Learn more about your ad choices. Visit megaphone.fm/adchoices
you're listening to the cyberwire network powered by N2k this is the energy of electrification available type S high performance variant nearly 500 horsepower and 278 mile EPA range range choose from our complimentary charging packages so you can charge how you want the all-electric Acura ZDX this is the energy of innovation Acura precision crafted performance this your local accurate dealer to lease the all-electric ZDX for three hundred eighty nine dollars a month hey everybody Dave here I want to talk about our sponsor legal zoom you know I started my first business back in the early 90s and oh what I would have done to have been able to have the services of an organization like legal zoom back then just getting all of those business ducks in a row all of that technical stuff the legal stuff the registrations of the business so the taxes all of those things that you need to go through when you're starting a business the hard stuff the stuff that sucks up your time when you just want to get that business launched and out there well legal zoom has everything you need to launch run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff launch run and protect your business to make it official today at legal zoom calm you can use promo code cyber 10 to get 10% off any legal zoom business information product excluding subscriptions and renewals that expires at the end of this year get everything you need from set up to success at legal zoom calm and use promo code cyber 10 that's legal zoom calm and promo code cyber 10 legal zoom provides access to independent attorneys and self-service tools legal zoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm lz legal services LLC reports claim Iran's hackers probe u.s. infrastructure juniper's backdoor fixes and implications surveillance policy in china the u.k. and the u.s. and calls for a manhattan project to break encryption fall on skeptical ears I'm Dave bittner in baltimore with your cyberwire summary for Tuesday December 22nd 2015 New Yorkers react to yesterday's report that in 2013 Iranian hackers gained access to control systems at a small dam in the downstate town of rye and the New Yorkers aren't happy the Department of Homeland Security has declined to comment on the incident but did note its continuing work with private and public sector partners to secure infrastructure an AP report has also fingered Iranian cyber operators with multiple intrusions into the u.s. electrical grid these probes appear to have amounted to reconnaissance and data theft as opposed to attempts to manipulate control systems administrators should patch the backdoor in juniper's screen o.s. firewalls immediately if they haven't already done so unpatched systems are being actively scouted in the wild and attacks have begun hitting honeypots no one yet knows or at least no one who knows is saying how the backdoor got there in the first place observers see potential for serious exploitation of unpatched systems as debates over surveillance policy continue in several countries analysts regard the juniper backdoor is a cautionary tale for those who advocate crypto back doors to aid law enforcement and counter terror agencies u.s. presidential candidate clinton called saturday for a manhattan like project by government and industry that would enable investigative and intelligence services to access secure messages without compromising privacy or civil liberties few observers think such a project is feasible but several current or aspiring policymakers repose great confidence in the tech community's powers of innovation manhattan like project or not ed snowden thinks secure app telegram said to be the ices app of choice for command and control isn't really that secure telegram disputes mr snowden's review how about listening to the sounds of Istanbul beautiful isn't it but you can't discover the coolest city in the world just by listening check Istanbul dot go turkey a dot com now and plan your Istanbul trip today and now a word from our sponsor no before it's all connected and we're not talking conspiracy theories when it comes to info sec tools effective integrations can make or break your security stack the same should be true for security awareness training no before provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization security culture no before's security coach uses standard API's to quickly and easily integrate with your existing security products from vendors like Microsoft crowd strike in Cisco 35 vendor integrations and counting security coach analyzes your security stack alerts to identify events related to any risky security behavior from your users use this information to set up real time coaching campaigns targeting risky users based on those events from your network endpoint identity or web security vendors then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft teams slack or email learn more at no before dot com slash security coach that's no before dot com slash security coach and we thank no before for sponsoring our show with Lulu lemon the real gift happens when they're living in it when you give them the softest loungewear set the real gift is this and this and this this holiday Lulu lemon makes it easy to give a gift that goes beyond open the moment shop now at Lulu lemon dot com imagine this your primary identity provider goes down whether it's a cloud outage network issue or even a cyber attack suddenly your business grinds to a halt but what if it didn't have to meet identity