Warwick Beacon: Seniors advised on how to stay ahead of scammers, hackers

Warwick Beacon: Seniors advised on how to stay ahead of scammers, hackers

By Theresa Brown

Change your password and only friend the people you know. That was some of the advice given a group of senior Friday as Congressman Jim Langevin, co-founder and co-chair of the congressional cybersecurity caucus visited Pilgrim Senior Enrichment Center to offer ways for seniors to protect themselves from hackers and scams while surfing the web.

“You are not helpless,” Langevin said. “There are things you can do to protect yourself in this whole thing…The Internet is here to stay but it has never been built for security.”

Comparing it to locking your house and keeping your car safe from theft, seniors must take the right steps to stay away from today’s manipulation tactics and scams.

John Martin, a representative from Rhode Island AARP encouraged seniors to become involved in the AARP’s Fraud Watch Network which will keep members updated on recent scams and allow them to report a scam if they were to come across one. The website, aarp.org/fraudwatchnetwork will allow seniors to stay informed and safe while spending time on Facebook and other popular sites.

“You have a part time job,” Martin said, comparing staying up-to-date on the latest scams to doctors reading recent medical journals.

Rhode Island Cybersecurity Officer Mike Steinmetz also gave a presentation about how to make sure the senior’s Facebook settings were set to private. He also told seniors about how changing passwords every so often is a good way to keep hackers out of their accounts.

“Be careful about your location, too,” Steinmetz advised. “If you go on vacation post the pictures after you get home.”

RI State Police Computer Crimes Unit Captain, John Alfred discussed the different types of scams and how to identify them. He explained social engineering as a manipulation of people, criminals trying to get people to give them personal information that they can use to take advantage of and scam the individual.

Alfred stressed how important is to approach emails and websites with caution. He explained that hackers try to look like legitimate companies.

“Your bank is not going to reach out to you in an email asking for personal information,” he said. “Anytime someone asks you to wire money, be very suspicious. Try not to be too trusting… please be skeptical.”

One senior, Christopher Brook explained how important he thought the information was, and he was glad to have learned it.

“All of this is very relevant,” Brook said. “The crooks are staying ahead of the legislation and common sense.”

Cyber Scoop: House defense bill would usher in cybersecurity changes at DOD

Cyber Scoop: House defense bill would usher in cybersecurity changes at DOD

By Sean Lyngaas

The House of Representatives this week overwhelmingly passeda defense policy bill with several cybersecurity measures aimed at better securing Pentagon networks.

The legislation — the fiscal 2019 National Defense Authorization Act (NDAA) — seeks closer collaboration between the departments of Defense and Homeland Security in defending against hackers, asks for quick notification of data breaches of military personnel, and continues to crack down on foreign-made telecom products that are deemed security threats.

The NDAA is an annual ritual that lawmakers use to shape Pentagon policies and budget plans while throwing in some pet projects to boot. The House bill — a $717 billion behemoth — eventually will be merged with the Senate’s version, which that chamber’s Armed Services Committee also approved this week. It’s unclear when the Senate bill will have floor votes.

One key provision of the House bill, according to the Rules Committee print, would set up a pilot program for the Pentagon to dispatch up to 50 cybersecurity staff to support the DHS’s mission to secure civilian networks. The deployment of the DOD personnel, potentially to DHS’s prized round-the-clock threat-sharing hub, would be a reminder of the overlapping turf that agencies compete for and try to reconcile in cyberspace.

While DOD may find itself loaning out a small group of its experts, lawmakers want to boost the department’s own workforce by giving the Defense secretary direct hiring authority through September 2025 for “any position involved with cybersecurity.” The Pentagon has boosted its ranks of computer gurus in recent years through U.S Cyber Command, but lawmakers and military brass are wary of losing these experts to lucrative private-sector jobs.

In the event of a “significant” breach of service members’ personal information, the Defense secretary would be required to promptly notify Congress. That issue came to the fore in January when it was revealed that GPS company Strava had published a map online that showed soldiers’ locations via devices like Fitbits.

Rep. Jim Langevin, D-R.I., co-founder of the Congressional Cybersecurity Caucus, backed the defense bill’s provisions to improve “our ability to deter adversaries in cyberspace.” In response to the Russian influence-operation to disrupt the 2016 U.S. presidential campaign, the bill would ask President Donald Trump for a report to Congress on what his administration is doing to protect against “cyber-enabled” information operations.

