as a cudgel to bat away civil litigation.

Toomey pointed to a lawsuit filed in 2007 by Khaled El Masri, a German citizen with Lebanese roots who was abducted by Macedonian police before they handed him to the CIA, claiming that the CIA kidnapped and tortured him in a case of mistaken identity. An appellate court recognized there was public evidence of El Masris mistreatment but decided that state secrets were too central to the case to allow it to go forward.

Similarly, in 2010, five people filed a lawsuit claiming that one of Boeings subsidiary companies had flown the planes carrying them to the black sites where they were tortured by the CIA. An appeals court dismissed that case as well, along similar lines of reasoning as the El Masri verdict. Both times, the government invoked state secrets privilege.

In Wikimedias current lawsuit, the government has taken the maximalist approach and asked the courts to dismiss the case on state secrets grounds, even though the government itself has released dozens of official reports, court opinions and other documents about upstream surveillance, said Toomey.

One reason that the NSA has successfully fended off lawsuits using state secrets privilege is that in many cases regarding surveillance, plaintiffs were not able to show harm.

The Wikimedia case is different. The foundation has relied on an analysis by Jon Penney, a legal scholar and social scientist at York University in Toronto, that quantifies the impact of government surveillance on Wikipedia articles.

The 2016 analysis measured the chilling effect of surveillance, or how people act differently sometimes including censoring themselves if they have reason to believe they are being watched.

Penney found that following reports of Snowdens exposure, traffic to Wikipedia articles on topics that raise privacy concerns for Wikipedia users decreased in a statistically significant manner.

The researcher arrived at that conclusion by choosing Wikipedia pages based off keywords the Department of Homeland Security uses to monitor social media, such as infrastructure security, terrorism and cybersecurity. Penney honed in on the category terrorism, which included terms like Iran, pirates and suspicious substance.

But he noted that more recent discussions about chilling effects have gone beyond national security issues. In the wake of the Supreme Court decision striking down Roe v. Wade, for instance, civil liberties and pro-choice groups have revived conversations around the chilling effect of government surveillance specifically around cellphone, phone app and web search data that could inadvertently reveal when a person is pregnant or seeking an abortion.

You have a combination of government surveillance combined with overreaching laws combined with governments essentially whipping up harassment campaigns against people who are out there just simply attempting to vindicate their rights, said Penney. So, I think [privacy] is a concept that is in increasingly important.

An earlier version of this story misidentified the genesis of the government's state secret claims. This version has been updated.

Thanks to Lillian Barkley for copy editing this article.

Read more here:
NSA and ACLU may face off in the Supreme Court over Wikipedia - Grid

PHOENIXThe National Security Agency does not spend much time showing its work publicly. Indeed, the agencys work depends on most people not knowing whats going on inside Fort Meade. But recently, NSA has stepped up its efforts to work with cybersecurity analysts and researchers in the private sector, hoping to gain insights from outside practitioners while also lending context to the discoveries and research private companies produce.

The centerpiece of that effort is the NSAs Cybersecurity Collaboration Center, a new group created about two years ago with the mission of building lasting, productive relationships with private sector partners that help defenders on both sides of the fence react more quickly and efficiently. The CCC is not meant to be another in the endless list of public-private partnerships or information-sharing silos that the federal government has created over the years. Instead, it is meant as a two-way street, with NSA giving as well as taking.

We only know one part of the picture. The intelligence community has to be in that conversation. We need to bring our data and understanding of whats happening to get ahead of it. Morgan Adamski, director of the CCC, saud during a keynote at the LabsCon conference here Thursday.

Operational collaboration is a conversation between us government defenders and you, sharing unique and timely info with context.

That last word is the real crux of the effort. NSA and its partners in the signals intelligence community collect massive amounts of information on a daily basis and have insights into networks and environments that private organizations dont. That gives the agency the ability to add context and color to discoveries that other organizations make, creating a more complete picture of a given threat or attackers activities. In the past, NSA and other government agencies typically have shared very limited information on attacks or vulnerabilities, and usually on a case by case basis. Adamski wants to change that.

We were only helping one company at a time. Ninety percent of the time, when we share technical indicators, people already know them. What we were missing is real time sharing with context and actionable unique information. The intelligence community had to come to the table, she said.

To underscore the spirit of cooperation and openness, the CCC itself is physically located outside the fence line on NSAs Maryland campus and Adamski said much of the work the group does with outside partners is done on an unclassified level. The goal is to build a level of trust with the private sector that has not always been there in the past.

We have to make sure we care about the same things. We need trust. If you dont trust me with your data, things can break down pretty quickly, she said.

Though the CCC is meant to share information with outside organizations and help defenders protect their networks, the NSA is benefitting, as well.

