national security
Auto Added by WPeMatico
Auto Added by WPeMatico
One of the most unfortunate fault lines in climate change politics today is the lack of cooperation between environmentalists and the national security community. Left-wing climate activists don’t exactly hang out with more right-leaning military strategists, the former often seeing the latter as destructive anti-ecological marauders, while the latter often assume the former are unrealistic pests who would prioritize trees and dolphins over human safety.
Yet, climate change is forcing the two to work ever closer together, as uncomfortable as that might be.
In “All Hell Breaking Loose,” emeritus professor and prolific author Michael T. Klare has written a meta-assessment of the Pentagon’s strategic assessments from the last two decades on how climate will shape America’s security environment. Sober and repetitive but not grim, the book is an eye-opening look at how the defense community is coping with one of the most vexing global challenges today.
Climate change weakens the security environment in practically every domain, and in ways that might not be obvious to the non-defense specialist. For the U.S. Navy, which relies on coastal access to shipyards and ports, rising sea levels threaten to diminish and even occasionally demolish its mission readiness, such as when Atlantic hurricanes hit Virginia, one of the largest centers for naval infrastructure in the United States.

While perhaps obvious, it bears repeating that the U.S. military is as much a landlord as a fighting force, with hundreds of bases spread across the country and around the world. A large percentage of these installations face climate-related challenges that can affect mission readiness, and the cost to harden these facilities is likely to reach tens of billions of dollars — and perhaps even more.
Then there is the question of energy. The Pentagon is understandably one of the greatest users of energy in the world, requiring power for bases, jet fuel for planes, and energy for ships on a global scale. Procurement managers are obviously concerned about costs, but their real concern is availability — they need to have reliable fuel options in even the most chaotic environments. That critical priority is increasingly tenuous with climate change, as transit options for oil can be disrupted by everything from a bad storm to a ship stuck in the Suez Canal.
This is where the Pentagon’s mission and the interests of green-minded activists align heavily, if not perfectly. Klare provides examples of how the Pentagon is investing in areas like biofuels, decentralized grid technology, batteries and more as it looks to secure resiliency for its fighting forces. The Pentagon’s budgetary resources might be scorned by critics, but it’s uniquely positioned to pay the so-called green premiums for more reliable energy in ways that few institutions can realistically afford.
That political alignment continues when it comes to humanitarian response, although for vastly different reasons. One of the Pentagon’s chief concerns with global warming is that it will be increasingly waylaid from its highest priority missions — such as protecting against China, Russia, Iran and other long-time adversaries — into responding to humanitarian crises. As one of the only American institutions with the equipment and logistical know-how capable of deploying thousands of responders to disaster zones, the Pentagon is the go-to source for deployments. For Defense, the difficulty is that the armed forces aren’t trained for humanitarian missions — they’re trained for fighting wars. Attacking ISIS-K and managing a camp of climate refugees are decidedly different skills.
Climate activists are fighting for a more stable and equitable world, one that doesn’t lead to millions of climate refugees fleeing from famine and scorching temperatures. The Pentagon similarly wants to shore up fragile states in the hopes of avoiding deployments outside of its core mission. The two groups speak different languages and have different motivations, but the objectives are much the same.
The most interesting dynamic of climate change and national security is, of course, how the global strategic map changes. Russia is a major winner, and Klare provides an exacting account on how the Pentagon is securing the Arctic now that the ice has melted and shipping lanes have opened at the pole for much of the year and soon to be year round. For the first time, America has run training missions for its armed forces on how to operate in the Arctic and prepare for potential contingencies in the region.
Klare’s book is readable, and its subject is electrifyingly fascinating, but this is not a brilliantly written text by any stretch of the imagination. I dubbed it a meta-assessment because it absolutely reads as if it was written by a team of defense planning specialists in the E Ring. It’s a multi-hundred page think tank paper — and as a reader, you either have the stamina to read that or you don’t.