The House bill also keeps the pressure on Chinese telecom companies ZTE and Huawei by barring federal agencies from buying their products, and an amendment from Texas Republican Michael McCaul extends that ban to any use of federal grant money and loans.

The Senate version of the bill also tightly restricts the Pentagon’s use of technology considered a risk to national security. For example, an amendment from Sen. Jeanne Shaheen, D-N.H., would require DOD vendors to reveal if they’ve let foreign governments inspect their source code.

Senators seem intent on putting more language around offensive cyber-operations in their version of the bill compared to the House’s. According to a summary of the Senate bill, it stipulates a U.S. policy to use “all instruments of national power, including the use of offensive cyber capabilities” to deter cyberattacks that “significantly disrupt the normal functioning of our democratic society or government.”

WaPo: The Cybersecurity 202: We surveyed 100 security experts. Almost all said state election systems were vulnerable.

WaPo: The Cybersecurity 202: We surveyed 100 security experts. Almost all said state election systems were vulnerable.

By Derek Hawkins

The midterm elections are less than six months away, but an overwhelming 95 percent of digital security experts surveyed by The Cybersecurity 202 say state election systems are not sufficiently protected against cyberthreats. 

We brought together a panel of more than 100 cybersecurity leaders from across government, the private sector, academia and the research community for a new feature called The Network — an ongoing, informal survey in which experts will weigh in on some of the most pressing issues of the field. (You can see the full list of experts here. Some were granted anonymity in exchange for their participation.) Our first survey revealed deep concerns that states aren’t prepared to defend themselves against the types of cyberattacks that disrupted the 2016 presidential election, when Russian hackers targeted election systems in 21 states.

“We are going to need more money and more guidance on how to effectively defend against the sophisticated adversaries we are facing to get our risk down to acceptable levels,” said one of the experts, Rep. Jim Langevin (D-R.I.), who co-chairs the Congressional Cybersecurity Caucus.

Congress in March approved $380 million for all 50 states and five territories to secure their election systems, but Langevin says he wants more. He introduced legislation with Rep. Mark Meadows (R-N.C.) that would provide election security funding to states if they adhere to new federal guidelines for identifying weaknesses in their systems and auditing election results. “I hope Congress continues to work to address this vital national security issue,” Langevin said.

Each state is responsible for running its own elections, and many state officials view attempts by the federal government to intervene with skepticism — if not outrightopposition. But some experts said the magnitude of the threats from state-sponsored adversaries is too great for states to deal with alone.

“Given the gravity of the nation-state threats we face, much more needs to be done at every level — including a strong declarative policy that this activity is unacceptable and will trigger a strong response,” said Chris Painter, who served as the State Department’s top cyber diplomat during the Obama and Trump administrations.

Dave Aitel, chief executive of Immunity Inc. and a former National Security Agency security scientist, went further: “Protecting systems from cyberthreats from nation-states can really only be done on a national level. It’s insane we have state-level control of these systems.”

Experts generally agreed that most states are more secure than they were in 2016. Officials have undertaken a variety of measures to improve security — including conducting vulnerability tests of computer networks and voting machines and hiring new IT staff.

But securing this kind of technology isn’t easy. “ ‘Election systems’ are massive, distributed IT systems with thousands of endpoints and back-end systems that hold and process large volumes of highly sensitive data,” said Jeff Greene, senior director of global government affairs and policy at Symantec. “Protecting such systems is no small feat, and election systems are no different. While [the Department of Homeland Security] and the state and local governments have in recent years dialed up their efforts, there are no easy fixes.”

Several experts said that state voter registration databases are particularly vulnerable — and make an appealing target for attackers who want to sow confusion and undermine confidence in the voting process.

“The voting machines themselves are only part of the story,” said Matt Blaze, a cryptographer and computer science professor at the University of Pennsylvania. “The ‘back end’ systems, used by states and counties for voter registration and counting ballots, are equally critical to election security, and these systems are often connected, directly or indirectly, to the Internet.”

There’s no evidence that Russian hackers actually changed any votes in 2016, but they did probe online voter rolls and even breached the statewide voter database in Illinois.“Few if any state and local IT departments are equipped to protect this infrastructure against the full force of a hostile intelligence service, and these systems are very attractive targets for disruption,” Blaze said.

