Cyber security: We need a better plan to deter hacker attacks says US:

The US needs to fundamentally rethink its strategies for stopping cyber attacks and should develop a tailored approach to deterring each of its key adversaries, according to a new government report.

The report published by the US State Department — like a recent paper on botnets — comes in response to an executive order signed by President Donald Trump last year, which called for a report “on the nation’s strategic options for deterring adversaries and better protecting the American people from cyber threats.”

The report said that while the US has become dependent upon sophisticated networked information systems, its rivals have been learning to exploit that dependence to “steal from Americans, disrupt their lives, and create insecurity domestically and instability internationally.”

The cyber threat posed by rival states — and by Russia, China, Iran and North Korea in particular — is often alluded to by intelligence agencies, but the US and its allies have struggled to find a way to deter these cyber intrusions.

The unclassified cyber-deterrence overview published by the State Department doesn’t mention particular countries, but said that strategies for deterring malicious cyber activities “require a fundamental rethinking”. The report said that the US has made efforts to promote a framework for “responsible state behaviour in cyberspace”, but noted that this has not stopped state-sponsored cyber incidents.

 

“The United States and its likeminded partners must be able to deter destabilizing state conduct in cyberspace,” the State Department warned.

Of course, the US has plenty of military muscle should it come to full-on cyberwarfare, but it’s much harder to tackle cyber attacks that don’t necessarily deserve an armed response — which make up the majority of attacks.

 

The report said the US should develop a broader menu of consequences that it can impose following a significant cyber incident. The US should also take steps to make it easier to prove who is behind cyber attacks, it said.

Another big problem is the poor state of cyber security. “Efforts to deter state and non-state actors alike are also hindered by the fact that, despite significant public and private investments in cybersecurity, finding and exploiting cyber vulnerabilities remains relatively easy,” the report said.

“Credibly demonstrating that the United States is capable of imposing significant costs on those who carry out such activities is indispensable to maintaining and strengthening deterrence,” the report added.

According to the State Department, the three key elements of cyber deterrence should include:

  • Creating a policy for when the United States will impose consequences: The policy should provide criteria for the types of malicious cyber activities that the US government will seek to deter. The outlines of this policy must be communicated publicly and privately in order for it to have a deterrent effect.
  • Developing a range of consequences: There should be “swift, costly, and transparent consequences” that the US can impose in response to attacks below the threshold of the use of force.
  • Building partnerships: Other states should work in partnership with the US through intelligence sharing or supporting claims of attribution.

(Via Latest Topic for ZDNet in security)

Curious what your take is on this, Dear Friends.

I’m not sure how the State Department, the U.S. government’s diplomats, think that this kind of response is workable diplomatically. Maybe it is in the report, which I have yet to read. But who needs context to respond?

Both the US’s Cloud Act and Europe’s GDPR Move Far Beyond Geography, but Will Not Solve Transatlantic Jurisdictional Conflicts:

It is obvious that not only is “extraterritoriality not a bad word”, but that it is the necessary and realistic answer to the problems that characterize a world that is increasingly globally connected. But that means that just as European users should have the right to enjoy European privacy standards when they use one of the many websites operated from the U.S., so should the U.S. government have the right to access data in the control of a U.S. company regarding a U.S. resident who is suspected of committing a crime within the U.S., as was the issue in the Microsoft – Ireland case. Due to the GDPR and the Cloud Act, both forms of extraterritorial jurisdiction are, at the moment, legal reality. It makes little sense to vilify the Cloud Act while glorifying GDPR.

However, it is also obvious that both regulatory frameworks are determined by political interests, which works against their de facto reciprocity. On the one hand, the data controller argument employed in the Cloud Act comes especially handy to the US, which is the country where most Internet-based platforms headquarter. One might even argue that the data controller argument employed by the nation that hosts Silicon Valley actually might bring about de facto global enforcement jurisdiction. On the other hand, the approach of objective territory that is pursued by the EU regarding article 48 of the GDPR might be outdated and not make much sense, but it is aligned with the EU’s economic interest to become a data safe haven.

These conflicts of interest and corresponding jurisdictional conflicts will inevitably be the source of tensions between the EU and the US. Surely, the best solution would be to formulate coherent and unequivocal principles of extraterritorial jurisdictions that are developed not unilaterally, but in transnational collaboration. Such a formulation must not rely on notions relating to geography alone, but also more subtle categories, such as the nature of the data requested, respectively protected data, the nature of the crimes committed, the strength of interest that a nation might have in regulating or accessing data, and the consideration of different degrees of regulation in different countries.

(Via Just Security)

Things 3.6 Reimagines External Keyboard Control on iPad

I’ve been able to play around with Things 3.6 on my iPad Pro for the past couple of weeks. This isn’t another “keyboard-centric” update that only adds a handful of shortcuts to trigger specific commands. Instead, the developers at Cultured Code have focused on an all-encompassing keyboard control framework for the whole app, from task lists to popovers and multiple selections. With version 3.6, Things has the best implementation of external keyboard support I’ve ever seen in an iPad app.

(Via MacStories)

I don’t use Things but love how their revamp redid their external keyboard support. I would love to see other app developers and Apple especially to embrace and implement something similar.

