Latest Posts:
TheTechAgents
Tag

action

Browsing
Internet

NIST action will heat up the post-quantum cryptography market By Techagents

A government standards agency’s crackdown on potential post-quantum cryptographic algorithms will strongly stimulate the PQC market over the next five years, according to an international research and advisory firm.

In its recently released Post-Quantum Cryptography Applications Analysis report, ABI Research predicts PQC revenue to grow 12% from US$196 million in 2022 to $218.6 million in 2023 and 20% from $328.7 million in 2026 to 2027 395.3 million dollars.

The nascent market will kick into high gear once the National Institute of Standards finalizes its choice of PQC algorithm, the report said.

“NIST is the foremost standards development organization leading PQC algorithm development, and depends on the successful completion of this process, after which work on algorithm integration and protocol updates is advanced by other organizations, industry associations, and open source movements.” “ABI Cyber ​​Security Applications Research Director Michaela Menting said in a statement.

“The progress of work in these forums will be a sign of technology maturity, and the goal for vendors will be to introduce ‘plug and play’ type technologies to their respective industries, allowing commercial integration and ease of adoption.”

Ray Harishankar, quantum safe lead at IBM, told TechNewsWorld, “When NIST announced that it has selected four encryption and digital signature algorithms to build quantum-secure standards by 2024, the field took an important step.” Is.”

Preparing for PQC Migration

The ABI’s growth forecast was not surprising to some in the quantum domain. “Since the latest NIST announcement, the cork has partially come out of the bottle,” Ben Packman, senior vice president of strategy at PQShield, a cryptography standards developer in Oxford, UK, told TechNewsWorld.

“They were a lot of people who were waiting to see what NIST would announce to think about their plans for migration to PQC,” he explained.

“I say out of the bottle partly because until those standards are ratified in 2024 – it is just the promise of a standard. Still, it allows people to plan with some certainty, ” They said.

When the standards are finalized, they will have a significant impact on the technology industry because everyone from vendors to standards bodies relying on cryptography will need to adapt to the changes and updated protocols, Samantha Mabe, product marketing management for Entrust Director, an identity solutions provider from Shakopee, Minn., explained to TechNewsWorld.

Post CEO Anderson Cheng said, in addition to vendors and standards bodies, anyone who needs to keep a secret for more than 10 years needs to follow NIST’s work closely, because that time period is at quantum risk. Well within the time limit. Quantum, a quantum-secure encryption, blockchain and digital identity company based in London.

Cheng told TechNewsWorld that the NSA, GCHQ, DOD and MI6 are seeing their encrypted data stolen right now. “From time to time, their internet traffic is being diverted to some Eastern European country for two or three hours at a time and then back to normal. The consensus is that Russia or some adversary is conducting rehearsals to suck up the data and decrypt it later.

NIST is not alone in crafting cryptography standards for the post-quantum era. “Work is also underway at other standards bodies – such as the IETF – to update secure message formats – such as S/MIME email and code signing – and secure protocols – such as TLS – to adopt PQC, which includes hybrid cryptographic data structures. including formalizing systems — such as composite certificates — for those who don’t think they’re ready yet to put all their eggs in the post-quantum basket,” Mabe said.

infrastructure review

Achieving the revenue growth forecast by ABI will require overcoming several challenges. For example, the PQ solution state is likely to remain unstable for some time. Mabe said, “While we move to PQ-safe algorithms today, we must acknowledge that they are a less mature set of algorithms and that it is important to remain agile as they may still need to change in the future. “

The technology demands posed by PQC solutions will be a challenge for both vendors and customers. Mabe pointed out that organizations will need to do a health check on their technology and the cryptography that exists in their infrastructure today to ensure that they have the right scale to support the additional computing power required by these new algorithms. There are other technologies.

Another challenge facing PQC will be the breadth and diversity of existing commercial cryptographic applications. For example, migrating to something like TLS is relatively simple. You add new cipher suites to the list, and if both peers support it, it is used. Otherwise, you go down the list that both partners support.

