The Cybersecurity 202: 'Sometimes the old stuff is the best.' Sen. King wants the U.S. to unplug parts of electric grid - what's the best electric toothbrush 2016

THE KEYSen. Angus King (I-
Maine) believes that the United States can learn something from Ukraine in terms of cyber security.
Kim, who served on the Senate Energy Committee, wants the government to consider pulling out some digital systems in the strategic position of the State Grid. -
Replace them with physical systems that hackers cannot compromise.
This is why Ukraine recovered after a massive cyber attack on 2015 and power off some 225,000 customers.
The three companies in the attack target were able to restore power by shutting down their digital systems and restoring manual operations. Yet the U. S.
Far ahead in its digital system-
King warned that after a serious attack, it was difficult to switch to manual in flight.
"The biggest concern is that cyber attacks can destroy the grid, as will it Hospitals, financial centers, people's day --to-
"It's so fast," Kim told me.
"There is no doubt that life will be lost.
"King will compare the idea of taking key parts of the grid offline with voting machines that elect cyber security experts to push paper votes rather than digitally record them ---
It is easier to be tampered.
"Sometimes the old things are the best," said Kim . "
US Department of Homeland Security warns Russian government
Hackers with background have been trying to penetrate the United States. S.
At least since March 2016, King has been sponsoring a bill with Sen. James Risch (R-
Idaho) will fund a $10 million national laboratory study focusing on key parts of the isolated grid.
The Energy Infrastructure Protection Act will also set up a Department of Energy
The leading working group will develop a grid network security strategy with a focus on helping energy companies protect their most critical systems from attack.
The bill was passed by Congress last time but not by the House.
Given the bipartisan record, King is hopeful that the study will pass through both houses in a few months. round. Rep.
Ruppersberger, Netherlands (D-Md. ) who’s co-
Sponsored House version of the grid research Act with Representative John CarterTex.
), Described in the press release as a "return to the future" approach to grid security.
Kim said the idea of the study came from researchers at the National Laboratory that studied the attack in Ukraine.
In that attack
Ukrainian officials believe Russia
After a few hours, the light came on again.
The attack in Ukraine was accompanied by a denial of service attack that flooded the telephone network with false traffic, which appeared to be intended to prevent customers from obtaining power outage information.
For a long time, a massive attack on the grid has been the biggest concern for cyber experts, but the 2015 Ukrainian attack is the only major grid attack known.
This is partly because it requires more expertise than hacking into consumer technologies such as computers and smartphones to hack into industrial control systems running the grid. And thenation-state-
Supported hacker organizations with the ability to carry out such attacks may also be reluctant to launch attacks, fearing that they will quickly escalate into military conflicts.
Still, Russia has allowed radical movesto to develop cyber weapons that can be used to disrupt the grid.
It is only when the United States and its Cold War opponents are involved in broader military conflicts that the risk of such attacks is more likely to occur.
Kim warned at a Senate energy committee hearing last week that Russian hackers had tried to penetrate the grid.
He warned that if they succeed in damaging major power facilities, they could shut down electricity in most parts of the United States to stop critical services.
"This is not a threat.
"This is happening now," Kim said . ".
"This is not something that could happen next year or two years later.
Microsoft has identified another Russian.
According to my colleagues Elizabeth Dwoskin and Craig Timberg, the government is linking hacking operations against well-known think tanks that criticize Russia.
The APT28 hacker group launched a phishing campaign against more than 100 European employees of the German Marshall Fund, the Aspen Institute's German and German foreign relations committees, disrupting the same Russian military intelligence unit of $2016. S.
According to a blog post from Microsoft, election.
"This announcement is also the second public effort by Microsoft in the past six months to stop APT28, sometimes referred to as strondeau or Fancy Bears," Elizabeth and Craig reported . ".
"The attacks we have seen recently, plus the other attacks we discussed last year, indicate that we are trying to target Democratic organizations," the company said in a blog post . ".
"They confirmed the warning from European leaders about the level of threat we should see in Europe this year.
Georgian voters expressed concern about the security of voting.
Direct replacement of state paperless marking equipment-
Atlanta Daily records electronic voting machines
Mark Niesse of the Constitution reports.
Election security experts warn that DRE machines are vulnerable to hacking.
