Other Developments, Further Reading, and Coming Events (31 August 2021)

Subscribe to my newsletter, The Wavelength, if you want the content on my blog delivered to your inbox four times a week before it’s posted here.

Other Developments

  • The United States (U.S.) Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) unveiled the Vulnerability Disclosure Policy (VDP) Platform per an Office of Management and Budget (OMB) directive. CISA explained:
    • Last fall, we issued the final version of Binding Operational Directive (BOD 20-01), which was issued in support of the Office of Management and Budget M-20-32, “Improving Vulnerability Identification, Management, and Remediation”. This Directive reflects CISA’s commitment to strengthening cybersecurity and resilience for federal civilian agencies by requiring agencies to establish policies enabling the public to contribute and report vulnerability disclosures. Recognizing that policies alone are not sufficient, we also announced plans to launch a vulnerability disclosure platform service in the near future. Today, the future arrived.   
    • for the federal civilian enterprise, the latest shared service offered by CISA’s Cyber Quality Services Management Office (QSMO) and provided by BugCrowd and EnDyna. The VDP Platform provides a single, centrally managed online website for agencies to list systems in scope for their vulnerability disclosure policies, enabling security researchers and members of the general public to find vulnerabilities in agency websites and submit reports for analysis. The Department of Homeland Security (DHS), the Department of Labor (DoL), and the Department of Interior (DoI) are among the agencies planning to leverage this platform at the onset. 
    • This new platform allows agencies to gain greater insights into potential vulnerabilities, thereby improving their cybersecurity posture. This approach also enables significant government-wide cost savings, as agencies no longer need to develop their own, separate systems to enable reporting and triage of identified vulnerabilities. CISA estimates over $10 million in government-wide cost savings will be achieved by leveraging the QSMO shared services approach.
    • Through this crowdsourcing platform, Federal Civilian Executive Branch (FCEB) agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified. BugCrowd and EnDyna, the service providers, will conduct an initial assessment of the vulnerability reports submitted. This initial assessment will free up agencies’ time and resources and allow agencies to focus on those reports that have real impact.
    • CISA’s VDP Platform will help the FCEB improve day-to-day operations when managing vulnerabilities in their information systems. Agencies have the option to utilize the platform to serve as the primary point of entry for intaking, triaging, and routing vulnerabilities disclosed by researchers. Our goal is for the platform to act as a centralized vulnerability disclosure mechanism to enhance information sharing between the public and federal agencies. This approach will improve agencies ability to analyze, address, and communicate disclosed vulnerabilities.
  • The Department of Commerce’s Office of the Inspector General (OIG) released an audit titled “The U.S. Census Bureau’s Mishandling of a January 2020 Cybersecurity Incident Demonstrated Opportunities for Improvement” The OIG turned up problems with the agency’s cyber incident response process with respect to mitigation of critical vulnerabilities. The OIG made the following findings:
  •  
  • The OIG made the following recommendations:
  • The United States (U.S.) Government Accountability Office (GAO) sent a letter on priority open recommendations to the U.S. Department of Homeland Security in order “to provide an update on the overall status of the DHS implementation of GAO’s recommendations and to call your personal attention to areas where open recommendations should be given high priority.” The GAO noted that “[s]ince our April 2020 letter, DHS has implemented 12 of our 29 open priority recommendations” including:
    • DHS established metrics for assessing the National Cybersecurity and Communications Integration Center’s (NCCIC) execution of statutory required cybersecurity functions in accordance with associated implementing principles. This action will better enable the agency to articulate the effectiveness of actions taken to provide cybersecurity incident coordination, information sharing, and incident response across the federal civilian government and critical infrastructure.
    • DHS identified the positions in its information technology workforce that performed cybersecurity functions. This action will improve the reliability of the information DHS needs to identify its cybersecurity workforce roles of critical need.
    • DHS developed a cybersecurity risk management strategy. By establishing this strategy, DHS should have an improved organization-wide understanding of acceptable risk levels and appropriate risk response strategies to protect its systems and data.