“Contrast that with data warehouses containing encrypted data over the last 30 years or with PKI-enabled ID badges, ePassports or gift cards,” Mabe said. “You can upgrade the card to PQ, but what happens when it encounters a terminal that hasn’t been upgraded since 2015?”

Packman said that PQC requires a change in the way people think about implementing cryptography. “In the past, people would cook in something and forget about it,” he explained. “With the advancement of computers, it is now clear that things need to be constantly updated over time. There needs to be some agility in the way people implement cryptography. Different types for different types of scenarios. will have algorithms.”

Read More
By
Internet

Report calls for action on advertising by Digital Pill Mills By Techagents

A loophole in the rules governing the advertising of stimulant drugs must be closed, according to a report released on Monday by an international think tank.

Many telehealth companies aggressively market stimulant drugs to users on social media without the typical disclosures found in pharmaceutical ads, according to a 39-page report from the Center for Data Innovation, which data , studies the intersection of technology and technology. public policy.

It clarified that telehealth companies can post advertisements for prescription drugs without including any warnings or information about side effects due to technicalities in drug advertising laws and regulations.

Many ads on social media for stimulant medication target audiences concerned with attention deficit and hyperactivity disorder. The Center for Data Innovation report referenced this November 2021 tweet from Clarity ADHD:

Klarity ADHD Tweet Ad Gets Adderall Prescribed Online for ADHD

Image Source: Clarity ADHD Twitter Feed

“The majority of medical providers who offer treatment for ADHD act in the best interests of their patients and prescribe stimulant medications when medically necessary,” said Morgan Stevens, author of the report.

“But some newer telehealth companies, such as Cerebral and Done, have abused the advertising loophole to market stimulant drugs,” she told TechNewsWorld.

Cerebral declined to comment for this story. Kiya did not respond to a request for comment.

bullets in front of people

The report notes that the consumption of stimulant drugs has increased over the past few decades, following a pattern similar to the opioid epidemic.

Stimulant drug consumption continued to rise during the COVID-19 pandemic, with some telehealth companies taking advantage of lax regulations to offer prescriptions for stimulants with little medical supervision or appropriate care.

However, despite the increased consumption and availability of stimulant drugs, stimulant abuse, and more prescriptions, face less scrutiny than other Schedule II controlled substances, such as opioids, it added.

The report noted that several regulatory changes designed to promote the use of telehealth during the pandemic allowed more remote services to be delivered than ever before, including prescribing stimulant drugs.

In pursuit of rapid growth, it continued, some telehealth companies prioritize customer retention and satisfaction over ensuring that patients receive appropriate, high-quality care.

The report notes that some companies operating in the telehealth space do not meet the standards for in-person psychiatric care.

The diagnostic process for ADHD usually involves a lengthy evaluation in which a medical provider will review the patient’s clinical history, discuss reported symptoms, and ask for information from the patient’s friends and family. Could Instead, some companies evaluate patients during 30-minute appointments before reaching a diagnosis and prescribing stimulant medications.

‘Assisted Ads’

Companies advertising ADHD drugs were able to avoid more stringent regulations by not mentioning specific drugs by name.

Unlike ads that name specific drugs, the report noted that these ads—classified by the FDA as “help-seeking ads”—discuss a condition or disease but do not refer to a specific medical treatment for it. Let’s give

Instead, these ads would list the symptoms caused by ADHD and encourage viewers to seek treatment from a medical professional if they experience symptoms.

Google Ads search result for Buy Adderall online from ADHD treatment provider turned up

December 5, 2022 — A Google search for “buy Adderall online” brings up the first result which is an ad for Done.

However, the report notes that many of the symptoms listed in the ads are general to the human condition and may not indicate that a person has ADHD.

In disseminating information about ADHD symptoms without providing additional context, these ads run the risk of misleading viewers into thinking they have ADHD and should take medications to treat the condition without understanding the risks.

It states that viewers may identify with one or more of the common symptoms presented in the ad and seek medical treatment for the condition. This may result in some viewers receiving a misdiagnosis and medically unnecessary treatment.

