Newsletter

open source and cybersecurity news

August 2, 2023

- CYBERSECURITY HEADLINES TODAY -

Australian Government Initiative to Improve
Cyber Security Suffers Data Leak
What the fork?
Break the Silos to Achieve Cyberresillience
Connected Cars
This Day, August 2 in Tech History

In this Episode:

Marcel Brown: August 2nd, 1873. The Clay Street Railroad begins operation, making it the first cable car in San Francisco’s now famous cable car system. And for many of us growing up in the 1980’s, cable cars also became synonymous with Rice-A-RoniĀ®, the San Francisco treat.

Edwin Kwan: The Home Affairs Department suffered a data leak when they accidentally published personal information of more than 50 small businesses who participated in a cybersecurity survey.

Kadi Grigg: As of July 11th, SUSE publicly announced its intention to fork the open source version of Red Hat Enterprise Linux, also known as RHEL, and will be developing and maintaining that code in compatible distribution that will be available without any restrictions as per the announcement.

Olimpiu Pop: The expected investment in cybersecurity is estimated at $1.75 trillion by 2025- equivalent to the GDP of the ninth largest economy in the world, Canada. What beats that? The projected cost of global cybercrime- $10.5 trillion- about half of the GDP of the largest economy, the US.

Katy Craig: In today’s digital age, it seems our cars aren’t just for driving anymore. They’re another frontier in the quest for privacy.

From Sourced Network Productions in Washington, DC, it’s 5:05. I’m Hillary Coover. Today is Tuesday, August 2nd, 2023. Here’s the full story behind today’s cybersecurity and open source headlines.

 

Edwin Kwan: Australian Government Initiative to Improve Cyber Security Suffers Data Leak

This is Edwin Kwan from Sydney, Australia.

The Home Affairs Department suffered a data leak when they accidentally published personal information of more than 50 small businesses who participated in a cybersecurity survey. The survey was part of a research report being put together for a government program that is aimed at training small businesses and the workforce to be “cyber smart” and aware of possible cyber threats.

The program was launched in the wake of last year’s Optus and Medibank Cyber Attacks. The Shadow Cybersecurity and Home Affairs Minister said that departments should be an exemplar of good cybersecurity practice and privacy protection. He also said that it is deeply ironic that this breach of personally identifiable information occurred in an answer to a question about improving cybersecurity for small businesses and from a department whose minister publicly attacked Optus when they had similar data stolen by a criminal gang.
Resources
The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022
Home affairs cyber survey exposed personal data of participating firms | Data and computer security | The Guardian

 

Kadi Grigg: What the fork?

What the fork?

Yes, you heard me correctly. Why do I say this? Well, as of July 11th, SUSE publicly announced its intention to fork the open source version of Red Hat Enterprise Linux, also known as RHEL, and will be developing and maintaining that code in compatible distribution that will be available without any restrictions as per the announcement.

So what can you expect? Over the upcoming years, SUSE plans on investing over $10 million into the project, in addition to working with the open source community to develop a long-term reliable alternative, to RHEL and CentOS, another popular Linux platform.

So the question is, why? How did we get to this point?

Well, SUSE is not the first to do this. AlamaLinuxOS and Rocky Enterprise Foundation became the first RHEL clone distributors, creating a community-supported production grade OS compatible with RHEL. Then Oracle created its own RHEL clone.

So why has the community been chasing RHEL for years on creating a community-supported compatible Linux OS?

The answer? When Red Hat declared CentOS Stream will now be the sole repository for the public RHEL-related source code instances. And that sentence right there folks, is the equivalent of the gloves coming off and the fight begins between open source and Linux distributors.

For the longest time, CentOS was essentially the free version of RHEL’s, flagship distribution. But then in 2020, Red Hat, instead of regular releases that often coincided with RHEL releases, created CentOS Stream that gave developers a preview of what’s next with RHEL, with the idea that it would help to shorten feedback loops between developers and the ecosystem.

While it worked for a while, it soon became evident that the community was making progress on changes, but those changes still had to be approved by the CentOS team, thus creating a larger lead time to getting change approved. This move also meant, wait for it, CentOS and RHEL were no longer 100% compatible, and this is the crux of the problem.

Distributors like Rocky and Alma now have a much harder time getting access to the RHEL source code, which by the way, is open source.

While this move by SUSE seems to be a bit shocking, I like that they have invited the open source community to actively contribute to developing this new RHEL-compatible distribution.

To me, it’s smart to invite the community. It’s what makes a product stick. Only time will tell how this plays out, but I’m hopeful that this could be an example of how large scale open source projects can be executed.

