Protokoll-Nr

Total Page:16

File Type:pdf, Size:1020Kb

Protokoll-Nr Protokoll-Nr. 19/124 19. Wahlperiode Ausschuss für Inneres und Heimat Wortprotokoll der 124. Sitzung Ausschuss für Inneres und Heimat Berlin, den 1. März 2021, 14:00 Uhr Berlin Konrad-Adenauer-Str. 1, 10557 Paul-Löbe-Haus, Raum E 700 Vorsitz: Andrea Lindholz, MdB Tagesordnung - Öffentliche Anhörung Tagesordnungspunkt Seite 7 a) Gesetzentwurf der Bundesregierung Federführend: Ausschuss für Inneres und Heimat Entwurf eines Zweiten Gesetzes zur Erhöhung der Mitberatend: Sicherheit informationstechnischer Systeme Ausschuss für Recht und Verbraucherschutz Verteidigungsausschuss BT-Drucksache 19/26106 Ausschuss für Verkehr und digitale Infrastruktur Ausschuss Digitale Agenda Haushaltsausschuss (mb und § 96 GO) Gutachtlich: Parlamentarischer Beirat für nachhaltige Entwicklung Berichterstatter/in: Abg. Christoph Bernstiel [CDU/CSU] Abg. Sebastian Hartmann [SPD] Abg. Joana Cotar [AfD] Abg. Manuel Höferlin [FDP] Abg. Petra Pau [DIE LINKE.] Abg. Dr. Konstantin von Notz [BÜNDNIS 90/DIE GRÜNEN] 19. Wahlperiode Seite 1 von 341 Ausschuss für Inneres und Heimat b) Antrag der Abgeordneten Joana Cotar, Uwe Schulz, Federführend: Ausschuss für Inneres und Heimat Dr. Michael Espendiller, weiterer Abgeordneter und Mitberatend: der Fraktion der AfD Ausschuss für Recht und Verbraucherschutz Evaluierung des IT-Sicherheitsgesetzes von 2015 Ausschuss Digitale Agenda nach Gesetzeslage umsetzen und Ergebnisse im IT- Berichterstatter/in: Abg. Christoph Bernstiel [CDU/CSU] Sicherheitsgesetz 2.0 berücksichtigen Abg. Sebastian Hartmann [SPD] Abg. Joana Cotar [AfD] BT-Drucksache 19/26225 Abg. Manuel Höferlin [FDP] Abg. Petra Pau [DIE LINKE.] Abg. Dr. Konstantin von Notz [BÜNDNIS 90/DIE GRÜNEN] c) Antrag der Abgeordneten Uwe Schulz, Joana Cotar, Federführend: Ausschuss für Inneres und Heimat Dr. Michael Espendiller und der Fraktion der AfD Mitberatend: IT-Sicherheitsgesetz 2.0 – Planungs- und Ausschuss für Recht und Verbraucherschutz Ausschuss für Verkehr und digitale Infrastruktur Rechtssicherheit für Netzbetreiber herstellen Ausschuss Digitale Agenda BT-Drucksache 19/26226 Berichterstatter/in: Abg. Christoph Bernstiel [CDU/CSU] Abg. Sebastian Hartmann [SPD] Abg. Joana Cotar [AfD] Abg. Manuel Höferlin [FDP] Abg. Petra Pau [DIE LINKE.] Abg. Dr. Konstantin von Notz [BÜNDNIS 90/DIE GRÜNEN] 19. Wahlperiode Protokoll der 124. Sitzung vom 1. März 2021 Seite 2 von 341 Ausschuss für Inneres und Heimat Inhaltsverzeichnis Seite I. Teilnehmerliste 5 II. Sachverständigenliste 6 III. Wortprotokoll der Öffentlichen Anhörung 7 IV. Anlagen Anlage A Stellungnahmen der Sachverständigen Sebastian Artz, Bitkom e. V., Berlin 19(4)741 A 38 Dr. Sven Herpig, Stiftung Neue Verantwortung e. V., Berlin 19(4)741 B 57 Manuel Atug, AG KRITIS, Bonn 19(4)741 C 70 Martin Schallbruch, Digital Society Institute des ESMT Berlin 19(4)741 D 92 Prof. Dr. Klaus F. Gärditz, Rheinische Friedrich-Wilhelms-Universität Bonn 19(4)741 E 108 Linus Neumann, Chaos Computer Club Berlin 19(4)741 F 119 Anlage B Unaufgeforderte Stellungnahmen Stiftung Neue Verantwortung - Vorläufige Bewertung vom 7.5.2020 19(4)512 163 Stiftung Neue Verantwortung vom 1.12.2020 19(4)662 neu 174 AG KRITIS, Bonn 19(4)664 186 BfDI, Bonn 19(4)681 201 Fachbereich Sicherheit - Schutz und Zuverlässigkeit, Berlin 19(4)714 205 