    • The GAO added:
      • DHS has 17 priority recommendations remaining from those we identified in the 2020 letter. We ask for your attention to the remaining priority recommendations. We are adding 21 new recommendations. These include five recommendations related to emergency preparedness, eight recommendations related to border security, two recommendations related to transportation security, three recommendations related to infrastructure and management, two recommendations related to cybersecurity and information technology management, and one recommendation related to chemical security bringing the total number of priority recommendations to 38.
      • Information Technology and Cybersecurity.
      • We have five priority recommendations in this area. In February 2017, we recommended that DHS establish methods for monitoring the implementation of cybersecurity functions against the principles identified in the National Cybersecurity Protection Act of 2014 on an ongoing basis. In March 2021, DHS has demonstrated that it had developed metrics for assessing adherence to applicable principles in carrying out statutorily required functions. However, to fully implement this recommendation, DHS needs to show evidence that the metrics are reported on an on- going basis.
      • To facilitate adoption of the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, we recommended in February 2018 that DHS take steps to consult with respective sector partners, such as the sector coordinating councils, and NIST, as appropriate, to develop methods for determining the level and type of adoption of the framework by entities across their respective sectors.
      • From October through December 2019, DHS, in coordination with its Information Technology (IT) sector partner, administered a survey to approximately 100 small and midsized businesses (with 50 percent representing IT sector organizations) to gather information on, among other things, their level of framework adoption and use in conjunction with other cybersecurity standards. However, the survey did not measure the level and type of framework adoption by entities across DHS’s other critical infrastructure sectors, such as the communications and critical manufacturing sectors. While the department has taken important initial steps to measure framework adoption and use for a portion of the IT sector and has developed sector-specific framework implementation guidance for other sectors, implementing our recommendations to gain a more comprehensive understanding of the framework’s use by all of its critical infrastructure sectors is essential to understanding the success of efforts to protect our nation’s critical infrastructure from cyber threats and where to focus limited resources for cyber risk mitigations.
      • In July 2019, we recommended that DHS document a process for coordination between its cybersecurity risk management and enterprise risk management functions. DHS concurred with our recommendation and stated that it planned to clarify cybersecurity roles and responsibilities for coordination with offices responsible for enterprise risk management. DHS estimated that it would complete these actions by July 31, 2020. For us to consider this recommendation fully implemented, DHS needs to provide details on how coordination occurs between entities responsible for cybersecurity and those responsible for enterprise risk management.
      • In February 2020, we recommended that DHS develop a schedule and plan for completing a reassessment of the high value asset (HVA) program process which focuses on the protection of the government’s most critical and high impact information and information systems. This included addressing issues on completing required high value asset assessments and identifying needed resources for Tier 1 assets and assessments, and finalizing guidance for Tier 2 and 3 HVA systems. DHS concurred with our recommendation. In December 2020, DHS stated that while it was not on track to complete required Tier 1 assessments, it was working to address the assessment constraints, including increasing staffing levels and developing process improvements. However, it has yet to provide a schedule and plan for completing these assessments and improvements. Further, in March 2021, DHS stated that it has developed standardized training to develop resources for completing HVA assessments. DHS stated that its training capability will be fully operational in May 2021. However, it will only be able to train about one third of the people required in this fiscal year due to budget constraints. Training dates for the next two fiscal year years, which are needed to have enough people to conduct the required assessments, are still pending. Further, DHS stated that it has drafted supplemental guidance for Tier 2 and 3 HVAs (now called non-Tier-1 assets). However, the guidance that it had hoped to publish in March 2021 has not yet been completed.
