Tag: private sector
The work of Kaspersky Lab's Computer Incidents Investigation Team is unaffected by these developments." Russian language reports by Kommersant link Stoyanov's arrest to an investigation into Sergei Mikhailov, deputy head of the information security department of the FSB (the Russian national security service).
Both were arrested in December as part of a probe over the receipt of money from foreign companies. Prior to joining Kaspersky Lab in 2012, Stoyanov worked in the private sector and before that served as a major in the Ministry of Interior's cybercrime unit between 2000 and 2006.
Stoyanov worked as lead investigator into a Russian hacking crew that extorted UK bookmakers through running DDoS attacks and more recently investigating the Lurk cybercrime gang. Forbes, citing unnamed Russian information security sources, said the case against Stoyanov was filled under article 275 of Russia's criminal code, meaning it could be handled by a military tribunal. Article 275 allows the Russian government to prosecute when an individual provides assistance to a foreign state or organisation regarding "hostile activities to the detriment of the external security of the Russian Federation".
This is a broadly defined offence that might be taken to cover the sharing of threat intelligence data with foreign law enforcement or intel agencies. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub
In March 2016, he voted against an FCC order that updated the 31-year-old Lifeline phone subsidy program so that poor people can use a $9.25 monthly household subsidy from the Universal Service Fund to purchase home Internet or mobile broadband. Pai said he was willing to vote for the plan if its budget was limited to $1.75 billion a year, but the final order set it at $2.25 billion. In July 2014, Pai voted against a plan to devote an extra $5 billion over five years toward expanding Wi-Fi networks in schools and libraries, particularly in rural and urban areas where broadband is lacking. Pai predicted that the move would require increases in universal services charges on Americans' phone bills. In a related move later that year, the FCC voted to add 16¢ a month to individual bill surcharges in order to fund the expansion. Pai voted against the increase. In December 2014, the FCC decided that ISPs who accept government subsidies to build rural broadband networks must provide speeds of least 10Mbps for downloads and 1Mbps for uploads, instead of the previous 4Mbps/1Mbps standard.
The move was opposed by AT&T, Verizon, and cable industry lobbyists.
Commissioner Pai supported the speed increase, but dissented in part because he wanted to give ISPs 10 years to build the networks instead of the six years required in the order. Pai didn't offer any specific initiatives for closing the digital divide yesterday, but in September 2016 he outlined a "digital empowerment agenda." The plan included "remov[ing] regulatory barriers to broadband deployment," changes to pole attachment rules, and "dig once" policies that install broadband conduit when roads are dug up during any road and highway construction project. He also proposed setting aside 10 percent of spectrum auction proceeds for deployment of mobile broadband in rural areas. Pai suggested requiring mobile carriers to build out service to 95 percent of the population in areas where they have spectrum licenses; he noted that some licenses only required service for 66 percent or 75 percent of residents, a problem in sparsely populated rural areas.
At the same time, he proposed extending initial spectrum license terms from 10 years to 15 years to give the carriers more time to complete the construction. Pai also proposed creating "gigabit opportunity zones" in areas where average household income is below 75 percent of the national median.
In these areas, state and local lawmakers would have to "adopt streamlined, broadband deployment-friendly policies," and there would be tax incentives and tax credits for companies building high-speed networks. Also yesterday, Senate Democrats proposed $20 billion in broadband infrastructure funding as part of a $1 trillion infrastructure proposal. While it's not clear whether this specific proposal will get enough bipartisan support, Republicans backed the idea of including broadband in infrastructure spending, according to Morning Consult.
Democratic Commissioner Mignon Clyburn also congratulated Pai, saying, "Ajit is bright, driven and committed to bringing connectivity to all Americans.
I am hopeful that we can come together to serve the public interest by supporting competition, public safety, and consumer protection.” Original story from Friday, January 20 follows: President Donald Trump will select Republican Ajit Pai to become chairman of the Federal Communications Commission, Politico reported today. "Two industry sources" who are familiar with the decision said an announcement could be made as soon as today, the report said. Pai would become chairman immediately, without needing to be confirmed by the Senate, because he is already a member of the commission. New commissioners must be approved by the Senate, but the president can select the chair from among the commissioners without any additional approvals. Pai was widely expected to be appointed chairman on at least an interim basis, but Politico says Trump is appointing him as a long-term chair.
