Connect with us

Technology

Computer Misuse Act new defence proposals from CyberUp • The Register

Voice Of EU

Published

on

Campaigners want a new code of practice alongside a proposed public interest defence for the Computer Misuse Act 1990, in the hope it will protect infosec pros from false threats of prosecution.

The CyberUp campaign hopes the four principles it put forward this week will be used by judges to help decide whether accused information security professionals have committed crimes or not.

In a published paper, CyberUp said it wants judges “to ‘have regard to’ Home Office or Department for Digital, Culture, Media and Sport (DCMS) guidance on applying a statutory defence that would, ideally, be based on the framework we propose.”

The principles include asking judges to look at:

  1. Whether an alleged CMA infringement caused harms or benefits;
  2. Whether the infringement was proportional;
  3. What the accused intended to do; and
  4. Their competence “to act in ways that minimise the risk of harm.”

Kat Sommer, NCC Group’s head of public affairs (the company is one of the main movers behind CyberUp), explained: “A principles-based approach represents a means to future-proof changes from the outset and allows flexibility to evolve while maintaining consistency as technology, capabilities, threats and working practices evolve. A statutory defence in primary legislation, with details set out in guidance, strike[s] an appropriate and pragmatic balance.”

Thanks to the very small number of CMA prosecutions every year, any such code is likely to be treated as actual law among the wider public, who settle most adversarial CMA-related conversations without ever getting near the criminal courts.

Industry has strong views

CyberUp wants the Home Office, “owners” of the CMA, to table a Parliamentary amendment to the act which would do two things: insert a public interest defence into the CMA and create a binding guidance document issued by the Home Office.

Statutory guidance is widely used by government departments so civil servants can tinker around the edges of laws without needing to go through a full Parliamentary bill procedure.

The campaign said the infosec industry had been consulted about these principles and, like any emotive conversation, views varied widely on how they ought to work. Industry broadly agreed with what the campaign put forward, though it seems the focus has narrowed to creating a defence to prosecutions brought under section 1.

In its commentary about the principles, CyberUp said:

This has been the case in the recent past: in a classic example of insider threat, a recently sacked IT contractor with a solid work history on paper attempted to sabotage his former employer’s network, using shared credentials known by its entire IT team.

NCC’s Sommer added that an editable list of exemptions that can keep pace with tech (and crime) is better than the CMA’s current approach of setting crimes, defences and punishments in statutory concrete.

She said: “The risk of any list of exemptions being unduly limited, or quickly out of date, is significant. The key difference that a defence will make is that those unfairly caught by the current CMA offences have the opportunity to justify their actions and have them deemed defensible, which is something that simply does not exist at present as any act of unauthorised access is criminal without any regard for the circumstances under which it occurred.”

With section 1 making up the bulk of (the small number of) CMA prosecutions brought every year, there’s some utility to be had from it.

Comment: If this passes, it should be a win

The Criminal Law Reform Now Network said in its 2020 report about CMA reform that current conversations around the law are hampered by a lack of useful information about prosecutions as well as “under enforcement”, noting that recommendations for reform should be set…

If CyberUp’s proposals become a binding statutory guidance document they’ll be an arguable point outside the courtroom as well as in front of a judge, providing a bit of clarity to companies and individual security researchers (and curious folk) alike.

It may be the case that individuals with no track record of security research or certifications find themselves on the aggressive side of an organisation wanting to cover up a breach, or their reuse of a default password on a sensitive system – the 4th principle. They’ll be in no worse position than they are now, and the other three principles could be invoked to help deter CMA-themed legal aggression. That’s a win for CyberUp.

Had the IT pro accused of committing a crime while disclosing an issue to UK open-source org Apperta had the proposed CMA defence available, he could have refuted the open source project’s claims that he committed a crime when viewing exposed data to warn them about it.

Ultimately these conversations, taking place well outside the courts or the sterile environment of judicial ponderings, are the ones that matter.

None of CyberUp’s proposals directly affect civil law, meaning a civil suit in the county or High Court for damages after a breach (or disclosure) wouldn’t be stopped by a new CMA defence. But the defence’s mere existence should be pointed out by any competent lawyer to a civil judge deciding if any harm was truly caused – and being able to do that means if CyberUp gets this through the civil service and Parliament, it’s still a win for the broader infosec community and industry alike. ®

Source link

Technology

Rocket Lab setting up for first Moon mission • The Register

Voice Of EU

Published

on

Rocket Lab has taken delivery of NASA’s CAPSTONE spacecraft at its New Zealand launch pad ahead of a mission to the Moon.

