Could social media emerge as a new critical infrastructure sector?

Social media has become an important conduit for official and emergency government communications with the public. With such communications having the power to critically affect national security, social networks have become a hacker’s paradise and need to be taken more seriously.

US President Donald Trump’s official Twitter account is one example of how social media is now a popular channel for engaging with the public in realtime. At the more extreme end of the scale, recent events in Hawaii and Japan saw false missile alerts sent due to human error, causing populations to spiral into turmoil. These incidents highlight how social media accounts are becoming part of the critical infrastructure that governs our day-to-day lives.

It’s clear that communications, or mis-communications, of this kind have the potential to wreak havoc. But the question is: should the use of these social media accounts — like Twitter, Facebook, YouTube, LinkedIn and more — for official and emergency purposes, be regulated by legislation?

“Until these platforms are officially treated as critical infrastructure, we should consider applying the same cybersecurity practices followed by the energy, water, gas and ports industries.”

In Australia, telecommunications carriers are subject to the Telecommunications Sector Security Reforms (TSSR), while other critical infrastructure falls under the recently introduced Security of Critical Infrastructure Act (2018). This act is primarily focused on major infrastructure assets like power and water, that supply essential services to more than 100,000 people.

In both the TSSR and the act, scope is given for the relevant minister to direct a provider or intermediary “to do, or not do, a specified thing that is reasonably necessary to protect networks and facilities from national security risks.”

Under the Security of Critical Infrastructure Act, the relevant minister can also nominate additional industry centres for inclusion, provided the minister is satisfied there is a risk that the assets or services could have a prejudicial effect on national security.

Top of the priority list currently are airports and data centres. It’s possible the minister will declare social media communications as subject to the act, but, at this stage, it’s unlikely.

Top-grade cybersecurity practices essential

So, what should governments be doing when it comes to securing social media accounts used for timely or sensitive communications? Until these platforms are officially treated as critical infrastructure, we should consider applying the same cybersecurity practices followed by the energy, water, gas and ports industries.

Government personnel operating social media for official or emergency purposes should undertake a review of how their accounts are managed. Hardening communication platforms should include stepping up password management practices. This will help eliminate the chance of delays to the delivery of critical information or the exploitation of accounts for nefarious purposes, such as issuing false or misleading information.

“To strengthen these platforms against both external and internal attacks by unauthorised personnel, government departments should treat their social media accounts as privileged.”

Hackers know the value and vulnerability of social media today, and are already hijacking official accounts. In 2017, a rogue Twitter employee shut down Donald Trump’s Twitter account for 11 minutes in an act of protest.

Disgruntled employees aren’t the only risk – hackers could use any one of several social engineering techniques, such as phishing, to gain access to passwords for social media. If they did so, they’d be able to issue false statements on a public social media account, potentially causing fear and panic.

Government personnel within specific departments or offices commonly share access to social media accounts. This means that potentially dozens of people throughout an agency have access, admin or editing rights on these platforms. Not least, passwords for these accounts are usually shared between team members, rarely changed, and often re-used across a number of accounts.

Any account with a shared or re-used password can be an easy target for a hacker or corrupt insider. There is also rarely a record of which team member published each post — increasing the possibility of a false alert being deliberate and untraceable.

Just two minutes after the missile alert was issued on Twitter in Hawaii, the governor was told it was a false alarm. While other government officials rushed to assure the public there was nothing to worry about, the governor did not tweet for more than 17 minutes. The cause of his silence? He forgot his username and password.

To strengthen these platforms against both external and internal attacks by unauthorised personnel, government departments should treat their social media accounts as privileged. That way, simple acts of forgetting, sharing or re-using passwords won’t cause delays, such as what happened in Hawaii.

Privileged account security tips

As best practice to properly secure and protect social media accounts, government departments should employ privileged account security, including:

  • Arrange transparent access: To make it harder for hackers to find and exploit credentials, authorised users must be able to seamlessly authenticate access to an account without having to remember passwords. This allows for immediate access in emergency situations, such as the incident in Hawaii.
  • Remove shared credentials: Use a digital vault to store passwords and remove the accountability challenges of shared logins. Users will then need to login individually for access to shared social media platforms.
  • Automate password rotations: Continuously changing privileged credentials safeguards against attackers using retired passwords. Regularly automating password changes can also update access privileges, reducing the possibility of an outsider getting their hands on valid credentials.
  • Review account activity: For visibility of individual users’ activity across social media accounts, a record of events can be created. This way, posts can be linked to authorised users, and rogue employees can be more easily identified.

