SoylentNews is people
SoylentNews
https://edition.cnn.com/2021/06/18/tech/estonia-cyber-security-lessons-intl-cmd/index.html
(CNN)When people like the German Chancellor Angela Merkel or the King of Belgium want to learn more about cybersecurity, they go to Estonia.
The Baltic country runs on the internet. From filing taxes and voting, to registering the birth of a new baby, nearly everything a person might want or need from the government can be done online. It's an approach that's incredibly convenient for Estonia's 1.3 million people -- but it also requires high level of cybersecurity.
Luckily for its residents, Estonia is punching way above its weight when it comes to online safety. It regularly places on top of security rankings. Its capital city of Tallinn is home to NATO's cyber defense hub, the Cooperative Cyber Defence Centre of Excellence. When it took up the rotating presidency of the United Nations Security Council last year, it made cybersecurity one of the policy priorities.
"Estonia digitized a lot sooner than other countries, it was focusing on things like online schooling and online government services and it took a more proactive approach to technology," said Esther Naylor, a international security research analyst at Chatham House.
"And it recognized that it needs to be a secure country in order for citizens to want to use online systems and for businesses to want to do business in Estonia ... and I think that this is why Estonia's approach is often heralded as the model approach," she added.
[...] But perhaps most importantly, it invested into its people.
"Technology gives us a lot of tools to secure the system, but at the end of the day, the level of security depends on the users," said Sotiris Tzifas, a cybersecurity expert and chief executive of Trust-IT VIP Cyber Intelligence. "Even if you build the most secure system you can, if the user does something bad or something misguided or something they are not allowed to do, then the system is downgraded very quickly." He pointed to the fact that some of the most damaging cyberattacks in recent history were caused by a confused insider clicking on a phishing link, rather than by a sophisticated hacker using the most advanced technology.
Tzifas said the Colonial Pipeline attack attack that forced the US company to shut down a key US East Coast pipeline in April was a good example of this. "It created a lot of buzz and cost a lot of money, but there was no real complexity, it wasn't different to other ransomware attacks," he said.
The Estonian government has been investing heavily into education and training programs in recent years. From awareness campaigns and workshops specifically targeting elderly citizens to "coding" lessons for kindergarteners, the government is making sure every Estonian has access to the training they need to keep the country's IT systems secure.
[...] It also wants its teenagers to know how to hack. "We are teaching defense, but you can't learn defense if you don't know how to hack," Lorenz said. She is running educational camps where teenagers learn hacking within a secure environment. She doesn't encourage her students to go on and try to hack companies or government bodies, but if they do, she is on hand to make sure they behave in an ethical way. "I help them to put it in a package and then we send it to the company and say, look, the students have found this vulnerability in your system," she said.
(Score: 4, Interesting) by fustakrakich on Friday June 18 2021, @04:41PM (1 child)
Yeah, our big mistake is throwing all that money at the universities. Maybe because there is no kindergarten Big Ten to bet on
La politica e i criminali sono la stessa cosa..
(Score: 2) by krishnoid on Friday June 18 2021, @06:57PM
In that case, our path is clear. Go fighting pacifiers! Stomp those training pants!
(Score: 1, Touché) by Anonymous Coward on Friday June 18 2021, @05:04PM (3 children)
Unless Estonia is designing and constructing its own chips and OS, then yeah, nice country you got there.
(Score: 2) by krishnoid on Friday June 18 2021, @07:06PM (1 child)
Just give it a couple generations [cnbc.com].
(Score: -1, Troll) by Anonymous Coward on Friday June 18 2021, @08:50PM
The problem with Estonia's Russia mentality is that it's 70 years old, and a lot has changed then, and I'm not just talking about Europe fellating Russia's Nord Stream 2 pipeline. NATO is an obsolete lumbering beast or an organization, run by stubborn boomers who never got the memo that the cold war ended. They're like the ADL and the Southern Poverty Law Center, obsolete grifters who exist to bilk well-meaning people out of their money by scaring them into thinking that some evil bogeyman is always hiding around the corner. And, like NATO, those two didn't get the memo that nobody gives a fuck about the Holocaust and frankly we'd wish they just shut the fuck up about it already.
Look at how the West lost Byelarus: Not to evil Russian influence but because everybody got fed up with Merkel/EU Globohomo shit. Globohomo shit, people now believe, is worse than Russian influence and they're right for believing it. If they had a choice between uneasy peace and migrants raping them of their sovereignty, culture, and security; then I'm sure they'd choose the uneasy peace.
Although there's been some discussion [politico.com] about a NATO pivot to China (which is on paper a wise move), there is no way in hell that would be beneficial given how many Jewish bureaucrats are in the CCP's pocket and are even now selling out their host nations piecemeal to China. Hell, Biden and his administration are owned by China.
(Score: 0) by Anonymous Coward on Friday June 18 2021, @10:20PM
Although neither Intel, AMD, nor ARM based chips should be trusted today.
