Cyber Daily: Red Tape Frustrates Efforts to Protect Cities From Hackers | Financial Firms Prep for Quantum-Fueled Attacks
Cyber #Cyber
Oct. 12, 2020 9:23 am ET | WSJ Pro
Good day. Slow hiring processes and convoluted funding procedures are a barrier to cybersecurity officials in towns and cities quickly addressing hacking risks, WSJ Pro’s James Rundle reports.
Other news: Visa and JPMorgan are preparing for the possibility of quantum cyberattacks while other companies are concerned about so-called data poisoning in AI algorithms.
Input, please? We’d like to know which breakout sessions you would like us to hold at the WSJ Pro Cybersecurity Executive Forum on Dec. 2. Please click here to vote for the topics you like best. For more information about the forum, plus a registration link, visit this page. Please join us!
Protection for Cities and Towns
Budget and hiring practices hinder cities’ cybersecurity efforts. Cities and towns are prime targets for hackers, who often seek to steal sensitive data, or encrypt it and extort local governments into paying ransoms for its release. Large cities such as Baltimore and Atlanta have fallen victim to cyberattacks in recent years, as have small towns and school districts.
Municipal cybersecurity projects are difficult to pay for as many local government agencies draw their funding from a general fund, and most smaller cities don’t have dedicated cyber budgets, according to Mike Hamilton, chief information security officer at security firm Critical Informatics Security Inc.
These projects also tend to apply to more than one agency, said Mr. Hamilton, who is the former CISO for the city of Seattle, meaning that security chiefs often run into jurisdictional issues. Mr. Hamilton said he often had to find creative ways to fund such projects during his time in local government, for example using city entities with alternative funding schemes, such as utilities, which can add an extra cent to bills to raise money.
Not only can’t a city match salaries offered by big technology or security companies, but the hiring process can sometimes take years, said Los Angeles County CISO Ralph Johnson.
Read the full story.
Big Number
184,000
Number of traveler images compromised in a data breach at Perceptics LLC, an image-capture tech firm working with the Department of Homeland Security to test the use of biometric data U.S. border checkpoints, according to a federal review. At least 19 of the images were posted to the dark web.
More Cyber News
Visa, JPMorgan are already preparing for quantum cyberattacks. Experts say quantum-computing cyberattacks could be more than a decade away, based on the technology’s rate of progress, but the consequences could be so severe that companies and cryptographers world-wide are preparing now, WSJ’s CIO Journal reports.
Visa’s work: Nearly six years ago, researchers at Visa began studying so-called post-quantum cryptography, which refers to the new cryptographic methods that could be used to withstand an attack from a quantum computer. Researchers at Visa have published four peer-reviewed papers about cryptographic systems that could be used against a quantum-computing attack, and a fifth is in the works, said Rajat Taneja , president of technology at Visa.
JPMorgan’s work: A quantum computing attack could compromise not only data in the path of the attack but also the digital-signature algorithms used to verify the identity of some secure websites, said Yassir Nawaz, an executive director at JPMorgan responsible for securing emerging technologies at the bank.
Experts urge vigilance over AI data security. Without closer scrutiny of the information that AI models ingest, companies could be leaving the door open to hackers or criminals to exploit algorithms, WSJ’s Pro Artificial Intelligence reports. In data-poisoning cases, attackers attempt to feed false information to an algorithm in an attempt to mistrain it, to create future avenues of attack, to reduce its effectiveness or otherwise disable it. To avoid detection, hackers may use false information commonly detected by surveillance platforms and other automated software to provide noise to mask their true activities, or as a means to attack other algorithms.