      • In June 2020, we recommended that DHS begin measuring results associated with its transition to Agile software development and measuring the success of the transition based on its impact on the department. DHS concurred with our recommendation. In July 2021, DHS’s Acting Chief Technology Officer approved an updated Agile Software Delivery Core Metrics Guidebook. The guidebook explains that programs must report monthly on six Agile core metrics (e.g., availability, cycle time, and unit test coverage) in DHS’s Investment Evaluation Submission and Tracking system. In addition, in August 2021, DHS noted that these metrics are included as part of its Program Health Assessments for major and standard IT programs across the department. DHS also stated that the Office of the Chief Information Officer has informed programs that non-compliance will result in an adverse Program Health Assessment score. According to DHS, these measurements will ensure that the DHS Agile transition is successful. Nevertheless, DHS did not provide evidence to demonstrate that the updated metrics are being collected and used to measure results associated with its transition to Agile and the success of the transition based on its impact on the department.
  • Apple filed an appeal of the copyright lawsuit it had brought against Corellium, a firm that offers customers “tailored, virtual models of iPhones” and Androids. However, Apple and Corellium settled the Digital Millennium Copyright Act (DCMA) claims, and in this settlement, the court explained:
    • The parties have now stipulated that: (1) Apple will dismiss with prejudice its claim under the Digital Millennium Copyright Act, 17 U.S.C. §§ 1201(a)(2), (b), and 1203 (Second Amended Complaint, Count 4); (2) Corellium will dismiss with prejudice its counterclaims against Apple; (3) both sides release all claims for monetary damages, attorneys’ fees, and costs, past, present, and future relating to this case or any appeal in this case; and (4) Apple preserves and retains its right to appeal the Court’s order granting summary judgment to Corellium on Apple’s copyright claims as to the injunctive relief only.
    • In the notice of appeal, Apple asserted:
      • hereby appeals to the United States Court of Appeals for the Eleventh Circuit from the Final Judgment entered in this action on August 17, 2021 (ECF No. 1013) as to Apple’s claims for copyright infringement (First, Second, and Third Claim for Relief in the Second Amended Complaint, ECF No. 589) and all other orders and decisions antecedent and ancillary thereto, including all rulings, reports, recommendations, and opinions that merged into and became part of the Final Judgment and upon which the Final Judgment is based—including but not limited to the District Court’s Order on the Parties’ Motion for Summary Judgment entered on December 29, 2020 (ECF Nos. 783, 784).
    • At end of last year, a federal court threw out a significant portion of a suit Apple brought against a security company, Corellium. The United States District Court for the Southern District of Florida summarized the case:
      • On August 15, 2019, Apple filed this lawsuit alleging that Corellium infringed Apple’s copyrights in iOS and circumvented its security measures in violation of the federal Digital Millennium Copyright Act (“DMCA”). Corellium denies that it has violated the DMCA or Apple’s copyrights. Corellium further argues that even if it used Apple’s copyrighted work, such use constitutes “fair use” and, therefore, is legally permissible.
      • The court found “that Corellium’s use of iOS constitutes fair use” but did not for the DMCA claim, thus allowing Apple to proceed with that portion of the suit.
  • In an opinion piece published by the Wall Street Journal titled “Free Speech and Corporate Responsibility Can Coexist Online ,” YouTube CEO Susan Wojcicki argued:
    • As CEO of YouTube, I grapple every day with issues related to free expression and responsibility. Companies, civil society and governments are facing unprecedented challenges and sorting through complicated questions, determining where to draw the lines on speech in the 21st century. Policy makers around the world are introducing regulatory proposals—some argue that too much content is left up on platforms, while others say too much is taken down. At YouTube, we’re working to protect our community while enabling new and diverse voices to break through. Three principles should guide discussions about the regulation of online speech.
    • First, the open internet has transformed society in incredible ways.
    • The second principle: Democratic governments must provide companies with clear guidelines about illegal speech.
    • But not everything about content moderation will be overseen by governments, which is why I believe strongly in the third principle: Companies should have flexibility to develop responsible practices to handle legal but potentially harmful speech.
    • Some may say that governments should oversee online speech, but we need flexibility to strike the right balance between openness and responsibility. When we get it wrong or lean too heavily in either direction, our business and the millions of creator small businesses built on YouTube are hurt. Advertisers have pulled spend from YouTube when their ads ran next to problematic content.