AOK-Bundesverband, Berlin 19(4)721 210 VDV Die Verkehrsunternehmen, Köln/Berlin 19(4)726 216 UP KRITIS Wirtschaftsbeirat 19(4)727 218 Bundesverband Paket und Express Logistik, Berlin 19(4)728 229 Gesamtverband der deutschen Versicherungswirtschaft e. V., Berlin 19(4)740 232 19. Wahlperiode Protokoll der 124. Sitzung vom 1. März 2021 Seite 3 von 341 Ausschuss für Inneres und Heimat Bundesärztekammer, Berlin 19(4)743 234 Deutsche Krankenhausgesellschaft e.V., Berlin 19(4)744 238 VATM e. V., Köln 19(4)745 246 eco Verband der Internetwirtschaft e.V., Berlin 19(4)747 258 Telefonica Deutschland, Berlin 19(4)748 263 Deutscher Industrie- und Handelskammertag, Berlin 19(4)749 286 ARD, ZDF und Deutschlandradio 19(4)750 295 Die Familienunternehmer e.V., Berlin 19(4)751 307 BDEW Bundesverband der Energie- und Wasserwirtschaft e. V., Berlin 19(4)753 314 DIN e. V., Berlin und DKE, Frankfurt am Main 19(4)759 337 19. Wahlperiode Protokoll der 124. Sitzung vom 1. März 2021 Seite 4 von 341 Ausschuss für Inneres und Heimat Teilnehmerliste Ordentliche Stellvertretende Weitere Mitglieder Mitglieder Teilnehmer CDU/CSU Amthor, Philipp Schipanski, Tankred Bernstiel, Christoph Lindholz, Andrea Throm, Alexander, Warken, Nina SPD Hartmann, Sebastian Mohrs, Falko AfD Cotar, Joana FDP Höferlin, Manuel DIE LINKE. Pau, Petra BÜNDNIS 90/ Domscheit-Berg, Anke DIE GRÜNEN Rößner, Tabea fraktionslos 19. Wahlperiode Protokoll der 124. Sitzung vom 1. März 2021 Seite 5 von 341 Ausschuss für Inneres und Heimat Liste der Sachverständigen Öffentliche Anhörung am Montag, 1. März 2021, 14.00 Uhr „IT-Sicherheit“ Sebastian Artz Bitkom e. V., Berlin Manuel Atug AG KRITIS, Bonn Prof. Dr. Klaus F. Gärditz Rheinische Friedrich-Wilhelms-Universität Bonn Dr. Sven Herpig Stiftung Neue Verantwortung e. V., Berlin Linus Neumann Chaos Computer Club Berlin Martin Schallbruch Digital Society Institute des ESMT Berlin 19. Wahlperiode Protokoll der 124. Sitzung vom 1. März 2021 Seite 6 von 341 Ausschuss für Inneres und Heimat Tagesordnungspunkt Vors. Andrea Lindholz (CDU/CSU): Wenn Sie sich schon für uns heute bei diesem auch von Ihnen a) Gesetzentwurf der Bundesregierung selbst vorhin als sehr wichtig bezeichneten Thema Entwurf eines Zweiten Gesetzes zur Erhöhung der persönlich die Zeit nehmen. Ich könnte jetzt natür- Sicherheit informationstechnischer Systeme lich sagen: Corona – Feiern ist eh nicht. Es ist schöner im Innenausschuss, aber das ist ja auch BT-Drucksache 19/26106 nicht wirklich so. Also, vielen Dank noch mal, dass Sie da sind. b) Antrag der Abgeordneten Joana Cotar, Uwe Schulz, Dr. Michael Espendiller, weiterer Es geht heute um das IT-Sicherheitsgesetz, den Abgeordneter und der Fraktion der AfD Gesetzentwurf der Bundesregierung sowie die Anträge der Fraktion der AfD auf der Bundestags- Evaluierung des IT-Sicherheitsgesetzes von 2015 drucksache 19/26106, den Entwurf der Bundes- nach Gesetzeslage umsetzen und Ergebnisse im IT- regierung auf der BT-Drucksache 19/26225 und den Sicherheitsgesetz 2.0 berücksichtigen Antrag der AfD auf BT-Drucksache 19/26226. Es ist BT-Drucksache 19/26225 unsere 124. Sitzung, zu der ich heute eröffnen darf, und wir haben ein zweistündiges Anhörungsfenster c) Antrag der Abgeordneten Uwe Schulz, Joana vorgesehen. Wir wissen jetzt, wer zugeschaltet ist Cotar, Dr. Michael Espendiller und der Fraktion der und wer im Raum