Were learning a ton back about things we didnt know. Were moving faster. Attribution is coming faster because everyone is feeding data into ont place and were building a more complete picture, Adamski said.

One recent example of that is the advisory that CISA published in April 2021 warning that state-sponsored attackers from China were targeting users of the Pulse Connect Secure VPN, including federal government employees. Adamski said NSA became aware of the attacks when a partner in the private sector alerted the agency, which then set off NSAs own investigation.

We saw significant targeting of VPN users after the shift to remote work. We were able to take the information from our partner and add context and color and put out the advisory, she said.

Original post:
The NSA is Here to Help | Decipher - Duo Security

September 23, 2022

On Monday, U.S. Senator Chris Van Hollen and Congressman Jamie Raskin (both D-Md.) joined fire fighters working at Naval Support Activity Bethesda (NSA Bethesda) the naval installation home to Walter Reed National Military Medical Center along with International Association of Fire Fighters (IAFF) General President Edward A. Kelly and National Capital Federal Fire Fighters President Scott Burkhardt Jr. to discuss progress in pushing the Navy to improve the living and working conditions for the fire fighters who serve the base and the surrounding community. The lawmakers and IAFF leadership toured the station and saw first-hand the subpar living conditions that persist within the existing fire station and living quarters including issues such as water leaks, mold, pest infestation, and a broken exhaust removal system, among others. Following their tour, the group reaffirmed their efforts to push the Navy forward and pointed to arecent confirmationfrom the Secretary of the Navy that preliminary planning for an entirely new16,000-square-foot fire stationhas been completed, at an estimated cost of $22.5 million. This progress follows the letter sent by the Senator and his colleaguespressing for an updateon the Navys efforts to address the unsafe conditions at the facility and is a crucial step in allowing future funding of the project.

Senator Van Hollen and IAFF leadership also highlighted theFire Station Construction Grants Act, legislation the Senator recently introduced to help build and upgrade fire stations in Maryland and across the country.

The deplorable conditions that persist at the NSA Bethesda firehouse not only endanger our fire fighters they also make it more difficult for them to protect the Walter Reed complex and the surrounding communities. But with the help of the fire fighters and IAFF, weve finally pushed the Navy leadership to commit to a plan to build a brand new fire station fit for the mission of this base that is at the vanguard of military medicine and serves our wounded warriors and thousands of veterans,said Senator Van Hollen.Ill keep working to push the Navy to provide the necessary funds to get this project off the ground, and I am committed to ensuring our fire fighters and first responders and have the tools they need to keep us all safe.

The firefighters at NSA Bethesda provide an essential public service to the naval base and surrounding community, yet their facilities remain in a state of unacceptable disrepair,said Rep. Raskin.These brave public servants regularly put their lives in danger to protect us. They should never feel unsafe in their home station. While I commend Secretary Del Toro for committing to build a new fire station, I urge the Navy to carry out swiftly the interim facility repairs required to keep our firefighters safe today.

Fire fighters are answering calls today from dilapidated fire stations across the United States. The Walter Reed National Military Medical Center provides world-class medical care to our brave military, yet its fire station is in shambles. Just this summer, a fire fighter there sustained a serious injury when he fell through the floor and required three months of rehabilitation.This injury was preventable; it should not have occurred,said Edward A. Kelly, president, International Association of Fire Fighters.The staff at Walter Reed has done everything it can with the resources it has to repair the current station. It is time for the Navy to prioritize the modernization and replacement of this house and others like it at bases around the nation.The IAFF is grateful to Representative Raskin and Senator Van Hollen for their steadfast dedication to fire fighters and their continued efforts to correct the decades of inaction that have left our nations fire stations in a failing state.

IAFF Federal Fire Fighters should not have to worry about falling through the floor of their bunk room. We worry about that when we're in burning buildings. We also shouldnt have to worry about waterlogged flooring or insect infestations where we live and work, but its a reality that our federal fire fighters face every day,said Scott Burkhardt Jr., president, National Capital Federal Fire Fighters.The leadership of NSA Bethesda, Walter Reed, and the Commander Navy Region have all express their support for us, but they have been hamstrung by cuts to their budgets and the meddling of their internal affairs. We as fire fighters arent asking for more than what the Navy Facilities Engineering Command have told us were supposed to be able to expect in our stations. Thats what were fighting for, and were glad Senator Van Hollen and Congressman Raskin have our backs."