The entire codebase for Intel ME is being developed in Israel today, and given how many remote exploits have been in that code dating back to the pre-486 versions of that code (ME was originally ARC chip designs, which in turn were customized derivative designs that date back to the StarFox nintendo catridges 3d coprocessor.) The OS code until the switch to a triple 486 design in the Skylake+ chips was developed in Portland while the interface code (all the remote access/security stuff) was developed in Israel. Around the Skylake era someone who was a former member of the Portland group mentioned on Slashdot having the Portland group shut down and the entire project moved to Israel. Now *MAYBE* they don't have the signing key for the production processors. However I have never heard of nation-level skus for the signing key, which means if they DO have the production signing key, they own the keys to the kingdom for every Intel ME enabled chipset since the G45/C2D (These and earlier could be disabled by the OEM and many were) and almost guaranteed access since Sandy Bridge (Nehalem/Westmere era stuff was buggy and stll in the PCH, the mobile generation from them might have had it functional.)
Point is, there is a huge threat of not only the US, but Israel, China, and/or Russia having access to these keys for some/all generations of Intel ME hardware. Anybody who has read up on the history of US/Israeli relations will know that for every favorable action taken between us, Israel has take at least one action that was equally unfavorable and would have resulted in any other allied nation the US works with being blacklisted (for example transfers of technology the US refused to sell to European nations that were sold to Israel and then transferred on to Russia or China to be reverse engineered or traded for other favors.)
Trust no one completely but never trust someone who has intentionally betrayed you before.
Also never trust hardware that demands signed firmware for which you have no key. Which it does get pwn3d you will have no change of getting it patched except on the mercy of the supplier.
(Score: 5, Insightful) by DannyB on Friday June 18 2021, @05:08PM (12 children)
Who is going to pay for all this education of young people? It sounds like . . . OMG . . . it's socialism! Where's the profit motive?
<no-sarcasm>
If you think education is expensive, try ignorance.
Maybe we should focus a bit more of our resources on education.
</no-sarcasm>
If you eat an entire cake without cutting it, you technically only had one piece.
(Score: -1, Troll) by Anonymous Coward on Friday June 18 2021, @05:33PM (7 children)
I'm 50-50 on this one.
Profit motive does tend to get people motivated. And paying customers do tend to prefer things that work. And it's hard (impossible) to cheat - if something is better and cheaper, it wins.
At universities in the US, there are cretins in control and students are brain-washed to lose their identity. Kind of funny how it's framed in terms of self-empowerment. Kids need to be empowered to call out douchebag know-nothing professors, not get brow-beaten into believing they're at fault for not learning anything from the douchebags.
(Score: 2) by DannyB on Friday June 18 2021, @05:54PM (6 children)
I don't get it.
Math is either right or wrong. Professors nor the students can change this.
Similarly with DC and AC circuit design. Digital logic. Processor architecture. The soundness and reasoning behind programming logic (unless using Perl).
Students and professors shouldn't have disagreements on this. The software, code, math, logic, chemistry, circuits, laws of motion, acceleration, statistics work or they do not. At least back when I was in school decades ago.
There's nothing squishy about it. Thevenin's or Norton's theorems work. Every time.
The student's exam grades demonstrate whether or not they learned anything from the professors.
If you eat an entire cake without cutting it, you technically only had one piece.
(Score: 0) by Anonymous Coward on Friday June 18 2021, @06:19PM (4 children)
https://www.popularmechanics.com/science/math/a33547137/why-some-people-think-2-plus-2-equals-5/ [popularmechanics.com]
(Score: 2) by Freeman on Friday June 18 2021, @06:54PM (3 children)
. . . 2+2 = 4 is an equation, with an answer. In the event that you're saying 2+2=5, it's objectively incorrect. In the event you're talking about a more complex problem, then 2+2=4, isn't what you're looking for. You're also not looking for the insane equation+answer 2+2=5.
You're looking for something more like 2x +2y = z at the least. Or maybe you're looking for something like (1 hen + 3 roosters + (number of eggs probably fertilized in time period - (number of eggs probably fertilized in time period * mortality rate))) or something like that. Even then, you're assuming that your hens and roosters don't die. Stupid sayings like 2+2=5 are stupid.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Friday June 18 2021, @07:38PM
The logic is immutable. The tokens used to represent values are not.
(Score: 5, Funny) by Mojibake Tengu on Friday June 18 2021, @07:52PM (1 child)
Sure.
Do not underestimate programmers.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 2) by Freeman on Tuesday June 22 2021, @02:52PM
Just because you can, doesn't mean it's not stupid.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: -1, Troll) by Anonymous Coward on Friday June 18 2021, @06:39PM
The commodity is question is the teaching. Students should rightly expect to have teaching facilitated by the prof. What you often get, however, is incompetent teaching. Then dropping all the responsibility / blame at the students' feet. The result is depressed, shy, cheating students. Who then get blamed or feel inadequate. The real culprit is bad teachers - not always, but at uni level at least, if the prof is not doing then they should not be teaching either. In my dept, the profs are all managers who rotate young foreign kids through the puppy mill churning out low quality graduates. Who will call it out?