    • The stakes are high for updating our approach to online speech. Overregulation of legal content would have a chilling effect on speech and could rob us of the next big idea or great discovery. I’m confident there is a way forward that both keeps our community safe and allows for free expression.
  • Common Sense Media issued a report titled “Privacy of Streaming Apps and Devices: Watching TV that Watches Us” with the “generous support and underwriting that funded this report from the Michael and Susan Dell Foundation, the Bill and Melinda Gates Foundation, and the Chan Zuckerberg Initiative.” Common Sense Media also issued a two-page rating of streaming devices and apps. In its press release, Common Sense Media argued:
    • We reviewed the privacy protections in the top 10 streaming apps, as well as the top five streaming devices, that include programming directed at kids and families and found that most apps and devices are using practices that are putting consumers’ privacy at risk — especially that of kids.
    • The companies behind streaming apps must do more to protect kids’ privacy, from providing stronger parental controls to establishing specific policies for kids. But our findings also serve as a reminder to parents to make smart choices around the apps they allow their kids to use and how to better protect their privacy while streaming.
  • United Nations (UN) “human rights experts” “called on all States to impose a global moratorium on the sale and transfer of surveillance technology until they have put in place robust regulations that guarantee its use in compliance with international human rights standards.” They argued:
    • Two years ago the then UN Special Rapporteur on Freedom of Opinion and Expression published a report on the dangerous impact of surveillance technology on human rights and recommended an immediate moratorium on its sale and transfer until international regulations incorporating human rights safeguards were adopted. The international community failed to heed his call.
    • On 18 July 2021, Forbidden Stories and Amnesty International exposed the widespread surveillance of the mobile devices of hundreds of journalists, human rights defenders and political leaders, using the NSO Group’s Pegasus spyware. The NSO Group promptly rejected allegations concerning its involvement in these unlawful practices.
  • 24 “public interest, consumer advocacy, and civil rights groups” wrote the Federal Trade Commission (FTC) “urging the [FTC] to protect civil rights and privacy in the digital economy by initiating a new rulemaking…[and] also create an Office of Civil Rights and commit more resources to enforce against unfair and deceptive practices.” These groups provided a detailed list of harms and steps the agency can take to protect people from unfair and deceptive data practices. They claimed:
    • As has been extensively documented by independent researchers, journalists, courts, companies, and this Commission, unfettered data practices employed single-mindedly for private gain cause significant harm to the public. Tech companies directly cause or contribute to many of these harms. Like the sprawling consequences of historic redlining, other harms arise as negative externalities (including downstream effects) from data-exploitative business models and the market incentives they create. Addressing direct harms and changing incentives will have positive effects for the Internet ecosystem as a whole.
  • In response to her 7 July letter, Securities and Exchange Commission (SEC) Chair Gary Gensler wrote Senator Elizabeth Warren (D-MA) “regarding the sufficiency of the SEC’s authority to regulate crypto platforms.” Gensler asserted:
    • I believe we need additional authorities to prevent transactions, products, and platforms from falling between regulatory cracks. We also need more resources to protect investors in this growing and volatile sector.
    • In my view, the legislative priority should center on crypto trading, lending, and decentralized finance (DeFi) platforms. Regulators would benefit from additional plenary authority to write rules for and attach guardrails to crypto trading and lending.
    • House Financial Services Committee Ranking Member Patrick McHenry (R-NC) opined on the Warren-Gensler exchange in a press release:
      • Chairman Gensler’s latest move to ask Congress for jurisdiction over non-securities exchanges is a blatant power grab that will hurt American innovation. Given the distinct nature of digital assets, policymakers must be thoughtful and deliberative in legislating in this space. That’s why I introduced H.R. 1602, the Eliminate Barriers to Innovation Act, to bring regulatory certainty to market participants and regulators. We need smart policy, made through a transparent process, to ensure innovation and job creation continue in the U.S. We don’t need another backroom deal between Gensler and Elizabeth Warren.
