Retour aux nouvelles

28 juillet 2024 | International, C4ISR, Sécurité

Download Your OAuth Risk Investigation Checklist

Our checklist covers four key areas to consider when you’re investigating an OAuth grant.

https://thehackernews.uk/nudge-oauth-checklist

Sur le même sujet

  • Russia’s new nuclear policy could be a path to arms control treaties

    9 juin 2020 | International, Aérospatial

    Russia’s new nuclear policy could be a path to arms control treaties

    By: Sarah Bidgood Russia recently published a new document, titled “Basic Principles of State Policy of the Russian Federation on Nuclear Deterrence.” Its release marks the first time that Russia's official policy on deterrence has been made publicly available. As others have observed, this document is an example of declaratory policy aimed primarily at a foreign audience — and should be read with this orientation in mind. Still, it contains information that helps readers better understand how Russia thinks about nuclear weapons, and this certainly makes it worth a close examination. Some of the more useful insights this document offers pertain to Russia's threat assessments and what it sees as likely pathways to nuclear use. A number of these threats line up with American declaratory policy as reflected in the 2018 Nuclear Posture Review. These overlaps are noteworthy, since the U.S. and Russia have traditionally been able to work together to mitigate mutual threats even when their bilateral relationship is in crisis. As such, they can point toward ways to get arms control back on track at a time when it is in deep trouble. One such area of overlap appears in section 19C, which covers the conditions that could allow for nuclear use. This list includes an “attack by [an] adversary against critical governmental or military sites of the Russian Federation, disruption of which would undermine nuclear forces response actions." The similarities between this language and that which appears in the 2018 NPR are considerable. That document identifies “attacks on U.S., allied, or partner civilian populations and infrastructure and attacks on U.S. or allied nuclear forces, their command and control, or warning and attack assessment capabilities” as a significant non-nuclear strategic attacks that could warrant the use of nuclear weapons. These parallels suggest that an agreement prohibiting attacks on nuclear command, control and communications systems could be of interest to both Washington and Moscow. A treaty along these lines would help to shore up crisis stability while rebuilding trust and confidence between the U.S. and Russia. It could also become a multilateral approach involving the five nuclear weapon states, which have been meeting regularly to discuss risk reduction and other topics. This would represent one of the few concrete outcomes of these discussions, which have been met with cautious enthusiasm but have so far failed to bear much fruit. Another example of mutual U.S.-Russia threats appears in section 12E of the Russian document. Here, the “uncontrolled proliferation of nuclear weapons, their delivery means, technology and equipment for their manufacture” are described as risks that nuclear deterrence is meant to neutralize. Preventing the spread of nuclear weapons seems to remain a focus of U.S. nuclear policy, too, and the 2018 NPR commits to strengthening institutions that support “verifiable, durable progress on non-proliferation.” This ongoing shared interest is an argument for renewed U.S.-Russian cooperation in this area, especially as it relates to strengthening the Nuclear Non-proliferation Treaty. There is a long history of engagement between the two largest nuclear weapon states on nonproliferation, even at times of major discord in their relationship. Successful outcomes of this cooperation include the Nuclear Non-proliferation Treaty itself, which the United States and the Soviet Union concluded 50 years ago to stop additional countries from acquiring nuclear weapons. Despite decades of joint work toward this shared goal, the rift between Washington and Moscow has now brought most bilateral efforts in this area to a halt. As some in Iran, Turkey and Germany contemplate the pursuit of nuclear weapons, it's time for the U.S. and Russia to shore up the credibility of the regime they built. Other sections of Russia's document offer additional glimpses into Moscow's perceived threats, although not all find ready analogs in U.S. declaratory policy. Many relate instead to the possibility that an adversary will carry out a conventional attack on Russia. Sections 12 and 14, for instance, reference the risks posed by adversary deployments of medium- and shorter-range cruise and ballistic missiles, non-nuclear high-precision and hypersonic weapons, strike unmanned aerial vehicles, and directed-energy weapons. They also mention the deployment of missile defense systems in space; military buildups by would-be adversaries of general-purpose force groupings that possess nuclear weapons delivery means in territories neighboring Russia; and the placement of nuclear weapons on the territories of non-nuclear weapons states, among others. There is little here that would surprise most Russia-watchers, but if the U.S. is serious about pursuing “next generation” arms control, it is useful to have a list of potential topics for discussion that go beyond ballistic missile defense. This list might also prove helpful in negotiating asymmetric treaties or in identifying confidence-building measures that cross domains. Overall, this short document does provide greater clarity with respect to Russia's deterrence strategy, but it is ambiguous on many points as well. Olga Oliker, the International Crisis Group's program director for Europe and Central Asia, noted, for instance, it does not settle the debate over whether Russia has an “escalate-to-deescalate” policy, and it is (unsurprisingly) vague about the precise circumstances under which Russia would consider using nuclear weapons. Still, despite leaving some questions unanswered, the document offers a valuable window into Russia's strengths and vulnerabilities as they appear from Moscow. While likely not the intended signal this document was meant to send, it nevertheless points to possible opportunities for engagement when other good alternatives are hard to see. https://www.defensenews.com/opinion/commentary/2020/06/08/russias-new-nuclear-policy-could-be-a-path-to-arms-control-treaties/