sitzt. Es wird von der Anhörung AfD wie immer eine Übertragung im Parlamentsfern- sehen des Deutschen Bundestages geben sowie die IT-Sicherheitsgesetz 2.0 – Planungs- und entsprechende Übertragung auf der Homepage des Rechtssicherheit für Netzbetreiber herstellen Deutschen Bundestages. Im Anschluss daran ist die BT-Drucksache 19/26226 Anhörung in der Mediathek abrufbar. Schriftliche Stellungnahmen haben wir erhalten. Ich darf mich Vors. Andrea Lindholz (CDU/CSU): Ich freue mich, dafür ganz herzlich bedanken, auch dafür, dass Sie dass wir uns alle hören können und frage kurz ab, uns mit Ihrer Expertise alle zur Verfügung stehen. wer alles da ist: Herr Sachverständiger Atug in der Wir werden im Anschluss an die Sitzung das Leitung, Herr Professor Gärditz ist da, Herr Protokoll übersenden. Dem Protokoll beigefügt Dr. Herpig ist da. Vielen Dank. Dann Herr werden dann auch die Stellungnahmen, die aber Schallbruch ist auch in der Leitung. Vielen Dank. auch schon versandt worden sind. Das Ganze wird Hier im Raum sind Herr Neumann als Sachverstän- in einer Gesamtdrucksache erfasst. Es wird ein diger und Herr Artz. Damit darf ich erst mal alle Wortprotokoll angefertigt, das Ihnen allen zur Sachverständigen ganz herzlich begrüßen neben Korrektur übersandt wird. Im Anschreiben werden den Kolleginnen und Kollegen hier im Raum. Es Ihnen die Details zur Behandlung mitgeteilt. Wenn müssten noch zugeschaltet sein – sind sie aber dann alle mit allem einverstanden sind, wird die glaube ich noch nicht – Frau Rößner von der Gesamtdrucksache, bestehend aus dem Protokoll Fraktion BÜNDNIS 90/DIE GRÜNEN, Frau und den schriftlichen Stellungnahmen, in das Domscheit-Berg, Fraktion DIE LINKE, ist bereits da Internet eingestellt. und die Abgeordnete Nina Warken wollte auch Zum Prozedere halten wir es bei uns so, dass jeder noch zugeschaltet sein. Vielleicht kommen die Sachverständige zunächst die Möglichkeit erhält, beiden noch. Auch den Kolleginnen und Kollegen ein fünfminütiges Eingangsstatement abzuhalten erst mal ein herzliches Grüß Gott heute. Und zum und wir danach in die Fragerunde der Kolleginnen guten Schluss darf ich begrüßen Herrn Andreas und Kollegen einschreiten. Weil wir keine Uhr Könen aus dem BMI, der heute extra für uns seinen haben, die eingeblendet ist, ich nur meine kleine 60. Geburtstag unterbricht. Und deswegen darf ich Uhr immer hier zu Hilfe habe, bitte ich jeden, ein ihm ganz herzlich zum Geburtstag gratulieren. bisschen mit auf die Zeit zu achten und das Fünf- Und, Herr Könen, ich habe in meine Frankenwein- Minuten-Fenster nicht allzu sehr zu überschreiten. Schatztruhe gegriffen und Ihnen noch einen Bei den Fragen der Kollegen gilt: In der ersten kleinen Wein mitgebracht von zu Hause. Fragerunde kann jede Fraktion entweder zwei MD Andreas Könen (BMI): Danke sehr. Fragen an einen Sachverständigen stellen, eine 19. Wahlperiode Protokoll der 124. Sitzung vom 1. März 2021 Seite 7 von 341 Ausschuss für Inneres und Heimat
Recommended publications
  • Defeating Invisible Enemies:Firmware Based