Law enforcement audits of telehealth platforms

Although some telehealth providers offering mental health services may have played a role in a sharp increase in stimulant drug prescriptions during the COVID-19 pandemic, the report urged policymakers to focus on improving oversight of those providers. is — and rather than punishing those who violate the law — seeking retribution for the telehealth industry as a whole.

Among the actions recommended in the report are policy makers having law enforcement agencies regularly audit telehealth platforms to identify bad or negligent actors responsible for unnecessary prescriptions.

However, Dr. Jeffrey Singer, a surgeon and senior fellow at the Washington, DC think tank Keto Institute, sees some problems with law enforcement playing a role in regulating the medical profession.

“I don’t know many law enforcement people who have medical or pharmacological degrees, but they decide what is excessive and what is not,” he told TechNewsWorld.

“Whether doctors are overprescribing, underprescribing or prescribing inappropriately is a medical decision, not a decision for the criminal legal system,” he said.

In a white paper published in November, Singer and Cato Research Fellow Trevor Burruss argued that medical mismanagement of pain, which causes harm to patients, is best addressed through the civil tort system.

,[S]States establish professional licensing boards specifically to enforce the ‘standard of care’ provided by those professionals,” he wrote. “Law enforcement has no medical expertise and no knowledge of narcotics and psychoactive They should have no role in classifying substances.”

doctor crossing the state line

Stevens countered that the Drug Enforcement Administration, Department of Health and Human Services, and state law enforcement agencies are already investigating physicians and organizations in the health care industry, in addition to the regular audits the DEA conducts for controlled substances.

“The DEA, HHS and states have the ability to expand these operations to ensure compliance with more controlled substances,” he added.

The report also recommended that doctors be allowed to treat patients across state lines. She suggested that policy makers increase the number of providers patients can see to receive mental health services. With telehealth, patients can receive remote medical care from providers in various locations.

It states that state policymakers should join licensing compacts that enable medical providers to practice across state lines.

In testimony before Congress, Singer suggested lawmakers go even further. He told the Senate Subcommittee on Communications, Media and Broadband, “Congress should define ‘place of care’ as the state in which the practitioner is located as opposed to the state in which the consumer of the service resides.”

“This change will increase access to care and allow patients to access expertise that may exist in areas of the country that are otherwise beyond their reach,” he explained. “It would also remove protections from out-of-state competitors that health care providers otherwise enjoy. The increased competition would again be to the benefit of patients.”

Keep a Watchful Eye on Telehealth Providers

The report states that the telehealth startup economy grew due to regulatory changes from the COVID-19 pandemic. These new companies enabled patients to receive medical care from the comfort of their homes and provided medical benefits that would otherwise be unavailable. Still, some telehealth providers have taken advantage of these changes to the detriment of patients.

Given the benefits of telehealth and the ease of access, it continued, policymakers should continue to drive regulatory changes that have helped the companies flourish. However, they must work to ensure that remote patients receive the same level of care as they would during an in-person appointment.

Read More
By
Information Technology

Open source leaders push WH for security action By Techagents

The first plan of its kind to comprehensively address open source and software supply chain security is awaiting White House support.

The Linux Foundation and the Open Source Software Security Foundation (OpenSSF) on Thursday brought together more than 90 executives from 37 companies and government leaders from the NSC, ONCD, CISA, NIST, DOE and OMB to reach a consensus on key actions. Improving the flexibility and security of open-source software.

A subset of the participating organizations have collectively pledged an initial tranche of funds for the implementation of the scheme. Those companies are Amazon, Ericsson, Google, Intel, Microsoft, and VMWare, with more than $30 million in pledges. As the plan progresses, more funds will be identified and work will begin as agreed upon individual streams.

The Open Source Software Security Summit II, led by the National Security Council of the White House, is a follow-up to the first summit held in January. That meeting, convened by the Linux Foundation and OpenSSF, came on the one-year anniversary of President Biden’s executive order on improving the nation’s cyber security.

As part of this second White House Open Source Security Summit, open source leaders called on the software industry to standardize on SigStore developer tools and upgrade the collective cyber security resilience of open source and improve trust in software. called upon to support the plan. Dan Lorenc, CEO and co-founder of Chainguard, co-creator of Sigstore.

