Friday, July 23, 2021

U.S. to Keep Land Borders With Canada, Mexico Closed Despite Canadian Announcement to Welcome Americans

Canada announced it'll welcome American travelers on Aug. 9.

BY ALISON FOX
JULY 22, 2021

THE IRONY OF THE CANADA BORDER ENTRANCE SIGN: 
CANADA KEEP LEFT

The United States on Wednesday extended the land border closure between the country, Canada, and Mexico for another month, despite Canada planning to welcome vaccinated U.S. travelers in August.

The border, which has been closed since March 2020 and extended on a monthly basis since, will now remain closed to non-essential travel from Canada and Mexico to the U.S. until at least Aug. 21, DHS announced on Twitter.


"To decrease the spread of COVID-19, including the Delta variant, the United States is extending restrictions on non-essential travel at our land and ferry crossings with Canada and Mexico through August 21, while ensuring the continued flow of essential trade and travel," DHS wrote. "DHS is in constant contact with Canadian and Mexican counterparts to identify the conditions under which restrictions may be eased safely and sustainably."

The decision comes as Canada recently announced it'll open its border — both land and air — to fully-vaccinated American travelers on Aug. 9.

Travelers who are vaccinated at least two weeks before their trip with either the Pfizer-BioNTech, Moderna, AstraZeneca, or Johnson & Johnson shots are eligible and will have to get tested before going, carry paper copies of their vaccination records, and upload their documents to the ArriveCAN app or website.

U.S. travelers are also permitted to fly to Mexico for a vacation.

The closure does not apply to U.S. citizens coming back into the country after traveling abroad to Mexico or Canada.

U.S. Travel Association Executive Vice President of Public Affairs and Policy Tori Emerson Barnes told Travel + Leisure the closure extension will just delay the travel industry's recovery.

"Land travel accounted for more than half of all overnight visits to the U.S. by Canadians pre-pandemic, generating significant travel exports that support vital American jobs," she said in a statement shared with T+L. "Canada made the right call in releasing a timeline for vaccinated Americans to cross the land border and visit, and it is past time that the U.S. reciprocates: There is no difference between a fully vaccinated Canadian and a fully vaccinated American."


Alison Fox is a contributing writer for Travel + Leisure. When she's not in New York City, she likes to spend her time at the beach or exploring new destinations and hopes to visit every country in the world. Follow her adventures on Instagram.
Fuels: Is shipping heading in the right direction?

By Alexander Love
13 Jul 2021

Climate change is high on the agenda for most countries as they look to reduce greenhouse gas emissions significantly over the coming years. The shipping industry is currently one of the biggest polluters but it is responding to the need for lower carbon emissions and, ultimately, green fleets. We speak to experts leading the quest for new fuel sources that are not only less damaging to the environment but also protect hauliers’ profits.

We speak to experts leading the quest for new fuel sources.
 Credit: Cameron Venti.


The shipping industry is facing growing pressure to curb its CO2 emissions. The industry produces approximately 2.6% of all carbon emissions and carries more than 80% of goods traded globally.

If the shipping industry were a country, it would be the world’s sixth-highest emitter, ahead of Germany.

US President Joe Biden’s climate change envoy John Kerry has expressed a commitment to ensuring that International Maritime Organisation member countries hit the net-zero emissions targets by 2050. There have also been recent calls within the shipping industry for a carbon tax, which would give companies an incentive to invest in greener technologies and there could be further announcements for shipping in the build-up to the next UN climate change conference, COP26, at the end of the year.

After the 2015 Paris climate change agreement left it to individual nations to cut the environmental impact of their shipping the industry must now make up for lost time.

Slashing the shipping industry’s carbon footprint will require a multitude of solutions. While electric batteries are already starting to play their part for ships on shorter routes, advances in clean fuels are required for larger vessels such as cargo ships and tankers travelling long distances.

However, there is some debate as to which fuel has the most potential, with candidates including ammonia, biofuels, hydrogen, and methanol. If a wide variety of green fuels are developed and put on the market, this potentially risks hauliers arriving at ports that may not have what they need to refuel.

“The real challenge with those fuels is that it’s very difficult for a whole industry to decide on one flavour and it’s not happening fast enough. It can’t happen fast enough, because of the vast infrastructure,” says Diane Gilpin, CEO of Smart Green Shipping (SGS). “It’s going to take a long time. And I think that that’s a real worry in terms of emissions, because they’re still rising from shipping.”

Is hydrogen the answer?

Hydrogen doesn’t emit any CO2 nor produce sulphur oxides or particulate matter. It can be produced using water and electricity and its green credentials are further enhanced if this power comes from renewable sources. The fuel has a high ratio of weight transported to distance travelled.

Yet there can be storage issues, with hydrogen requiring either high-pressure tanks when stored as a gas or temperatures of -253°C as a liquid.

Nevertheless, increasing numbers of shipping organisations are viewing hydrogen as their preferred option. The China Maritime Safety Administration has authorised CCS to compile the first national set of technical rules for hydrogen fuel in shipping while Germany-based energy provider Uniper recently scrapped plans for an LNG import terminal in Wilhelmshaven in favour of hydrogen.

And the technology is already in use. CMB.TECH’s Hydroville is a dual-fuel passenger shuttle that uses hydrogen to power a retrofitted diesel engine to carry people between Antwerp and Kruibeke in Belgium. Injection of hydrogen displaces diesel use. Diesel fuel provides an important backup should there be any issues with hydrogen.

“Our combustion is very clean and as hydrogen is very easy to combust, it even enhances diesel combustion, so we have a higher efficiency of our engine due to that hydrogen mixing,” explains Roy Campe, managing director of CMB.TECH.

Campe explains how Lloyd’s Register has performed a full analysis into the design safety of the technology and has verified its use for ships. He adds the transition from fossil fuels to green alternatives should be seen as gradual rather than instant.

“If people say it needs to be zero-emission – okay, if you have deep pockets, we will give it to you. But then we would like to see that every port has not just one refuelling station but also a backup and that there is a significant price disadvantage. I think nobody is willing to pay that last part,” says Campe.

“The first 60% of emission savings are the easiest to achieve. The last 40% is where the costs go exponential and that’s where the autonomy falls down. That’s why we say the sweet spot is not zero-emission, but dual-fuel.”

CMB.TECH has also developed a tugboat called the HydroTug, which it says is the first 4,000kW class dual-fuel vessel powered by hydrogen and diesel. The company is looking to develop a series of vessels, rather than just one-offs.

