Tagged: forums

The next Nuclear Posture Review: Bring in State, Energy and allies

What does the future hold for the US nuclear posture under President Trump? The last Nuclear Posture Review occurred in April 2009, when a 12-month review process was conducted to translate President Obama’s vision into a comprehensive nuclear strategy for the next five to 10 years. The review addressed several major areas: the role of nuclear forces, policy requirements, and objectives to maintain a safe, reliable, and credible deterrence posture; the relationship between deterrence policy, targeting strategy, and arms control objectives; the role of missile defense and conventional forces in determining the role and size of the nuclear arsenal; the size and composition of delivery capabilities; the nuclear weapons complex; and finally the necessary number of active and inactive nuclear weapons stockpiles to meet the requirements of national and military strategies.

Clearly, changes are afoot. On January 27, 2017, President Trump issued a presidential memorandum that mandated “a new Nuclear Posture Review to ensure that the United States nuclear deterrent is modern, robust, flexible, resilient, ready, and appropriately tailored to deter 21st-century threats and reassure our allies.” [1][2]

Looking ahead, the new administration should conduct this review through a broad, inter-agency process, involving the State and Energy departments, and allies as well. This approach offers several valuable benefits by broadening the focus from deterrence to non-proliferation, reassurance, and nuclear security.

The main role of the Nuclear Posture Review, or NPR, is to assess the threat environment, outline nuclear deterrence policy and strategy for the next 5 to 10 years, and align the country’s nuclear forces accordingly. Since the end of the Cold War, each administration has conducted its own NPR, but the process and the scope of the reviews were different in all three cases.

The first NPR was conducted by the Clinton administration in 1994, and even though important senior positions have still not been appointed by the Trump White House, Trump’s mandate suggests that their review might use it as a template for 2017. It was a bottom-up review, initiated by the Department of Defense, mostly focusing on a set of force structure decisions—such as the right size and composition of US nuclear forces, including the size of the reserve or so-called hedge force. That review lasted for 10 months, and the Pentagon was in charge of the entire process, mainly focusing on deterrence requirements. [3]

In contrast, the 2001 NPR of the Bush administration [4]was mandated by Congress, and it addressed a broader set of issues, including all components of the deterrence mix—nuclear and non-nuclear offensive strike systems, active and passive defenses, and the defense infrastructure. The Defense Department took the lead in this case just as before, but this time the Energy Department and the White House were also engaged in the process. As a result, the Bush NPR’s force structure requirements—how to size and sustain the country’s forces—were driven by four factors: assuring allies, deterring aggressors, dissuading competitors, and defeating enemies.

The Obama administration’s 2010 NPR[5] was also mandated by Congress[6], but the Defense Department was specifically tasked to conduct an inter-agency review. Besides the unprecedented level of such cooperation, a bipartisan Congressional commission[7] also laid out a number of recommendations for the review process, many of which became part of the final text of the Obama review. Officials from State, Energy, and the Joint Chiefs of Staff were involved, as well as US allies who were regularly briefed during the different stages of the review.

In the final phase of the 2010 NPR, the White House leadership made the decisions on the actual content of the nuclear posture. While the Clinton and the Bush reviews were largely conducted behind the scenes and only short briefing materials were published on the outcome, the Obama administration released an unprecedentedly long report on its nuclear posture review.

These cases offer two models for a review process: It can be conducted by a small group of people in the most highly classified manner, or it can be a larger, relatively transparent inter-agency process. In the former approach, the final decisions are typically presented to the secretary of defense, the president, Congress, and allies. The problem is that this tends to be a one-sided approach, putting the main focus on deterrence and modernizations.

Though it is effective and fast, the implementation of a Nuclear Posture Review requires all stakeholders to be on board with the new strategy. One of the most painful lessons of the Bush review was that because the White House and Defense failed to explain their new approach to the public, the military, and Congress, there was effectively a loss of leadership—which made procurement extremely difficult and caused major problems in the implementation of their strategy.

On the other hand, involving all stakeholders and providing a balanced approach to nuclear strategy would support the goals of not just deterrence, but those of reassurance, non-proliferation, and nuclear security as well. Due to the involvement of the State Department, the 2010 NPR, for example, emphasized a number of policies which supported non-proliferation objectives and strengthened US negotiating positions at global arms control forums. One of these policies was the negative security assurance which stated that the United States would not use or threaten to use nuclear weapons against non-nuclear weapon states that are party to the NPT and in compliance with their nuclear nonproliferation obligations.