It’s been quite a journey for CAPSTONE [Cislunar Autonomous Positioning System Technology Operations and Navigation Experiment], which was originally supposed to launch from Rocket Lab’s US launchpad at Wallops Island in Virginia.

The pad, Launch Complex 2, has been completed for a while now. However, delays in certifying Rocket Lab’s Autonomous Flight Termination System (AFTS) pushed the move to Launch Complex 1 in Mahia, New Zealand.

The wet dress rehearsal for the launch was completed last night, prompting CEO Peter Beck to say: “Next stop…the Moon!”

“I always wanted to say that,” he added. Beck has long dreamed of sending his rockets beyond Low Earth Orbit (LEO) and is planning a mission to Venus in 2023. However, the Moon is than the company has sent its rockets to date.

CAPSTONE is to be sent to a Near Rectilinear Halo Orbit (NRHO) around the Moon, a location planned for the NASA, ESA, and CSA Gateway. CAPSTONE’s primary mission is to verify simulations that the interaction gravity of the Earth and Moon will make for a stable orbit.

The milestone was hit as Rocket Lab announced its first quarter 2022 results. Overall, the company made a net loss of $26.7 million, down from the $15.9 million loss of the same period last year, but revenues jumped to $40.7 million from $18.2 million. Most interesting was the make-up of that revenue. Space Systems (the company’s Photon spacecraft and the components it sells) accounted for a whopping 84 percent of Q1 revenue. Actual Electron rockets fared less well; during a call with analysts, CFO Adam Spice said that launches contributed just $6.6 million.

Going forward, the company expects second quarter revenues to be between $51 million and $54 million. It is including three dedicated launches in that figure (of which CAPSTONE is one). Two have already happened, and there is potential for a fourth, but the company has opted to take a prudent path and not include it in the figures.

As for CAPSTONE, it will be integrated with the Electron rocket and Photon spacecraft bus ahead of the launch window opening on May 31. The Electron will launch the spacecraft into LEO and the Photon will take care of the ballistic lunar transfer via multiple orbit raisings. A final burn of Photon’s engine will occur on the sixth day, enough to escape Earth orbit and send CAPSTONE on a course for the Moon. ®



Source link

Continue Reading

Technology

Dublin’s UrbanVolt bags €36m for its solar energy business

Voice Of EU

Published

on

A DCU Alpha spin-out, UrbanVolt says it sells power generated from solar energy at up to 30pc lower rates than traditional suppliers.

UrbanVolt, a Dublin-based clean energy company, has secured €36m in financing to expand its solar panel business in Ireland and the UK.

The funding includes a €30m asset-backed seven-year loan from Swedish credit fund PCP and €6m from existing funding partners, BVP and Beach Point Capital.

Future Human

Founded in 2015 by Kevin Maughan, Graham Deane and Declan Barrett, UrbanVolt finances and installs solar panels on the rooftops of commercial and industrial businesses, selling the solar electricity generated to the businesses at up to 30pc lower rate than traditional suppliers.

The company said it also guarantees the price for up to 30 years, protecting businesses against rising energy costs for decades to come, with no minimum amount payable or standing charges – meaning that customers pay proportionate to their consumption.

“This is a transformational deal, which will allow us to scale at pace to meet the significant demand in the market while also streamlining the process of installing solar panels for our customers’ benefit,” said Maughan, who is also the CEO of the DCU Alpha spin-out.

“This first funding facility from PCP will see our project output grow by 20x over the coming years.  It is also happening at a time when the demand for renewable energy is rising significantly given climate and geopolitical crises.”

The loan facility will be used to fund the installation of solar panels and related equipment on UrbanVolt’s primary target of commercial and industrial client sites in both Ireland and the UK.

It started supplying solar-generated electricity directly to businesses in Ireland last summer, since when it has agreed contracts with more than 60 companies and completed seven installations.

Maughan sad that there is “simply no compelling reason” for commercial and industrial operators to opt for traditional energy sources anymore, adding that UrbanVolt offers “unparalleled” price security and clean energy.

“By incorporating an ‘as a service’ business model, our customers only pay for the energy they use without a standing charge, and the cost of our equipment and its maintenance is kept off their balance sheet.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

$7.6bn of ‘stablecoin’ tether redeemed since start of crypto crisis | Cryptocurrencies

Voice Of EU

Published

on

Digital investors have withdrawn savings in the “stablecoin” tether worth $7.6bn (£6.2bn) since the cryptocurrency crisis began last week, suggesting the company has paid out a sum almost twice its total cash holdings to spooked depositors.