CMB.TECH is now applying lessons learned on smaller ships to larger vessels, building bigger engines up to 2.5MW and is also researching into mono fuel engines. The focus is on achieving commercial viability without depending on subsidies, but to do so will take investment.

“If we are not willing to pay for the hydrogen, then I think we have to stop the energy transition because we are not taking it seriously. If we can’t afford it, then we have to question ourselves. Do we want climate change?” adds Campe.


Windpower


Wind is abundant at sea and has been used to propel ships for centuries. Yet this power source has mostly been absent from larger vessels since engines became widespread.

But there are signs of wind making a comeback. SGS’s FastRig involves retractable steel and aluminium sails that provide propulsion for tankers and dry bulk vessels. The company has run detailed simulations through computational modelling involving the Ultrabulk Tiger carrying biomass from Baton Rouge in Louisiana, US, to Liverpool in the UK. Studies found FastRig technology could make noticeable savings in energy consumption.

“It’s more like an aircraft wing and you might see it on an America’s Cup yacht, only it’s much more robust and made of metal,” explains Diane Gilpin. “It’s a twin element wing, so that you can get extra lift from it. But it’s automated and intelligent. It’s got sensors on it; it knows which way the wind is coming from and what speed it’s coming at. So, it will feather and open the wing flap or not according to the conditions it’s operating in. If the wind is too great and it’s posing a safety risk, it knows to retract so it lies down on the deck.”

Yet despite the potential, SGS has had difficulties securing funding for real-world tests.

“It’s a real-world vessel. We’ve modelled it at real-world speeds and delivery schedules and we were able to demonstrate we could save at least 20% fuel. That was verified for us by the Wolfson Unit at Southampton University,” adds Gilpin.

“That work is done, we’ve got a broad cost of manufacture from the analysis we did, but we have to go through a next stage to get market-ready to prove the technology in the real world. And that proves to be hugely problematic, mostly because of a lack of finance.”


Buying time


Ships running on new fuels will likely require retrofitting, and extra room for fuel storage would take up valuable cargo space. However, there may be a solution for both issues, as well as plastic pollution. Clean Planet Energy is turning plastic waste into diesel that meets EN 15940 specifications used by ships, as well as fuel oil.

The company only accepts plastic that would otherwise have gone to landfill or been incinerated. CPE doesn’t take PET, which is the easiest to recycle in the circular economy, or PVC due to its chlorine content. But it does accept LVP, HDPE, PP, PE, and PS, with up to 15% contamination. CPE receives plastic from a private contractor and UK councils.

CPE claims its fuel products reduce CO2e emissions by 75% compared with fossil fuels, with minimal SOx and NOx emitted. According to CPE figures, 416kg of CO2e is prevented for every barrel of fuel it produces. In contrast, traditional fossil fuel extraction alone results in an estimated 52kg of CO2 for every barrel.

Clean Plant Energy CEO Bertie Stephens acknowledges that while CPE’s fuels are not a permanent solution to climate change, they have the potential to bridge the gap between fossil fuels and the clean energy of the future.

“Ships have a long lifespan. There’s going to be a significant period, 20 years or so, before the large vessels such as freight ships will get to a point where they can utilise hydrogen, for example, on a large-scale basis, which is made in a green way,” says Stephens. “By providing fuels with these sustainability capabilities, we’re ultimately buying time.”

CPE has two plants currently under construction in the UK. A further four are in development and hoped to begin construction this year. Plants will be capable of processing 20,000 tonnes of plastic per annum, with an eventual combined target of one million tonnes. And CPE’s technology could result in even greater environmental savings, as Stephens explains the company is currently talking to 26 countries around the world.

“Ideally, we would like a world where no carbon-based fuel is used at all. And that theoretically, puts our current business model out of business. That is the best thing for the world,” he adds.
CRIMINAL CRYPTO CAPITALI$M
Cryptocurrency Technology Is ‘The New Engine’ for Cybercrime, Argues Israel’s Check Point

by James Spiro / CTech


A graphic representing the Bitcoin, Ethereum, DogeCoin, Ripple and Litecoin cryptocurrencies. Illustration: Dado Ruvic/Reuters.

CTech – “To understand the crypto evolution, you need to look at it from the perspective of the invention of the engine,” said Check Point’s head of product vulnerability research Oded Vanunu. “At the start, it was a bicycle. Then it was a motorcycle, and then it was a small plane, a big plane, a missile, and so on… the blockchain technology is the new engine and it’s something that is going to be with us for a long time.”

Those with Bitcoin in their digital wallets have long understood the prevalence of cryptocurrencies and how blockchain technology can flourish. And while a new anonymous and decentralized way to send and receive money is attractive for some, the adoption of cryptocurrencies has added a new layer to the ability of criminals to attack companies and governments. And attackers are today walking away with million-dollar payouts.

“Cybercrime started to have the ability to cash out because the whole crypto thing is anonymous,” he continued. “You don’t need to identify yourself. The evolution in the last 10 years is cybercrime going from a garage into whole organizations with CEOs, CTOs, operational managers, CFOs, where every attack is money. Every attack is a cashout.”

According to Vanunu, who has been at Check Point for 18 years, conventional virus campaigns and cybercrimes were ‘evil initiatives’ that did not seek to make a profit, but rather carried out by social activists “to take data and attack it because a company is doing bad things.” Today, the shift into decentralized and anonymous behavior makes it easier than ever before to exploit companies – and governments – for financial gain.

As of 2019, Check Point had 5,000 employees who provide products for IT security, including network security, endpoint security, cloud security, mobile security, data security, and security management. Today more than ever, Vanunu is warning organizations on the importance of security defense, and laments the fact that governments spend too much on cyber offense.

“Organizations need to prioritize their budgets differently for cyber defense,” he told CTech. “This is the reality and they need to understand that today they are facing state-sponsored levels (of cybercrime).”

The United States — which has the largest military to attack in the world — has been shown to have comparatively low levels of defense against such attacks. In late 2020, the U.S Government was hacked by Russian hackers. Earlier this month, Reuters reported that 1,500 businesses were affected by a ransomware attack on Kaseya, a Miami-based IT firm believed to be conducted by criminals acting on direction from the Russian government. In June, President Biden told Vladamir Putin that certain cyberattacks should be ‘off-limits’, a statement evidently given in vain.