That would mean Pai could lead the commission throughout Trump's four-year term in the White House. "Pai, who met with Trump in New York on Monday, had been seen by many as a top contender for the job given his reputation as a telecom law expert who’s comfortable in front of the camera," Politico wrote. "But his selection is also somewhat of a departure for the incoming administration, which has tapped people outside of Washington for many top positions." There's been no official confirmation of the decision yet, but we'll provide an update as soon as there is an announcement. We contacted Pai and his staff this afternoon but haven't heard back yet. Pai does need to be reconfirmed by the Senate by the end of 2017 in order to serve another five-year term as commissioner, but that's likely a formality. Pai was associate general counsel for Verizon from 2001 to 2003 and subsequently served as counsel for the US Senate Judiciary Committee, the US Department of Justice's Office of Legal Policy, and the FCC. Pai was nominated to the FCC by President Barack Obama at the recommendation of Senate Republican leadership. He was confirmed by the Senate in 2012. Pai consistently opposed consumer protection regulations during the three-year chairmanship of Democrat Tom Wheeler, who left the FCC today. Pai opposed net neutrality rules and, after Trump's victory, said those rules' "days are numbered." He also opposed lower rate caps for inmate calling, rules designed to give TV consumers cheaper alternatives to rented set-top boxes, rules that protect the privacy of ISP customers, an update to the 31-year-old Lifeline phone subsidy program to help poor people buy Internet service, a speed increase in the FCC's broadband standard, an investigation of AT&T and Verizon charging competitors for data cap exemptions, and preemption of state laws that restrict expansion of municipal broadband. Pai often argued that Wheeler's FCC exceeded its legal authority.
In some cases, he was proven correct.
For example, the municipal broadband decision was overturned in court, and the FCC lost several court decisions on inmate calling rate caps. On the other hand, Pai also argued that Wheeler's majority "us[ed] legal authority the FCC doesn’t have" when it passed net neutrality rules and reclassified broadband as a common carrier service. Wheeler won that battle when a federal appeals court upheld the net neutrality rules and reclassification. In his FCC bio, Pai argues that "consumers benefit most from competition, not preemptive regulation." After Trump's election victory, Pai gave a speech vowing to "fire up the weed whacker and remove those rules that are holding back investment, innovation, and job creation," and said that "during the Trump Administration, we will shift from playing defense at the FCC to going on offense." Consumer advocacy group Free Press was alarmed by the news of Pai's promotion. “Ajit Pai has been on the wrong side of just about every major issue that has come before the FCC during his tenure," Free Press CEO Craig Aaron said in a statement sent to Ars. "He’s never met a mega-merger he didn’t like or a public safeguard he didn’t try to undermine... Pai has been an effective obstructionist who looks out for the corporate interests he used to represent in the private sector.
If the new president really wanted an FCC chairman who'd stand up against the runaway media consolidation that Trump himself decried in the AT&T/Time Warner deal, Pai would have been his last choice." The FCC currently has two Republicans and one Democrat. One more Republican and one more Democrat could be appointed to give the FCC its typical composition of five members, with the president's party having a 3-2 majority.
Also, intelligence community revelations that Russia tried to influence the U.S. elections with various cyber-exploits have galvanized some U.S. lawmakers, including McCaul. Several experts have estimated the workforce shortage of cybersecurity workers in the U.S.—across multiple job titles—currently at 300,000 or more.
The most recently available analysis, from the U.S.
Bureau of Labor Statistics, said the shortage of such workers in 2015 reached 209,000.
Globally, the shortfall of cybersecurity professionals is expected to reach 1.5 million by 2020, according to data published by the National Institute of Standards and Technology. Despite such dire projections, there is at least one contrary point of view.
A DHS official said in a blog post in November that the cybersecurity skills shortage is a myth. For his part, McCaul plans to push for a cybersecurity agency within the Department of Homeland Security, partly to provide cyber assistance for national elections that are under state management. “DHS needs focus and resources,” he said. To fill cybersecurity job openings, U.S. companies have developed a number of strategies over recent years. Major corporations such as AT&T have established in-house re-training of IT workers to become cybersecurity professionals.