The other policy that was advocated by senior State Department officials was the so called sole-purpose posture—which means that nuclear weapons only serve to deter or respond to a nuclear attack, and they no longer play a role in non-nuclear scenarios. Although the sole purpose posture was eventually dropped and it was set only as a long-term objective, the Obama administration still reduced the role of nuclear weapons with the new negative security assurance, and it signaled its intent to continue this process with the promise of sole purpose. These steps supported US leadership at the 2010 Nuclear Non-Proliferation Treaty Review Conference and they contributed to the adoption of a consensual final document at the conference.

This broader scope strengthens inter-agency cooperation, and ensures that all the departments that are affected by the NPR are on board with the strategy, which eases the implementation of the decisions. Besides, it also strengthens alliance relations by regular consultations. The Trump administration’s mandate did not include a specific timeline or format; consequently it will be mainly the responsibility of Defense Secretary James Mattis to decide on the framework. Though the presidential memorandum did not require an inter-agency process, it would be wise to conduct one.

Compared to 2010, the security environment has dramatically deteriorated: renewed tensions between NATO and Russia since the annexation of Crimea, China’s building of military bases in what had previously been international waters, significant military modernization efforts by both these states, and North Korea’s increasingly bellicose nuclear threats. All of these developments have created a serious deterrence and security challenge for the United States and its allies. Only a broader approach can address all relevant threats and create the necessary internal consensus for the funding and creation of a modern, robust, flexible, resilient, ready, and appropriately tailored nuclear arsenal.

References

  1. ^ presidential (www.whitehouse.gov)
  2. ^ memorandum (www.whitehouse.gov)
  3. ^ The first NPR (nautilus.org)
  4. ^ 2001 NPR of the Bush administration (archive.defense.gov)
  5. ^ Obama administration’s 2010 NPR (www.defense.gov)
  6. ^ Congress (www.gpo.gov)
  7. ^ Congressional commission (www.usip.org)

NETGEAR Arlo Pro sk© Security SAVER SALE Cameras for Home sk© Security SAVER SALE

February 3rd, 2017 by StorageReview Consumer Desk

Arlo security cameras are a simple way to add cameras around the home without need of extensive, or even very much, technical knowledge. In our initial review[1], we found the cameras to be easy to install and manage with the enough features to keep the average consumer happy. As with anything, there is always room for improvement and improve the latest version, the Arlo Pro, are. Arlo took a look at some feedback around things like when the camera begins recording, swapping out batteries and its inherent cost, and what happens is the Internet goes out, and has made improvements across the board.

Like the first version, the Arlo Pro are completely wireless, no power cords and no Ethernet cords. Like the previous version, they too are easy to mount and have several mounting options. Since it is an indoor/outdoor camera, they can be mounted without cover or fear as they are weatherproof. For a quick look at how to set up the cameras and potential insurance benefits, click on the link above and check out our first review.

With the new system, Arlo added in two-way audio. This is nice for when one is home alone, or older children are home alone, and they can easily see who is at the door and instruct parcel or mail delivery personnel where to leave the package. While the cameras are easy to mount being wire free, there is the issue of the battery. The old version used batteries that need to be replaced when they ran down or died. The Arlo Pro comes with long lasting, rechargeable batteries. Users don’t need to buy new batteries; they just need to recharge the ones they have (extra batteries and chargers can be bought separately). It is important to remember when mounting the cameras that the batteries still need to be recharged and the cameras them selves shouldn’t be overly difficult to take down and charge. For users that are less concerned with the batteries, there is a wired version available as well.

Arlo has adjusted the motion detection enabling the cameras to come on faster to make sure nothing is missed. Along with this security feature, Arlo also has added a 100+ decibel siren that can be triggered by sound or motion or remotely through the app. And another security concern for some that is addressed in this version is Internet connectivity. Arlo comes with free cloud storage that keeps videos for up to 7 days. But what happens when Internet service drops or there is a power outage? With Arlo pro users can added a USB drive to the base to continue recording even without the Internet.

The Arlo Pro Smart Security System starts at $250 for just one camera and runs up to $650 with four cameras.