Governments the world over are reviewing their critical infrastructure safeguards and national security precautions. As we continue to see in situations such as those in the US, Hawaii, and Japan, the public has developed a huge level of trust in communications distributed by government organisations.

Social media has become a credible and dependable medium for official communications, and it’s clear these platforms are neither inherently secure nor infallible. It’s critical to re-think how any medium used for official and emergency communications is treated and secured.

[“source=cnbc”]

From YouTube Star To Obama Interviewer: Liza Koshy, 22, Is Creating A Digital Media Empire

She specializes in punnery, physical gags and parodies. One of her widely watched videos spoofs the makeup tutorials that have proliferated across YouTube. And she has several popular characters, like her male, mustachioed alter ego, Jet Packinski III. “He’s a very handsome man. I believe I’m better looking as a dude than a girl,” Koshy says.

In the last few years, the 22-year-old has become one of YouTube’s biggest stars, earned a spot on Forbes’ latest 30 Under 30 list—and made the leap to traditional media. “The worst advice I’ve ever received was ‘Don’t post on YouTube, it’s dying,’” says Koshy, who earned an estimated seven figures in 2017, thanks largely to her online output.

Read the complete 2019 Forbes 30 Under 30 package.

Like many other digital-native stars, the Houston-born Koshy got her start on (now-defunct) Vine. She began shooting six-second videos on her cellphone as a teen in 2013, just months after the app’s January launch. Her first clip featured her climbing on top of a car with friends. “It was just me, with my phone, in my car, dancing along, talking or making a really bad joke,” she recalls. “Which is why Vine died. Sorry about that.”

Her comedy—and her camera skills—developed, and soon she was using cutaway shots to create skits and sight gags, including tying her hair into flopping bunches and pretending to be a butterfly. They appealed to her young audience, which grew to 7 million followers on Vine alone. Soon she wanted to go beyond Vine’s short clips. “I eventually realized that I could talk for much longer than that.”

So she parlayed her popularity into a YouTube channel in July 2015, where she began posting weekly. She introduced herself as “Liza the little brown girl”—her mother is white, her father is Indian—and expanded her comedy and range of characters. In addition to Jet Packinski, there is Helga, a bespectacled, frazzled foreigner, and Carlos Q, an macho Hispanic man. Other popular series include “Driving with Liza” and “Grocery Shopping with Liza,” where she films herself on the go, interlaying errands with songs and silly faces. In a sign of her increasing stardom, she interviewed President Obama for a get-out-the-vote initiative in 2016. “You can’t legally show it on camera, but I actually voted on my absentee ballot [during the video],” she says.

Koshy’s mobile-first audience largely comprises members of Generation Z, people born between 1996 and 2010. According to Nielsen, 97% of Generation Z own a smartphone, and the cohort boasts a reported $44 billion in spending power. Hence Koshy’s appeal to advertisers, who have sponsored her content and hired her for ads, including a series for Beats by Dre headphones. The spots reportedly have four times the click-through rate—the percentage of people visiting the product online after seeing the ad—than other promotions starring celebrities like NFL quarterback Tom Brady.

Her business has expanded with her audience. In 2016, she branched out into a second YouTube channel of more one-off videos that don’t feature regular activities or characters. Popular uploads include reaction videos of her watching her own old, cringeworthy vines (19 million views) or of her reacting to teens watching her videos (17 million views); the subsidiary channel has an additional 7.3 million subscribers.

With an expanding YouTube presence, Koshy has caught the eye of traditional TV executives. In 2017, she became a host of MTV’s resurrected TRL, scored a role in Hulu’s drama Freakish and nabbed a part in Tyler Perry’s Boo! A Madea Halloween. This year, she was hired as the face of Nickelodeon’s Double Dare reboot.

“All of these different opportunities came from YouTube,” she explains. So Koshy is staying close to the source: In 2018 she created, produced and starred in her own YouTube Originals series, Liza on Demand, in which she works in the gig economy.

Next up: a Liza Koshy line of bags, out this fall. “You can’t play a high school student forever, so at some point I’m going to have to tear down that wall and tear off that wig and be me,” says Koshy.

[“source=forbes]