More caustically, the book’s research and primary citations center on the Pentagon’s assessment reports and Congressional testimony and some secondary reporting in newspapers and elsewhere. There are few to no mentions of direct interviews with the participants here, and that’s a major problem given the extremely political nature of climate change in modern U.S. discourse. Klare certainly observes the politics, but we don’t know what generals and the civilian defense leadership would really say if they didn’t have to sign off publicly on a government report. It’s a massive gulf — and begs the question of how much we really get a true picture of the Pentagon’s thinking with this volume.
Nonetheless, the book is an important contribution, and a reminder that the national security community — while protective of its interests — can also be an important vanguard for change on climate disruption. Activists and wonks should drop the animosity and talk to each other a bit more often, as there are alliances to be made.
All Hell Breaking Loose: The Pentagon’s Perspective on Climate Change by Michael T. Klare
Metropolitan Books, 2019, 304 pages
Powered by WPeMatico
The U.K. government has squeezed the timetable for domestic telcos to stop installing 5G kit from Chinese suppliers, per the BBC, which reports that the deadline for installation of kit from so-called “high risk” vendors is now September.
It had already announced a ban on telcos buying kit from Huawei et al by the end of this year — acting on national security concerns attached to companies that fall under the jurisdiction of Chinese state surveillance laws. But, according to the BBC, ministers are concerned carriers could stockpile kit for near-term installation to create an optional buffer for themselves since it has allowed until 2027 for them to remove such kit from existing 5G networks. Maintaining already installed equipment will also still be allowed up til then.
A Telecommunications Security Bill which will allow the government to identify kit as a national security risk and ban its use in domestic networks is slated to be introduced to parliament tomorrow.
Digital secretary Oliver Dowden told the BBC he’s pushing for the “complete removal of high-risk vendors”.
In July the government said changes to the U.S. sanctioned regime meant it could no longer manage the security risk attached to Chinese kit makers.
The move represented a major U-turn from the policy position announced in January — when the U.K. said it would allowed Chinese vendors to play a limited role in supplying domestic networks. However, the plan faced vocal opposition from the government’s own back benches, as well as high-profile pressure from the U.S. — which has pushed allies to expel Huawei entirely.
Alongside policies to restrict the use of high risk 5G vendors the U.K. has said it will take steps to encourage newcomers to enter the market to tackle concerns that the resulting lack of suppliers introduces another security risk.
Publishing a supply chain diversification strategy for 5G today, Dowden warns that barring “high risk” vendors leaves the country “overly reliant on too few suppliers”.
“This 5G Diversification Strategy is a clear and ambitious plan to grow our telecoms supply chain while ensuring it is resilient to future trends and threats,” he writes. “It has three core strands: supporting incumbent suppliers; attracting new suppliers into the UK market; and accelerating the development and deployment of open-interface solutions.”
The government is putting an initial £250 million behind the 5G diversification plan to try to build momentum for increasing competition and interoperability.
“Achieving this long term vision depends on removing the barriers that prevent new market entrants from joining the supply chain, investing in R&D to support the accelerated development and deployment of interoperable deployment models, and international collaboration and policy coordination between national governments and industry,” it writes.
In the short to medium term the government says it will prioritize support for existing suppliers — so the likely near-term beneficiary of the strategy is Finland’s Nokia.
Though the government also says it will “seek to attract new suppliers to the U.K. market in order to start the process of diversification as soon as possible”.
“As part of our approach we will prioritise opportunities to build UK capability in key areas of the supply chain,” it writes, adding: “As we progress this activity we look forward to working with network operators in the UK, telecoms suppliers and international governments to achieve our shared goals of a more competitive and vibrant telecoms supply market.”
We’ve reached out to Huawei for comment on the new deadline for U.K. carriers to stop installing its 5G kit.
The company has continued to reject security concerns attached to its business.
Powered by WPeMatico
There is a darker side to cybersecurity that’s frequently overlooked.
Just as you have an entire industry of people working to keep systems and networks safe from threats, commercial adversaries are working to exploit them. We’re not talking about red-teamers, who work to ethically hack companies from within. We’re referring to exploit markets that sell details of security vulnerabilities and the commercial spyware companies that use those exploits to help governments and hackers spy on their targets.