This is Kadi McKean in Alexandria, Virginia.
Resources
SUSE Preserves Choice in Enterprise Linux by Forking RHEL with a $10+ Million Investment
SUSE will fork Red Hat Enterprise Linux | ZDNET
Why SUSE is forking Red Hat Enterprise Linux | TechCrunch

 

Olimpiu Pop: Break the Silos to Achieve Cyberresillience

Cybersecurity is a critical concern that presents both technical and financial challenges. The expected investment in cybersecurity is estimated at $1.75 trillion by 2025- equivalent to the GDP of the ninth largest economy in the world, Canada. What beats that? The projected cost of global cybercrime- $10.5 trillion- about half of the GDP of the largest economy, the US.

Most companies have siloed approaches to cybersecurity. Financial teams and security teams work separately on cyber insurance and risk mitigation. The silo needs to be broken- the goal is common.

Just for context, the average cost of a data breach in the US in 2022 was $ 9.44 million.

Key steps to achieving cyber resilience can be:

– Translating the basic cyber labels from technical terms into financial terms.

– Prioritize decisions on security measurements and insurance investments based on probabilities for different types of breaches.

– Quantify the potential losses or the “value of risk” from cyber threats.

This requires an orchestrated effort from the CFO, Risk Manager, and CISO to evaluate potential threats and estimate the potential losses, which could range from data breaches, to business disruptions, and other forms of cyber crime.

Cyber insurance coverage should be customized according to specific risks and risk tolerance levels. Depending on the benchmark spending can be risky. Cyber resilience teams should identify the acceptable level of losses the organization can bear without causing significant disruption, and base their cybersecurity measurements and insurance spending on that figure.

Even if company-back news is not exactly my preferred lecture, this was assembled nicely.

Olimpiu Pop reporting from Transylvania, Romania.

Resources
Paid Program: From Cybersecurity to Cyber Resilience
Global Cybersecurity Spending To Exceed $1.75 Trillion From 2021-2025
Cybercrime To Cost The World $10.5 Trillion Annually By 2025

 

Katy Craig: Connected Cars

In today’s digital age, it seems our cars aren’t just for driving anymore. They’re another frontier in the quest for privacy.

This is Katy Craig in San Diego, California.

Our cars know a ton about us. Where we go, when we go, even how fast we brake. They’re like a nosy neighbor, but instead of gossiping over the fence, they could be sharing your data with businesses looking to sell you stuff, insurance companies looking to raise your rates, and who knows who else.

California’s newly empowered privacy watchdogs just kickstarted their first case. And guess what? It’s about your new connected car that’s always online. Yes. Cars these days are smarter and more connected than ever. They’re not just about playing your favorite tunes anymore, they’re collecting tons of data, and this has caught the eye of the California Privacy Protection Agency.

Now, this isn’t just some random agency. They’ve got teeth, thanks to a 2020 ballot initiative that beefed up the California Consumer Privacy Act of 2018. Starting last month, they have the power to enforce Californians’ rights to know what data is being collected, the right to halt its spread, and to hit that sweet, sweet delete button.

So what’s next? Well, California might take a page from Europe’s playbook, where investigations have led vehicle makers to reveal more about data collection and offer ways to modify it.

This is Katy Craig. Stay safe out there.

Resources
California: Connected vehicles and the CPRA, CDPA, and CPA – 10 things to know and do | Insights | DataGuidance
California agency probes automakers’ data privacy practices | Reuters

 

Marcel Brown: This Day, August 2 in Tech History

This is Marcel Brown delivering some technology history for August 2nd.

August 2nd, 1880. Parliament officially adopts Greenwich Mean Time (GMT), as the official time of Great Britain. Originally established to help British ships at sea calculate an accurate longitude, the expansion of railroads and communication networks in the 1850’s and 1860’s created a demand for a national time standard.

British railways officially adopted Greenwich Mean Time as railway time in 1847, and by the mid 1850’s, almost all public clocks in Britain were set to Greenwich Mean Time. So Parliament’s declaration was mostly a formality. However, it did lead to Greenwich Mean Time becoming the international time standard and eventually being used as the basis for Universal Coordinated Time, or UTC time, that we all now use on our computers and devices.

August 2nd, 1873. The Clay Street Railroad begins operation, making it the first cable car in San Francisco’s now famous cable car system. And for many of us growing up in the 1980’s, cable cars also became synonymous with Rice-A-RoniĀ®, the San Francisco treat.

That’s your technology history for today. For more, tune in tomorrow and visit my website thisdayintechhistory.com.

Resources
http://thisdayintechhistory.com/08/02

 

Hillary Coover

That’s our update for today, August 2nd, 2023. I’m Hillary Coover. We’ll be back tomorrow, at 5:05.

Contributors:

Comments:

Newsletter