Arlo Pro Smart Security System Specifications:

  • Camera
    • Video resolution: Configurable up to 1280 x 720
    • Video format: H.264
    • Imaging:
      • Full Color
      • CMOS
      • Auto-adaptive white/black balance and exposure
    • Audio: Speaker, Microphone
    • Motion detection:
      • Adjustable sensitivity
      • Automatic email alerts and push notifications
    • Digital pan and zoom: Yes
    • Night vision:
      • 850 nm LEDs: illuminates up to 25 feet
      • IR cut-off filter
    • Battery: 2440mAh rechargeable battery
    • Battery level indication: Yes
    • Field of view: 130°
    • Focus range (ST): Fixed focus (2 ft to infinity)
    • Operating temperature: -4° to 113° F (-20° C to 45° C)
    • Dimension: 3.1 x 1.9 x 2.8 in (79.3 x 48.6 x 70.5 mm)
    • Weight: 4.8oz (136 g)
  • Base Station
    • Interface port: Fast Ethernet
    • Indicator LEDs: Power, Internet, Camera
    • IP configuration: DHCP
    • Antenna: Internal
    • Wireless range: 300+ feet line of sight
    • Wireless:
      • 2.4GHz
      • 802.11n
    • Processor and memory:
      • 900MHz ARM Cortex A7
      • 128MB Flash, 128MB RAM
    • Certifications: FCC, IC, CE, UL
    • Operating temperature: 32° to 122° F (0° to 50° C)
    • Dimension: 2.3 x 6.9 x 5.0 in (58.6 x 174.5 x 126.5 mm)
    • Weight: 11.1 oz (316 g)

Management and Usability

The management and monitoring interface hasn’t changed from the previous versions of Arlo, although a couple of additional features have popped up. Newly visible options include the “audio” trigger for starting a recording, in addition to motion. This is similar to what is found on the Arlo Q. Another item is the “USB thumbstick” icon visible next to all of the cameras connected through the new Arlo Pro base station. This indicated that local storage for recordings could be enabled with USB storage connected to the base station. While the original Arlo base station had USB ports, local storage wasn’t a feature added. Finally there is a siren device added, which is built into the new base station. You can trigger it manually from the main status video, or have it trigger based off of certain arming modes. When it activates, it is incredibly loud, far louder than any of the smoke alarms in my house by comparison.

Digging into the camera settings on the new Arlo Pro, you can see one button to turn off the Fully Charged Indicator. This would be useful in keeping the camera less visible in an area where you might be supplying power to it continuously. It also offers Audio settings, for both microphone capture on/off, as well as speaker volume for its two-way audio capability.

Through the base station itself, you now have a local storage option. This can be helpful for retaining video long term, or offering recording capabilities if your Internet connection were to go down.

Under My Devices, the base station’s alarm device is part of the list that you can sort. One item I hope comes to future version of the software is the ability to hide the siren entirely, to prevent it accidentally turning on from a kid playing with the Arlo App.

Conclusion

Arlo took its already good security system and improved it in several ways. While the original hardware still has many great features such as wire free, weatherproof cameras that are super easy to mount, 7-day free cloud storage, remote monitoring through a mobile app, and night vision, Netgear has added several features as well. The new features include two-way audio, a siren that can be triggered automatically or remotely, local backup of storage, faster response times when the motion sensor is triggered, and rechargeable batteries. Whether it is used as home security, business security, a nanny cam, a pet cam, or a two-way intercom within the house (or any combination of the above), the Arlo has all of its bases covered. 

Pros

  • Easily mountable, rechargeable cameras
  • Local as well as cloud storage
  • More responsive recording times

Cons

  • Recharging the batteries means the cameras are off line while charging
  • Add-ons, such as more batteries, quickly add to costs

The Bottom Line

The new Arlo Pro Security System has just about everything one needs for a home security system for a decent price. 