  • Shanahan: cybersecurity will become new measure for industry

    20 septembre 2018 | International, C4ISR

    Shanahan: cybersecurity will become new measure for industry

    By: Aaron Mehta NATIONAL HARBOR, Md. – The Pentagon is preparing to press the defense industry to increase its cyber security, with Deputy Secretary of Defense Patrick Shanahan saying it will become a key measurement for how industry is judged by the department. “This is a public service announcement for those of you from industry, especially for those of you that are in the, I'll call it, higher tiers,” Shanahan told an audience at the annual Air Force Association conference Wednesday. “Cybersecurity is, you know, probably going to be what we call the ‘fourth critical measurement.' We've got quality, cost, schedule, but security is one of those measures that we need to hold people accountable for,” he said. “We're going to work with our industrial partners to help them be as accountable for security as they are for quality. And it shouldn't be that being secure comes with a big bill. It's just like we wouldn't pay extra for quality. We shouldn't pay extra for security.” The responsibilities of primes goes beyond just ensuring their own internal cyber security, in Shanahan's eye. The former Boeing executive laid down the gauntlet to the biggest industrial partners, saying flatly it is part of their job to make sure the lower-tier supplier are secure as well. “I'm a real strong believer that the Tier 1 and Tier 2 leadership has a responsibility to manage the supply chain. And that's where we have real gaps,” he said. “Security is the standard. It's the expectation. It's not something that's above and beyond what we've done before.” In recent years the Pentagon has been increasingly vocal about its concerns that lower-tier suppliers are not as secure digitally as they need to be; unsecured parts from those suppliers can then be incorporated into larger projects, potentially with vulnerabilities that would not be discovered until it is too late. To try and address that, the Pentagon has been looking at a plan to launch red team cyber attackson industrial partners, in which a cell would test vulnerabilities and try to penetrate the contractors' systems, in order to identify weaknesses. https://www.fifthdomain.com/digital-show-dailies/air-force-association/2018/09/19/shanahan-cyber-security-will-become-fourth-critical-measurement-for-industry

  • Turkey cleared by US for $3.5 billion Patriot missile deal, despite S-400 row

    19 décembre 2018 | International, Terrestre

    Turkey cleared by US for $3.5 billion Patriot missile deal, despite S-400 row

    By: Aaron Mehta WASHINGTON — Amidst an ongoing row concerning Turkey's decision to buy a Russian air defense system, the U.S. State Department has cleared Ankara to purchase a package of Patriot systems, with an estimated price tag of $3.5 billion. The announcement, posted late Tuesday evening on the website of the Defense Security Cooperation Agency, would cover the procurement of 80 Patriot MIM-104E Guidance Enhanced and 60 PAC-3 Missile Segment Enhancement missiles, as well as associated equipment. Turkey has twice passed over the Patriot — in 2013 when it chose a Chinese system that it later dropped out of, and in 2017 when it said it finalized the S-400 deal. In both cases, Turkey insisted on a transfer of missile technology regarding the Patriot before it would consider the system, something the U.S. declined to do. The DSCA solicit said industrial offsets of some kind are required with the deal, but “at this time offset agreements are undetermined and will be defined in negotiations between the purchaser and contractors;" whether that offset will include tech transfer remains to be seen. The S-400 is a major sticking point in the military relationship between the U.S. and Turkey. Pentagon officials and NATO leadership have been vocal that Turkey cannot be allowed to plug the S-400 into allied systems, such as integrating it with the F-35. Turkey is a member of NATO. The two systems are different in capabilities. The S-400 is a mobile system, designed for deployment behind the lines to protect critical infrastructure, with a very long range. The Patriot, meanwhile, is a medium-range system. A department spokesperson, speaking on background ahead of the announcement, said Turkey “will use Patriot to improve its air and missile defense capability, defend its territorial integrity, and deter regional threats. The proposed sale will increase the defensive capabilities of the Turkish military to guard against hostile aggression and shield NATO allies who might train and operate within Turkey's borders.” In addition to the missiles, the package includes four AN/MPQ-65 Radar Sets, four Engagement Control Stations, 10 Antenna Mast Groups, 20 M903 Launching Stations, and five Electrical Power Plant III systems. As with all DSCA announcements, dollar values and quantities may vary at the end of the day; the Senate must OK a sale before the customer and the U.S. government enter contract negotiations. https://www.defensenews.com/global/europe/2018/12/19/turkey-cleared-by-us-for-35-billion-patriot-missile-deal-despite-s-400-row

Toutes les nouvelles