Also, AT&T has set up a rotational program so that a recent graduate can rotate through various departments at the company to become a well-rounded security expert. “The labor shortage is a huge problem. Nobody can get enough resources,” said Jason Porter, vice president of security solutions at AT&T, in an interview. “We’re excited to see a bunch of colleges have launched new programs around cybersecurity, so we’ll see more cyber talent.
But companies are still way behind. Right now, cybersecurity is paramount. We are actively retraining our own employee base.” Over the entire company, AT&T currently has more than 2,000 cybersecurity professionals, he said.
The company operates eight security operations centers globally and offers cybersecurity services to thousands of companies. While AT&T and other major companies are trying to adjust, the security challenges are greatest for small and mid-sized companies, analysts said. “Small and mid-sized businesses are suffering the most,” said IDC analyst Sean Pike. “They don’t have the money to pay for talent and not even for managed services.
They are sometimes hiring inexperienced talent, like a security generalist, who will move into a specialty in a year or two.
It’s really difficult to attract and retain the specialists.” Pike said he’s heard of security specialists moving into managerial roles in corporations who can make $250,000. One such manager moved into the vice president level and made $750,000, he said. With salaries at such high levels, smaller companies often have to resort to taking out an incident response retainer with a service provider for a year to protect against exploits. Analysts said it isn’t necessarily that there aren’t cybersecurity candidates available to fill positions, but there might be a lack of candidates to fill the positions that are open at the time. Gartner in a recent report said that there is a “war for cyber talent as organizations seek qualified candidates in an environment where demand outweighs supply.” Gartner noted that the Bureau of Labor Statistics expects the demand for cybersecurity professionals to increase by 53 percent through 2018. Gartner also said security budgets in U.S. companies are not increasing enough to keep up with salaries for cybersecurity professionals that have “skyrocketed.” The cybersecurity labor gap is already causing “major vulnerabilities,” said Gartner analyst Avivah Litan, in an email. “Many organizations are turning to outsourced and managed security services to fill their cybersecurity skill gap, but those managed services firms are facing their own recruitment challenges since there just aren’t that many skilled cybersecurity professionals to fill the gaps.” This story, "The war for cybersecurity talent hits the Hill" was originally published by Computerworld.
Giuliani sees cyber attacks as a major threat to innovation.
Former New York City Mayor Rudy Giuliani will serve as a cyber-security advisor to President-elect Donald Trump once he takes office, the Trump transition team announced Thursday.
Giuliani, who currently runs his own security consulting firm, will serve as a liaison between the Trump administration and private companies who are working to combat against cyber-security threats. Trump's announcement didn't specify a title for Giuliani, saying only that the former mayor will be "sharing his expertise and insight as a trusted friend concerning private sector cyber security problems."
The announcement did, however, hint at some of the threats Trump wants to address, including "hacking, intrusions, disruptions, manipulations, theft of data and identities, and securing information technology infrastructure."
Trump takes office as both private citizens and US companies have fallen victim to threats that were virtually unknown just a few years ago. Throughout 2016, multiple high-profile ransomware attacks targeted hospitals and other institutions, which often paid ransoms of tens of thousands of dollars each instead of pursuing even more costly data recovery methods.
The explosive growth in devices that make up the Internet of Things (IoT) has also contributed to threats, including a distributed denial of service attack using infected baby cameras and other IoT devices last fall that took large portions of the US Internet infrastructure offline.
Even as large corporations hire consulting firms like Giuliani's to fight back, experts have warned that lax security practices—especially among IoT device manufacturers—make them too easy to hack.
Giuliani's ability to affect change in his new position is unclear, especially given Trump's general skepticism about the Internet and computers. Giuliani tends to take the opposite view. He sees cyber attacks as a key roadblock to technological advances that can have a positive societal impact, especially when it comes to healthcare.
"Our lack of securing these things is holding back a tremendously important advance that would be a great way to reduce healthcare costs," he told PCMag in 2012. "There is a tremendous societal cost and it comes about because we haven't developed security for the Internet—the cloud—the way we should."