Arlo Pro on Amazon[2]

Discuss This Review[3]

Sign up for the StorageReview newsletter[4]

References

  1. ^ initial review (www.storagereview.com)
  2. ^ Arlo Pro on Amazon (amzn.to)
  3. ^ Discuss This Review (forums.storagereview.com)
  4. ^ Sign up for the StorageReview newsletter (Sign up for the StorageReview newsletter)

Details of 2.5m gamers ‘hacked on video game forums’

The details of more than 2.5 million gamers have been hacked after a cyber breach on two popular video games forums, it has been claimed.The XBOX360 ISO and PlayStation’s PSP ISO forum, both unofficial sites where players share links to download free a…

Why App Transport sk© Security SAVER SALE can’t get here soon enough

(c)iStock.com/Prykhodov

What is completely transparent but protects you from prying eyes? Encryption, of course! “Completely transparent” may be a bit of an overstatement but, generally speaking, the way encryption operates is fairly painless for the average end user. However, with the January 1, 2017 deadline looming for requiring all App Store apps to utilize App Transport Security (a.k.a. ATS, Apple terminology for securing all app traffic using the TLS v1.2 protocol), encryption may get a little more challenging for many developers.

ATS: Good for security, good for privacy

In practice, the change is more procedural than technical: By default, ATS is enabled for apps linked against iOS 9 and newer SDKs, though developers could disable it or create exemptions for specific domains or types of traffic. The announcement made in June 2016 during the annual Apple WWDC does not change the behavior or implementation, but does create a new requirement for admission to the App Store. Previously, there was no penalty if an app developer chose to bypass security best practices. But when the new review procedures go into effect at the beginning of next year, apps that are submitted with ATS disabled will be rejected. Of course, developers can apply for exceptions but that process will almost certainly delay the approval process.

The policy is a security and privacy win for both consumers and enterprises because the new requirement will go a long way toward protecting data in transit. This is especially important considering mobile users are notorious for using whatever Wi-Fi hotspot is available to them (protected or otherwise) and since native mobile apps often lack the typical visual indicators present in web browsers to denote secure connectivity. As beneficial as ATS will be, it is unfortunately not a silver bullet. It’s important to note that the change affects only apps submitted for App Store review after January 1, 2017 and that apps without ATS submitted before the deadline will not be removed. For enterprises – especially those who rely on third party developers- it’s also important to remember that in-house apps are not subject to the same policies and code reviews as App Store apps and may, therefore, not conform to best practices.

ATS confusion exists

This is not to say that the mandate is a trivial change for developers. A cursory examination of developer forums reveals a great deal of reticence and confusion. Meanwhile, MobileIron partner, Appthority, recently published research[1] suggesting that the overwhelming majority of apps disable ATS or permit insecure connections. These alarming statistics, combined with broader findings about the disappointing state of server-side security configurations (such as failing to address basic OWASP recommendations[2]) echo the findings from the MobileIron 2Q2016 Mobile Security and Risk Review evincing a troubling– and continued– lack of basic security hygiene.

Organizations shouldn’t wait to assess the state of their mobile apps. There are several actions that can be taken to determine whether or not network traffic is adequately protected, as well as some compensating technologies for cases when it isn’t.

  • Any organization permitting access to enterprise data from mobile apps should audit how those apps protect data in transit. There are a number of sophisticated commercial tools available, but barrier to entry is surprisingly low because rudimentary “dynamic analysis” of network traffic can be performed with an iOS device, an Xcode utility called rvictl, Wireshark, and– of course– someone to use the app.
  • For apps that don’t natively encrypt network traffic, consider iOS Per-app VPN as an alternative. The beauty of Per-app VPN is that it offers a way to protect app traffic without any need to modify the underlying code.
  • Organizations investing in custom apps can’t afford not to invest in static analysis. The tools are mature, readily available, and are the best option for ensuring that apps are built in compliance with best practices as well as provide a hedge against risks that ATS can’t address (such as vulnerable 3rd party libraries).
  • The cost and complexity of deploying HTTPS and managing digital certificates is no longer a valid excuse: Internet-facing services handling sensitive data have a responsibility to protect it. Furthermore, much of the overhead associated with securing web services has all but disappeared thanks to the work of projects like Let’s Encrypt[3] which offers free digital certificates and a new, automated certificate renewal protocol.

ATS is a great step forward, but it’s only one part of a larger whole in cyber security that remains our shared responsibility. Take advantage of this important advancement but don’t forget to do your part too.

Related Stories

References

  1. ^ published research (www.appthority.com)
  2. ^ failing to address basic OWASP recommendations (hackertarget.com)
  3. ^ Let’s Encrypt (letsencrypt.org)

State audit of Hampden County sheriff gives departing Michael Ashe clean bill of financial health

LUDLOW — As Hampden County Sheriff Michael Ashe[1] prepares to step down after 42 years, a recent review of his office by state Auditor Suzanne Bump[2] shows no operational deficiencies or shortfalls within the department.

