[Newsclips] IETF SYN-ACK Newspack 2022-10-24

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

China, Russia to Adopt ‘Slightly Different’ PQC Standards From US

Quantum computing experts expect China and Russia to select encryption algorithms for post-quantum cryptography (PQC) standards based on the same mathematical problems as the U.S. and other western countries, while choosing a scheme that is slightly different. ... Laura Thomas, former CIA case officer and current chief of staff and VP of strategic initiatives at ColdQuanta, told SDxCentral that non-western countries are more likely to follow international standards set by the International Organization for Standardization (ISO) or the Internet Engineering Task Force (IETF).

< <https://www.sdxcentral.com/articles/analysis/china-russia-to-adopt-slightly-different-pqc-standards-from-us/2022/10/> https://www.sdxcentral.com/articles/analysis/china-russia-to-adopt-slightly-different-pqc-standards-from-us/2022/10/>

 

So einfach wird der Internetsicherheitsmechanismus RPKI wirkungslos[This is how easy the Internet security mechanism RPKI becomes ineffective]

... Um zu verhindern, dass ein Netz im Internet IP-Adressblöcke beansprucht, die ihm nicht rechtmäßig gehören, hat die IETF, die für das Internet zuständige Standardisierungsorganisation, die Ressource Public Key Infrastructure (RPKI) standardisiert. Die RPKI nutzt dazu digital signierte Zertifikate, die bestätigen, dass ein bestimmter IP-Adressblock tatsächlich zu dem angegebenen Netz gehört, wie es heißt. Nach Messungen des Athene-Teams haben mittlerweile knapp 40 Prozent aller IP-Adressblöcke ein RPKI-Zertifikat, und etwa 27 Prozent aller Netze prüfen diese Zertifikate.

< <https://www.maschinenmarkt.vogel.de/so-einfach-wird-der-internetsicherheitsmechanismus-rpki-wirkungslos-a-c1ce712690f6d6ba7f5142653baff3d4/> https://www.maschinenmarkt.vogel.de/so-einfach-wird-der-internetsicherheitsmechanismus-rpki-wirkungslos-a-c1ce712690f6d6ba7f5142653baff3d4/>

 

Wireguard, Curl & Co.: Bund beginnt Förderung von sieben Open-Source-Projekten [Wireguard, Curl & Co.: Federal government begins funding of seven open source projects]

... Die Liste der sieben zum STF-Start geförderten Projekte umfasst das von der IETF entwickelte OpenMLS Library zur Ende-zu-Ende-Verschlüsselung von Nachrichten, das Kommandozeilen-Programm Curl zum Datentransfer, die freie Implementierung des Border Gateway Protocols (BPG) OpenBGPD und das Paketsystem RubyGems für Ruby samt dem Abhängigkeitsmanager Bundler.

< <https://www.heise.de/news/Wireguard-Curl-Co-Bund-startet-Foerderung-von-sieben-Open-Source-Projekten-7315339.html> https://www.heise.de/news/Wireguard-Curl-Co-Bund-startet-Foerderung-von-sieben-Open-Source-Projekten-7315339.html>

 

刘韵洁院士：算力和网络还是“两张皮”[Academician Liu Yunjie: Computing power and the network are still "two skins"]

... 这已不是人们第一次面对确定性网络的命题。早在2015年，国际互联网工程任务组（IETF）成立了一个工作小组，专门研究广域网的确定性标准，但至今没有标准化。国内也有包括电力、工业互联网等行业，也曾发布了有关确定性网络的白皮书。

< <https://news.sciencenet.cn/htmlnews/2022/10/487924.shtm> https://news.sciencenet.cn/htmlnews/2022/10/487924.shtm>

 

**********************

SECURITY & PRIVACY

**********************

The Internet is built on a house of cards: it's time to secure it

The Internet’s routing system hasn’t changed much since its inception 33 years ago, but the world around it has. A new OECD report explores the current state of play of routing security and how policy makers can improve it.

< <https://www.oecd-forum.org/posts/the-internet-is-built-on-a-house-of-cards-it-s-time-to-secure-it> https://www.oecd-forum.org/posts/the-internet-is-built-on-a-house-of-cards-it-s-time-to-secure-it>

 

Accountability and Liability in Computing

In 2017, I wrote: "So here we are, 70 years into the computer age and after three ACM Turing Awards in the area of cryptography (but none in cybersecurity), and we still do not seem to know how to build secure information systems." What would I write today? Clearly, I would write: "75 years," but I would not change a word in the rest of the sentence. In fact, one could argue that the cybersecurity threat has increased, as critical infrastructure is now vulnerable to cyberattacks. Indeed, in May 2021 the U.S. oil pipeline system Colonial Pipeline came under a ransomware attack that forced it to halt all pipeline operations to contain the attack.