Following theJune 28 lettersent to Navy leadership by Senator Van Hollen and his colleagues seeking an update on the status of the firehouse, U.S. Navy Secretary Carlos Del Torotold the lawmakersthat the Navy has completed its preliminary plans for a new 16,000 square-foot fire facility and committed to working to budget funds for its construction. Secretary Del Toro also outlined how the Navy planned to fix many of the immediate safety issues in the existing fire station where fire fighters are still living and those plans include replacing damaged floors, installing new doors and frames, and making retrofits to prevent water leaks, among others. Additionally, the Secretary provided an update on the improvements made in two barracks for junior enlisted service members on NSA Bethesda, the conditions of which Senator Van Hollen and his colleagueshad also raised concerns aboutearlier this year. Secretary Del Toros letter to Senator Van Hollen and his colleagues can be viewedhere, and form outlining the plans for the new fire station can be viewedhere.

Senator Van Hollen has consistently championed issues important to fire fighters and first responders during his time in the Senate. Last year, as part of the fiscal year 2022 National Defense Authorization Act, he passed his Federal Firefighter Flexibility and Fairness Act into law. This legislation allows federal fire fighters to trade shifts across pay periods without it affecting their overtime. State and local fire fighters have been able to engage in trade time for many years, and this law extended that right to federal fire fighters. Additionally, last month, Senator Van Hollen introduced theFire Station Construction Grants Act, a bill that authorizes $1 billion in grants to be administered by the Federal Emergency Management Agency (FEMA) to help modify, upgrade, and construct fire and EMS department facilities.

A member of the Appropriations Committee, Senator Van Hollen works each year to secure federal funding for local fire departments and EMS agencies across Maryland to enhance their response capabilities and ability to protect the health and safety of the public and first-responders. So far this year, he has led his Congressional colleagues in announcing over $15.5 million for various agencies around the state.

Read the original post:
Hollen, Raskin Join with NSA Bethesda Fire Fighters, IAFF Leaders to Highlight Progress on Efforts to Improve Base Conditions, Build New Facility |...

Islamic Revolutionary Guard Corps Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations

WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), U.S. Cyber Command Cyber National Mission Force (CNMF), the U.S. Department of the Treasury (Treasury), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), and the United Kingdoms National Cyber Security Centre (NCSC) today released a joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity by advanced persistent threat (APT) actors affiliated with the Iranian Governments Islamic Revolutionary Guard Corps (IRGC).

This CSA, titled, Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations, provides actionable information regarding IRGC exploitation of VMware Horizon Log4j vulnerabilities for initial access and ongoing use of known Fortinet and Microsoft Exchange vulnerabilities. After gaining access to a network, these actors likely determine a course of action based on their perceived value of the data, including data encryption or exfiltration for ransom operations.

Todays advisory is an outcome of our close collaboration with international and U.S. government partners to understand and provide timely information on malicious cyber activity targeting our countrys critical networks, including by Iranian cyber actors, said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. Our unified purpose is to drive timely and prioritized adoption of mitigations and controls that are most effective to reducing risk to all cyber threats, including malicious actors like those affiliated with the Iranian Islamic Revolutionary Guard Corps. Immediately addressing the vulnerabilities in this advisory, which are also in CISAs known exploited vulnerabilities catalog, and deploying rigorous controls consistent with a zero-trust strategy is strongly recommended.

The FBI is dedicated to preventing and disrupting nation state affiliated cyber activity that threatens our private sector partners and the American public," said Bryan Vorndran, FBI Cyber Division Assistant Director. "We will continue to coordinate with our domestic and international partners to proactively share relevant and timely information to mitigate cyber threats posed by the IRGC, and we are confident this advisory will assist individuals and businesses in developing a plan to protect their systems and shore up network defenses. In the event victims do suffer an intrusion, we encourage them to report the compromise as early as possible to their local FBI field office or to the Internet Crime Complaint Center at http://www.ic3.gov.

This advisory points to specific instances in which IRGC-affiliated cyber actors have used publicly known vulnerabilities to gain access to U.S. critical infrastructure networks, said David Luber, Deputy Cybersecurity Director, NSA. We implore our net defenders and our partners to detect and mitigate this threat before your organization is the next ransomware victim.

The U.S. Department of the Treasury is dedicated to collaborating with other U.S. government agencies,allies,and partners to combat and deter malicious cyber-enabled actors and their activities, especially ransomware andcybercrime that targets economicinfrastructure, saidUnder Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.This advisory identifies specific tactics, techniques, and procedures of a group of IRGC-affiliated actors whothreaten thesecurity and economy of the United States and other nations, and provides valuable information to the public and private sectors which can strengthen their cybersecurity resilience and reduce risk of ransomware incidents.

Cyber National Mission Force works closely with our partners to disrupt and degrade foreign malicious cyber activity, sharing threat information and taking actions to the defend the Nation, said U.S. Army Maj. Gen. William J. Hartman, commander of Cyber National Mission Force, USCC. This multi-partner advisory highlights how Iranian cyber actors are exploiting vulnerabilities, targeting a broad range of entities including U.S. and partner critical infrastructure, and using accesses for ransom operations. When acted on, collaborative efforts like this advisory contribute to collective defenses around the world, and remove tools from those who would do us harm.