(Score: 3, Insightful) by Anonymous Coward on Friday June 18 2021, @06:40PM (3 children)
In a democracy if you're smart and powerless you'd want most of the voters to be smarter and well educated. If you can't figure out why, you're one of the dumb ones.
But if you're smart and in power you might want the voters to be dumber if you're in a large country... Because you don't actually need that many smart people to get your stuff done.
(Score: 0, Interesting) by Anonymous Coward on Friday June 18 2021, @06:49PM
WTF?! Is this like some ancient wisdom from a defunct civilization? Or just AI generated babble?
(Score: 1, Interesting) by Anonymous Coward on Friday June 18 2021, @07:29PM (1 child)
You haven't even begun to touch on all the variables. How about dumb leaders, with smart voters? The dumb-ocrat will soon be voted out of office. Unless the dumb-ocrat is a complete idiot, he understands this, and will work to keep voters dumb, or at least uninformed and uneducated.
How's that CRT training going? Don't forget that math is racist!!
(Score: 0) by Anonymous Coward on Saturday June 19 2021, @11:06AM
How is this sad troll "interesting"? Someone with mods had a stroke?
(Score: 5, Interesting) by Anonymous Coward on Friday June 18 2021, @06:23PM (3 children)
I liked this bit, near the end,
> The government's infrastructure relies on several layers of security, Marcus continued. "One aspect is that we've always made sure that we store as little data as possible, and that when we store data that we store it as separately as possible," he said, explaining the government's "once only" principle.
>
> "There is no duplicated data within the government service, so for example, only the population register is allowed to store my address, and if any other register, like the tax authority or the voting committee, needs my address, they have to ask the population register through an encrypted data exchange that uses blockchain to verify the data integrity."
>
> Tzifas said this approach is much more secure compared to having large super databases that contain all kinds of data -- from addresses and ID numbers to dates of birth and heath care and insurance data -- all on one platform.
(Score: 1, Touché) by Anonymous Coward on Friday June 18 2021, @06:42PM (2 children)
> we store data that we store it as separately as possible on post-it notes
FTFY reality always wins in the end
(Score: 4, Insightful) by maxwell demon on Friday June 18 2021, @07:11PM
When the threat is online hacking and you can make sure that no webcams are pointed in that direction, post-it notes are indeed a very secure way of storing data.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Saturday June 19 2021, @02:05AM
> on post-it notes
3M approves of your methods.
(Score: 0, Funny) by Anonymous Coward on Friday June 18 2021, @07:03PM (4 children)
My orange friend assured me that Russia doesn't cyber attack anybody! He even asked the guy who (uncomfortably) keeps taking his shirt off, and he very strongly denied ever doing such a thing. So these Estonians are liars.
(Score: 0) by Anonymous Coward on Friday June 18 2021, @07:32PM
Why does that make you uncomfortable? Are you secretly yearning to take his shirt off for him, while running your fingers through his body hair? Keep your thoughts above the waist, please.
(Score: 3, Funny) by looorg on Friday June 18 2021, @07:47PM
It's the only proper way to (un)dress when you ride a bear. Silly Americans.
(Score: 0) by Anonymous Coward on Friday June 18 2021, @10:37PM
I don't see why they would. Wouldn't. Whatever.
(Score: 0) by Anonymous Coward on Saturday June 19 2021, @11:23AM
Didn't Putin give your friend a ball so he can play?
https://www.youtube.com/watch?v=jCK2_1ZWBEo [youtube.com]
Look at that smile. Priceless. The perfect gift with so many meanings to make fun of. If you know anything about Russians, they really like to make fun of people this way. Like when Putin said: "Trump is very intelligent man. You must be very intelligent to become president after all.". If you think that is "praising", like half of western media reported, then that's you problem. To me, this is a very nice insult.
The comment about Russian hacking is in the same spirit like the ball. Of course Russia is NOT hacking anyone for a few million. But for sure they will not try to enforce any law on criminals that just happen to screw up computers in the west. Why do you think these extortion worms/trojans default to no-op once Russian language keyboard is detected? It's so they don't accidentally step on the KGB toes or lock some Russian hospital. Nothing ruins your day faster than fucking with the regime or people in power. Don't fuck with Russia and then you can do whatever. That's obviously the policy. So no, Russia doesn't hack anything. It also doesn't care that thousands in the country can go and extort you. That may change, but for now, they don't care. If America wants to catch these criminals, maybe they will have to identify them and catch them on vacation in Thailand or places out of the country. Or maybe there will come a time when Russia will care to actually start charging them domestically.
Like when you visit China. It's a safe country. But if you get scammed by some locals, don't expect police to save you.