|
|
Cyber Daily: Trump Fires Top Cybersecurity Official Who Worked to Safeguard Elections; Diversity Improves Security, Hacker Says
|
|
|
|
|
|
|
|
Good day. President Trump fired Christopher Krebs, who had served as a top cybersecurity official at the Department of Homeland Security since 2018. Mr. Krebs in recent weeks had repeatedly said the presidential election had been secure from tampering or rigging, and was vocal in refuting disinformation about the results, The Wall Street Journal reports.
“The recent statement by Chris Krebs on the security of the 2020 Election was highly inaccurate, in that there were massive improprieties and fraud—including dead people voting, Poll Watchers not allowed into polling locations, 'glitches' in the voting machines which changed...votes from Trump to Biden, late voting, and many more. Therefore, effective immediately, Chris Krebs has been terminated as Director of the Cybersecurity and Infrastructure Security Agency,” Mr. Trump said in two tweets Tuesday night. Twitter labeled both posts with a warning: “This claim about election fraud is disputed.”
As the first director of the recently established Cybersecurity and Infrastructure Security Agency, Mr. Krebs became the public face of federal election security efforts and a rare Trump appointee to enjoy bipartisan backing in Congress. Lawmakers in both parties viewed him as apolitical and an honest broker who sometimes brought forward urgent but necessary warnings about the threats facing the country’s election infrastructure.
Also today: Katie Paxton-Fear isn't your stereotypical hacker. She's working on a doctorate in defense and security, an avid knitter and lover of ancient languages. In an interview, she says that diversity in the backgrounds, experience and approaches of a cybersecurity team can keep companies safer.
Other news: Cold-storage firm Americold responds to cyber incident; Avon reveals sales impact of June hack; Steelcase says quarterly revenue will be negatively impacted by cyberattack; Zuckerberg, Dorsey tout progress on misinformation; Canada increases fines for privacy violations; and European privacy group files complaint against Apple.
|
|
|
|
|
|
Diversity in Cybersecurity
|
|
|
|
|
Katie Paxton-Fear, an ethical hacker for the HackerOne bug-bounty program, says diverse thinkers on a cybersecurity staff can make a company safer. PHOTO: RICHARD HARRIS
|
|
|
|
Katie Paxton-Fear—knitter, AI expert, tutor, hacker—urges companies to break cybersecurity molds. One of the rare women working in the cybersecurity field, she has done ethical hacking for just over a year. So far, she’s found vulnerabilities at the U.S. Defense Department and the U.K. Royal Air Force, and in plenty of corporate systems.
A doctoral candidate in defense and security at Cranfield University in England, she has used computational techniques to decipher ancient languages, such as one known as “Linear B,” found on the Greek island of Crete and dating back as early as 1450 B.C. Katie spent her first major bounty of $1,000 on fancy yarn to feed her knitting habit.
In a video chat from her home in Manchester, England, Ms. Paxton-Fear talked with WSJ Pro Cybersecurity about how diversity in the field can make corporate networks safer.
|
|
|
Q:
|
Cybersecurity seems to be a subset of the tech industry more welcoming of diversity.
|
|
|
|
A:
|
I kind of agree. I don’t think you need one background. Unfortunately, not every employer agrees. Some people look at me and say: “She doesn’t have this certificate, or that degree. All she does is work on a Ph.D. and hunt bugs on the side.” A lot of employers are focused on the stereotypical hacker: Male, white, from the U.S., wears a black hoodie and is like a vampire in the sun. There are a lot of glass ceilings that need to be broken.
|
|
|
|
Q:
|
HackerOne, the bug-bounty program you belong to, says about 10% of its community identifies as female or nonbinary, up from 5% in 2019. Males dominate. What’s that like?
|
|
|
|
A:
|
As a woman in this space, I have rarely received any kind of discrimination. There’s always some troll on the internet who doesn’t like the fact you exist. That happens.
|
|
|
|
Q:
|
What are the things you think companies don’t realize they need to worry about?
|
|
|
|
A:
|
One of the main things is actually having a vulnerability disclosure program. You’re not just limiting yourself to how your own cyber team thinks. With a bug-bounty program, you get so many different ways of thinking. You allow a diverse pool of people to look at your software. Each little perspective shift gives you something else that not everybody will have.
Read the full interview.
|
|
|
|
|
|
|
|
|
|
$87 Million
|
|
Amount in sales Avon Products shifted from its second quarter to its third as a result of a cyberattack the company learned of in June. The attack interrupted operations and caused an order backlog until systems were fully restored in mid-August, Avon said Friday.
|
|
|
|
|
|
|
|
|
|
Furniture maker Steelcase works to return to normal order fulfillment after cyberattack. Steelcase is working to fulfill orders delayed when it shut down most of its global order management, manufacturing and distribution systems and operations for about two weeks after it detected a cyberattack on Oct. 22. Some orders expected to ship in its fiscal third quarter won’t go out until the fourth quarter, “which would negatively impact the Company’s revenue for the third quarter,” Steelcase said in a financial filing. The company expects extra costs for worker overtime and expedited delivery as it catches up. Steelcase didn’t provide specifics about the kind of cyberattack it experienced but said an
investigation didn’t find evidence data had been stolen.
Cold-storage firm Americold responds to cyber incident. Americold Realty Trust determined Monday that its network was affected by a cybersecurity incident. Americold “took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations,” it said. The Atlanta-based company manages food for retailers, producers, processors and other supply-chain partners, operating 183 temperature-controlled warehouses in the U.S., Argentina, Australia, Canada and New Zealand, according to its website.
Zuckerberg, Dorsey tout progress in combating political misinformation. The chief executives of Facebook and Twitter told lawmakers they did better in fending off election interference in 2020, while acknowledging mistakes and signaling an openness to more regulation, The Wall Street Journal reports. At the Senate Judiciary Committee hearing conducted over more than four hours by videostream, the CEOs’ remarks didn’t appear to persuade lawmakers, who renewed concerns about the platforms’ power and reach as well as their handling of specific election-related content. “While we strive to do as well as possible and be as precise as possible, we will make mistakes,” Facebook’s Mark Zuckerberg said after Sen.
Mike Lee (R., Utah) read a list of actions taken against content adopting a conservative point of view.
Canada strengthens privacy laws, increases corporate fines. Canada’s revamp of its privacy regulations gives individuals more control over their data, including the right to ask that it be destroyed, Bloomberg reports. Organizations that violate the law face fines of up to 5% of revenue or $19 million.
European privacy group files complaint against Apple. The group NOYB, which stands for “none of your business,” accused Apple Inc. of possibly violating Europe’s privacy regulations with codes created by the iOS operating system that track the behavior of iPhone users, the Associated Press reports. The codes, known as IDFA or Identifier for Advertisers, are akin to cookies that track users across websites. The codes could identify individuals and many don’t consent to their use, NOYB said. Apple said it complies with European law.
|
|
|
|
|
|
|
|