< <https://cacm.acm.org/magazines/2022/11/265836-accountability-and-liability-in-computing/fulltext> https://cacm.acm.org/magazines/2022/11/265836-accountability-and-liability-in-computing/fulltext>

 

Securing IoT devices against attacks that target critical infrastructure

South Staffordshire PLC, a company that supplies water to over one million customers in the United Kingdom, notified its customers in August of being a target of a criminal cyberattack. This incident highlights the sophisticated threats that critical industries face today. According to South Staffordshire, the breach did not appear to have caused damage to the systems and it did not impact their ability to supply safe water to their customers.

< <https://www.microsoft.com/en-us/security/blog/2022/10/21/securing-iot-devices-against-attacks-that-target-critical-infrastructure/> https://www.microsoft.com/en-us/security/blog/2022/10/21/securing-iot-devices-against-attacks-that-target-critical-infrastructure/>

 

NCSC CEO delivers international speech on securing the Internet of Things and smart cities

The head of the UK’s National Cyber Security Centre has emphasised the importance of connected technologies being made secure by design in a speech at Singapore International Cyber Week.

< <https://www.ncsc.gov.uk/news/ncsc-ceo-delivers-international-speech-on-securing-the-internet-of-things-and-smart-cities> https://www.ncsc.gov.uk/news/ncsc-ceo-delivers-international-speech-on-securing-the-internet-of-things-and-smart-cities>

 

us: Cyber security professor awarded $1.5 million from National Science Foundation

The National Science Foundation (NSF) has awarded Elias Bou-Harb, associate professor of cyber security in UTSA’s Carlos Alvarez College of Business, two grants totaling $1.5 million to further his work on Internet of Things (IoT) and critical infrastructure security.

< <https://www.utsa.edu/today/2022/10/story/2022-cyber-security-professor-nsf-research-grant.html> https://www.utsa.edu/today/2022/10/story/2022-cyber-security-professor-nsf-research-grant.html>

 

**********************

INTERNET OF THINGS

**********************

Everything we know about the White House’s IoT security labeling effort

The White House issued a statement today that said, essentially, it hosted a big meeting on Wednesday, with big names, and that some kind of security label for smart devices will come of it in spring 2023. Here’s a good deal more on what happened, and what’s likely to come out of it.

< <https://arstechnica.com/gadgets/2022/10/everything-we-know-about-the-white-houses-iot-security-labeling-effort/> https://arstechnica.com/gadgets/2022/10/everything-we-know-about-the-white-houses-iot-security-labeling-effort/>

 

Statement by NSC Spokesperson Adrienne Watson on the Biden-⁠Harris Administration’s Effort to Secure Household Internet-Enabled Devices

Yesterday, the White House convened leaders from the private sector, academic institutions, and the U.S. Government to advance a national cybersecurity labeling program for Internet-of-Things (IoT) devices. The Biden-Harris Administration has made it a priority to strengthen our nation’s cybersecurity, and a key part of that effort is ensuring the devices that have become a commonplace in the average American household – like baby monitors or smart home appliances – are protected from cyber threats. A labeling program to secure such devices would provide American consumers with the peace of mind that the technology being brought into their homes is safe, and incentivize manufacturers to meet higher cybersecurity standards and retailers to market secure devices.

< <https://www.whitehouse.gov/briefing-room/statements-releases/2022/10/20/statement-by-nsc-spokesperson-adrienne-watson-on-the-biden-harris-administrations-effort-to-secure-household-internet-enabled-devices/> https://www.whitehouse.gov/briefing-room/statements-releases/2022/10/20/statement-by-nsc-spokesperson-adrienne-watson-on-the-biden-harris-administrations-effort-to-secure-household-internet-enabled-devices/>

 

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

Universally accepted protocols give us confidence that our buildings, utilities, vehicles, food and medicines are uniformly safe and trustworthy. At this moment, we’re in dire need of implementing standards designed to make digital services as private and secure as they need to be.

< <https://www.lastwatchdog.com/my-take-why-the-matter-smart-home-standard-portends-the-coming-of-the-internet-of-everything/> https://www.lastwatchdog.com/my-take-why-the-matter-smart-home-standard-portends-the-coming-of-the-internet-of-everything/>

 

Why Sensors Are Key IoT Cybersecurity: The essential part of the IoT is becoming a target for cyberattacks

Sensors enabled by the Internet of Things are network-connected smart devices that collect and transmit real-time data about their environment. The data they provide lets people make better-informed decisions.