A bill from Georgia will result in passage in a state of contact
A screen machine that publishes paper votes, but voters at the hearing said
A marked paper ballot will be a safer option. “Hand-
According to The Wall Street Journal, marked paper votes are the latest technology to ensure the security of voting systems, "said Walter Elizabeth shakerford. Constitution.
"The security of our vote is crucial. . . .
Why don't you pursue transparency? ”A ballot-
The marking system will cost the country $0. 15 billion, with one hand
The marked voting system will reach $30 million.
Niesse reported, "election officials say the touchscreen voting machine, called the ballot paper --
Marking Equipment is accurate as they can help avoid errors that may occur when voters manually mark their votes.
State councillors are scheduled to hear from the public again today.
First strike on cyber security found Russia-
According to Wired's Andy Greenberg, sponsored hackers, after initially accessing the victim's computer system, entered the network much faster than their North Korean and Chinese counterparts.
CrowdStrike said in its 2019 global threat report that after the initial compromise, Russian hackers entered the victim's network in less than 19 minutes on average, which the company called "breakthrough time ".
Dmitri Alperovitch, chief technology officer at CrowdStrike, said the indicator helped illustrate how powerful Russian hackers are as rivals.
"Russia is really the best opponent," Alperovitch told Wired . ".
"We have been involved with them in the investigation, discovery and crackdown on them, and this breakthrough time is a real representation of how good they are.
It really captures the rhythm of the operation. . .
They are very fast, almost eight times as fast as their next opponent.
According to Wired, the company analyzed more than 30,000 illegal attempts to determine the breakthrough time.
North Korea-
The average break time for sponsored hackers is about 2 hours and 20 minutes.
It takes an average of 4 hours for Chinese hackers to enter the target network, and more than 5 hours for Iranian hackers. —
According to The Washington Post, Ren Zhengfei, founder of China Telecom Giant Huawei Technology, denied that the company's products had a back door, which Chinese authorities might use to engage in espionage. U. S.
Officials said the Chinese government could use Huawei as a spy platform and try to persuade allies to prevent the company from participating in the 5g network for security reasons.
In an interview with CBS, Mr Ren also denied that Huawei shared information with Chinese authorities.
"Ask if his company's hardware has been built --
He said that, because of the fragility of government espionage, perhaps without his knowledge, it is impossible because, throughout our organization, we have repeatedly stressed that we will never do so, hamza reports. —
After two House Democrats filed a complaint with the Federal Trade Commission, they asked Facebook to provide a briefing accusing the company of not making it clear that some users' health information could be made public without consent, it is reported that Emily Birnbaum of Hill reports.
A group of patients and health data experts complained that Facebook did not clarify to users that they might expose their health information when they became part of a healthcare support group.
Frank Palon, chairman of the House Energy and Commerce Committee(D-N. J. ) and Rep.
Schakowsky, January (D-Ill.
), The chairman of the consumer protection and business subcommittee asked Facebook to brief employees on the matter in a letter to CEO Zuckerberg.
"Although there are indications that these groups are private and anonymous, people and companies that should not be admitted to these groups can reach out to them and the list of group members," the legislator wrote . ". —
More cyber security news from the public sector :-Microsoft-
Ownedgithubpanded's bug rewards researcher's bonus plan and the amount added, venturebeat' sEmil Protalinski reports.
"GitHub also revealed that it paid security researchers more than $250,000 in 2018 through its public bounty program, researcher grants, private bug bounty program and live broadcast
According to VentureBeat, the hacking incident.
"Of this total, $165,000 was specifically paid to researchers through the public loophole Award program. ”—
Ethical hackers say they have identified security flaws among five password managers at Jeffrey A of the Washington Post.
Fowler reports.
Therefore, according to a report from independent security assessors, users of these password managers are at risk of being attacked by malware.
My colleague wrote: "It found 1 password for the Windows 10 app, Dashlane, KeePass, LastPass, and RoboForm when the app is in" lock "mode,
"For hackers who can access a PC, the password that should be hidden is no safer than the text file on your computer's desktop. ”—
ADutch network security researchers found a database on the Internet containing more than 2 data.
Wang Yanan and Kang Dakeng of The Associated Press reported that 5 million people underestimated China's surveillance activities in western Xinjiang.
Researcher Victor Gevers "found that Chinese facial recognition company SenseNets has not protected the database for several months, exposing people's addresses, government ID numbers, and so on, according to The Associated Press.
He said: "The database became inaccessible after Gevers informed SenseNets of the leak. ”—