    Defeating Invisible Enemies: Firmware Based Security in OpenPOWER Systems — Linux Security Summit 2017 — George Wilson IBM Linux Technology Center Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation Agenda Introduction The Case for Firmware Security What OpenPOWER Is Trusted Computing in OpenPOWER Secure Boot in OpenPOWER Current Status of Work Benefits of Open Source Software Conclusion Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 2 Introduction Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 3 Disclaimer These slides represent my views, not necessarily IBM’s All design points disclosed herein are subject to finalization and upstream acceptance The features described may not ultimately exist or take the described form in a product Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 4 Background The PowerPC CPU has been around since 1990 Introduced in the RS/6000 line Usage presently spans embedded to server IBM PowerPC servers traditionally shipped with the PowerVM hypervisor and ran AIX and, later, Linux in LPARs In 2013, IBM decided to open up the server architecture: OpenPOWER OpenPOWER runs open source firmware and the KVM hypervisor with Linux guests Firmware and software designed and developed by the IBM Linux Technology Center “OpenPOWER needs secure and trusted boot!” Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 5 The Case for Firmware Security Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 6 Leaks Wikileaks Vault 7 Year 0 Dump NSA ANT Catalog Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 7 Industry Surveys UEFI Firmware Rootkits: Myths and Reality – Matrosov Firmware Is the New Black – Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities – Branco et al.
    [Show full text]
  • İSTİHBARATIN TEŞKİLATLANMA Ve YÖNETİM SORUNSALI: A.B.D. ÖRNEĞİ
    T.C. İSTANBUL ÜNİVERSİTESİ SOSYAL BİLİMLER ENSTİTÜSÜ SİYASET BİLİMİ VE KAMU YÖNETİMİ ANABİLİM DALI YÜKSEK LİSANS TEZİ İSTİHBARATIN TEŞKİLATLANMA ve YÖNETİM SORUNSALI: A.B.D. ÖRNEĞİ Fatih TÜRK 2501110836 TEZ DANIŞMANI DOÇ. DR Pelin Pınar GİRİTLİOĞLU İSTANBUL - 2019 ÖZ İSTİHBARATIN TEŞKİLATLANMA ve YÖNETİM SORUNSALI: A.B.D. ÖRNEĞİ Fatih TÜRK Günümüzde teknolojinin gelişimi ve küreselleşme dünyayı uçtan uca değiştirdi. Toplumlar ve ülkeler birbiri ile etkileşime geçtikçe bireysel özgürlükler ve demokrasi konusunda hassas alanlar giderek artmaktadır. Bu etkileşim ülkelerin güvenliğini ve bireysel özgürlük alanlarınıda etkilemektedir. Bu hızlı değişime karşın ülkeler geçmişin soğuk savaş anlayışı ve güvenlik hassasiyetlerini de aynı zamanda taşımaya devam etmektedirler. Gelişmiş demokrasilere sahip ülkelerin başında gelen Amerika Birleşik Devletleri’nde (ABD) mevcut güvenlik ve istihbarat anlayışı, faaliyetleri ve denetimi işte bu çatışmanın uzun sürede meydana geldiği denge üzerine kuruludur. ABD açısından istihbarat teşkilatlanma süreci yeni problemler, hak arayışları, çatışma ve çözümler doğurmaktadır. Tüm bunların ışığında bu tezin temel amacı istihbarat problemlerini ABD istihbarat teşkilatlanma süreci üzerinden analiz edip karşılaşılan problemleri neden sonuç ilişkisi içerisinde tespit etmektir. Bu çalışmada Amerika Birleşik Devletleri’nde istihbaratın yönetim modeli, teşkilatlanması ve hukuki alt yapısı incelenmiştir. Birinci bölümde kavramsal anlamda istihbarat incelemesi literatüre önemli bir katkı olarak görülebilir. İkinci bölümde
    [Show full text]
  • COMITÉ DE TRANSPARENCIA ACTA DE LA SESIÓN ORDINARIA 17/2020 DEL 28 DE MAYO DE 2020 a Las Trece Horas Del Veintiocho De Mayo De