In Israel, the potential of cybercrime and protection against it has been a priority set up by the government. Through education, higher budgets, and a new emphasis on it placed by the IDF, Vanunu says generations of children are being raised in Israel on the importance of a strong defense system against cybercrime.

“This is one of the fundamentals,” he concluded. “Innovation, technology and cyber… it’s one of the fundamentals of the Israeli economy.”
Manufactured Whistleblowing: Data Leaks as Subversion
By Libby Lange, Doowan Lee Friday, July 23, 2021, 8:01 AM


Xinhuamen, the gate to the Zhongnanhai compound which houses the headquarters for the Chinese Communist Party and China's State Council. (Jorge Láscar, https://flic.kr/p/7Rrfsk; CC BY 2.0, https://creativecommons.org/licenses/by/2.0/)

Information operations have become a pernicious staple in interstate relations, especially between Taiwan and the People’s Republic of China (PRC). Taiwan has long been a key battleground of disinformation and cyber operations in the Chinese Communist Party’s (CCP’s) efforts to disrupt the organic political process across the strait. It appears manufactured whistleblowing is the latest technique employed against the more independently oriented Tsai administration. Whistleblowing, as defined by the National Whistleblower Center, is the act of “reporting waste, fraud, abuse, corruption or dangers to public health and safety to someone who is in the position to rectify the wrongdoing.” While the concept may carry a righteous notion of exposing political corruption, whistleblowing, when done in public view, can also be effectively weaponized to undermine the legitimacy of government agencies or elected officials.

First Attempt

On Oct. 17, 2020, a newly created account on a Hong Kong online discussion forum, claiming to be a former employee from the Taiwanese National Security Bureau, posted what appeared to be a list of people being monitored by the Taiwanese government.

This list included the names of politicians, diplomatic officers stationed in Taiwan, current and retired military officials, and journalists. Each entry in the list followed the same format: the office responsible for monitoring (either the National Security Bureau or the Ministry of Justice Investigation Bureau), the month and year when monitoring began (ranging from 2016 to 2020), the name of the person or organization being monitored, and their phone number. At first glance, it appeared to be an act of conscientious whistleblowing exposing an illegal government overreach into private data. However, certain aspects of the incident suggest that the whistleblowing may have been manufactured with the goal of amplifying a larger disinformation campaign designed to undermine public confidence in the Tsai government. The government and public responses to the incident exemplify the difficulty of responding to suspected information operations that touch on sensitive national security issues.

On Oct. 21, 2020, a group of Twitter accounts began to share the post using hashtags such as “abuse of power,” “National Security Bureau” and “Republic of China.” Top national security officials in Taiwan later confirmed that these accounts were fake. And several factors seem to support the government’s assessment. None of the accounts had profile photos, they did not follow any accounts nor have any followers, and all accounts posted only one tweet. Each of these tweets received hundreds of likes, but most had no retweets. Moreover, six of the accounts were created on the same date within a 10-minute span. At the time, this limited effort received little notice from the wider public.

If at First You Don’t Succeed ...

In February 2021, Taiwan’s National Security Bureau released a statement that media outlets had reported these fake posts to them, and that the media themselves had received letters from this anonymous “Taiwan Whistleblower” (台灣吹哨者) listing a total of 162 people and organizations allegedly being monitored. The NSB called the incident “a classic example of external forces conducting cognitive warfare against Taiwan through misinformation and disinformation.”

The reality, however, is not so black and white. In fact, plausibility is central to successful disinformation campaigns, partly because it makes them so much harder to refute. When asked to comment on the authenticity of the list by an opposition legislator, former NSB chief and current Minister of Defense Chiu Kuo-cheng stated that some contents were true and some were false. He declined to give further details. In response to a question about whether the government had ever ordered the phones of opposition party leaders in Taiwan be monitored, Premier Su Tseng-chang stated that he had never given such an order. He, too, declined to comment further.

In the wake of these responses, legislators from both sides of the aisle called for the government to release to the public more information about the authenticity of these reports.

The impact of this incident is difficult to measure, partly due to the prevalence of information sharing among private group chats in Taiwan. Media reporting in Taiwan focused largely on the NSB’s response, although some media commentators latched on to the existence of a whistleblower within the NSB. Only one editorial pointed out that this incident could be a window into deeper issues in Taiwan’s information space, although the authors remain noncommittal about whether the issue is government abuse of power or CCP infiltration into Taiwan’s national security networks. No observers have raised the possibility that the incident could be due to cyber vulnerabilities.

Responses from political parties have also been fairly muted, perhaps due to the government’s clear branding of the operation as cognitive warfare. However, at least one legislator has publicly questioned officials on the authenticity of the list’s contents. Officials’ failure to give conclusive answers could feed into the idea that at least some of the entries are genuine. One media outlet claimed that it was able to dial at least one of the numbers on the list, although no one answered. Thus, it is unclear how many, if any, of the numbers are real.

Connecting the Dots

There has not yet been any official confirmation about the source of this operation, but a number of clues point to China. First, the list was sent out to media outlets just days after President Tsai announced China-focused changes to her national security team, suggesting that the goal may have been to undermine the legitimacy of Taiwan’s national security apparatus at a time when it was not as well equipped to respond. The alleged whistleblower’s claim that the Taiwanese government was monitoring the phones of diplomats from the United States, Japan, Australia and New Zealand would also suggest that it came from a source across the strait seeking to sow distrust among some of Taiwan’s staunchest allies.

Contextual clues also suggest CCP involvement: The list posted in the Hong Kong forum contains dozens of entries spanning multiple years, but the earliest entry begins in June 2016, just one month after Tsai, a member of the less amenable Democratic Progressive Party (DPP), took office. Moreover, titles such as National Chengchi University were changed to Taiwan Chengchi University, a common practice in China. A number of entries on the leaked list included outdated titles and positions for Taiwanese opposition politicians. Furthermore, some of the titles were inaccurate as they were the official titles used only by the PRC government. There were also a number of incorrect characters that apparently resulted from the contents being put through a Simplified-Traditional Chinese converter.