These for-profit surveillance companies flew under the radar for years, but have only recently gained notoriety. But now, they’re getting unwanted attention from U.S. lawmakers.
In this week’s Decrypted, we look at the technologies police use against the public.
Last week we looked at how the Justice Department granted the Drug Enforcement Administration new powers to covertly spy on protesters. But that leaves a big question: What kind of surveillance do federal agencies have, and what happens to people’s data once it is collected?
While some surveillance is noticeable — from overhead drones and police helicopters overhead — others are worried that law enforcement are using less than obvious technologies, like facial recognition and access to phone records, CNBC reports. Many police departments around the U.S. also use “stingray” devices that spoof cell towers to trick cell phones into turning over their call, message and location data.
Powered by WPeMatico
This week saw protests spread across the world sparked by the murder of George Floyd, an unarmed Black man, killed by a white police officer in Minneapolis last month.
The U.S. hasn’t seen protests like this in a generation, with millions taking to the streets each day to lend their voice and support. But they were met with heavily armored police, drones watching from above, and “covert” surveillance by the federal government.
That’s exactly why cybersecurity and privacy is more important than ever, not least to protect law-abiding protesters demonstrating against police brutality and institutionalized, systemic racism. It’s also prompted those working in cybersecurity — many of which are former law enforcement themselves — to check their own privilege and confront the racism from within their ranks and lend their knowledge to their fellow citizens.
The Justice Department has granted the Drug Enforcement Administration, typically tasked with enforcing federal drug-related laws, the authority to conduct “covert surveillance” on protesters across the U.S., effectively turning the civilian law enforcement division into a domestic intelligence agency.
The DEA is one of the most tech-savvy government agencies in the federal government, with access to “stingray” cell site simulators to track and locate phones, a secret program that allows the agency access to billions of domestic phone records, and facial recognition technology.
Lawmakers decried the Justice Department’s move to allow the DEA to spy on protesters, calling on the government to “immediately rescind” the order, describing it as “antithetical” to Americans’ right to peacefully assembly.
Powered by WPeMatico
Immersive Labs, a cybersecurity skills platform, has raised $40 million in its Series B, the company’s second round of funding this year following an $8 million Series A in January.
Summit Partners led the fundraise, with Goldman Sachs participating, the Bristol, U.K.-based company confirmed.
Immersive, led by former GCHQ cybersecurity instructor James Hadley, helps corporate employees learn new security skills by using real, up-to-date threat intelligence in a “gamified” way. Its cybersecurity learning platform uses a variety of techniques and psychology to build up immersive and engaging cyber war games to help IT and security teams learn. The platform aims to help users better understand cybersecurity threats, like detecting and understanding phishing and malware reverse-engineering.
It’s a new take on cybersecurity education, as the company’s founder and chief executive Hadley said the ever-evolving threat landscape has made traditional classroom training “obsolete.”
“It creates knowledge gaps that increase risk, offer vulnerabilities and present opportunities for attackers,” said Hadley.
The company said it will use the round to expand further into the U.S. and Canadian markets from its North American headquarters in Boston, Mass.
Since its founding in 2017, Immersive already has big customers to its name, including Bank of Montreal and Citigroup, on top of its U.K. customers, including BT, the National Health Service and London’s Metropolitan Police.
Goldman Sachs, an investor and customer, said it was “impressed” by Immersive’s achievements so far.
“The platform is continually evolving as new features are developed to help address the gap in cyber skills that is impacting companies and governments across the globe,” said James Hayward, the bank’s executive director.
Immersive said it has 750% year-over-year growth in annual recurring revenues and more than 100 employees across its offices.
Powered by WPeMatico
Critical cyber attacks on both businesses and individuals have been grabbing headlines at an alarming rate. Cybersecurity has moved from a background risk for enterprises to a critical day-to-day threat to business operations, forcing executive teams to pour time and hundreds of billions in capital into monitoring and prevention efforts.
Yet even as investment in security ticks up, the frequency and cost of cybercrime to businesses continues to rapidly accelerate, with the World Economic Forum estimating the economic loss due to cybercrime could reach $3 trillion by 2020.