    COMITÉ DE TRANSPARENCIA ACTA DE LA SESIÓN ORDINARIA 17/2020 DEL 28 DE MAYO DE 2020 A las trece horas del veintiocho de mayo de dos mil veinte, participan en la presente sesión a través de medios electrónicos de comunicación, Erik Mauricio Sánchez Medina, Director Jurídico; Víctor Manuel De La Luz Puebla, Director de Seguridad y Organización de la Información; y Rodrigo Villa Collins, Gerente de Análisis y Promoción de Transparencia, en su carácter de integrante suplente del Titular de la Unidad de Transparencia; todos ellos integrantes del Comité de Transparencia de este Instituto Central, así como Sergio Zambrano Herrera, Gerente de Gestión de Transparencia, en su carácter de Secretario de este órgano colegiado, de conformidad con los párrafos segundo, tercero, cuarto y quinto de la Quinta de las Reglas de Operación del Comité de Transparencia del Banco de México, publicadas en el Diario Oficial de la Federación el siete de mayo de dos mil veinte (Reglas). Acto seguido, quien ejerce en este acto las funciones de Secretariado del Comité de Transparencia manifestó que existe quórum para la celebración de la presente sesión, de conformidad con lo previsto en los artículos 43 de la Ley General de Transparencia y Acceso a la Información Pública (LGTAIP); 64, párrafos segundo y tercero, de la Ley Federal de Transparencia y Acceso a la Información Pública (LFTAIP); 83 de la Ley General de Protección de Datos Personales en Posesión de Sujetos Obligados (LGPDPPSO); 4o. del Reglamento Interior del Banco de México (RIBM); así como Quinta y Sexta de las Reglas. Por lo anterior, se procedió en los términos siguientes: ---------------------------------------------------------------------------------------------------------------------------- APROBACIÓN DEL ORDEN DEL DÍA.
    [Show full text]
  • Annual Review 2013
    Cert-IST annual review for 2013 regarding flaws and attacks 1) Introduction ...................................................................................................................................... 1 2) The most significant events for 2013 ............................................................................................... 2 2.1 The Snowden Affair changes the perception for « cyber-espionage » risk ............................. 2 2.2 Hardware attacks are becoming a real threat ......................................................................... 3 2.3 Offensive security is increasingly present ............................................................................... 3 3) Vulnerabilities and attacks seen in 2013 ......................................................................................... 5 3.1 Figures about Cert-IST 2013 production ................................................................................. 5 3.2 Alerts and Potential Dangers released by Cert-IST ................................................................ 6 3.3 Zoom on a few flaws and attacks ............................................................................................ 7 4) How to protect companies ............................................................................................................... 9 4.1 Advanced Persistent Threats (APT) ........................................................................................ 9 4.2 Opportunistic attacks ............................................................................................................