  • The United Kingdom’s Department for Digital, Culture, Media & Sport (DCMS) announced that “[f]ibre broadband cables could be fed through the country’s water pipes as part of the government’s plan to speed up the nationwide roll out of lightning-fast broadband and mobile coverage in rural areas.” DCMS stated:
    • Four million pounds is available for cutting-edge innovators to trial what could be a quicker and more cost-effective way of connecting fibre optic cables to homes, businesses and mobile masts, without the disruption caused by digging up roads and land.
    • Civil works, in particular installing new ducts and poles, can make up as much as four fifths of the costs to industry of building new gigabit-capable broadband networks.
    • This new scheme could turbocharge the government’s £5 billion Project Gigabit plan to level up broadband access in hard-to-reach areas as well as the £1 billion Shared Rural Network which will bring strong and reliable 4G phone signals to many of the most isolated parts of the country.
    • The project will also look to test solutions that reduce the amount of water lost every day due to leaks, which is 20% of the total put into the public supply. It will involve putting connected sensors in the pipes which allow water companies to improve the speed and accuracy with which they can identify a leak and repair it. Water companies have committed to delivering a 50% reduction in leakage, and this project can help to reach that goal.
    • Deployment challenges for essential utilities such as water and telecoms are complex and tightly regulated because both are parts of the country’s critical national infrastructure. The project will consider these regulatory barriers as well as the economic, technical, cultural and collaborative challenges and impact on consumer bills.
    • Any solution used to trial fibre optic cables in the water mains will be approved by the Drinking Water Inspectorate (DWI) before being used in a real world setting. The DWI requires rigorous testing ahead of approving any products that can be used in drinking water pipes, and fibre has already been deployed in water pipes in other countries such as Spain.
  • The United States (U.S.) Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released its “Get your Stuff Off Search” campaign to help critical infrastructure owners and operators make their systems harder to find online. CISA stated:
    • While zero-day attacks draw the most attention, frequently less-complex exposures to both cyber and physical security are missed. Get your Stuff Off Search – S.O.S. – and reduce Internet attack surfaces that are visible to anyone on web-based search platforms.
    • Exposures increasingly include Industrial Internet of Things (IIoT), Supervisory Control and Data Acquisition systems (SCADA), industrial control systems (ICS), remote access technologies, and other critical assets – which may impact public safety, human life, and national security.
    • In an overview, CISA advised taking these steps:
      • #1 ASSESS YOUR POSTURE You have probably done a lot to secure your facilities. However, without visibility into your assets that are accessible across the Internet, you may not fully understand your potential for being attacked. While many people use search engines to find cat pictures, cyber attackers commonly use similar tools to locate Internet-connected IIoT devices. In fact, once a device is identified, hacking is not even required in many cases – for example, if default and maintenance passwords are in-use, the adversaries’ job is easy as they just flip a switch to exploit.
      • #2 EVALUATE AND REDUCE YOUR EXPOSURE  After you know which assets are exposed, decide which need to be open to the Internet. Once you evaluate necessary exposure, assess how changes will affect your assets and any potential impacts to your operations. This step is important to ensure actions associated with vulnerability remediation are performed with full knowledge of safety risk and unintended consequences are avoided based on the specific implementation plan. Also, consult with your utilities, business partners, and asset owners you do business with to ensure
        interdependencies are considered.
      • #3 HARDEN AND MITIGATE YOUR RESIDUAL EXPOSURE Protect and reduce your risk of business interruptions from cyber-attacks; get your Stuff Off Search (S.O.S.)! CISA has developed a How-to Guide to help you assess your IoT/IIOT – all of your Internet connected computers and industrial devices – and take risk mitigation steps. This can include changing default passwords, implementing robust patch management, installing a virtual private network (VPN), and, using multi-factor authentication. Secure your assets where possible!
      • #4 ESTABLISH ROUTINE ASSESSMENTS While it’s important to get your Stuff Off Search, it’s equally important to make these practices routine. As IT and business needs change, continuously monitor your IoT/IIoT and other critical assets to ensure that you always know when they are exposed on the Internet.