< <https://spectrum.ieee.org/sensor-cybersecurity-standards> https://spectrum.ieee.org/sensor-cybersecurity-standards>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Associate Professor in Post-quantum Cryptography: Norwegian University Of Science & Technology - NTNU 

The Onsager Fellowship programme at NTNU is designed to attract talented early-career scholars with a track-record of high quality published research, ready to work independently and with the potential to become a research leader. The tenure-track associate professor’s duties will primarily include research, but also include supervision, teaching, and other duties necessary to qualify for a permanent professor position within 6-7 years. ... Your PhD, or comparable academic work, must be within the field of post-quantum cryptography, and of particular interest are candidates with a documented academic track record within one or several of the following topics: ost-quantum cryptography within secure network protocols (TLS, QUIC, IPsec, WireGuard, DNSSEC, MLS, SSH, ...)

< <https://www.timeshighereducation.com/unijobs/listing/313534/associate-professor-in-post-quantum-cryptography/> https://www.timeshighereducation.com/unijobs/listing/313534/associate-professor-in-post-quantum-cryptography/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Changing Governance at W3C

The World Wide Web Consortium (W3C) — the body that designs and sets standards for the underlying protocols of the web — is going through some welcome but incomplete governance changes. While the W3C began as a legal agreement between universities, it is now transitioning to a new legal entity called W3C Inc. with a new board of directors.

< <https://cdt.org/insights/changing-governance-at-w3c/> https://cdt.org/insights/changing-governance-at-w3c/>

 

Meet ITU’s next top elected officials: Cosmas Zavazava

“ITU is a critical organization, […] leading in terms of information and communication technology deployment, and also development of standards, spectrum, and also executing projects across the globe, which can change the entire game of socioeconomic development,” says Cosmas Zavazava, the next Director of ITU’s Telecommunication Development Bureau (BDT).

< <https://www.itu.int/hub/2022/10/meet-itus-next-top-elected-officials-cosmas-zavazava/> https://www.itu.int/hub/2022/10/meet-itus-next-top-elected-officials-cosmas-zavazava/>

 

Meet ITU’s next top elected officials: Seizo Onoe

“ITU standardization needs to contribute to people’s lives and society, where it leads to social and economic development,” says Seizo Onoe, the next Director of the Telecommunication Standardization Bureau (TSB) at the ITU.

< <https://www.itu.int/hub/2022/10/meet-itus-next-top-elected-officials-seizo-onoe/> https://www.itu.int/hub/2022/10/meet-itus-next-top-elected-officials-seizo-onoe/>

 

G20: Recover together, recover stronger with international standards

The leading international standards bodies — the International Electrotechnical Commission (IEC), the International Organization for Standardization (ISO), and the ITU — have urged world leaders to recognize, support, and adopt international standards to meet G20 “Recover together, recover stronger” post-pandemic goals.

< <https://www.itu.int/hub/2022/10/g20-international-standards-summit-in-bali/> https://www.itu.int/hub/2022/10/g20-international-standards-summit-in-bali/>

 

Industry bodies oppose EU’s removal of non-European companies from expert group

Six interest groups have mobilised against the European Commission’s recent restrictions on the involvement of representatives of non-European companies in the Radio Equipment expert group, saying they go against the EU’s global values.

< <https://www.euractiv.com/section/digital/news/trade-groups-oppose-eus-removal-of-non-european-organisations-from-expert-group/> https://www.euractiv.com/section/digital/news/trade-groups-oppose-eus-removal-of-non-european-organisations-from-expert-group/>

 

Tech-Fuelled Inequality Could Catalyze Populism 2.0

Geopolitical crises, looming climate chaos and the relentless expansion of surveillance capitalism are driving the development of the technologies of tomorrow — artificial intelligence (AI), semiconductors, green energy, big data, advanced robotics, virtual and augmented reality, nanotechnology, quantum computing, the Internet of Things and more.

< <https://www.cigionline.org/articles/tech-fuelled-inequality-could-catalyze-populism-20/> https://www.cigionline.org/articles/tech-fuelled-inequality-could-catalyze-populism-20/>

 

Looking back at TPAC 2022

TPAC 2022W3C’s annual conference TPAC 2022 concluded in September when our Community was able to meet in person for the first time in three years.

< <https://www.w3.org/blog/2022/10/looking-back-at-tpac-2022/> https://www.w3.org/blog/2022/10/looking-back-at-tpac-2022/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home