    [Show full text]
  • Sok: “Plug & Pray” Today – Understanding USB Insecurity In
    SoK: “Plug & Pray” Today – Understanding USB Insecurity in Versions 1 through C Dave (Jing) Tian∗, Nolen Scaife∗, Deepak Kumary, Michael Baileyy, Adam Batesy, Kevin R. B. Butler∗ ∗University of Florida fdaveti, scaife, butlerg@ufl.edu yUniversity of Illinois at Urbana-Champaign fdkumar11, mdbailey, [email protected] Abstract—USB-based attacks have increased in complexity in systematizing the defenses present in the USB ecosystem, we recent years. Modern attacks now incorporate a wide range of find that most defenses often focus on protecting a single layer, attack vectors, from social engineering to signal injection. To which proves ineffective against a suite of attacks that appear address these challenges, the security community has responded with a growing set of fragmented defenses. In this work, at many communication layers. In addition, misaligned goals we survey and categorize USB attacks and defenses, unifying between industry and academia further fragment the defense observations from both peer-reviewed research and industry. space. Commercial solutions focus on the prevention of data Our systematization extracts offensive and defensive primitives loss and anti-malware without regard for emerging attack that operate across layers of communication within the USB vectors, while research prototypes vary and are hamstrung by ecosystem. Based on our taxonomy, we discover that USB attacks often abuse the trust-by-default nature of the ecosystem, and the lack of built-in security building blocks in the existing transcend different layers within a software stack; none of USB specifications. As a result, research solutions often rely the existing defenses provide a complete solution, and solutions on new host and peripheral architectures that are unlikely to expanding multiple layers are most effective.
    [Show full text]
  • Disk Encryption
    Centre for Research on Cryptography and Security DiskDisk encencryptryptionion ...... MilanMilan BrožBrož ESETESET [email protected]@fi.muni.cz OctoberOctober 30,30, 20142014 FDE - Full Disk Encryption ● Transparent encryption on disk level (sectors) FDE (Full Disk Encryption) FVE (Full Volume Encryption) ... + offline protection for notebook, external drives + transparent for filesystem + no user decision later what to encrypt + encryption of hibernation and swap file + key removal = easy data disposal - more users, disk accessible to all of them - key disclosure, complete data leak - sometimes performance problems FDE – layer selection ● userspace (In Linux usually FUSE handled) (not directly in OS kernel) SW ● sw driver - low-level storage/SCSI - virtual device dm-crypt, TrueCrypt, DiskCryptor, Bitlocker, ... AES-NI, special chips (mobile), TPM (Trusted Platform Module) ● driver + hw (hw acceleration) ● disk controller Chipset FDE (... external enclosure) HW Many external USB drives with "full hw encryption" HDD FDE Hitachi: BDE (Bulk Data Encryption) ● on-disk special drives Seagate: FDE (Full Disk Encryption) Toshiba: SED (Self-Encrypting Drives) ... Chipset or on-disk FDE ● Encryption algorithm is usually AES-128/256 ... encryption mode is often not specified clearly ● Where is the key stored? ● proprietary formats and protocols ● randomly generated? ● External enclosure ● Encryption often present (even if password is empty) => cannot access data without enclosure HW board ● Recovery: you need the same board / firmware ● Weak hw part: connectors ● Full system configuration ● laptop with FDE support in BIOS / trusted boot ● Vendor lock-in ● FIPS 140-2 (mandatory US standard, not complete evaluation of security!) Chipset FDE examples ● Encryption on external disk controller board + standard SATA drive ● USB3 external disk enclosure ● AES-256 encryption http://imgs.xkcd.com/comics/security.png DiskDisk encencryptryptionion .....
    [Show full text]
  • Protecting Data In-Use from Firmware and Physical Attacks
    Protecting Data In-Use from Firmware and Physical Attacks Stephen Weis PrivateCore Palo Alto, CA ABSTRACT 2. PHYSICAL ATTACKS Defending computers from unauthorized physical access, ma- It is generally understood that physical access to an x86 licious hardware devices, or other low-level attacks has proven platform can completely compromise software security. His- extremely challenging. The risks from these attacks are torically, physical security controls such as cages, cameras, exacerbated in cloud-computing environments, where users and locks have been employed to prevent or detect physical lack physical control over servers executing their workloads. access. Yet with adoption of outsourced infrastructure and This paper reviews several firmware and physical attacks cloud computing, x86 platforms are increasingly run outside against x86 platforms, including bootkits, "cold booting", the physical control of the software owner. and malicious devices. We discuss several existing tools and This section briefly summarizes several well-known phys- technologies that can mitigate these risk such as Trusted ical attack vectors against x86 platforms, including DMA Execution Technology (TXT) and main memory encryption. and physical memory extraction. We will also discuss upcoming technologies that may help protect against firmware and physical threats. 2.1 Direct Memory Access By design, x86 architectures provide direct memory access (DMA) from hardware subsystems to main memory without 1. INTRODUCTION invoking the CPU. DMA is generally used to improve per- formance. For example, DMA allows disk, network, and In 2013, journalists revealed that the United States Na- graphics devices to read and write data directly to memory tional Security Agency's (NSA) Tailored Access Operations without incurring CPU cycles.
