Archive for June 22, 2022

Auto Parts Maker Nichirin Pwned By Ransomware

Posted in Commentary with tags on June 22, 2022 by itnerd

Japanese automotive hose maker Nichirin has been hit by a ransomware attack forcing it to shut down its computerized production controls, as reported by Reuters:

“We are investigating what impact this may have on our customers, and we will promptly disclose any necessary information,” the company said.

Nichirin also posted a warning on its website about possible spoof emails that appeared to be from the company and asked recipients not to open any attached files.

Darren Williams, CEO of BlackFog has offered some perspective on this:

“We continue to see threat actors targeting manufacturers in the automotive, infrastructure and government sectors. Cyber criminals continue to target organizations with older infrastructure, lack of investment in cyber security in terms of both product and personnel. These industries continue to outpace the rest of the market in terms of attacks. It should serve as a reminder that even the smallest contributors to the supply chain must do their part to defend against cyberattacks.”

Additionally, the UK has decided not to impose regulations on the cyber security profession after an 8-week consultation conducted by the Department for Digital, Culture, Media and Sport. The UK Cyber Security Council will its planned chartered standards, as the Government monitors its adoption. In response, an expert with GoodAccess has offered commentary.

Artur Kane, VP of Product of GoodAccess also offers some perspective:

“According to Forbes, there are nearly 465,000 unfilled cyber jobs across the US. At the same time, the number of cyber-attacks has never been so high in history. While society becomes more digitized and wars move more often to cybersecurity space, those nations who want to be relevant must support their digitalization notions with strong security legislation. The lack of unfilled jobs must be supported through investments in education, but without clear directives on what skills, roles and frameworks, graduates rarely leave school being fully prepared for their new jobs. Leaving much of work on recruiting and requalifying employees on organizations and inherently slowing down the whole process and raising costs. Also, the diversity in approaches leads to varying quality and leaves some organization more vulnerable. The UK’s Embedding Standards and Pathways Across the Cyber Profession by 2025 has the potential of filling those gaps. With the decision to postpone its enforcement the UK government heard the voices of organizations, which is a good thing in democratic society, but on the other hand we’ve learnt in history that for big changes to make impact, more swift adoption is required. With GDPR, being controversial, not ideally communicated and left quite big space for speculative understanding of some standards, we are now all thankful for this directive to exist. Yes, companies struggled at the beginning to adopt those standards, but by enforcing it and leaving a protective period when fines were waived, companies felt the urgency and acted swiftly towards full adoption. Postponing the enforcement of the Embedding Standards might be a generous thing but will inherently compromise the speed at which UK solves one of most crucial problems of fully digital and globally competitive country.”

You can see how crippling an attack like this can be. Thus every company needs to make sure that their defences are in tip top shape and that they have the people required to fight this sort of battle if they have to, or make sure that they are in a position never to have to fight this sort of battle.

Bill C-11 Passes…. Why This Is A Incredibly Dumb Idea From The Canadian Government

Posted in Commentary with tags on June 22, 2022 by itnerd

Last night, Canada’s parliament approved legislation that targets what video and audio-sharing platforms like YouTube and TikTok can broadcast to a Canadian audience via bill C-11. In short, this is what the bill purports to do (via the Wikipedia link):

The bill seeks to amend the Broadcasting Act to account for the increased prominence of internet video and digital media, and to prioritize the “needs and interests” of Canadians, and the inclusion and involvement of Canadians of diverse backgrounds in broadcast programming. It adds undertakings that conduct “broadcasting” over the internet to the regulatory scope of the Canadian Radio-television and Telecommunications Commission (CRTC), which would give the CRTC the power to regulate almost all audiovisual content distributed via online platforms (including monetized content on social media services). This can include compelling them to make use of Canadian talent, mandating that they make contributions to the Canada Media Fund to support the production of Canadian content, and improve the discoverability of Canadian content on their platforms. 

Alongside this, the bill also removes the seven-year term limit for CRTC-issued broadcast licenses (a regulatory process which will not apply to internet broadcasters), adds a mechanism of imposing “conditions” on broadcasters without them being bound to a license term, and introduces monetary fines for violating orders and regulations issued by the CRTC.

That all sounds good. But it isn’t good. If you’re a Canadian YouTuber like Linus Sebastian or Rene Ritchie for example, the YouTube algorithm curates and recommends videos based on feedback from users based on everything from how long a video is viewed to how quickly it is skipped. Thus if their videos are promoted by YouTube to adhere to Bill C-11 and the content isn’t a match for the viewer, the viewer might skip that video, causing the creator’s channel to drop in visibility. The bill would also regulate the types of advertising a Canadian creator’s channel can have. That would significantly limit their sources of revenue.

Creators are going to discover very quickly that the kind of content that has previously been successful on YouTube is no longer successful in a bill C-11 regulated YouTube. As a result, they will either have to change the nature of content that they make in order to make it more overtly Canadian…. Whatever that means. In short, the Canadian Government is killing the people that they’re trying to protect. The thing is that this was feedback provided to the Canadian Government in various hearings on bill C-11, and it was ignored. Which makes me wonder what the true agenda that the Canadian Government has when it comes to this bill.

Here’s another thing to consider. Canadians on platforms like YouTube punch well above their weight. Linus Sebastian has 14.6 million subscribers for example which makes him one of the top YouTube creators on the planet. There are many others who are among the top content creators, meaning YouTube, TikTok, and whatever other platforms are out there who are doing the same thing. Thus I don’t think that Canadians need the “protection” that this bill supposedly provides.

But there’s really a darker thing that should concern you about bill C-11. This bill gives the CRTC the power to regulate the pictures, podcasts and videos every Canadian posts online as ‘broadcasting’ content. So if you post a Instagram reel, the CRTC could knock on your door. Something that the CRTC admits is true. But they promise that they won’t use that power.

That falls under the category of not believable because if someone gives you power, you’re going to use it at some point.

The reason why this is the case is that this bill sets no revenue threshold on who it will target, meaning every Canadian on every platform could soon be forced to make Canadian content contributions, or potentially get into trouble if the CRTC decides that they didn’t. Which is a #Fail.

The only hope for Canadians who like things the way they are is that the Senate will step in and either shoot this bill out of the sky, or send it back to parliament for major revisions. But even if this doesn’t happen, I would keep this in mind. This bill was passed by the Liberal Party with help from the NDP and Block Quebecois. Seeing as Canada has a minority government which introduces the possibility that an election could be called at any time, I would keep that in mind the next time a federal candidate from any of those parties comes knocking at your door asking for your support. Because frankly based on how broken this bill is, they don’t deserve it.