Further Reading

  • China’s Huawei Hires Democratic Lobbyist Tony Podesta” By Dan Strumpf, Julie Bykowicz, and Jacquie McNish — Wall Street Journal. Huawei Technologies Co. has hired veteran Democratic lobbyist Tony Podesta —whose firm imploded in 2017 amid financial and legal troubles—as part of the Chinese company’s expanded U.S. influence operation, according to people familiar with the matter. Mr. Podesta’s work for Huawei is still in the early stages, and the full scope of his advocacy for the company is still being determined, according to one of these people.
  • Ajit Pai apparently mismanaged $9 billion fund—new FCC boss starts “cleanup” By Jon Brodkin — Ars Technica. The Federal Communications Commission wants SpaceX to give up a portion of the $885.51 million in broadband funding it was awarded in a reverse auction in December 2020. SpaceX’s Starlink satellite broadband division was one of the biggest winners in the FCC’s Rural Digital Opportunity Fund (RDOF) grants announced in Ajit Pai’s last full month as FCC chairman. Overall, Pai’s FCC awarded $9.2 billion over 10 years ($920 million per year) to 180 bidders nationwide, with SpaceX slated to get $885.51 million over 10 years to serve homes and businesses in parts of 35 states.
  • Low-Cost Broadband in Senate Bill Sparks Alarm on Rates” By  Todd Shields and Erik Wasson — Bloomberg. The infrastructure bill moving through Congress requires internet service providers to offer a low-cost option, sparking opposition from a top Republican senator who said the mandate may lead to broadband rate regulation. The $550 billion bill, which advanced in the Senate late Wednesday, includes $65 billion for broadband expansion. The measure will require funding recipients to offer a low-cost plan, the White House said in a summary. It didn’t offer details on price or speed of the service. The bill could lead to pressure from an administration that has said it’s determined to bring broadband prices down, said Paul Gallant, a Washington-based analyst for Cowen & Co.
  • How Local Media Spreads Misinformation From Vaccine Skeptics” By Sheera Frenkel and Tiffany Hsu — The New York Times. The Freedom’s Phoenix, a local news site in Phoenix, and The Atlanta Business Journal, a news site in Atlanta, both published the same article about coronavirus vaccines in March. The author was Joseph Mercola, who researchers and regulators have said is a top spreader of misleading Covid-19 information. In the article, Dr. Mercola inaccurately likened the vaccines to “gene therapy” and argued against their usefulness.
  • Three, two, win? How to adapt to hybrid home and office working” By Alexandra Topping — The Guardian. Working 3:2, what a way to make a living – but a new way that may take a little getting used to, according to experts. As coronavirus restrictions lift, many companies whose staff have worked from home for 18 months are asking those workers to dust off their bras and smart trousers and return to the office part-time. While the majority of people will be given little choice about where they work (the proportion of people working from home more than doubled in 2020, but was still only a quarter, according to the Office for National Statistics), many companies that have used remote working are now expecting staff to work more flexibly.
  • Do privacy “nutrition” labels stop us from eating the burger?” By  Meghan McCarty Carino and Jesus Alvarado — Marketplace. About seven months ago, Apple rolled out some new features that let users see exactly how apps collect data about us and share it with advertisers. The privacy “nutrition” labels run pretty much on the honor system: It’s up to the app makers to provide the information. Now, Google is revealing how its own labels might work for Android. I spoke with Ashkan Soltani, a fellow at Georgetown Law’s Center on Privacy and Technology, who said we can get a sense of how effective Google’s labels might be by looking at how Apple’s have worked so far. The following is an edited transcript of our conversation.
  • OnlyFans to ban adult material after pressure from payment processors” By Jim Waterson — The Guardian. OnlyFans, the subscriber-only website synonymous with pornography, has announced it will ban adult material from the site after pressure from its payment processors. The company will continue to allow some posts containing nudity but “any content containing sexually-explicit conduct” will be banned, with the site instead focusing on more mainstream content. The London-headquartered outlet has exploded in popularity during lockdown, bringing in billions of pounds of revenue as more than 130 million users signed up to subscribe to content or pay to chat with “creators”. Although OnlyFans insists it has a wide range of people creating material for the site, ranging from chefs to yoga instructors, by far the most popular content on the site is pornography.