More companies are now turning to cyber insurance as a means of mitigating financial exposure. However, for traditional insurers, cybersecurity remains a relatively nascent and unfamiliar issue, requiring risk-assessment data points and methodologies largely different from those seen in traditional insurance products. As a result, businesses often struggle to get the scale of cybersecurity coverage they require.
Arceo.ai is hoping to expand the size and scope of the cyber insurance market for both insurers and companies, by providing insurers with effective real-time data, analytics and context, necessary for safely and efficiently underwrite cyber risk.
This morning, Arceo took a major step in achieving that goal, announcing the company has raised a $37 million round of funding led by Lightspeed Venture Partners and Founders Fund with participation from CRV and UL Ventures.
Using an expansive set of global sources across a customer’s digital footprint, Arceo.AI collects internal, external and macro cyber risk data which it uses to evaluate a company’s security and cyber risk management behavior. By automating the data collection process and connecting it with insurer underwriting processes, Arceo is able to keep its data and policy assessments up to date in real-time and enable faster, more efficient quotes.
A vital component of Arceo’s platform is its analytics offering. Using patented data science and cyber risk models, Arceo generates analytics-driven insights for insurance carriers, brokers and end-insured customers. For end-insured customers, Arceo helps companies understand whether they’re using the best mitigation strategies by providing policy recommendations and industry benchmarking to help contextualize day-to-day cyber behavior and hygiene. For underwriters, Arceo can provide specific insurance recommendations based on particular policy coverages.
Ultimately, Arceo looks to provide both insurers and the insured with actionable answers to key questions such as how one assesses cyber risk, how one determines what risks can be mitigated with technology alone, how one knows which systems are best and whether those systems are being used appropriately.
In an interview with TechCrunch, Arceo Chairman Raj Shah explained that the company’s background expertise, proprietary data systems, and deep pedigree in both the security and insurance truly differentiate Arceo from competing solutions. For starters, both Shah and Arceo co-founder and CEO Vishaal Hariprasad have spent close to the entirety of their careers in national security and cybersecurity. Hariprasad started his career in the Airforce’s first cohort of cyber warfare officers, before teaming up with Shah to start Morta Security in 2012, a security startup the two sold to Palo Alto networks in just roughly two years.
After selling the company, Shah and Hariprasad remained in the security world before realizing that there was a natural intersection between security and insurance, and a real opportunity for risk transfer solutions.
“Having studied the market, we saw that people are spending more and more dollars on cybersecurity products… There are hundreds of thousands of new vendors every year… Spend is going up, but we don’t feel any safer!” Shah told TechCrunch.
“That’s when we said ‘Hey, we need to move beyond just thinking about technology points and products, and think about holistic cyber risk management.’ And this is where insurance has historically done a great job. Putting a price on behavior and making people think and letting them take risks… From life and death and health to buyers and property and casualty. And so cyber is that next class risk… So that’s really why we started the business. We wanted to provide a real way to manage the cyber stress that they’re facing and that will impact every single one of our digital lives.”
Since the company’s founding, Raj and Vishaal have been joined by a deep network of cyber and insurance experts. Today, Arceo also announced that Hemant Shah, founder and former CEO of catastrophe risk modeling company RMS has joined Arceo’s Board of Directors. Additionally, earlier this month, the company announced that Mario Vitale, the former CEO of publically-traded insurance companies Willis Towers Watson and Zurich Insurance Group, would be joining the Arceo team as the company’s President.
The company noted that participation from high-profile industry vets like Hemant and Mario not only further advance Arceo’s competitive advantage but also acts as another major validation of the company’s future and work to date.
According to Arceo Chairman Raj Shah, after years of investing in R&D, the latest funds will be used towards expansion efforts and scaling Arceo to the broader ecosystem of insurance and brokers. Longer-term, the company hopes to offer the most complete combined cybersecurity and risk transfer solution to insurers and the insured, easing the stress around cyber threats for both enterprises and individuals and ultimately improving broader cyber resiliency.
If you’d like to hear more from Arceo’s Raj Shah, Raj will also be joining us this year on the Extra Crunch stage at TechCrunch Disrupt SF, where he’ll discuss how founders and companies should think about potential US government investment. Grab tickets here and we hope to see you there!