Ransomware remains a persistent threat. Every day, cyber threat actorsstate and criminalare seizing opportunities to exploit vulnerabilities and deliver ransomware against a growing array of targets, said Sami Khoury, Head of the Canadian Centre for Cyber Security. We strongly encourage network defenders, especially critical infrastructure partners, to read this advisory and implement these guidelines.

Based on the latest intelligence across the Five Eyes, this advisory again underscores that organisations of all sizes continue to be targeted by capable and increasingly sophisticated adversaries. Its absolutely critical that organisations strengthen their cyber defences by reviewing these protective measures and implementing them immediately, said Abigail Bradshaw CSC, Head of the Australian Cyber Security Centre. In particular, I urge organisations to patch their systems against a number of already known critical vulnerabilities.

This CSA identifies additional malicious and legitimate tools that are likely being used by these actors as well as tactics, techniques, and procedures, and additional indicators of compromise (IOCs) observed as recently as March 2022 that can be used to detect this latest malicious activity. Also, it is an update to the 2021 joint CSA on Iranian government-sponsored APT actors exploiting Microsoft Exchange and Fortinet vulnerabilities and now assesses this APT group to be affiliated with the IRGC, an Iranian Government agency tasked with defending the Iranian Regime from perceived internal and external threats. For more information on state-sponsored Iranian malicious cyber activity, see CISAs Iran Cyber Threat Overview and Advisories webpage.

Organizations are strongly discouraged from paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks. In September 2021, Treasury issued an advisory highlighting the sanctions risk associated with ransomware payments and providing steps that can be taken by companies to mitigate the risk of being a victim of ransomware.

All organizations should share information on cybersecurity incidents and anomalous activity to CISA 24/7 Operations Center at report@cisa.gov or (888) 282-0870 and/or to the FBI via your local FBI field office or the FBIs 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

As the nations cyber defense agency, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day. VisitCISA.govfor more information.

Visit CISA onTwitter,Facebook,LinkedIn,Instagram

Read more from the original source:
CISA, FBI, NSA, Treasury, Cyber Command, and International Partners Release Advisory on Malicious Cyber Actors Affiliated with Iranian Government...

#mc_embed_signup{background:#fff; clear:left; font:14px Helvetica,Arial,sans-serif; width:90%;}/* Add your own Mailchimp form style overrides in your site stylesheet or in this style block.We recommend moving this block and the preceding CSS link to the HEAD of your HTML file. */(function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true);

The President Muhammadu Buhari-led National Security Council has ordered the disbandment of the National Taskforce on Prohibition of Illegal, Importation/Smuggling of Arms, Ammunition, Light Weapons, Chemical Weapons, and Pipeline Vandalism (NATFORCE).

The task force was declared illegal at a meeting of the National Security Council presided over by President Buhari on Thursday.

The Senate had in July passed a bill establishing the National Commission for the Coordination and Control of the Proliferation of Small Arms and Light Weapons which included the NATFORCE.

The squads inclusion in the bill, however, received negative feedback from security experts.

While announcing the disbandment on Thursday, the Minister of Interior, Rauf Aregbesola said the council agreed that the task force was illegal.

NATFORCE got the Senates nod more than a year after the National Security Adviser, Major General Babagana Monguno (retd.), declared the security outfit illegal and ordered a halt of all its operations nationwide.

In particular, the office has cautioned individuals, organisations, and foreign partners on the activities of NATFORCE which was illegally formed as a task force to combat illegal importation and smuggling of small arms, ammunition, and light weapons into Nigeria.

The National Centre for the Control of Small Arms and Light Weapons domiciled in the Office of the National Security Adviser is the national coordination mechanism for the control and monitoring of the proliferation of small arms and light weapons in Nigeria, ZM Usman, the Head of Strategic Communication, Office of the National Security Adviser, had said in a statement.

Usman noted allegations of extortion and harassment against NATFORCE which seeks to combat illegal importation of Arms, Ammunition, Light Weapons, Chemical Weapons, and Pipeline Vandalism and has been involved in mounting illegal roadblocks, conducting illegal searches, seizures, and recruitment.

For the avoidance of doubt, the general public and all stakeholders are to note that NATFORCE is an illegal outfit without any mandate or authority to carry out these functions.

This trend is unacceptable and the promoters of NATFORCE are warned to dismantle their structures and operations immediately, he added.

Continued here:
NATFORCE: Buhari Finally Disbands Security Outfit After Senate Ignored NSA To Recognize Body The Whistler Newspaper - The Whistler Nigeria