    [Show full text]
  • Plummer-Fernandez, Matthew. 2019. the Art of Bots: a Practice-Based Study of the Multiplicity, Entanglements and figuration of Sociocomputational Assemblages
    Plummer-Fernandez, Matthew. 2019. The art of bots: A practice-based study of the multiplicity, entanglements and figuration of sociocomputational assemblages. Doctoral thesis, Goldsmiths, University of London [Thesis] https://research.gold.ac.uk/id/eprint/26599/ The version presented here may differ from the published, performed or presented work. Please go to the persistent GRO record above for more information. If you believe that any material held in the repository infringes copyright law, please contact the Repository Team at Goldsmiths, University of London via the following email address: [email protected]. The item will be removed from the repository while any claim is being investigated. For more information, please contact the GRO team: [email protected] The art of bots: A practice-based study of the multiplicity, entanglements and figuration of sociocomputational assemblages Matthew Plummer-Fernandez 33365961 Thesis submitted for the degree of Doctor of Philosophy Design Department Goldsmiths, University of London December 2018 1 Declaration of Authorship: I, Matthew Plummer-Fernandez, hereby declare that this thesis and the work presented in it is entirely my own. Where I have consulted the work of others, this is always clearly stated. Signed: Date: 31/12/2018 2 DIGITAL ARCHIVE OF PRACTICE-BASED RESEARCH 6 ABSTRACT 8 LIST OF ILLUSTRATIONS 9 CHAPTER 1: INTRODUCTION 13 A brief history of bots 14 The emergence of artbots 20 Prior notions of computer-related art 27 Note on interdisciplinarity 31 Thesis outline 32 CHAPTER 2: A FRAMEWORK
    [Show full text]
  • Future for Crypto
    Future for Crypto Me Graeme Neilson CISO / Head of Research www.aurainfosec.com Reverse engineering, Cryptanalysis Talked at BlackHat, CanSecWest, H2HC, Troopers and Daycon many times... Past Years ● Backdooring firewalls ● Quantum cryptography ● Cracking audio one time passwords ● Potential real world crypto attacks Why is Crypto Important? Fundamental to the Internet ● Privacy, confidentiality, integrity, non-repudiation, anonymity ● Blockchain technology is going to be the basis of new financial systems (transactions, public ledger, contracts, identity) and is reliant on cryptography Cryptography Last Year ● Supply chain interception ● Weakened PRNG ● Weakened crypto protocol ● Exploitable implementations Backdooring Firewalls Described by an NSA manager as being: “some of the most productive operations in TAO because they pre-position access points into hard target networks around the world.” How? 2013, NSA manager describes the process: “shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are intercepted. Next, they are redirected to a secret location where Tailored Access Operations/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the installation of beacon implants directly into our targets’ electronic devices. These devices are then re-packaged and placed back into transit to the original destination.” Me: Netscreen of the Dead 2008, Welcome to Rootkit Country 2011 Told ya so :-) The NSA ANT catalog ● FEEDTROUGH: Software that can penetrate Juniper Networks firewalls allowing other NSA-deployed software to be installed on mainframe computers ● GOURMETTROUGH: User-configurable persistence implant for certain Juniper Networks firewalls ● HALLUXWATER: Back door exploit for Huawei Eudemon firewalls ● JETPLOW: Firmware that can be implant to create a permanent backdoor in a Cisco PIX series and ASA firewalls.