  • Google Dragnets Gave Cops Data On Phones Located At Kenosha Riot Arsons” By Thomas Brewster — Forbes. A year after the Kenosha riots, following the police shooting of Black citizen Jacob Blake, Google has handed over data on any phones that were located in the vicinity of two arson attacks during the public disorder, even though some protesters were trying to stop the fires.
  • For Big Tech, There’s a New Sheriff on the Beat” By Parmy Olson — Wall Street Journal. The U.K.’s competition authority is stepping out of the shadow of the European Union, launching a flurry of new cases against big tech companies and becoming a new source of global scrutiny for the industry. Earlier this month, the British government said it would bolster the Competition and Markets Authority, the country’s longtime competition watchdog, granting it new powers to move more quickly to probe and fix anticompetitive behavior. The move would also strengthen its ability to fine companies and prevent takeovers that might stymie competition.
  • Facebook’s New Bet on Virtual Reality: Conference Rooms” By Mike Isaac — The New York Times. For years, the idea that virtual reality would go mainstream has remained exactly that: virtual. Though tech giants like Facebook and Sony have spent billions of dollars trying to perfect the experience, virtual reality has stayed a niche plaything of hobbyists willing to pay thousands of dollars, often for a clunky VR headset tethered to a powerful gaming computer. That changed last year in the pandemic. As people lived more of their lives digitally, they started buying more VR headsets. VR hardware sales shot up, led by Facebook’s Oculus Quest 2, a headset that was introduced last fall, according to the research firm IDC.
  • Hackers breached US Census Bureau in January 2020 via Citrix vulnerability” By Catalin Cimpanu — The Record. Unidentified hackers breached US Census Bureau servers in January 2020 by abusing a public exploit for a major vulnerability in the agency’s remote-access servers, a US government watchdog said on Monday. Census Bureau officials said the hacked servers were not connected to the 2020 Decennial Census networks, and the intruders did not have the opportunity to interact with census results. Instead, the hackers breached only gained access to servers the agency had been using to provide access to its internal network for its remote workforce, the Office of Inspector General said in a report this week.
  • The Internet Archive Has Been Fighting for 25 Years to Keep What’s on the Web from Disappearing – and You Can Help” By Kayla Harris, Christina Beis and Stephanie Shreffler — Nextgov. This year the Internet Archive turns 25. It’s best known for its pioneering role in archiving the internet through the Wayback Machine, which allows users to see how websites looked in the past. Increasingly, much of daily life is conducted online. School, work, communication with friends and family, as well as news and images, are accessed through a variety of websites. Information that once was printed, physically mailed or kept in photo albums and notebooks may now be available only online. The COVID-19 pandemic has pushed even more interactions to the web.

Coming Events 

  • 1 September
    • The House Armed Services Committee will mark up the FY 2022 National Defense Authorization Act (H.R.4395).
    • The House Homeland Security Committee’s Cybersecurity, Infrastructure Protection, and Innovation Subcommittee will hold a hearing titled “Stakeholder Perspectives on the Cyber Incident Reporting for Critical Infrastructure Act of 2021.”
  • 3 September
    • Australia’s Parliamentary Joint Committee on Corporations and Financial Services will hold a hearing on its inquiry into Mobile payment and digital wallet financial services and a hearing on its inquiry into Regulation of the use of financial services such as credit cards and digital wallets for online gambling in Australia
  • 7 September
  • 8 September
    • Australia’s Select Committee on Australia as a Technology and Financial Centre will hold a hearing on its inquiry.
  • 30 September
    • The Federal Communications Commission (FCC) will hold an open meeting. No agenda has been announced as of yet.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Lazarescu Alexandra on Unsplash

Photo by Enayet Raheem on Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s