“The level of expertise is quite uneven” across the states, added Daniel Weitzner, founding director of the MIT Internet Policy Research Initiative who was U.S. deputy chief technology officer for Internet policy during the Obama administration. “Of particular concern is the voter registration systems. Imagine how much fear, uncertainty and doubt [that] Russia or any other malicious actor could sow if they raise questions about the accuracy of the voting rolls. That’s every bit as bad as actually changing votes, and much easier to do.”

Jay Kaplan, co-founder of the cybersecurity firm Synack, notes a bright spot: The Election Assistance Commission has a national voting system certification program to independently verify that a voting system meets security requirements.

“However, testing for this certification is completely optional,” said Kaplan, who held previous roles in the Defense Department and at the National Security Agency. “States can set their own standards for voting systems…. As such, some states are significantly more buttoned up than others. The reality is states are understaffed, underfunded, and are too heavily reliant on election-system vendors securing their own systems.”

On top of that, millions of Americans will vote this year on old, hack-prone digital machines that produce no paper trail. Without a paper record, it’s nearly impossible to audit the final vote tally. Federal officials and expertsrecommend scrapping such machines in favor of paper ballots.

Too many states “have taken a less than strategic approach and once again waited too long to start addressing vulnerabilities within their processes and technology,” said Mark Weatherford, a former deputy undersecretary for cybersecurity at the Department of Homeland Security in the Obama administration and chief information security officer in both California and Colorado.

“Additionally, because of significant investments in electronic voting technology, it’s difficult for non-technologists to acknowledge economic sunk costs and re-prioritize current funding to address these … problems,” said Weatherford, a senior vice president and chief cybersecurity strategist at vArmour.

Nico Sell, co-founder of the software maker Wickr, put the problem into perspective: “We will teach the kids how to hack the election system this summer at r00tz at Def Con,” she said. (r00tz is an ethical hacking program for children between 8 and 16 years old held in Las Vegas alongside the Def Con security conference.)

Many experts are worried that states lack the resources to build their defenses in time for the midterms, even with more federal assistance. “What isn’t clear is where our defenses and resiliency have improved if at all,” said Jessy Irwin, head of security at Tendermint. “This is a difficult problem to solve, and it takes something we don’t have enough of to get 50 states and a few territories flying in formation: time.”

Less than five percent of experts who responded to the survey said they were confident that state election systems were well protected.

Cris Thomas, who goes by the name Space Rogue and works for IBM X-Force Red, said that while registration databases, websites and other systems may still be vulnerable, “the election systems themselves are sufficiently protected.”

And the patchwork nature of U.S. elections is actually a bonus when it comes to deterring would-be attackers, said one expert who spoke on the condition of anonymity.

“State balloting systems are diverse and decentralized. They’re administered by some 3,000 counties, making it difficult for malicious actors to uniformly attack voting infrastructure on a vast scale,” the expert said.

That expert was satisfied with the efforts by state and federal officials to secure the vote. “Public and private authorities are taking steps to defend against nation-state attacks. The recent omnibus spending bill provides monies to states for election security; threat data are being shared between states and federal agencies (albeit probably slowly and tentatively); and election officials are utilizing best practices, such as conducting post-election audits and not connecting voting machines to the Internet,” the expert said.

“But bolstering our cyberdefenses, however fundamental, will only take us so far,” the expert added. “The White House needs to authorize agencies to disrupt cyberattacks and information operations at their sources and up the ante for prospective attackers as part of America’s broader deterrence posture.”

As another expert who participated in the survey put it:“The high level of interest has led to more eyes on the process, which itself helps deter would-be hackers.”

Elite Daily: Can The 2018 Elections Be Hacked? Experts Think So, & Here We Go Again

Elite Daily: Can The 2018 Elections Be Hacked? Experts Think So, & Here We Go Again

By Bernadette Deron

With the 2018 midterm elections approaching this fall (and primaries going on throughout the year — check your local elections), the question of whether or not the United States’ voting systems are secure enough to ensure correct results is being widely debated. The Washington Post elected to interview a number of experts on whether or not they believe the upcoming elections can be hacked. According to a majority of those cybersecurity experts, the 2018 midterms are at risk of being hacked, which is just great.

The report published by the Post on May 21 featured quotes and statistics from a panel of over 100 cybersecurity experts from the government, academia, the private sector, and the research community. According to the report, 95 percent of the experts do not believe that state election systems are sufficiently protected from cyberthreats.