Puma Shen, director of Doublethink Lab and frequent commentator on information operations in Taiwan, pointed out that officially directed operations would not contain so many linguistic errors, a nontrivial indication of inauthentic influence. He proposed two likely perpetrators: passionate young Chinese nationalists not employed by the state known as “little pinks” or, on a slightly more sophisticated level, an outsourced company. While the posting of the list was crude, the incident has received an unexpected boost in longevity due to yet another feature of Taiwan’s democracy: the rule of law. According to authorities, an investigation into the incident is currently underway. This means sensitive information cannot be released to the public, creating a communication gap that can be exploited to generate even more suspicion. Twitter also has yet to take action against the accounts that shared the original whistleblowing post.

Despite the initial sensationalism of the incident, the operation was haphazardly executed. It appears to be a persistent, if bumbling, attempt to sow discord both within Taiwan and among Taiwan’s allies. When one avenue—social media—failed to produce desired results, the perpetrators turned to traditional media, perhaps knowing that the presence of so many opposition political figures on the list would make it an attractive story to more partisan outlets.

This is not the first time “leaks” with suspicious origins have been used to undermine the Tsai government. In May 2020, the same month Tsai was inaugurated for a second term, files that appeared to be doctored Office of the President documents were released to the public. A lengthy investigation into allegations of hacking ensued, with the office later concluding that the documents were in fact forged, not stolen in a hack.

As of the time of this writing, it is impossible to know what portions of the list, whether phone numbers or actual records of government monitoring, were genuine. But generally speaking, this incident indicates something quite subversive: discord by exploiting democratic practices. In other words, manufactured whistleblowing with sensitive data can act as a particularly disruptive form of disinformation operation. These kinds of information operations are truly multifaceted. They may employ cyber hacking to steal personal data, use such data on social media to disseminate false information, and exploit the perception of whistleblowing to establish an illusion of corruption. The NSB monitoring list incident is a good example of how cyber-enabled disinformation campaigns unfold to create the illusion of whistleblowing designed to prop up friendly politicians and undermine organic political dynamics. This is another gap in the information environment that most democracies are ill prepared to cope with. Taiwan offers insightful lessons on the evolution of how disinformation is fused with cyberattacks.

The NSB list scandal suggests that disinformation mitigation requires more combined efforts with data protection and cybersecurity. Some of the information in the scandal appears to have been stolen. However, neither the main opposition party the Kuomintang (KMT) nor the DPP has any incentives to acknowledge parts of the list were obtained by a cyber hack. For the KMT, to suggest a hack would mean publicly admitting it was using data stolen by CCP-aligned groups to discredit the Tsai government. For the DPP, acknowledging a hack would only reinforce the narrative that the NSB was indeed monitoring not only politicians and diplomats but also private citizens without their knowledge. However, the threat of politically motivated data theft in Taiwan has been growing for years. Taiwanese government agencies reported 1,709 cybersecurity incidents between 2018 and 2020. Moreover, suspected CCP-affiliated groups have frequently targeted government agencies. Investigators say that these groups have long since gained access to both agencies and third-party providers.

The NSB list scandal points to an added layer of disruption exacerbating subversive information operations in Taiwan. Malign actors can mix stolen data with misleading narratives to engineer the perception of political corruption and undermine a democratically elected government. While cybersecurity and open-source intelligence have matured in the past two decades, they are rarely addressed together. This is a gap that the CCP may be attempting to exploit in order to disrupt and undermine the democratically elected government of Taiwan. Disinformation analysts and researchers need to pay far more attention to the nexus between stolen data and malign information operations.

Cybersecurity’s Sputnik Moment

Ryan Craig
Senior Contributor
FORBES
Education


One of the most popular petitions on Change.org makes this eccentric demand: “We want Jeff Bezos to buy and eat the Mona Lisa.” While the New York Times covered the petition by investigating whether buying and eating the world’s most famous work of art is legal (probably), left unsaid was how the petition descends directly from the greatest satire of all time. In A Modest Proposal, Jonathan Swift pondered the dual challenges of Irish poverty and overpopulation before reaching a surprising conclusion: poor Irish should sell their children for rich Brits to eat. While the world’s richest man hasn’t yet responded (unlike Lord Bathurst, who told Swift he shared the proposal with Lady Bathurst, but that her preference was that their boy become a lawyer so “instead of being [eaten] himself, he should devour others”), Change.org’s food-for-thought satire of monstrous inequality has attracted over 16,000 signatures and comments such as “It’s Gluten Free,” “This will solve global warming,” and “Gobble da Lisa.”

No one enjoys good satire more than I do. But it occurred to me that given the unprecedented increase in cyber attacks on infrastructure this summer, it won’t be long before the lights go out in the Louvre. And if we won’t be able to see the Mona Lisa anyway, why not let Jeff Bezos eat it?



Stick a Mona Lisa in this man's mouth AFP VIA GETTY IMAGES

There’s no Change.org petition to stop ransomware and other malicious cyber activities. I’m guessing for two reasons: (1) It would put a big target on Change.org; and (2) It’s not remotely funny. The cyber crisis has emerged as the #1 threat to our national security. On top of chronic cyberwarfare from Russia’s GRU and SVR, China’s PLA units 61398 and 61486, and North Korea’s Bureau 121, America now faces tolerated if not sanctioned hacking and ransomware from Russian groups like DarkSide and REvil (i.e., Ransomware Evil) as well as a rogues’ gallery of cyber criminals. This week we learned that the recent massive breach of Microsoft Exchange was actually sponsored by the Chinese government (paying criminal groups). By targeting critical infrastructure like electricity, gasoline, food, hospitals, schools, and now businesses that make software installed at hundreds of thousands of companies, a single attack can victimize tens of millions of Americans. While there are no official cybercrime statistics, as of last month insurance claims were up 300% year-over-year. And in the past few weeks, cyber ransoms have exploded.

The clear and present cyber danger hearkens back to 1957 and the launch of Sputnik. When Russia’s predecessor lofted the first satellite into orbit, America was shocked. Driven in part by wall-to-wall media coverage (the New York Times ran 279 articles in the next 3 and ½ weeks, more than 11 per day), Sputnik led to sky searching for Russian rockets raining down on our heads and an era of ducking and covering.

Sputnik also led to national navel gazing about a science skills gap. In Washington, it spurred passage of the National Defense Education Act, a quadrupling of funding for the National Science Foundation, and the creation of NASA, all of which prioritized and revolutionized the teaching of math and science with the goal of closing the gap. The resulting innovation played a major role in winning the Cold War 32 years later.

