Addressing the cyber safety challenge: from risk to resilience

Addressing the cyber safety challenge: from risk to resilience describes the cyber safety issues emerging from a range of technology trends, how different populations are using technologies and the risks they face, and how we can effectively respond to each group’s unique cyber safety needs. Written by the University of Western Sydney for Telstra Corporation Ltd, the report advocates for continuing to move cyber safety from a ‘risk and protection’ framework to one that focuses on building digital resilience, as well as fostering trust and confidence in the online environment. To do this we need to: Address the needs of populations often neglected by current policies and programs – including adults, seniors, parents, and small to medium enterprises Continue to build the digital literacy skills of all populations, because digital literacy strongly influences users’ ability to engage safely online – this is best achieved by a hands-on learning approach Keep risk in perspective – the risks and benefits of digital participation go hand in hand Broaden the focus from awareness-raising to long-term behaviour change. As digital technologies become further integrated into the everyday lives of Australians, users are potentially exposed to greater risks. However, the risks and benefits of digital participation go hand in hand. The challenge, therefore, is to support users to minimise the risks without limiting their digital participation and their capacity to derive the full benefits of connectivity. If Australians are to benefit as either consumers or providers of online services and products in the e-commerce environment, consumer safety and trust need to be improved. Cyber safety needs to be considered against a transforming backdrop of technology trends, products and practices. While the rise of social media has tended to dominate recent debate and developments in cyber safety, particularly in relation to young people, a range of other trends is also shaping how users engage online, the risks they potentially face in the new media landscape, and the strategies used to address them. These trends include the rise of user generated content and content sharing platforms; the uptake of mobile technologies and, in particular, the adoption of smartphones; cloud computing; platform integration and single sign-on mechanisms; and the rise of GPS and location based services

Nano-Resolution Visual Identifiers Enable Secure Monitoring in Next-Generation Cyber-Physical Systems

Today's supply chains heavily rely on cyber-physical systems such as intelligent transportation, online shopping, and E-commerce. It is advantageous to track goods in real-time by web-based registration and authentication of products after any substantial change or relocation. Despite recent advantages in technology-based tracking systems, most supply chains still rely on plainly printed tags such as barcodes and Quick Response (QR) codes for tracking purposes. Although affordable and efficient, these tags convey no security against counterfeit and cloning attacks, raising privacy concerns. It is a critical matter since a few security breaches in merchandise databases in recent years has caused crucial social and economic impacts such as identity loss, social panic, and loss of trust in the community. This paper considers an end-to-end system using dendrites as nano-resolution visual identifiers to secure supply chains. Dendrites are formed by generating fractal metallic patterns on transparent substrates through an electrochemical process, which can be used as secure identifiers due to their natural randomness, high entropy, and unclonable features. The proposed framework compromises the back-end program for identification and authentication, a web-based application for mobile devices, and a cloud database. We review architectural design, dendrite operational phases (personalization, registration, inspection), a lightweight identification method based on 2D graph-matching, and a deep 3D image authentication method based on Digital Holography (DH). A two-step search is proposed to make the system scalable by limiting the search space to samples with high similarity scores in a lower-dimensional space. We conclude by presenting our solution to make dendrites secure against adversarial attacks

Cross Border Data Flows: Could Foreign Protectionism Hurt U.S. Jobs?: Hearing Before the Subcomm. On Commerce, Mfg. & Trade of the H. Comm. on Energy & Commerce, 113th Cong., Sept. 17, 2014 (Statement of Laura K. Donohue)

Documents released over the past year detailing the National Security Agency’s telephony metadata collection program and interception of international content under the Foreign Intelligence Surveillance Act (FISA) directly implicated U.S. high technology companies in government surveillance. The result was an immediate, and detrimental, impact on U.S. firms, the economy, and U.S. national security. The first Snowden documents, printed June 5, 2013, revealed that the U.S. government had served orders on Verizon, directing the company to turn over telephony metadata under Section 215 of the USA PATRIOT Act. The following day, The Guardian published classified slides detailing how the NSA had intercepted international content under Section 702 of the FISA Amendments Act. The type of information obtained ranged from E-mail, video and voice chat, videos, photos, and stored data, to Voice over Internet Protocol, file transfers, video conferencing, notifications of target activity, and online social networking details. The companies involved read like a who’s who of U.S. Internet giants: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. More articles highlighting the extent to which the NSA had become embedded in the U.S. high tech industry followed. In September 2013 ProPublica and the New York Times revealed that the NSA had enjoyed considerable success in cracking commonly-used cryptography. The following month the Washington Post reported that the NSA, without the consent of the companies involved, had obtained millions of customers’ address book data: in one day alone, some 444,743 email addresses from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail, and 22,881 from other providers. The extent of upstream collection stunned the public – as did slides demonstrating how the NSA had bypassed the companies’ encryption, intercepting data as it transferred between the public Internet and the Google cloud. Further documents suggested that the NSA had helped to promote encryption standards for which it already held the key or whose vulnerabilities the NSA understood but not taken steps to address. Beyond this, press reports indicated that the NSA had at times posed as U.S. companies—without their knowledge—in order to gain access to foreign targets. In November 2013 Der Spiegel reported that the NSA and the United Kingdom’s Government Communications Headquarters (GCHQ) had created bogus versions of Slashdot and LinkedIn, so that when employees from the telecommunications firm Belgacom tried to access the sites from corporate computers, their requests were diverted to the replica sites that then injected malware into their machines. As a result of growing public awareness of these programs, U.S. companies have lost revenues, even as non-U.S. firms have benefited. In addition, numerous countries, concerned about consumer privacy as well as the penetration of U.S. surveillance efforts in the political sphere, have accelerated localization initiatives, begun restricting U.S. companies’ access to local markets, and introduced new privacy protections—with implications for the future of Internet governance and U.S. economic growth. These effects raise attendant concerns about U.S. national security. Congress has an opportunity to redress the current situation in at least three ways. First, and most importantly, reform of the Foreign Intelligence Surveillance Act would provide for greater restrictions on NSA surveillance. Second, new domestic legislation could extend better protections to consumer privacy. These shifts would allow U.S. industry legitimately to claim a change in circumstance, which would help them to gain competitive ground. Third, the integration of economic concerns at a programmatic level within the national security infrastructure would help to ensure that economic matters remain central to national security determinations in the future