In an interview with NBC News on Feb. 8, head of cybersecurity at the Department of Homeland Security Jeanette Manfra revealed that Russian hackers reportedly targeted 21 states prior to the 2016 presidential election, and that “an exceptionally small number of them were actually successfully penetrated.” Back in September 2017, the federal government notified election officials from those 21 states that their systems were targeted by Russian agents during the elections the year before.

In response to these reports, the spending bill that Congress passed on March 22 included a whopping $380 million devoted to ramping up cybersecurity in order to prevent state voting systems from any sort of cyberattack. But not everyone in Congress thinks that this is enough funding to prevent elections from getting compromised by foreign agents. We are going to need more money and more guidance on how to effectively defend against the sophisticated adversaries we are facing to get our risk down to acceptable levels,” Rep. Jim Langevin (D-R.I.) told the Post. Langevin also co-chairs the Congressional Cybersecurity Caucus. If a person with as much authority on this issue as Langevin thinks more needs to be done to protect this country’s elections, it’s definitely something to take seriously.

The impact of the hacks from the 2016 presidential election has not yet been determined. But the fact that foreign agents were able to successfully hack some systems signals that the government should be working harder to ensure that elections in this country are fair and free.

Because the 2018 midterms are so important for both sides of the aisle, it’s imperative that the outcomes of those elections are secure and correct. The problem with current voting systems is that they’re not uniform across the entire country, making some polling counties more vulnerable than others. Those smaller counties could amount to a significant number of compromised votes, which in turn has enough weight to sway an election in one direction or another.

All 435 seats in the House of Representatives up for grabs come November, and 48 of those seats are considered to be competitive, according to The New York Times. In order for the Democrats to regain control of the House, they would need to flip at least 24 seats that are currently controlled by Republicans. The Senate is currently divided 51-49 in favor of Republicans, and Democrats might be able to pull off a Senate majority win following the midterms as well. Although it’s not entirely likely that Democrats will regain control of both chambers of Congress, the tight races in each prove how crucial it is to ensure that state elections are appropriately protected.

The nation is just six months away from the midterm elections, and primaries have been going on. Hopefully, the appropriate authorities are doing what they can to protect your vote.

Cheddar: Rep. Jim Langevin (D-RI) Says Elimination Cyber Coordinator Position Is “Short-Sighted” & “A Mistake”

Cheddar: Rep. Jim Langevin (D-RI) Says Elimination Cyber Coordinator Position Is “Short-Sighted” & “A Mistake”

To watch the full interview, click here.

Congressman Jim Langevin is a Democrat representing Rhode Island’s second district. He is also the co-chair of the congressional cyber security caucus. The congressman has put forward a bill to create a cyber security director position that will be able to better coordinate cyber activities in the United States to ensure the country is protected from threats. The bill was presented soon after National Security Advisor John Bolton eliminated the top cyber policy role at the White House.

 

FCW: House Dems look to salvage cyber coordinator post

FCW: House Dems look to salvage cyber coordinator post

Written by Derek B. Johnson

Amid reports that the White House has officially eliminated its cyber coordinator position, a group of Democratic lawmakers have filed a bill to restore the job.

The bill, introduced by Reps. Jim Langevin (D-R.I.) and Ted Lieu (D-Calif.), would establish a “National Office for Cyberspace” within the White House and create a director-level position appointed by the President and confirmed by the Senate. The office will serve as “the principal office for coordinating issues relating to cyberspace” and have responsibility over recommending security measures and budgets for federal agencies.

The bill so far has attracted 10 other co-sponsors, all Democrats.

Politico reported on May 15 that new national security advisor John Bolton eliminated the position following the departure of Rob Joyce, who had filled the spot since March 2017. Joyce, who left shortly after his boss Tom Bossert stepped down the day after Bolton started, has since returned to the National Security Agency where previously managed the agency’s elite hacking unit.

Langevin told FCW in a May 15 interview he was “very disappointed” in the Trump administration’s decision. Up until this point, he had been relatively pleased with the Trump administration’s cybersecurity moves, listing off positives like continuity with Obama administration initiatives, delivering a cyber doctrine, hiring Tom Bossert and Rob Joyce as homeland security advisor and cyber coordinator and nominating Chris Krebs to lead the Department of Homeland Security’s cyber wing.

However, he characterized the elimination of the cyber coordinator position as “a clear step backwards.”