“On the one-year anniversary of President Biden’s executive order, we’re here today to respond with a plan that’s actionable, because open source is a critical component of our national security, and it’s driving billions of dollars in software innovation. is fundamental to investing today,” Jim Zemlin, executive director of the Linux Foundation, announced Thursday during his organization’s press conference.

push the support envelope

Most major software packages contain elements of open source software, including code and critical infrastructure used by the national security community. Open-source software supports billions of dollars in innovation, but with it comes the unique challenges of managing cybersecurity across its software supply chains.

“This plan represents our unified voice and our common call to action. The most important task ahead of us is leadership,” said Zemlin. “This is the first time I’ve seen a plan and the industry will promote a plan that will work.”

The Summit II plan outlines funding of approximately $150 million over two years to rapidly advance well-tested solutions to the 10 key problems identified by the plan. The 10 streams of investment include concrete action steps to build a strong foundation for more immediate improvements and a more secure future.

“What we are doing together here is converting a bunch of ideas and principles that are broken there and what we can do to fix it. What we have planned is the basis to get started. As represented by 10 flags in the ground, we look forward to receiving further input and commitments that lead us from plan to action,” said Brian Behldorf, executive director of the Open Source Security Foundation.

Open Source Software Security Summit II in Washington DC, May 12, 2022.

Open Source Software Security Summit II in Washington DC, May 12, 2022. [L/R] Sarah Novotny, Open Source Lead at Microsoft; Jamie Thomas, enterprise security executive at IBM; Brian Behldorf, executive director of the Open Source Security Foundation; Jim Zemlin, executive director of The Linux Foundation.

highlight the plan

The proposed plan is based on three primary goals:

  • Securing open source security production
  • Improve vulnerability discovery and treatment
  • shortened ecosystem patching response time

The whole plan includes elements to achieve those goals. These include security education which provides a baseline for software development education and certification. Another element is the establishment of a public, vendor-neutral objective-matrix-based risk assessment dashboard for the top 10,000 (or more) OSS components.

The plan proposes the adoption of digital signatures on software releases and the establishment of the OpenSSF Open Source Security Incident Response Team to assist open source projects during critical times.

Another plan detail focuses on improved code scanning to accelerate the discovery of new vulnerabilities by maintainers and experts through advanced security tools and expert guidance.

Code audits conducted by third-party code reviews and any necessary remedial work will detect up to 200 of the most critical OSS components once per year.

Coordinated data sharing will improve industry-wide research that helps determine the most important OSS components. Providing Software Bill of Materials (SBOM) everywhere will improve tooling and training to drive adoption and provide build systems, package managers and distribution systems with better supply chain security tools and best practices.

stock factor

Chainguard, who co-created the Sigstore repository, is committed to financial resources for the public infrastructure and network offered by OpenSSF and to ensure that SigStore’s impact is felt in every corner of the software supply chain and Will collaborate with industry peers to deepen work on interoperability. software ecosystem. This commitment includes at least $1 million per year in support of Sigstore and a pledge to run it on its own node.

Designed and built with maintainers for maintainers, it has already been widely adopted by millions of developers around the world. Lorenc said now is the time to formalize its role as the de facto standard for digital signatures in software development.

“We know the importance of interoperability in the adoption of these critical tools because of our work on the SLSA framework and SBOM. Interoperability is the linchpin in securing software across the supply chain,” he said.

Related Support

Google announced Thursday that it is creating an “open-source maintenance crew” tasked with improving the security of critical open-source projects.

Google also unveiled the Google Cloud Dataset and open-source Insights projects to help developers better understand the structure and security of the software they use.

According to Google, “This dataset provides access to critical software supply chain information for developers, maintainers, and consumers of open-source software.”

“Security risks will continue to plague all software companies and open-source projects and only an industry-wide commitment that includes a global community of developers, governments and businesses can make real progress. Basic in Google Cloud and Google Fellows at Security Summit “Google will continue to play our part to make an impact,” said Eric Brewer, vice president of infrastructure.

Read More
By