Powered by WPeMatico
How do you keep your startup secure?
That’s the big question we explored at TC Sessions: Enterprise earlier this month. No matter the size, every startup is an enterprise. Every startup will grow in size as it builds out. But as a company expands, that rapid growth can lead to a distraction from the foundational principle of any modern company — keeping it secure.
Security isn’t just a buzzword. As some of the largest companies in Silicon Valley have shown, security can be difficult. From storing passwords in plaintext to data breaches galore, how can startups learn from some of the biggest security lapses in the tech industry’s history?
Our panel consisted of three of the brightest minds in enterprise security: Wendy Nather, head of advisory CISOs at Duo Security, is an enterprise security expert; Martin Casado, general partner at Andreessen Horowitz, is a security and enterprise startup investor; and Emily Heath, United’s chief information security officer, oversees the security operations of the largest U.S. airlines.
This is what advice they had.
Powered by WPeMatico
Hackers will soon be able to stress-test the Facebook Portal at the annual Pwn2Own hacking contest, following the introduction of the social media giant’s debut hardware device last year.
Pwn2Own is one of the largest hacking contests in the world, where security researchers descend to find and demonstrate their exploits for vulnerabilities in a range of consumer electronics and technologies, including appliances and automobiles.
It’s not unusual for companies to allow hackers put their products through their paces. Tesla earlier this year entered its new Model 3 sedan into the contest. A pair of researchers later scooped up $375,000 — and the car they hacked — for finding a severe memory randomization bug in the web browser of the car’s infotainment system.
Hackers able to remotely inject and run code on the Facebook Portal can receive up to $60,000, while a non-invasive physical attack or a privilege escalation bug can net $40,000.
Introducing the Facebook Portal is part of a push by Trend Micro’s Zero Day Initiative, which runs the contest, to expand the range of home automation devices available to researchers in attendance. Pwn2Own said researchers will also get a chance to try to hack an Amazon Echo Show 5, a Google Nest Hub Max, an Amazon Cloud Cam and a Nest Cam IQ Indoor.
Facebook said it also would allow hackers to find flaws in the Oculus Quest virtual reality kit.
Pwn2Own Tokyo, set to be held on November 6-7, is expected to dish out more than $750,000 in cash and prizes.
Powered by WPeMatico
Cybereason, which uses machine learning to increase the number of endpoints a single analyst can manage across a network of distributed resources, has raised $200 million in new financing from SoftBank Group and its affiliates.
It’s a sign of the belief that SoftBank has in the technology, since the Japanese investment firm is basically doubling down on commitments it made to the Boston-based company four years ago.
The company first came to our attention five years ago when it raised a $25 million financing from investors, including CRV, Spark Capital and Lockheed Martin.
Cybereason’s technology processes and analyzes data in real time across an organization’s daily operations and relationships. It looks for anomalies in behavior across nodes on networks and uses those anomalies to flag suspicious activity.
The company also provides reporting tools to inform customers of the root cause, the timeline, the person involved in the breach or breaches, which tools they use and what information was being disseminated within and outside of the organization.
For co-founder Lior Div, Cybereason’s work is the continuation of the six years of training and service he spent working with the Israeli army’s 8200 Unit, the military incubator for half of the security startups pitching their wares today. After his time in the military, Div worked for the Israeli government as a private contractor reverse-engineering hacking operations.
Over the last two years, Cybereason has expanded the scope of its service to a network that spans 6 million endpoints tracked by 500 employees, with offices in Boston, Tel Aviv, Tokyo and London.
“Cybereason’s big data analytics approach to mitigating cyber risk has fueled explosive expansion at the leading edge of the EDR domain, disrupting the EPP market. We are leading the wave, becoming the world’s most reliable and effective endpoint prevention and detection solution because of our technology, our people and our partners,” said Div, in a statement. “We help all security teams prevent more attacks, sooner, in ways that enable understanding and taking decisive action faster.”
The company said it will use the new funding to accelerate its sales and marketing efforts across all geographies and push further ahead with research and development to make more of its security operations autonomous.