“I think that’s a bad move. It’s a very shortsighted decision,” said Langevin. “In my mind, that decision was made by someone who clearly does not understand the threats we face in cyberspace and doesn’t understand that cybersecurity is the national and economic security challenge of the 21st century.”

Standard Times: Langevin addresses senior population and cyber security in South County

Standard Times: Langevin addresses senior population and cyber security in South County

By ALEX TRUBIA

Congressman Jim Langevin (D-RI), co-founder and co-chair of the Congressional Cybersecurity Caucus, hosted an educational cybersecurity awareness forum with the Rhode Island State Police Computer Crimes Unit, the State Cybersecurity Officer, the Rhode Island American Association of Retired Persons (AARP), and local officials to provide attendees with steps for staying safe online.

The forum, which took place Monday at the South County Nursing and Rehabilitation Center, started off with Langevin explaining what exactly cybersecurity was, describing it as an effort to protect an individual against both foreign and domestic “bad actors” working online.

“Cybersecurity is the national security and economic security challenge of the 21st century and will be here for quite some time.  Cybersecurity isn’t only about foreign hackers or foreign individuals involved in the security,” Langevin said.

While Langevin went on to say that, while Russian interference in the 2016 elections was a topic of concern to remain vigilant about, the topic of cybersecurity goes beyond “nation state attacks on foreigners.”

“It runs the gamut from domestic individuals that run a criminal enterprise or just hackers in general that may try to prey on us, all bad actors,” Langevin said.  “Each of us can take steps in order to protect ourselves while we’re online.”

“There’s a number of stuff that you can do, such as strong passwords, changing passwords on a regular basis, making sure that you’re downloading the security patches,” he continued.

Security patches are general ways of protecting information by updating systems, such as upgrading to the latest version of Windows and updating security systems.

Following his introduction, the congressman invited the three guest speakers to come up one at a time. The speakers were RI cybersecurity officer Mike Steinmetz, RI AARP representative Daniel Liparini, and RI State Police computer crimes unit captain John Alfred.

Steinmetz started off by comparing cybersecurity to everyday protections, such as locking your car, and proceeded to describe a scenario where somebody leaves their car running in the Dunkin’ Donuts parking lot while grabbing a coffee, and how vulnerable that person would be to theft.

“Today, as the congressman mentioned about passwords and patching and backups, I want you to remember that analogy because if you’re not changing your passwords, if you’re not patching your system, your car is outside of Dunkin’ Donuts with the doors open, the keys in it, and the engine running,” he added.

Steinmetz then went on to explain the importance of creating an appropriate passing, and when he asked how many thought passwords were hard to remember, nearly every person in attendance raised their hand.

“Pick something that you like or something that you kind of remember.  Easy things like ‘purple,’ ‘clown,’ or ‘church,’” he said.  “Everybody will remember that, and then you just add in a couple of letters in between, or special characters in between, word or a capital letter in there, or a numeral somewhere.”

Speaking as the AARP representative, Liparini also described the importance of cybersecurity, specifically for senior citizens, and the dangers posed by hacking and phishing– the use of scams to gain access to a user’s sensitive information by appearing legitimate, whether it be passwords, security information, or date of birth.

“Most AARP members grew up in a time where we were playing with tinker toys, then we graduated to Monopoly.  We didn’t carry around devices that use more computing power than NASA used to send the first man on the moon,” he said. “So we’re subject to hacking and phishing, we really have never been trained how to cope with that.”

Phishing scams include IRS, medicare, technical support, lottery, veteran scam, and romance scams.

While Steinmetz and Liparini described the technical aspects of cybersecurity, Alfred said he was there to talk about the “human side of things,” such as how phishing and “social engineering” play a part in the theft of user’s private information.

Alfred defined social engineering as leveraging and manipulating “human nature” to gain access to private information.

“I’m going to find a way or find something that you know about, and try to entice you by using what you know or what you like,” Alfred said, from the perspective of the social engineer.  “We’re all targets, whether you know it or not.  You have some type of information that they can a little bit of that information and pull it from you.  There’s something called the dark web where they’re able to sell this information.”

Wrapping up, Alfred’s central message to residents in attendance was to be more skeptical of what they come across online.

“Don’t be too trusting, be skeptical of any emails or phone numbers you don’t recognize, and don’t click hyperlinks. If it’s too good to be true, it’s too good to be true,” he said.