November 28, 2020

security

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.



a close up of a flag: Hillicon Valley: Leadership changes at top cyber agency raise national security concerns | Snapchat launches in-app video platform 'Spotlight' | Uber, Lyft awarded federal transportation contract


© The Hill illustration/Madeline Monroe
Hillicon Valley: Leadership changes at top cyber agency raise national security concerns | Snapchat launches in-app video platform ‘Spotlight’ | Uber, Lyft awarded federal transportation contract

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@chrisismills) and Rebecca Klar (@rebeccaklar_), for more coverage.

LEADERSHIP CHANGES RAISE SECURITY CONCERNS: The departure of the three of the Department of Homeland Security’s (DHS) top cybersecurity officials over the past week is leading experts and officials to voice concerns that the United States has been left vulnerable to attacks in cyberspace, with national security potentially compromised.

The concerns come after President Trump fired Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and after both CISA Deputy Director Matthew Travis and top cybersecurity official Bryan Ware resigned following pressure from the White House.

These changes left the nation’s key cybersecurity agency without Senate-confirmed leadership in the last months of Trump’s presidency, amid a shakeup of major government officials following a contentious election.

“Today, cybersecurity and disinformation threats are among the most significant risks our nation confronts,” Sen. Mark Warner (D-Va.), vice chairman of the Senate Intelligence Committee, told The Hill in a statement. “For that reason, it’s enormously disturbing that the president has paired an unwillingness to begin an orderly transition with a zeal to gut key national security agencies of their senior-most leadership.”

CISA, established by legislation signed into law by Trump in 2018, describes itself as “the nation’s risk advisor,” and leads efforts to secure critical infrastructure against foreign and domestic cyber threats.

The agency was heavily involved in coordinating with state and local officials to shore up election security ahead of this year’s general election, and has spearheaded efforts to defend all sectors against attacks.

Read more here.

HOPPING ON THE BANDWAGON: Snapchat is launching a new feature to highlight user-created videos called Spotlight, signaling another competitor for the highly popular video sharing app TikTok.

While Snapchat, unlike other social media platforms, has largely focused on peer-to-peer features, the new Spotlight announced on Monday will showcase user-generated content within the app and offer users a chance to be paid for top content.

The content on Spotlight will also “become tailored to each” user over time, based on their “preferences and favorites,” Snapchat said.

Spotlight was “designed to entertain the Snapchat community while living up to Snapchat’s values, with their well-being as a top priority,” the company said in the announcement.

Snapchat’s Spotlight rollout comes as TikTok’s popularity has risen.

TikTok allows users to create 60-second videos. The platform’s main “For You Page” features content for users tailored to them based on posts with which they’ve engaged.

Read more here.

UBER, LYFT GET GSA CONTRACT:

…...



a group of people riding on the back of a bicycle


A journalist based in Assam has taken up the initiative to spread awareness among people about the safety and security of journalists, in the wake of such issues being faced by people working in the media.

Snehankar Chakraborty, a journalist in Assam’s Biswanath district has embarked on a bicycle ride aiming to cover a distance of1000 km across the state for spreading awareness about the social safety and security of journalists.

Snehankar started his bicycle journey from Biswanath Chariali and will cover Dhola Sadiya, Tinsukia, Dibrugarh, Sivasagar, and Jorhat districts.

His initiative gains significance at a time when Parag Bhuyan a TV journalist in Assam’s Tinsukia district, recently died in a mysterious accident.

Days after Parag Bhuyan was run over near his home, another journalist from Assam’s Kamrup district was reportedly tied to an electric pole and attacked by goons at the Mirza area.

Forty-two-year-old Milan Mahanta, a journalist with the Asomiya Pratidin was attacked purportedly for reporting on gambling activities in the Mirza area of Kamrup district.

Snehankar Chakraborty said earlier he had completed a 300-km bicycle ride from Guwahati to Biswanath Chariali to raise awareness on the same issue.

“This time, I am taking a 1000-km ride from Biswanath to Sadiya for social safety and security of journalists. I was working as a journalist and presently I am freelancing. I will always stand with journalists,” Snehankar Chakraborty said.

ALSO READ:Journalist, wife beaten to death in Uttar Pradesh’s Sonbhadra; 3 cops suspended

Source Article

...

The Transportation Department Office of Inspector General is set to assess the security of the financial systems the Federal Transportation Department is using to distribute coronavirus relief funds. 