32 years after the end of the Cold War, we’re under constant attack from hostile governments and cyber scum seeking to use technology to steal, destabilize, and shut down America. We’re (digitally) ducking and covering. So why aren’t we experiencing a Sputnik moment for cybersecurity? It’s now obvious that the flipside of digital transformation is an urgent need for digital resilience. While media coverage of this summer’s cybersecurity crisis has been robust (although a long way from 11 articles a day), we’re not seeing Sputnik-level panic from any sector – more crickets than crisis.

Here’s what seems to be keeping us from seeing DarkSide like we saw Sputnik:

1) Complexity


The digital architecture of any organization of scale (and vintage i.e., not recent) is now breathtakingly complex. The need for connectivity and systems integration across the supply chain and customer base has led to layers of software and platforms riddled with open seams and jerry-rigged connections that are extremely hard to safeguard from malfeasance. Add to this a rapidly growing number of connected cloud servers, IoT and BYOD (bring your own device, exacerbated by work-from-home), and complexity increases exponentially. The U.S. now has over 1.5 billion IP addresses, 4x our biggest digital rival (China). All it takes is one point of weakness – or more likely human error – and goodbye data.

If the alphabet soup of acronyms is any indication, enumerating enterprise cybersecurity risks is about as fun as seeing how high you can count (i.e., quite high, not fun). At the same time, rocket science is also pretty complex (i.e., not “not rocket science”). So complexity and not fun can’t be the only or even primary reasons.

2) Defensive


Cybersecurity is all about playing defense, where America doesn’t have a great track record over the past few years. Our Covid defense fell far short of expectations. And our porous defense to slow-motion disasters like climate change is even worse. But cybercrime isn’t happening in slow motion – more like double or triple time. (Unlike Covid, a crippling cyber attack on national infrastructure wouldn’t necessarily close schools; it might do us the favor of closing remote schooling, although I guarantee certain teachers unions and pliant school districts would find a reason to close schools.)

The primary problem is that it’s hard to get excited about cyber defense, particularly a multi-year, multi-decade defensive effort to preserve the digital status quo. Sputnik shock spurred a response that was about much more than defense. It was about establishing a new frontier (the final frontier) for a nation that closed what was thought to be its last frontier three generations earlier. That was a key part of America’s Sputnik moment.

So can we dream up a relevant frontier that will rouse us from cyber slumber?

3) Talent


The message of Sputnik was clear: America needs more rocket scientists. Government, schools, and business heeded the call and responded with a coordinated effort: government funded, schools educated, and employers hired. It all worked so well, the best way to describe it was – in the immortal words of Neil Armstrong looking back from the moon – “gee whiz.”

In contrast, the cybersecurity talent machine awaits assembly. While cybersecurity programs pop up at colleges and universities, most are master’s degrees that cost $25,000+ and, as Kevin Carey notes, “heavily debt-financed, marketed very aggressively through online web advertising, [and] purport to provide very specific economic opportunities in a given field.” At the same time, cybersecurity bachelor’s degrees aren’t a panacea; they’re only marginally faster + cheaper and the very specific skills demanded by employers are more easily and naturally learned in a work environment than a classroom as part of a 3-credit course. Much of what passes for cybersecurity coursework at colleges and universities is out-of-date, out-of-touch, and disconnected from entry-level industry-recognized certifications like SSCP, CompTIA Security+, and GSEC.

So employers aren’t solely at fault for transforming entry-level cybersecurity jobs into oxymorons via certification and experience inflation (see e.g., Glassdoor post for entry-level security operations center (SOC) analyst position demanding “bachelor’s degree, at least four years of experience, including time doing penetration testing, digital forensics and vulnerability assessments; and professional certificates”). Nevertheless, employers are the primary architects of “this self-licking ice-cream cone of misery” known as the cybersecurity skills gap. According to international cybersecurity organization (ICS)2, there are nearly 600,000 unfilled cybersecurity jobs in the U.S.; we’re missing an entire cybersecurity city.

Just as Democrats have spent years using Green Jobs to mainstream the fight against climate change, jobs can help galvanize a Sputnik moment for cybersecurity. In an era with far too few clear pathways to good digital jobs, digital defense has the potential to lift up hundreds of thousands of American workers and their families, while giving hope to millions more. These are good jobs that pay over $80,000 to start and serve as pathways to even more lucrative careers (here are five positions that average over $200,000) with impressive job security (“a guaranteed job for life”). And as cybersecurity is now indispensable to so much of our digital architecture, entry-level analysts aren’t stuck in the SOC, but perfectly positioned to pursue dozens of other lucrative tech careers.

Jobs and socioeconomic mobility are the right frontier for two more reasons. First, as Tim Herbert, executive vice president for research at CompTIA notes, “you don’t have to be a graduate of MIT to work in cybersecurity.” Moreover, industry experts agree you don’t need a degree at all. Despite the complexity of the field, an entry-level position in cybersecurity “is not rocket science”; becoming a pen tester or incident response analyst doesn’t require years of formal training.

Second, cybersecurity has a major advantage over other sectors with huge (albeit not existential) skills gaps: the action isn’t happening inside big, sclerotic companies, but rather at cybersecurity service providers. While some large employers find a need to employ hundreds or even thousands cybersecurity employees (JPMorgan Chase reportedly 3,000), the trend is to outsource as much as possible to managed security service providers (MSSPs) who actually know what they’re doing. It makes sense: threats to JPMorgan Chase are similar if not identical to threats to Citibank or Chevron. MSSPs see it all and are able to leverage experience with one client for the benefit of others.

So MSSPs and other cybersecurity product and service providers are best positioned to close the cybersecurity skills gap. They know exactly what talent they need and some have developed deep expertise in training. But they could use some encouragement to begin scaling talent pathways via investments in sourcing, screening, hiring, and training talent they’re not tapping today. Because as it stands, America’s Rube Goldberg-esque cybersecurity talent machine comes with this disclaimer: some assembly required, batteries not included.

Federal funding provided the power to respond to Sputnik. It could do the same in this moment. So as the Biden Administration strives to drop an additional $300 billion into America’s colleges and universities and hand over an additional $10 billion to unions running apprenticeship programs in the building and construction trades, a fraction could be profitably diverted to support or subsidize cybersecurity pathways in places like MSSPs where training is directly aligned with employment.