The audit, released Monday finds no problems with operations of the department, no irregularities with finances or inventory, and says security levels are adequate at the men’s and women’s correctional centers and at the minimal-security pre-release and correctional addiction centers. The Sheriff’s Department budget of $71.7 million was described as adequate to cover its programs.

The report in full is just five pages long.

Bump, in the two-paragraph executive summary, notes the audit was performed between July 1 and Sept. 30 and looks only at operations within the Sheriff’s Department under Ashe, and not any proposals being made by his successor, assistant sheriff Nick Cocchi[3].

“Based on our audit, we have concluded (the Sheriff’s Department) has established adequate controls and practices we reviewed that were related to our audit objectives,” the summary reads. “We did not identify any significant deficiencies in those areas.”

The most interesting part of the audit is perhaps how it originated. Bump notes that Ashe requested it.

Ashe on Wednesday said he sought to have the auditor look at his administration one more time before his departure in order to see if there were any areas that could be improved before the start of the Cocchi administration.

“I felt that it was very important to have an objective, outside audit of our entire operations to ensure that if we had any areas in need of corrective action and improvement we could address these prior to the newly elected sheriff taking office,” Ashe said in a statement.

“I am pleased to report we had a very successful audit which will allow Sheriff-elect Nick Cocchi to hit the ground running,” he said.

Ashe announced two years ago that he would not seek re-election to the post he has held since 1975. Cocchi, elected in November, will be sworn in as the new Hampden County sheriff on Jan. 4.

At the end of the audit period, the Sheriff’s Department had a total of 972 employees and 1,535 inmates, and an annual budget of $153 million.

As part of the audit, it reviewed 40 employees at random and found no discrepancies about about salaries, proper compensation or if each was supposed to be on the payroll.

Auditors also toured the four facilities were inmates are kept — the Hampden County Correctional Center in Ludlow, the Western Massachusetts Regional Women’s Correctional Center in Chicopee, the Pre-Release Center and the Western Massachusetts Correctional Addiction Center in Holyoke.

Each was found to be adequately secured to prevent escapes, each met the minimum standards for security required by the state, and each was in line with state and national inmate-to-staff ratios.

A 2015 audit[4] conducted roughly one year prior to this most recent review highlighted the amount of money the Sheriff’s Department was spending on transportation[5], mostly due to shuttling inmates back and forth between jail facilities and court. It recommended the jails look to use more video-conferencing technology to reduce costs and wear-and-tear on vehicles.

The most recent audit makes no reference to the 2015 report or if any changes were implemented.

The audit also makes no mention of the Dec. 2, 2015, escape of Ackeem Graham from the men’s facility in Ludlow, the only escape recorded from the secure facility in its 23 year history.

Graham managed to walk out of a pedestrian sally port just before he was admitted to begin serving a one-year sentence for firearm possession. He was eventually apprehended and sentenced in October to a year in state prison[6].

Cocchi said that despite an escape from the main facility and two “walk-outs” from minimum-security satellite programs in the past year, he believes the department’s security is second to none.

“Our security is as good as any comparable facility anywhere, if not better,” Cocchi said during an interview Wednesday.

“Our No. 1 weakness is not structural, and it’s not programming. It’s complacency — because our facility is so secure,” he added.

Cocchi said that he intends to establish monthly security forums once he is sheriff to examine any significant security breaches to improve measures and help his staff remain vigilant.

“Plus, if anyone knows security it’s me. I’m a security guy,” Cocchi said, noting his rise in the ranks from a corrections officer to assistant superintendent before being elected sheriff in November.

Dec. 19 audit report of the Hampden County Sheriff’s Department[7] by Patrick Johnson[8] on Scribd

References

  1. ^ Michael Ashe (topics.masslive.com)
  2. ^ Suzanne Bump (topics.masslive.com)
  3. ^ Nick Cocchi (topics.masslive.com)
  4. ^ A 2015 audit (www.mass.gov)
  5. ^ transportation (www.masslive.com)
  6. ^ year in state prison (www.masslive.com)
  7. ^ View Dec. 19 audit report of the Hampden County Sheriff’s Department on Scribd (www.scribd.com)
  8. ^ View Patrick Johnson’s profile on Scribd (www.scribd.com)