continuity from strata the game-changing solution that keeps your business running smoothly no matter what whether your cloud IDP crashes or your on-prem system faces a hiccup identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP automatically and without disruption powered by the Mavericks identity orchestration platform identity continuity uses smart health checks to monitor your IDP's availability and instantly activates failover strategies tailored to your needs when the coast is clear it's a seamless switchback no more downtime no lost revenue no frustrated customers just continuous secure access to your critical applications every single time protect your business from the high costs of IDP outages with identity continuity from strata downtime is a thing of the past visit strata.io/cyberwire to learn how strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro joining me is John Patrick editor of the cyberwire let's talk encryption there is a big debate going on with encryption and it's only been amplified by the tragedies in Paris there are two sides to this story there are two sides to the story in a lot of ways the this encryption debate is the second round in a debate that's been running since the 1990s the crypto wars version one were fought back in the days when encryption was actually treated by United States law as really kind of a weapon and its export was restricted you couldn't have it you could no more have encryption then you would be permitted for example to own a machine gun the lawyers who fought and won the case that basically ended the first round of the crypto wars said that to their client that we think it should be possible to whisper in someone's ear from a thousand miles away and it was that kind of libertarian sentiment that animated the pro-encryption side back then and continues to do so now I've heard two main arguments about encryption on the one side you have law enforcement saying that we need a backdoor we need access there are there are things hidden on bad guys devices there are things hidden on good guys devices that would help us solve crimes on the other hand you have it seems like the device manufacturers and other parties are saying people have a right to their privacy neither side is is lunatic that when law enforcement says that there are serious bits of information hidden by encryption on bad guys and networks on bad guys devices they're right there is a lot of stuff hidden by encryption and of course encryption can be used to cloak all sorts of criminal activity on the other hand the people on the other side will argue and they're also correct that if there is such a thing as a natural or illegal right to privacy it seems that the ability to secure your communications from use dropping by whomever is an important guarantor that right so really when you look at the debate there are ways in which is strikingly similar to debates within American politics over gun control also an issue over which neither side is lunatic both sides have their points you've got you're balancing a natural right to self-defense let's say against the natural right to safety and how you adjudicate that is not at all obvious so we might say that if you want to understand the pro-encryption side here they're saying if in effect that crypto doesn't kill people people kill people so why not have a backdoor what are the technical limitations for why you know computer scientists can't provide law enforcement with some way perhaps under a judge's order to have access to devices there's no technical reason why you can't put a backdoor into a device and in fact back doors are discovered all the time in devices here's the problem with it that the pro encryption people will tell you once you put a backdoor into a device once you provide some way of subverting encryption weakening encryption what you've effectively done is you've weakened the whole internet that you make it not only possible and easier for law enforcement to get into your devices you make it possible and easier for everybody to get into your devices all right it's a complex issue john petrick editor of the cyberwire thanks for joining us we'll talk again soon the IT world used to be simpler you only had to secure and manage environments that you controlled then came new technologies and new ways to work now employees apps and networks are everywhere this means poor visibility security gaps and added risk that's why cloudflare created the first ever connectivity cloud visit cloudflare.com to protect your business everywhere you do business did you just call your boss mom thanks mom what did you get your pants caught in an escalator oh no did you accidentally pick up someone else's kid from school wait a minute you're not Casey then you need teriyaki madness it's marinated grilled meat and fresh walk tossed veggies over steaming rice with addicting teriyaki sauce and it's so delicious it fixes everything teriyaki madness crazy delicious find a location near you at teriyaki madness.com and that's the cyberwire we are proudly produced in Maryland by our talented team of editors and producers I'm Dave Bittner thanks for listening and now a word from our sponsor Nord Pass. Nord Pass is an advanced password manager from the team behind Nord VPN designed to help keep your business safe from data leaks and cyber threats it gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords right now you can go to www.nordpass.com/cyberwire for 35% off the Nord Pass business yearly plan don't miss out on that (gentle music) [BLANK_AUDIO]