A memorandum released Thursday confirms that an audit has been initiated on select security controls underpinning the systems. 

“Since March 2020, the number of attacks on federal government information systems has increased through a variety of techniques, including social engineering and spear phishing,”  Assistant Inspector General for Information Technology Audits Kevin Dorsey wrote in the note. “These attacks can hinder federal agency operations and threaten the operations of FTA’s financial management information systems by affecting system and information confidentiality,  availability, and integrity.” 

FTA collected $25 billion of the more than $36 billion in coronavirus relief that was dished out to the Transportation Department through the Coronavirus Aid, Relief, and Economic Security or CARES Act, after the pandemic radically disrupted its executive branch operations and broader industry. Roughly $22.7 billion of FTA’s funds are being allocated to urban areas, while $2.2 billion will support rural areas. 

Specific security controls must be selected and implemented by the federal agency to help lessen vulnerabilities and risks within its technology-based financial management systems—and ultimately meet government-steered security requirements. 

“Accordingly, we are initiating this audit to assess the effectiveness of FTA’s financial management systems’ security controls designed to protect the confidentiality, integrity and availability of the systems and their information,” Dorsey wrote. 

Officials intend to begin the audit immediately, and will conduct it remotely at the Transportation Department’s headquarters, as well as contractor sites as needed.

!function(f,b,e,v,n,t,s) {if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)}; if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0'; n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t,s)}(window,document,'script', 'https://connect.facebook.net/en_US/fbevents.js'); fbq('init', '10155007036758614'); fbq('track', 'PageView');

window.fbAsyncInit = function() { FB.init({ appId : '622609557824468', autoLogAppEvents : true, xfbml : true, version : 'v2.11' }); };

(function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "https://connect.facebook.net/en_US/sdk.js"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));

Source Article

...

With vehicles becoming increasing vulnerable to cyberattacks as a result of in-vehicle network connections like Bluetooth and LTE/5G, Microchip Technology has introduced a cryptographic companion chip to add automotive security to existing systems without having to rearchitect software.

The company’s CryptoAutomotive security IC, the TrustAnchor100 (TA100), allows original equipment manufacturers (OEMs) and their module suppliers to upgrade existing designs to meet cybersecurity regulations and specifications for the automotive market. The cryptographic companion device supports in-vehicle network security solutions such as secure boot, firmware update and message authentication, including controller area network (CAN) MAC at bus speed.

In order to comply with new security specifications, automotive designers have to rearchitect the vehicle’s electronic control units (ECUs) with secure hardware. Existing solutions in the market include single chip dual core hardware security module (HSM) devices, which require OEMs and their module suppliers to rearchitect their application software to integrate security. In addition to the effort required for this integration, the risk of security holes introduced in disparate implementations pose significant barriers through this path. Third party security software can help overcome this barrier in part with increasing development costs.

The TA100 provides an alternative in-vehicle network architecture implementation for secure boot and message authentication — and has already been approved by multiple OEMs around the world as a solution for EVITA Medium and EVITA Full HSM requirements. Its feature set was designed based on careful review of several prominent OEM cybersecurity specifications to help facilitate a tier 1’s pursuit of OEM part production approval (PPAP).

Additionally, Microchip said it offers security specification and request for quote (RFQ) review services to assist tier 1s in developing educated responses, improving their project award success rate. The TA100 removes the challenges associated with secure code development and provisioning by offering pre-programmed cryptographic internal application code provisioned with unique asymmetric key-pairs and associated x.509 certificates — reducing risk, cost and time to market.

The device is confirmed with high resistance to attack through intensive third-party vulnerability assessments. It is AEC-Q100 Automotive Grade-1 qualified, FIPS 140-2 CMVP Security Level 2 rated and Physical Key Protection Level 3 certified, and it has achieved the highest possible vulnerability assessment rating of Joint Interpretation Library (JIL) High. In addition, the TA100 provides software components like AUTOSAR drivers, MCALs and Microchip’s CryptoAuthentication library that allow seamless integration into the industry standard operating system, AUTOSAR, or customized software stacks for crypto functions.

“The TrustAnchor100 provides relief for automotive Tier 1s and OEMs when upgrading thousands of ECUs with security,” said Nuri Dagdeviren, vice president of Microchip’s secure products group. “Combining the TA100 and an integrated software stack provides production ready software for our customers, enabling them to easily add security to any automotive module.”