If the government can go this far, why not fund a new CCC? Instead of FDR’s Civilian Conservation Corps, which employed three million young Americans to build public works that continue to serve the country today, Biden’s CCC would be a Civilian Cybersecurity Corps. Just as the Israeli Defense Forces provides young Israelis with highly relevant digital career-launching, innovation-spurring training, the CCC could do the same, plus rekindle the American Dream, plus ensure we still have an America to dream about. This may not be a modest proposal. But it’s exactly what we need to combat inequality and keep the Mona Lisa out of Jeff Bezos’ ravenous maw.

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.
Port of Cape Town reports cyberattack on port operating systems

Transnet’s website was down on 22 July and displayed an error message
.


23 Jul 2021 
Transnet confirmed that its IT applications experienced disruptions. 
Credit: SkyPixels on Wikimedia.

South Africa’s Port of Cape Town has reported a cyberattack that has affected its port operating systems, causing disruption to container operations.

Transnet runs a national freight rail line along with major South African ports, including Port of Cape Town and Durban. The company confirmed that its IT applications experienced disruptions.

The website of Transnet was down on 22 July and displayed an error message.

Currently, the port operator is investigating the cause of the disruption.

Three sources with direct knowledge of the matter told Reuters that Durban, the busiest shipping terminal in sub-Saharan Africa, was also impacted by the cyberattack.

In an email seen by Reuters, Cape Town Harbour Carriers Association said to its members: “Please note that the port operating systems have been cyberattacked and there will be no movement of cargo until the system is restored.”

Last week, the state-owned company suspended services of its ports and national freight rail line due to days of political unrest and violence in some parts of the country.

Responding to a question on whether the cyberattack was connected to the unrest, a government official said: “We are investigating, and when that is confirmed or dispelled we are going to make that announcement. Currently we are treating it as an unrelated event.”

Another source added: “The latest disruption has delayed containers and auto parts, but commodities were mostly unaffected as they were in a different part of the port.”

The cyberattack will lead to backlogs that will take time to clear.

Durban serves as a hub to transport cargo out of Africa, including copper and cobalt mined in the Democratic Republic of Congo and Zambia.

Last month, the national flagship carrier of South Korea HMM reported a cyberattack that affected its email server.

 

Repression or Diversity, the Decision Facing Cuba

By Circles Robinson

Havana photo by Juan Suarez

HAVANA TIMES – The events in Cuba starting with the nationwide July 11th protests added to the alarming crisis already affecting the vast majority of the population.

The government continues presenting a “Separate Reality” to the public. Its constantly cheery monologue about internal affairs is reminiscent of Donald Trump and Fox News in the United States. But the big difference is that Trump and Fox News weren’t the only legal news sources in the US, while Cuban State TV is the only game in town on the island.

A total monopoly on legal newspaper, radio and TV on the island is a powerful tool for shaping public opinion, if only by saturation strategy. The constant discrediting and denigrating any-and-all voices that criticize government policies or leaders, without giving the victims a right of reply, is a vital part of the “absolute truth” presented by the Cuban Communist Party and Government.

Not everything State media says or reports is false. However, since they never have to answer to critics via op-eds or fact checks, their accounts raise many doubts to any thinking person.

Top Cuban leaders on the Roundtable following the events of July 11th.

By far the best example of the “Separate Reality” is the nightly Mesa Redonda (Roundtable) program. The show usually features Communist Party leaders or government officials and a couple friendly commentators who talk about important issues, all agreeing on virtually everything. For viewers wanting simple answers to difficult issues/problems it’s a soothing and totally predictable show.

They also specialize in letting you know how bad things are in countries not supporting the Cuban model, especially the United States. By comparison the Cuban system appears as an example to the world.

The problem facing this format for addressing important matters is that the “Separate Reality”, where the leaders have all the answers and “the peoples” best interests at heart, is that the other reality, the one most Cubans live on a day-to-day basis, is increasingly different.

On July 11th thousands spontaneously took to the streets crying out their reality which doesn’t appear on the TV screens.

A severe lack of food, extreme shortages of even the most basic medicines, and a negligent handling of the Covid-19 situation were the fuse. The song “Patria y Vida” (Homeland and Life) was the anthem and “Freedom” the most heard slogan.

President Diaz Canel immediately reacted by calling out “revolutionaries” and the security forces to combat the protesters, i.e. the general population, those in the streets. Although most Cubans were vaguely aware of the repressive capability of the Cuban police, State Security, and the armed forces, and their mission to combat any internal enemies, those with cellphones suddenly got a look at the ugly side of their supposedly respectful authorities.

It’s a side that scores of artists, intellectuals, and political dissidents had been aware of for decades, but not the general public, much less foreign visitors.

During the protests, an elderly woman shouted, “We’ve taken off our garb of silence.” In a sense, the government responded by taking off its mask of supposed caring and tolerance. The result has been well over 500 arrests, and the beginning of shameless summary trials to imprison many who protested.

Not allowing those charged with fabricated crimes, held incommunicado, to even have a defense, is the Cuban leaders’ interpretation of their Rule of Law. They believe this is their right, and the victims and families are suffering.

Making visible the people’s reality

Propping up the Separate Reality. Photo: Juan Suarez

It’s clear that the Cuban people are hungry to see their reality reflected.

On the flip side of the Mesa Redonda, is the film “Suite Habana” by acclaimed director Fernando Perez. The Best Documentary / Director of the 2003 Havana Film Festival, virtually without dialogue, depicts the everyday reality of a dozen hard working, struggling, ordinary, dignified Cubans. It was a film that had many Cuban viewers in tears, both of sadness and pride, as they left the movie theaters. It showed a reality, all around for the viewing, that was totally ignored by those in power and their media monologue.

Eighteen years later little has changed. In fact, the gulf between the two realities, the one on the TV and the one in the urban barrios and rural communities, has only widened further.

Screenshot from Fernando Perez award winning documentary “Suite Habana”

Today, after what we saw on July 11th, the desperate cry of both anger and joy, and the subsequent violent state repression, the government continues to ignore the reality on the still smoldering streets.

The Mesa Redonda (and the nightly news program) continue to prop up the State media’s Separate Reality. Night after night they point the finger at outside enemies for supposedly financing thousands of mercenaries and delinquents to exacerbate the country’s problems and fan the discontent. It continues slandering thinking, critical Cubans without giving them the right of reply.

Meanwhile, the illegal independent media, and the social networks, themselves not always factual, gain in credibility every day.

As a first step out of the quagmire, the Mesa Redonda could begin a new era in State media by allowing divergent opinions. That would mean forgetting the absolute truth mantra and have real debate, where thought out ideas and policies could emerge.

