On “Safer Internet Day”, celebrated earlier this month, President Obama announced the Cybersecurity National Action Plan.
The earmarked budget is 19 billion dollars (so we know they mean business).
The plan emphasizes education. The government will supplement the activities of the NCSA (a federal non-profit that develops national-scale cyberinfrastructure) improving and increasing public education campaigns, for example.
Educated people tend to be more concerned about the security threats and promote better choices when looking to protect themselves and their families.
Better security education-> safer people.
The NCSA has run smaller, more local events to teach people on a more personal level, and feels that the localized and personalized education approach is the best way to get these messages across. Additionally, the plan emphasizes the use of 2FA instead of the not-so-safe-anymore passwords.
The focus at the estimated 15 events across the country this year will be on 2FA. Experts say the focus will eventually shift towards IoT devices and how users need to be protecting themselves in an IoT era.
Until now, most people counter argue claims at unsafe internet habits with the popular ““I have nothing to hide” argument. By investing in this education, more Americans will internalize how irrelevant this argument has become.
What else isn’t private in Washington anymore?
fighting with Apple, that’s what.
The ethical privacy debate has been bubbling up for awhile, and is beginning to erupt in the big leagues.
What’s going on?
The aftermath of the San Bernardino massacre leaves a few loose ends: a cell phone, a couple, a home garage of explosives. The couple charged is said to have been radicalized by terror activists over the internet, and drew inspiration and direction from terror groups across the globe.
In order to continue the investigation, the FBI recently asked Apple to help them unlock one of the iPhone’s belonging to one of the gunmen, Syed Farook.
But Apple won’t budge, and says “privacy was a fundamental right the company had sworn to protect”. If their customers see them unlocking this phone, how can they trust them not to do the same to others?
This faceoff is the biggest federal challenge the tech giant has faced in all its history.
Apple isn’t the only one battling government officials in the privacy game these days
Facebook is being charged in France to change their tracking policies. While the social media giant claims that privacy is its top priority, it tracks visitors who are not Facebook members without their consent.
Non members could view a page on the site and Facebook would install a cookie, which preserves their info and tracks their web activity for up to two years.
A similar order was made months ago in Belgium and Facebook made changes to the site so now users must login before viewing anything on the site.
The French data protection body gave Facebook three months to make changes to the current tracking policy, as well as change the existing password regulations, requiring an 8 character minimum instead of 6.
IG Stepping Up
After exceeding a community of 400 million users a few months ago, Instagram is rolling out a much needed security measure: 2 Factor Authentication. Although many accounts have previously been compromised and this update is a bit late in the game, nonetheless this is great news for the social media sensation. (What was that Obama’s plan mentioned about 2FA?)
Users will enter a phone number so an authentication code is sent and needs to be verified, so the account can’t be accessed from an unknown gadget.
This is another step for the social media enterprise to tighten security measures and help us protect the privacy of our whereabouts and ‘grams.
Lessons from Cybercriminals
What can IBM, the biggest American technology and consulting company, possibly learn from cybercriminals?
There is an unspoken “rule” among the cybercriminal community, that may be one of the biggest threats for the future of our security.
The greatest minds in cyber threats are collaborating, sharing data and software. The important lesson that IBM is learning from their methods is this idea of sharing. If the greatest minds in cyber defense will band together, while the criminals themselves form communities of sharing and cooperation, the “good side” can be stronger than ever.
There’s a silver lining, learning something from even the most dangerous of enemies.
The Nisan Leaf, the world’s most popular electric car, is connected to an app, that can be hacked pretty easily. The app, NissanConnect EV app, allows users to control setting such as the temperature of the car, battery status, and even journey history. However, the only security measure needed in order to access control of the app is just the vehicle identification number, much like a password. Not very secure, these days.
Especially in the car industry, where self driving cars are poised to take the industry by a storm, security measures must not be an afterthought. Troy hunt, the expert who discovered the vulnerability, says it’s not even like they did the authentication on the app poorly- they just haven’t done it all. Bizarre.
Luckily, a hacker can’t control the drive itself, and can’t gain access while the car is in motion. The public is so excited about the new frontier of vehicle technology, that they are forgetting about the tremendous risks involved.
Nissan has since taken the remote connect service offline.
Stay On Top of your Info
Education, awareness, and being proactive are key to staying safe online. Shoutout to Rich Demuro (@RichDemuro) for mentioning a great way to do that with your online accounts. MyPermissions helps you understand who and what is snooping around your info, and take control of what’s happening behind the scenes of your everyday accounts and devices.