The TA100 offers AUTOSAR compliant MCAL drivers that can be integrated into an AUTOSAR software stack. A full AUTOSAR reference stack is available, enabling automotive vendors to deploy the latest crypto standards into their automotive systems within standard automotive production environments. MikroBUS compatible socket boards are also available.

…...

Microchip’s new TrustAnchor device provides OEMs and their module suppliers with a simplified path to automotive network security, reducing costs and time to market

CHANDLER, Ariz., Nov. 11, 2020 (GLOBE NEWSWIRE) — Due to the rise of in-vehicle network connections like Bluetooth® and LTE/5G, today’s vehicles host more vulnerabilities than ever before, driving new cybersecurity regulations and specifications for the automotive market. Helping OEMs and their module suppliers simplify the upgrade of existing designs to meet security requirements for future generations, Microchip Technology Inc. (Nasdaq: MCHP) today announced its CryptoAutomotive™ security IC, the TrustAnchor100 (TA100). The cryptographic companion device supports in-vehicle network security solutions such as secure boot, firmware update and message authentication, including Controller Area Network (CAN) MAC at bus speed. 

In order to comply with the new security specifications, automotive designers must rearchitect the vehicle’s electronic control units (ECUs) with secure hardware. Existing solutions in the market include single chip dual core hardware security module (HSM) devices, which require OEMs and their module suppliers to rearchitect their application software to integrate security. In addition to the effort required for this integration, the risk of security holes introduced in disparate implementations pose significant barriers through this path. Third party security software can help overcome this barrier in part with increasing development costs.

The TA100 provides an alternative in-vehicle network architecture implementation for secure boot and message authentication — and has already been approved by multiple OEMs around the world as a solution for EVITA Medium and EVITA Full HSM requirements. Its feature set was designed based on careful review of several prominent OEM cybersecurity specifications to help facilitate a Tier 1’s pursuit of OEM Part Production Approval (PPAP). Additionally, Microchip offers security specification and Request for Quote (RFQ) review services to assist Tier 1s in developing educated responses, improving their project award success rate. The TA100 removes the challenges associated with secure code development and provisioning by offering pre-programmed cryptographic internal application code provisioned with unique asymmetric key-pairs and associated x.509 certificates — reducing risk, cost and time to market.

The device is confirmed with high resistance to attack through intensive third-party vulnerability assessments. It is AEC-Q100 Automotive Grade-1 qualified, FIPS 140-2 CMVP Security Level 2 rated and Physical Key Protection Level 3 certified, and it has achieved the highest possible vulnerability assessment rating of Joint Interpretation Library (JIL) High. In addition, the TA100 provides software components like AUTOSAR drivers, MCALs and Microchip’s CryptoAuthentication™ library that allow seamless integration into the industry standard operating system, AUTOSAR, or customized software stacks for crypto functions.

“The TrustAnchor100 provides relief for automotive Tier 1s and OEMs when upgrading thousands of ECUs with security,” said Nuri Dagdeviren, vice president of Microchip’s secure products group. “Combining the TA100 and an integrated software stack provides production ready software for our customers, enabling them to easily add security to any automotive module.”

Development Tools The TA100 offers AUTOSAR compliant MCAL drivers that can be integrated into an AUTOSAR software stack. A

…...

In case you are in search of an adventurous journey throughout this trip then you could opt for bicycling tour that means that you can get pleasure from a true vacation. The standard components of eth bicycle are wheels, frame, brakes, suspension, seating, carriers, drive train or chains linked between wheels and pedals, steering or deal with and other equipment like bells, lights etc. Saddle that’s overly tilted downward will trigger the rider to slide forward on the seat and cause him to sit on the wrong spots on the saddle.

While riding within the street, bicycles should comply with the principles other vehicles do. This consists of by no means using in opposition to site visitors as a result of motorists aren’t on the lookout for bicyclists driving on the wrong aspect of the road and will not see you there till it’s too late.

The not so stiff, or downright versatile bikes are described as “not sure”, “imprecise”, and in severe circumstances can contribute to the harmful excessive speed wobble, usually referred to by those who experienced it as “loss of life wobble”. Here are a number of methods to soundly mount a bicycle rack on your travel trailer regardless of which location you select.

Bike riding offers exercise without pain. As time passed, bicycles grew to become so much widespread that biking grew to become the primary few issues that have been taught to a small youngster. There are also financial advantages to riding bicycles. The newest era of road bikes in all probability has a nine or ten cogs within the cassette.