The other option is to let inertia continue to fuel the status quo, for who knows how long.

They will do what Raul Castro and the other Party leaders decide, but what’s much clearer after July 11th is that the “Separate Reality” strategy is losing takers.

Read more from Cuba here on Havana Times.

Let Cuba Live!, Progressive Leaders Around the World Demand



Citizens take part in a rally to reject U.S. blockade against Cuba, Toronto, Canada, July 19, 2021. | Photo: Twitter/ @ONCommunists
Previous
Next
Published 23 July 2021
by teleSUR/ Peter Bolton
Newsletter


They stress there is no justification for the United States to continue treating the Cuban people as a national security threat.

On Friday, over 400 artists, politicians, intellectuals, and international activists will send a letter to President Joe Biden demanding that he end the blockade against Cuba and improve bilateral relations.

RELATED:
Cuba Denounces New US Destabilization Attempts, Media Campaign

“We find it unconscionable to block remittances and Cuba’s use of global financial institutions, especially during the COVID-19 pandemic when the access to dollars is even more necessary for the importation of food and medicines”, underlines the text, which was be published in the New York Times.

The open letter supporting the Cuban people was signed by personalities such as Brazil’s former President Lula da Silva, theologian Frei Betto, Danny Glover, and Susan Sarandon. They stressed that the ban on remittances and the end of direct commercial flights between the U.S. and Cuba are also impediments to the wellbeing of the vast majority of Cuban families.



“There is no reason to maintain the Cold War politics that required the U.S. to treat Cuba as an existential enemy rather than a neighbor,” the activists stated, adding that if Biden stands with the Cuban people, he should immediately sign an executive order to annul 243 sanctions set by President Donald Trump administration (2017-2021).

Due to the effects of the COVID-19 pandemic on tourist activities, Cuba has stopped receiving billions of dollars which could be used to provide economic relief to the population and import food and medicine.



Taking advantage of the epidemiological emergency, Trump reversed the policy of normalization of bilateral relations established by Barack Obama and tightened the embargo to force a change in the political regime in Cuba.

In April 2020, seven United Nations Special Rapporteurs also wrote a letter to the U.S. government to reject the economic sanctions on Cuba. On June 23, 184 countries voted in favor of lifting the blockade. Despite the international outrage, the U.S. government persists in its hostile attitude towards Cuba.

Amanda Hernandez Celaya, 17, Arrested in Cuba on July 11, Acquitted
The family sent a message of gratitude to all those who reported on the young woman’s case. (Facebook)

14ymedio, Havana, 22 July 2021 — The young woman Amanda Hernández Celaya, arrested on July 11 in the heat of the protests that shook the country, was acquitted this Thursday for lack of evidence after a summary trial was carried out in Havana, as confirmed to 14ymedio by members of her family.

Hernández was charged with the same offense as the other participants in the protests, “public disorder.” The teenager had been released during the night of July 20, under a precautionary measure of house arrest, after spending ten days in prison at the 100th y Aldabó station, unable to communicate with her family or receive visitors.

The family sent a message of gratitude to all who denounced the case of the young woman, who is completing her last year of high school in Havana and is also training to be a dancer.

Heissy Celaya Pérez, Hernández’s mother, learned of her daughter’s arrest through the young woman’s own voice, as she managed to make a call at the time of the arrest. After that communication, during which Hernández was crying, her mother did not hear from her for more than 24 hours.

The following day the mother managed to reach the fourth station in Havana’s Cerro municipality, at Infanta and Manglar, where she learned that her daughter had been transferred to 100th y Aldabó. Most of the calls for support were made by the mother through social networks and international organizations.

Among those arrested in the July 11 protests, many were teenagers, including reports of the arrests of minors.

The activist Salomé García Bacallao compiled a list with at least nine detained minors. In addition to Hernández Celaya, they included Brandon David Becerra (17 years old), Giancarlos Álvarez Arriete (17), Glenda de la Caridad Marrero Cartaya (15), Jonathan Pérez Ramos (16), Katherin Acosta (17), Leosvani Giménez Guzmán (15), Luis Manuel Díaz (16) and Yanquier Sardiña Franco (16).

The trials of participants in the massive protests continue. The actor Carlos Alejandro Rodriguez Halley denounced on his Facebook account that his friend, the artist Alexander Diego Gil, “has just been sentenced to ten months of deprivation of liberty in a circus trial.”

The young man also raised several questions: “What should we do at this time? Should we remain silent? Should we expect something from the artists who are silent? Should we settle for injustice? Should we endure a dictatorship that clings to power without it mattering to them that a whole country has risen up demanding that they withdraw from power? (…) What is going to happen to all the relatives of all the victims of the Cuban dictatorship today? When will real justice be done? ”

Gil’s arrest was also denounced by filmmaker Carlos Lechuga: “This boy is a good man. An artist with a special sensitivity. (…) Immediate freedom for Alexander. For his health, the health of his mother and the country “.

Lechuga also took advantage of his letter to request “immediate freedom for all 11J [11 July] prisoners and political prisoners.”

Twelve days after the first protests, the government has not provided a number of those injured and detained. The legal organization Cubalex documents to date a total of more than 600 people, all victims of repression and among whom are both the detained and disappeared.

____________

COLLABORATE WITH OUR WORK: The 14ymedio team is committed to practicing serious journalism that reflects Cuba’s reality in all its depth. Thank you for joining us on this long journey. We invite you to continue supporting us by becoming a member of 14ymedio now. Together we can continue transforming journalism in Cuba.

ROARING TWENTIES 2.0
Bitcoin: The great wealth transfer might be coming sooner than expected

By Anjali Jain
on July 23, 2021
 
Source: Pixabay

The latest Bitcoin bull run pushed crypto to the fringes of mainstream investing, at the very least. The exponential price surge, coupled with mounting institutional interest, was reflective of the general perception that digital assets are a valuable addition to investment portfolios. Moreover, it is not just big-ticket investors but even comparatively smaller portfolio holders that are looking into Bitcoin investments and the interest is only growing by the minute.


Source: Coinstats

A new study by Washington-based analytics firm Gallup revealed that Bitcoin investments by American adults having more than $10,000 in traditional investment vehicles tripled over the last three years. It went from a 2% to 6% portfolio allocation, a finding which suggested that Bitcoin is slowly reaching general acceptance and entering the maintenance market.