“Today, there is a shortage of more than three million level 1-3 analysts,” said Yonatan Striem-Amit, chief technology officer and co-founder, Cybereason, in a statement. “The new autonomous SOC enables SOC teams of the future to harness technology where manual work is being relied on today and it will elevate L1 analysts to spend time on higher value tasks and accelerate the advanced analysis L3 analysts do.”
Most recently the company was behind the discovery of Operation SoftCell, the largest nation-state cyber espionage attack on telecommunications companies.
That attack, which was either conducted by Chinese-backed actors or made to look like it was conducted by Chinese-backed actors, according to Cybereason, targeted a select group of users in an effort to acquire cell phone records.
As we wrote at the time:
… hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — on at least 20 individuals.
Researchers at Boston-based Cybereason, who discovered the operation and shared their findings with TechCrunch, said the hackers could track the physical location of any customer of the hacked telcos — including spies and politicians — using the call records.
Lior Div, Cybereason’s co-founder and chief executive, told TechCrunch it’s “massive-scale” espionage.
Call detail records — or CDRs — are the crown jewels of any intelligence agency’s collection efforts. These call records are highly detailed metadata logs generated by a phone provider to connect calls and messages from one person to another. Although they don’t include the recordings of calls or the contents of messages, they can offer detailed insight into a person’s life. The National Security Agency has for years controversially collected the call records of Americans from cell providers like AT&T and Verizon (which owns TechCrunch), despite the questionable legality.
It’s not the first time that Cybereason has uncovered major security threats.
Back when it had just raised capital from CRV and Spark, Cybereason’s chief executive was touting its work with a defense contractor who’d been hacked. Again, the suspected culprit was the Chinese government.
As we reported, during one of the early product demos for a private defense contractor, Cybereason identified a full-blown attack by the Chinese — 10,000 thousand usernames and passwords were leaked, and the attackers had access to nearly half of the organization on a daily basis.
The security breach was too sensitive to be shared with the press, but Div says that the FBI was involved and that the company had no indication that they were being hacked until Cybereason detected it.
Powered by WPeMatico
When it comes to enterprise security, how do you move fast without breaking things?
Enter Duo’s Wendy Nather, who will join us at TC Sessions: Enterprise in San Francisco on September 5, where we will get the inside track on how to keep enterprise networks secure without slowing growth.
Nather is head of advisory CISOs at Duo Security, a Cisco company, and one of the most respected and trusted voices in the cybersecurity community as a regular speaker on a range of topics, from threat intelligence to risk analysis, incident response, data security and privacy issues.
Prior to her role at Duo, she was the research director at the Retail ISAC, and served as the research director of the Information Security Practice at independent analyst firm 451 Research.
She also led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation — now UBS.
Nather also co-authored “The Cloud Security Rules,” and was listed as one of SC Magazine’s Women in IT Security “Power Players” in 2014.
We’re excited to have Nather discuss some of the challenges startups and enterprises face in security — threats from both inside and outside the firewall. Companies large and small face similar challenges, from keeping data in to keeping hackers out. How do companies navigate the litany of issues and threats without hampering growth?
Who else will we have onstage, you ask? Good question! We’ll be joined by some of the biggest names and the smartest and most prescient people in the industry, including Bill McDermott at SAP, Scott Farquhar at Atlassian, Julie Larson-Green at Qualtrics, Aaron Levie at Box and Andrew Ng at Landing AI and many, many more. See the whole agenda right here.
Early-bird tickets are on sale right now! For just $249 you can see Nather and these other awesome speakers live at TC Sessions: Enterprise. But hurry, early-bird sales end on August 9; after that, prices jump up by $100. Book here.
If you’re a student on a budget, don’t worry, we’ve got a super-reduced ticket for just $75 when you apply for a student ticket right here.
Enterprise-focused startups can bring the whole crew when you book a Startup Demo table for just $2,000. Each table gives you a primo location to be seen by attendees, investors and other sponsors, in addition to four tickets to enjoy the show. We only have a limited amount of demo tables and we will sell out. Book yours here.
Powered by WPeMatico