Forum on the Arms Trade’s Post

Luis Elizondo's opening statement for tomorrow's Congressional UAP hearing proposes three actions to rectify the many problems raised by lack of proper government oversight, transparency and accountability when it comes to UFOs. These are: 1. "Single point of contact responsible for a whole-of-government approach to the UAP issue." 2. "A national UAP strategy that will promote transparency and help restore the American public’s trust." 3. "A protected environment so whistleblowers, desperate to do the right thing, can come forward without fear." These are all very sensible actions worthy of public support. However, I would add a fourth action that is vital to get to the truth about the UAP issue. 4. "Provide a supportive environment for those claiming to have had face-to-face contact with NHI to share their testimonies without fear of public ridicule and retaliation."  https://lnkd.in/eDQKMXVx

Very interesting report! I really appreciate the level of BL's transparency on this attack. I think it's much more than many of us can expect even in internal communication. It helps other organisations to learn without waiting to experience the same.

The British Library, custodian of 170 million items, dating back 4,000 years, suffered a data breach back in Oct 2023. A few days ago, they published a transparent review of the attack. The review includes details of complexities introduced back in 2013, performance benchmarking since 2015, and accreditations from 2019. It gives hour by hour details of the initial response to the detection and looks forward to the restoration of full service. I know what it's like to be the first to discover suspicious activity - trying to establish how bad the day / week / month is going to get. It's not a good way to start your day. If you or your company has "reliance on a significant number of ageing legacy applications", have storage which uses "certain sensitive keywords in its naming convention, such as ‘passport’ or ‘confidential'", or work in an environment with exceptions to security recommendations "for reasons of practicality, cost and impact" you should read the review. We should also thank the Library leadership for making the review available so we can all benefit from their terrible experience.

It's here! Very pleased to share the release of our first National Prosecutor Retention Survey report with responses from over 4,500 line prosecutors nationwide. Some key findings: 📊 93% report high job satisfaction 📊 67% are driven by their commitment to serve their community 📊 57% have considered leaving the profession, citing personal mental health and wellbeing, better pay and overwhelming caseloads as the primary reasons. For me, the most alarming stat is that of those who have considered leaving their office, 81% have thought about doing so IN THE LAST YEAR! Almost half within the last month at the time of taking the survey. That's a dangerous statistic that must be heeded. Look for more from our Association to do what we can to help local prosecutors overcome these challenges, including updates to our new resource hub on prosecutor recruitment and retention, found here: https://lnkd.in/g_bZwmn9 #prosecutors #criminaljustice #recruitment #retention #burnout #wellbeing #mentalhealth #caseloads #salary #betterpay #vicarioustrauma #secondarytrauma #attrition #datadriven #data Joe Dallaire State of Alaska Department of Law

🧨🧨 Complacency is the enemy of cybersecurity Reflecting on the recent cyber-incident review from the British Library, the report clearly illustrates the importance of ongoing investment in proactive defensive measures to safeguard critical data, assets and services. What scares me is how many businesses and charities still lack appropriate personnel at either board or advisory level. This needs to change dramatically, and cutting through the bureaucratic or social barriers between those who make decisions and those who execute them is equally as crucial. Decision-makers, be mindful of your duties, and of the personality traits of your technology leaders: https://lnkd.in/eiXS8WEX For the implementers and tech leaders, make sure you can translate your strategies into clear plans that resonate with the business goals. CTO Academy As for actions you can start today, audit your software and systems for outdated components. Ensure that everything, from your operating system to the third-party applications you rely on, is up-to-date with the latest security patches. Treat any patch that needs to be applied, update that is available, staff member that doesn't have cyber security awareness training as "debt", start paying off that debt now. #CyberSecurityAwareness #DigitalResilience #TechUpdates #ContinuousLearning #CyberThreats #StaySafeOnline

SFS Professor Rush Doshi, security studies expert and founding director of The Brookings Institution's China Strategy Initiative, testified before the U.S. Senate Homeland Security Committee’s hearing on conflicts of interest in federal contracting yesterday. Professor Doshi focused his remarks on four questions: what are China’s ambitions; how do these ambitions create conflicts of interest for U.S. companies; how are the conflicts of interest a threat to U.S. national security; and what can the United States do about it? Watch more here: https://lnkd.in/duempGsF

In times of unprecedented crisis, media outlets, politicians, and EU institutions are reporting big changes happening in Europe. The common security and defense policy is core to today's debates. But what do European citizens know about this controversial issue? To discover more about this, with my doctoral colleague and friend Davide Emanuele Iannace we are conducting an independent research on European public opinion towards the common security and defense policy. Your contribution counts. Filling the survey and/or spreading it among your networks would be great help for us. European Defence Agency European Commission European Parliament Council of the European Union

In November 2023 the government published a Call for Evidence on the impact of the National Security and Investment Act 2021 (NSI Act). It has now provided a response which summarises the key issues flagged and sets out the next steps that the government proposes to take. More here 👉 https://okt.to/jUXG2a

Six days ago The British Library published this white paper. Brave move but a wise one, hopefully, to help others. The statement about MFA is key to why they were not stopped after they compromised priveledge credentials. "In common with other on-premise servers, this terminal server was protected by firewalls and virus software, but access was not subject to Multi-Factor Authentication (MFA). MFA was introduced across the Library in 2020 to increase protection of all remote activities relating to cloud applications such as email, Teams and Word, but for reasons of practicality, cost and impact on ongoing Library programmes, it was decided at this time that connectivity to the British Library domain (including machine log-on access and access to on-premise servers) would be out of scope for MFA implementation, pending further renewal of the Library’s infrastructure. The lack of MFA on the domain was identified and raised as a risk at this time, but the possible consequences were perhaps under-appraised."

So are you ready for #dora (not the explorer 🤣) The Digital Operational Resilience Act comes into force in January 2025. Have a read through the blog to see how it may impact your organisation. Thanks to Rohan Massey from Ropes & Gray LLP for his comment. We had an impromptu chat about DORA and other impending legislation after his presentation at #infosecurityeurope in June, which led to this blog being created. #paymentsecurity #businesscontinuity #operationalresilience #ciso #serviceprovider #finance #insurance #banking #ict #eckoh #fca