The second-quarter Gallup Investor Optimism Index survey further revealed that young adult investors are more likely to indulge in Bitcoin investments. It was also found that 13% of those between 18 and 49 owned Bitcoin, compared to just 3% in 2018.

However, it has been harder for BTC to make inlands with older investors as only 3% of those above 50 own the digital asset. The number has, however, tripled from 3 years back when it was a mere 1%. Even so, this figure is indicative of the general hesitancy that veteran investors have about cryptocurrencies.

There is also a visible gender disparity between investors as it was found that out of those surveyed, male BTC investors amounted to 11% while only 3% are female. This, alas, is in line with the general consensus from previous reports about female investors lagging behind. That being said, some reversal was being seen of late, with the same underlined by data from trading websites like eToro and Robinhood.

Overall, the critical tide for crypto seemed to be turning as those who believed they would never be interested in buying crypto dropped from 72% to 58% between 2018 and 2021. Similarly, the risk perception associated with crypto too declined considerably over the same time even as it was still viewed with suspicion by most.

In any case, the proportion of surveyed investors calling it “very dangerous” declined from 75% to 60%, even as 35% thought it is “considerably dangerous” and only 5% viewed it as carrying no dangers.

The aforementioned report concluded by stating,

“Large investments in bitcoin by well-known companies such as Tesla, Square, and Morgan Stanley may be giving it more mainstream credibility.”

Nevertheless, the disparity between younger and older investors is not surprising. Millennials are known to be the most enthusiastic about crypto as they are at a point in life where they can take risks and are more embracing of new technology. Moreover, the 2008 financial crisis was an eye-opener for many of them, and they are still struggling to retain their trust in the current financial and banking systems.

The Gallup report’s findings have given impetus to the belief that the greatest generational wealth transfer in which millennials are set to inherit $68 trillion from older generations will be beneficial for Bitcoin. It is considered unlikely that gold, which has already fallen in popularity, and other stocks and investments will receive the bulk of this wealth as more millennials and Gen Z shift towards unconventional banking.

In fact, it was found in a recent CNBC survey that half of the surveyed millennial millionaires had invested at least 25% of their wealth into cryptocurrencies, while over a third of them had over 50% investments in crypto. Other surveys have also found that millennials are more likely to trust their dentist than banks and Wall Street.

As more millennials transfer their wealth from traditional banking to crypto, this impending wealth transfer might just be one of the biggest revolutions that financial history has ever seen as it will see wealth change hands not just across generations but through financial institutions and systems altogether.


Kaseya Offers Customers Decryption Key for Massive Ransomware Attack

The remote management software company will not disclose the source of the decryption key, but at least one company has confirmed that it works.


Getty Images

Robert Lemos | Jul 23, 2021

Remote management software firm Kaseya announced on July 22 that the company has obtained a universal decryption key for the ransomware that affected 50 to 60 managed service providers and more than 1,000 of those MSPs' downstream customers.

The Florida-based company confirmed that the decryption key — which Kaseya referred to as a software "tool" — successfully recovered systems encrypted by the ransomware. Kaseya is working with a third party, Emisoft, to reach out to affected customers and their clients and unlock any encrypted data.

So far, the tool has been used successfully without issues, Kaseya stated in a blog post.

"We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor," the company said.

The availability of the decryption tool marks the beginning of the end of an attack that affected more than a thousand companies, highlighted software supply chain weaknesses, and demonstrated the critical role that managed service providers play in defending companies against attacks.

On July 2, cybercriminals associated with the Russia-linked REvil group used a trio of vulnerabilities in Kaseya's Virtual System Administrator (VSA) servers to compromise organizations — many of them managed service providers (MSPs) — that had deployed the software as Internet-connected on-premises servers. Using the servers, the attackers then installed ransomware on the clients managed by the VSA systems, often infecting hundreds or thousands of endpoints at the affected MSPs' business clients.

While companies have worked for more than three weeks recovering from the July attack, the decryptor will aid in recovering data that had not been backed up before the attack, a worker at one MSP stated on condition of anonymity as the company had to sign a nondisclosure agreement with Kaseya to get access to the decryption tool.

"At this point, our clients are mostly recovered or fully recovered and in working order, and we have restored backups," the worker stated. "There may be some cases where there were documents not saved to a shared folder we are backing up and we are looking into that. In those situations, the decryptor will be helpful."

Kaseya would not say how it "obtained" the decryption tool and declined to say if it paid a ransom. "We can’t share any details about how and from whom we obtained the decryptor," Kaseya spokeswoman Dana Liedholm said in a response to Dark Reading.

The most likely explanation is that someone paid part of the ransom, whether Kaseya, a group of victims, or the government. Alternatively, the decryption key could have been seized in an offensive cyber operation or somehow discovered by security researchers.

The development comes after the REvil group's sites disappeared from the Internet on July 13. Several of the group's sites on the Dark Web have become unreachable as well. The cause of the outage is unclear, but came after US President Joe Biden put pressure on Russia President Vladimir Putin to investigate the criminal group, which is thought to operate from that country. Biden had also maintained that the United States could attack servers hosting ransomware groups.

The Kaseya breach could have been much worse. While about 2,200 on-premises servers appeared to be vulnerable to the exploit chain used by attackers, only 50 to 60 servers — most at managed service providers — were targeted in the attack. The Ransomware Task Force, an industry and policy group created in December 2020, considers the use of MSPs to amplify a ransomware attack to be a worst-case scenario.

While Kaseya did take steps once the company learned of the attack, after it triggered simultaneously across all compromised VSA servers at 12:30 p.m. ET, attackers had already compromised vulnerable systems, John Hammond, senior security researcher at Huntress Labs, stated in a blog post earlier this week.

"By the time VSA customers shut down their servers, any exploitation would have already been complete, and attacks would have happened as planned," he wrote. "Anecdotally, we have received reports of some customers finding remnants of the malicious stored procedures when bringing VSA servers back online; however, any order to shut down after [the triggering time of] 12:30 ET would not have minimized the number of compromised MSPs."

If Kaseya paid a ransom to gain access to the decryptor, the company will be failing to heed increasingly strident advice for companies to forgo dealing with cybercriminals, which funds their operations and attracts more ransomware activity. In May, oil and gas transport network Colonial Pipeline paid attackers $4.4 million to help it recover its systems, which had shut down its pipeline for over a week.