The not so stiff, or downright flexible bikes are described as “uncertain”, “imprecise”, and in severe circumstances can contribute to the damaging excessive velocity wobble, usually referred to by those who experienced it as “dying wobble”. Listed below are a number of methods to safely mount a bicycle rack on your travel trailer no matter which location you select.…

...

It seems to be like spring may be right here a little early this yr, and which means more outdoor enjoyable. Seaside cruiser bicycles supply a change of scenery for work-out fans who’ve been biking on pavement roads and gym rooms for an extended time frame. The higher high quality lights often require a battery pack which can be rechargeable. As your driving improves, bike stiffness plays a big role in your feeling of velocity and management.

You cannot entry the back of the car when you’ve gotten bicycles on the rack. The two finest places to mount a bike rack are on the front of the journey trailer (on the tongue), or at the rear of the trailer (on the frame). Rear bicycle lights are at all times crimson and are strictly to assist others behind you to see you.

Keeping your bicycle at its optimum efficiency is primary for receiving the advantages of motorbike riding and driving safely. A seat that’s too excessive will take the load of the rider off the pedals and put extra weight on the saddle. This makes an electric bicycle with a lithium ion battery an actual bargain in a time of rising gasoline prices.

Some state laws require bicycle lights. They developed several 10-speed model bicycles during their early historical past. Bicycling works your legs, but to get the remainder of your physique agency and trim, you will have to train your higher physique, as properly.

Once you begin cycling your method to work, you will see that you yourself aren’t liable to smoke or even have an after work drink, because it’s worthwhile to be razor sharp while riding a bicycle on street. I extremely advocate this exercise to activate your muscle mass previous to any and all bike rides and runs.…

...

Are you glad together with your car upkeep or with mechanic who’s repairing your vehicle? It is usually the automotive service manager’s accountability to stay on top of warranties and remembers offered by the manufacture. Offered time – that is the time that you just cost customers for. Automotive leases will set you again, on average $43.55 per day, with the highest charges occurring in Boston ($sixty two).

Automotive Lifts: Hydraulic lifts are quite common within the business and are utilized in showrooms, restore shops, and vehicle factories. Some of OE automobile elements and elements aren’t actually made by the automotive manufacturer but are bought and assembled by the automakers to create a vehicle.

These days, people use them to communicate with different drivers. In case your technician completes the service in a single hour (unlikely, we know) then you’ll nonetheless charge the client for two hours. How long your productives are working as a staff and individually, and the way a lot time they’re wasting on work that customers aren’t paying for.

Auto repair shop software is out there in its many forms, from easy repair guides to complicated programs that help car engineers develop new concepts and merchandise. Service workshops, like bodyshops, have seen commonplace instances fall, too. For a service workshop – forty hours attended, 36.8 hours engaged on paying jobs, and forty two.3 hours sold or invoiced to prospects.

Unless you have got a gifted individual already on employees who is prepared and in a position to utterly deck out the rest of your dealership’s exterior and inside, hire a decorator to return and achieve this. Present potential prospects your dealership is in the vacation spirit and make your show ground irresistible with vacation cheer.…

...
Bicycle Security 2 min read

Since the invention of the bicycle, people have used this setting-pleasant car, as a thrifty approach to journey and get in contact with the tradition of the land. Steering, seating, the wheels are all connected to the body in a harmonious means making the bicycle fit for a easy ride. Pedal assisted driving is a good way to take pleasure in an electric bicycle. The saddle of a road bike must be both slightly nose down (for a more ahead place) or degree (for a more upright position).

Some state legal guidelines require bicycle lights. They developed a number of 10-velocity fashion bicycles throughout their early historical past. Bicycling works your legs, however to get the remainder of your physique agency and trim, you may have to exercise your higher body, as effectively.

This bicycle rack is all one unit you can both bolt on or weld to the body area at the tongue of your travel trailer. This is because individuals’s anatomy, weight, and riding fashion vary. You can find varied sorts in a bike shop including ones that you can pull over your common seat.

Research has proved that cycling is among the best forms of exercising which has many well being advantages attached to it. Those, who’re unable to keep up a proper exercise schedule for holding themselves fit, can make up for his or her losses by touring on a bicycle.

Steel frames have been, and to some extent still are, extensively used in bicycles. Biking shirts or jerseys worth their salt will probably be made from artificial cloth that is snug, light-weight and moisture resistant. The thought of using a motorbike turns into mere nostalgia of instances after we had been younger.…

...