Stablecoins are supposed to have a fixed value matched to a real-world asset, in most cases $1 a token. However, faith in the concept was rocked last Tuesday when another big player, terra, broke its peg to the dollar. That has fuelled a wider sell-off across the crypto sector, which relies on stablecoins for much of its financial engineering.

Q&A

What is a stablecoin?

Show

A stablecoin, like the name suggests, is a type of cryptocurrency that is supposed to have a stable value, such as US$1 per token. How they achieve that varies: the largest, such as tether and USD Coin, are effectively banks. They hold large reserves in cash, liquid assets, and other investments, and simply use those reserves to maintain a stable price.

Others, known as “algorithmic stablecoins”, attempt to do the same thing but without any reserves. They have been criticised as effectively being backed by Ponzi schemes, since they require continuous inflows of cash to ensure they don’t collapse.

Stablecoins are an important part of the cryptocurrency ecosystem. They provide a safer place for investors to store capital without going through the hassle of cashing out entirely, and allow assets to be denominated in conventional currency, rather than other extremely volatile tokens.

Thank you for your feedback.

Tether, the third biggest cryptocurrency by “market cap”, experienced a short-lived crisis on Thursday when its value dropped from $1 to 95¢ as savers feared it would follow its fellow stablecoin terra and collapse. However, the token, which is controlled by a private company with close links to the crypto exchange Bitfinex, has since largely restored its dollar peg by honouring a promise to allow savers to always withdraw $1 for every tether they give back to the company.

The company only allows direct withdrawals of at least $100,000 for each request, and charges a fee of 0.1% on redemptions. Anyone with less tether than that minimum can only turn their money into dollars by finding someone to buy it from them – a disparity that fuelled the temporary collapse in value.

Despite the difficulties, according to public blockchain data, $7.6bn of tether has been reallocated in this way since Thursday. That is almost twice the cash that Tether had in its reserves at the end of last year, according to accounts published on its website.

Most of the rest of its reserves are held in “cash-like” assets, the majority of which are $35bn of US government debt and $25bn of corporate bonds. However, the company has refused to share any further details of the investments, with its chief technology officer, Paolo Ardoino, telling the Financial Times: “We don’t want to give our secret sauce.”

There have long been fears as to Tether’s ability to honour all redemptions. The company had once said it backed its currency with “US dollars”, a claim the New York attorney general said in 2021 “was a lie”. Now, it simply claims its currency is “backed 100% by Tether’s reserves”.

By contrast, terra was backed by a complex algorithm that required the value of a sister cryptocurrency, luna, to constantly rise in order to maintain the dollar peg. When the crash hit last week, the system went into a “death spiral”, automatically printing more luna, which crashed the price further, until luna lost 99.9995% of its value in a matter of days and terra was left languishing at $0.11.

The charismatic founder of the Terra project, Do Kwon, has said he wants to relaunch the currency. In a proposal posted to the project’s message board on Friday, he suggested wiping all ownership of luna, and redistributing 1bn new tokens, with most going to those who hold the stablecoin, or who held luna before last week’s crash.

“It is a hard balance – and no easy answers in redistributing value within the network,” Kwon wrote. “But value must be distributed to allow the ecosystem to survive, and in its current state it will not.”

Sign up to the daily Business Today email or follow Guardian Business on Twitter at @BusinessDesk

Kwon also faces questions about how the vast sums of bitcoin that his project had amassed to back terra were spent. According to a breakdown shared by the organisation, it sold more than 80,000 bitcoins, worth more than $2.4bn, to unnamed parties in exchange for terra valued at $1 – at a time when the public price of the currency was under 75¢.

The jitters around stablecoins have combined with a general slump in tech stocks and the wider US downturn to trigger a wider crisis of confidence across the crypto sector. Bitcoin and ethereum, the two biggest cryptocurrencies, are down more than 10% over the last seven days, with ethereum dropping 17% to less than $2,000. Smaller currencies have, as always, been more volatile, with dogecoin falling 26% over the week.

Even some of the most vocal backers of digital currencies are now querying the promises of the sector. The founder of the crypto exchange FTX, Sam Bankman-Fried, said in an interview with the Financial Times that bitcoin has no future as a payments network because of the inherent inefficiencies of its blockchain, the public digital register that records its transactions. Instead, he argued, it could only function as a gold-like store of long-term value.



Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!