    [Show full text]
  • Master of Science in Global and National Security Global and National Security Policy Institute, Office of the Provost
    Master of Science in Global and National Security Global and National Security Policy Institute, Office of the Provost New Graduate Degree Form D Review Dr. Emile Nakhleh, Ph.D. Director, Global and National Security Policy Institute [email protected] 505-385-8334 Nicole Dopson Director, Financial Operations for Academic Affairs [email protected] 505-277-8126 Master of Science in Global and National Security Global and National Security Policy Institute, Office of the Provost September 1, 2017 TABLE OF CONTENTS 1. Executive Summary 2. Program Proposal 3. Catalog Description 4. Modules 5. Learning Outcomes 6. Graduate Program Projected Cost 7. Library Impact Statement 8. Letters of Support 9. Appendices Appendix I. Global and National Security Policy Institute Business Plan Appendix II. Comparison Institutions Appendix III. Syllabi Examples 1 EXECUTIVE SUMMARY 2 Master of Science in Global and National Security Global and National Security Policy Institute, Office of the Provost September 1, 2017 Executive Summary This application is for a non-traditional, interdisciplinary Master of Science degree in Global and National Security (MSGNS), which consists primarily of online graduate modules (combining two courses each) and in-person meetings. Modules carry six credits each, are team-taught by two faculty members, and usually correspond to two courses (mostly “Special Topics”) in the catalog of the departments offering the modules. The MSGNS, designed primarily for individuals already in the workforce, aims at providing prospective students—from government, government contractors, and private corporations—with a broader context of security issues that affect their work. UNM traditional students interested in careers in this area could also enroll in this degree program.
    [Show full text]
  • Cybersecurity and National Security
    Cybersecurity and National Security ECE 595 Professor: Dr. Christopher Lamb Phone: 505-228-8090 Email: [email protected] Course Description This course will cover the importance of cybersecurity to national policy today. Specifically, we’re going to discuss the history of cybersecurity as a strategic weapon, how long it’s been recognized as such and why, and recent campaigns where cybersecurity (or the lack thereof) has been used as a weapon. Recent developments over the past ten years have highlighted the transformational nature of cybersecurity in national policy and with regard to national security. We’ve seen (alleged) attacks against utilities, manufacturing, and corporations, all with links to nation-aligned groups. We’re going to cover how cybersecurity as a national property of strategic importance was first recognized in the United States, and how we’ve evolved over the years with respect to how it is addressed. We’ll also cover studies of recent campaigns conducted by suspected nation-state aligned groups to understand how these kinds of attacks have evolve and how they’re executed today. At the end of the course, the students will write a research paper on a cybersecurity topic they select, and give a presentation over that topic to the class. Course Objectives and Methodology The class will be structured collaboratively, with shared readings and discussion over those readings. At the end of the course, my goal is for all the involved students to have a clear understanding of how cybersecurity has evolved as an area of national importance, why it’s more important than ever today, and how nation-states seem engage in this kind of activity.
    [Show full text]
  • Computer Security Fundamentals
    Computer Security Fundamentals Fourth Edition Dr. Chuck Easttom Computer Security Fundamentals, Fourth Edition Editor-in-Chief Mark Taub Copyright © 2020 by Pearson Education, Inc. All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by Product Line Manager any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from Brett Bartow the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no Senior Editor responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the James Manly information contained herein. ISBN-13: 978-0-13-577477-9 Development Editor ISBN-10: 0-13-577477-2 Christopher Cleveland Library of Congress control number: 2019908181 Managing Editor ScoutAutomatedPrintCode Sandra Schroeder Trademarks Project Editor All terms mentioned in this book that are known to be trademarks or service marks have been Mandie Frank appropriately capitalized. Pearson cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Indexer ® ® ® Microsoft Windows , and Microsoft Office are registered trademarks of the Microsoft Corporation in Erika Millen the U.S.A. and other countries. This book is not sponsored or endorsed by or affiliated with the Microsoft Corporation. Proofreader Abigail Manheim Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or Technical Editor fitness is implied.
    [Show full text]