Sadly the WWDC keynote mentioned nothing about enhanced keyboard support.

Inspiration from Bruce Lee, William James, Diving, and More:

Songs make you think of people. Sometimes, you hear a song and you miss someone.

Sometimes you go look up that person to find out what happened to them and it breaks your heart.

Sometimes you realize that it’s a mistake to lose track of people who meant so much to you.

Reach out to that person who changed your life and then disappeared. If nothing else, let them know they changed you and thank them. Do it now, before you wake up one day, hear a song, look for the person that the song reminds you of, and realize that person isn’t around any more.

I’ve been downhearted, baby, ever since the day we met. We were never quite sure what B.B. King was saying in that repeated sample. That’s what he was saying. I wish I could tell you that now.

(Via The Simple Dollar The Simple Dollar)

One of the non-family related good memories of my time living in Oklahoma is this song.

Agenda for iOS Review

Agenda … is one of the most interesting note-taking apps I’ve used. The app is simultaneously structured around projects, like a task manager, and dates, like a calendar app.

What makes Agenda a little bewildering at first is its use of dates and projects, which sometimes makes it feel like a calendar app and other times like a task manager, even though it’s neither. The app doesn’t try to force you into a predefined system. Instead, Agenda gives you multiple ways to organize and view your notes through tagging, filtering, sorting, and searching. The upside is flexibility that should accommodate almost anyone’s workflow. The downside is that it can take time and experimentation to discover how it can work for you.

(Via Mac Stories)

The parallels with Orgmode are, at least to me, obvious and surprising in a good way. I played with Agenda on iOS. The metaphor was a visual analog to how I use (or, more correctly, strive to use) Orgmode for Getting Shit Done.

Hmmm … I wonder how long until there’s a way to integrate the two …

So WWDC happened. How does everyone feel about it? My news feed has been sarcastically quiet.

24 Million Americans Don’t Have Access to Broadband—Why Isn’t It an Election Issue? – Motherboard

Yet few candidates, from local mayoral races all the way up to the Senate, provide lip service to the fact that millions of Americans still lack access to broadband, and even fewer flesh out a robust policy to address it. At a time when politics is more divisive than ever, basic issues such as access to the internet are being overshadowed by the massive ideological clashes happening across the country.

“If you were to ask people what issues they’re voting on, first and foremost they would say ‘pro-Trump or anti-Trump,’” said Susan Boser, the Democratic candidate seeking to replace Republican House Member Glenn Thompson in Pennsylvania. “Next would be guns and abortion, then the needs of the area, which are jobs and the opioid epidemic.”

Boser told me a lack of access to broadband is a huge problem in her district, which is a large, predominantly rural swath along the northwestern edge of the state; its largest town, Indiana, has a population of less than 15,000.

(Via Motherboard)

This is not an insignificant number of people even as a percentage of the population. And this issue has the added advantages of:

  • No political polarization
  • No impact on either moral, ethical, or religious issues

  • Good for the economy

  • Relatively easy to address and can be done relatively quickly, if the community will is there

And yet …

In Tennessee, broadband access has faced progress and setbacks. Chattanooga found economic revival after building city-owned gigabit internet, but was quickly prohibited from expanding the network to surrounding communities because of a Telecom-backed state law. Efforts to fight those limits have failed, making it difficult for municipal internet providers to expand and offer services to smaller communities.

A Tennessee Democratic Party spokesperson told me the broadband battle is being drowned out by more contentious rhetoric.

“We’ve got a governor race with a highly contested Republican primary, so you’ve got all those candidates out there with television ads focused on immigration and other issues,” he told me over the phone. “That’s where voter attention is at the moment.”

So many people get wrapped up in causes they can’t hope to impact to the exclusion of local issue they can impact.

BTW, I’ve used the Chattanooga broadband many times. It is awesome and puts Comcast’s bizarrely named product to shame. The cynic in me sees why Telecom companies fear such implementations and thus oppose them.

Google Pay bellyflops in Japan:

That didn’t take long. No sooner had Google Pay landed in Japan when Android users without JP carrier locked Osaifu-Keitai phones noticed they weren’t invited to the FeliCa party and lost their shit. Then local Japanese tech journalists filed reviews and they were not kind: “zannen” which means “too bad” as in “too bad Google Pay is a weak imitation of a real FeliCa Osaifu-Keitai that any user could add and use on any Android phone.” Too bad it’s not a Global FeliCa iPhone.

I called it a few weeks ago:

If and when Google Pay Suica arrives it will likely be on Osaifu-Keitai /Mobile FeliCa enabled locked Android devices from Japanese carriers. Global FeliCa iPhone-like out-of-the-box Mobile Suica on ‘global FeliCa’ Android devices from anywhere looks to be a long way off.

FeliCa Dude called it earlier: “Android Pay is smoke and mirrors”

Google Pay Japan is smoke and mirrors.

(Via atadistance.com)

Not that my US-purchased Google Nexus 6P would have been included in this due to age if not build, but I would have liked a truly viable option to the Apple Pay & Suica combo. I’m not looking to switch but competition could be good for innovation.