Could social media emerge as a new critical infrastructure sector?

Social media has become an important conduit for official and emergency government communications with the public. With such communications having the power to critically affect national security, social networks have become a hacker’s paradise and need to be taken more seriously.

US President Donald Trump’s official Twitter account is one example of how social media is now a popular channel for engaging with the public in realtime. At the more extreme end of the scale, recent events in Hawaii and Japan saw false missile alerts sent due to human error, causing populations to spiral into turmoil. These incidents highlight how social media accounts are becoming part of the critical infrastructure that governs our day-to-day lives.

It’s clear that communications, or mis-communications, of this kind have the potential to wreak havoc. But the question is: should the use of these social media accounts — like Twitter, Facebook, YouTube, LinkedIn and more — for official and emergency purposes, be regulated by legislation?

“Until these platforms are officially treated as critical infrastructure, we should consider applying the same cybersecurity practices followed by the energy, water, gas and ports industries.”

In Australia, telecommunications carriers are subject to the Telecommunications Sector Security Reforms (TSSR), while other critical infrastructure falls under the recently introduced Security of Critical Infrastructure Act (2018). This act is primarily focused on major infrastructure assets like power and water, that supply essential services to more than 100,000 people.

In both the TSSR and the act, scope is given for the relevant minister to direct a provider or intermediary “to do, or not do, a specified thing that is reasonably necessary to protect networks and facilities from national security risks.”

Under the Security of Critical Infrastructure Act, the relevant minister can also nominate additional industry centres for inclusion, provided the minister is satisfied there is a risk that the assets or services could have a prejudicial effect on national security.

Top of the priority list currently are airports and data centres. It’s possible the minister will declare social media communications as subject to the act, but, at this stage, it’s unlikely.

Top-grade cybersecurity practices essential

So, what should governments be doing when it comes to securing social media accounts used for timely or sensitive communications? Until these platforms are officially treated as critical infrastructure, we should consider applying the same cybersecurity practices followed by the energy, water, gas and ports industries.

Government personnel operating social media for official or emergency purposes should undertake a review of how their accounts are managed. Hardening communication platforms should include stepping up password management practices. This will help eliminate the chance of delays to the delivery of critical information or the exploitation of accounts for nefarious purposes, such as issuing false or misleading information.

“To strengthen these platforms against both external and internal attacks by unauthorised personnel, government departments should treat their social media accounts as privileged.”

Hackers know the value and vulnerability of social media today, and are already hijacking official accounts. In 2017, a rogue Twitter employee shut down Donald Trump’s Twitter account for 11 minutes in an act of protest.

Disgruntled employees aren’t the only risk – hackers could use any one of several social engineering techniques, such as phishing, to gain access to passwords for social media. If they did so, they’d be able to issue false statements on a public social media account, potentially causing fear and panic.

Government personnel within specific departments or offices commonly share access to social media accounts. This means that potentially dozens of people throughout an agency have access, admin or editing rights on these platforms. Not least, passwords for these accounts are usually shared between team members, rarely changed, and often re-used across a number of accounts.

Any account with a shared or re-used password can be an easy target for a hacker or corrupt insider. There is also rarely a record of which team member published each post — increasing the possibility of a false alert being deliberate and untraceable.

Just two minutes after the missile alert was issued on Twitter in Hawaii, the governor was told it was a false alarm. While other government officials rushed to assure the public there was nothing to worry about, the governor did not tweet for more than 17 minutes. The cause of his silence? He forgot his username and password.

To strengthen these platforms against both external and internal attacks by unauthorised personnel, government departments should treat their social media accounts as privileged. That way, simple acts of forgetting, sharing or re-using passwords won’t cause delays, such as what happened in Hawaii.

Privileged account security tips

As best practice to properly secure and protect social media accounts, government departments should employ privileged account security, including:

  • Arrange transparent access: To make it harder for hackers to find and exploit credentials, authorised users must be able to seamlessly authenticate access to an account without having to remember passwords. This allows for immediate access in emergency situations, such as the incident in Hawaii.
  • Remove shared credentials: Use a digital vault to store passwords and remove the accountability challenges of shared logins. Users will then need to login individually for access to shared social media platforms.
  • Automate password rotations: Continuously changing privileged credentials safeguards against attackers using retired passwords. Regularly automating password changes can also update access privileges, reducing the possibility of an outsider getting their hands on valid credentials.
  • Review account activity: For visibility of individual users’ activity across social media accounts, a record of events can be created. This way, posts can be linked to authorised users, and rogue employees can be more easily identified.

Governments the world over are reviewing their critical infrastructure safeguards and national security precautions. As we continue to see in situations such as those in the US, Hawaii, and Japan, the public has developed a huge level of trust in communications distributed by government organisations.

Social media has become a credible and dependable medium for official communications, and it’s clear these platforms are neither inherently secure nor infallible. It’s critical to re-think how any medium used for official and emergency communications is treated and secured.

[“source=cnbc”]

How Technology Could Revolutionize Online Shopping In The Near Future

GettyGetty

How often are you satisfied with the size and fit of your online purchases? In the past few years, return rates for clothing purchased online have reached close to 40%. In a poll reported on by BBC, 56% of respondents who purchased clothing online six months prior to May 2016 said they had returned at least one item. Apparel Magazine reports that 70% of all online clothing returns are caused by problems with fit.

In the U.S., online apparel sales accounted for more than 25% of overall apparel sales in 2017. But why do people shop online even though they have to return clothing that does not fit? How many more people would shop online if they could be certain about fit and size?

As retailers play with free delivery and free returns even if it hurts their business, the cost of returns continues to grow along with the rate of returns. Currently, each order sent back costs retailers from $3 to $12.

The number of returned goods also has a negative impact on the environment. The destruction of unsold and returned garments, especially in the luxury sector, has caused people to ask questions. The fashion industry is known as one of the largest polluters in the world.

Based on my research into the struggles of today’s retailers and what I’ve learned founding a company that develops 3D body modeling technology, I believe that solving fit problems could result in growth in the number of online shoppers, reduced returns and less waste. Thankfully, I’ve been observing innovations coming out of the technology sector that could help make significant progress in solving this industrywide issue.

[“source=forbes]