Connect with us

Tech

Cyberattack exposes lack of required defenses on U.S. pipelines

Published

 on

The shutdown of the biggest U.S. fuel pipeline by a ransomware attack highlights a systemic vulnerability: Pipeline operators have no requirement to implement cyber defenses.

The U.S. government has had robust, compulsory cybersecurity protocols for most of the power grid for about 10 years to prevent debilitating hacks by criminals or state actors.

But the country’s 2.7 million miles (4.3 million km) of oil, natural gas and hazardous liquid pipelines have only voluntary measures, which leaves security up to the individual operators, experts said.

“Simply encouraging pipelines to voluntarily adopt best practices is an inadequate response to the ever-increasing number and sophistication of malevolent cyber actors,” Richard Glick, the chairman of the Federal Energy Regulatory Commission (FERC), said.

Protections could include requirements for encryption, multifactor authentication, backup systems, personnel training and segmenting networks so access to the most sensitive elements can be restricted.

FERC’s authority to impose cyber standards on the electric grid came from a 2005 law but it does not extend to pipelines.

Colonial Pipeline, the largest U.S. oil products pipeline and source of nearly half the supply on the East Coast, has been shut since Friday after a ransomware attack the FBI attributed to DarkSide, a group cyber experts believe is based in Russia or Eastern Europe.

The outage has led to higher gasoline prices in the U.S. South and worries about wider shortages and potential price gouging ahead of the Memorial Day holiday.

Colonial did not immediately respond to a query about whether cybersecurity standards should be mandatory.

The American Petroleum Institute lobbying group said it was talking with the Transportation Security Administration (TSA), the Energy Department and others to understand the threat and mitigate risk.

THIN STAFFING

Cyber oversight of pipelines falls to the TSA, an office of the Department of Homeland Security (DHS), which has provided voluntary security guidelines to pipeline companies.

The General Accountability Office, the congressional watchdog, said in a 2019 report that the TSA only had six full-time employees in its pipeline security branch through 2018, which limited the office’s reviews of cybersecurity practices.

The TSA said it has since expanded staff to 34 positions on pipeline and cybersecurity. It did not immediately respond to a request for comment on whether it supports mandatory protections.

When asked by reporters whether the Biden administration would put in place rules, DHS Secretary Alejandro Mayorkas said it was discussing administrative and legislative options to “raise the cyber hygiene across the country.”

President Joe Biden is hoping Congress will pass a $2.3 billion infrastructure package, and pipeline requirements could be put into that legislation. But experts said there was no quick fix.

“The hard part is who do you tell what to do and what do you tell them to do,” Christi Tezak, an analyst at ClearView Energy Partners, said.

U.S. Representatives Fred Upton, a Republican, and Bobby Rush, a Democrat, said on Wednesday they have reintroduced legislation requiring the Department of Energy to ensure the security of natural gas and hazardous liquid pipelines. Such legislation could get folded into a wider bill.

The power grid is regulated by FERC, and mostly organized into nonprofit regional organizations. That made it relatively easy for legislators to put forward the 2005 law that allows FERC to approve mandatory cyber measures.

A range of public and private companies own pipelines. They mostly operate independently and lack a robust federal regulator.

Their oversight falls under different laws depending on what they carry. Products include crude oil, fuels, water, hazardous liquids and – potentially – carbon dioxide for burial underground to control climate change. This diversity could make it harder for legislators to impose a unified requirement.

Tristan Abbey, a former aide to Republican Senator Lisa Murkowski who worked at the White House national security council under former President Donald Trump, said Congress is both the best and worst way to tackle the problem.

“Legislation may be necessary when jurisdiction is ambiguous and agencies lack resources,” said Abbey, now president of Comarus Analytics LLC.

But a bill should not be seen as a magic wand, he said.

“Standards may be part of the answer, but federal regulations need to mesh with state requirements without stifling innovation.”

 

(Reporting by Timothy Gardner; Editing by Cynthia Osterman and Marguerita Choy)

Business

Virtual Law Firms Are on the Rise in Canada

Published

 on

Virtual law firms have been on the rise for a while. In a 2019 roundtable discussion conducted by the American Bar Association, several firm leaders met to discuss the growing presence of online legal services. The consensus was clear: virtual is the new reality.

That was 2019. In the intervening two years, the world was gripped by a global pandemic that forced most people to conduct their business indoors. As you might have guessed, demand for contactless, remote legal services has only ballooned since that roundtable discussion.

While the roundtable primarily focused on the legal industry in the US, you can witness similar trends here in Canada. Like the taxi industry and entertainment distribution industry before it, law is increasingly moving toward digital spaces.

This article explores what virtual law firms are, what benefits they present for Canadian clients, and what kind of clients are driving the virtual law boom.

Not a Change but an Addition

At its best, the shift from brick-and-mortar law firms to virtual isn’t an alteration of legal services as much as it is an addition.

The best virtual law firms do not compromise on service – they still offer traditional legal services with the expertise of real lawyers. The only difference is that they have added a new medium: a more accessible, transparent means of communication and billing.

Why Canadians Choose Online Law Firms

For some clients, the traditional brick-and-mortar firm was hard to give up. They viewed their lawyer like they viewed their doctor: a professional whose in-person expertise couldn’t be replicated in a digital space. Then, the pandemic hit. As millions more Canadians acclimatized to working online, they also habituated to the idea of doing business online.

 

Credit: Ketut Subiyanto Via Pexels

The benefits were immediately apparent. Virtual law firms feature streamlined communication, available seven days a week. They eliminate the need to go to a physical office. They offer all the same legal expertise and services as a brick-and-mortar lawyer. And, crucially, they often leverage transparent pricing: flat, predetermined legal fees with no hidden costs. A client looking for affordable legal services in Mississauga or Toronto, for instance, can simply click a few buttons and hire a lawyer on the spot.

Who Is Using These New Services?

You might be wondering: do they wheel a computer into the courtroom when someone avails themselves of a virtual lawyer? No, that isn’t quite the case.

Clients tend to use virtual law firms for everyday legal services – not necessarily courtroom representation. A client looking to create a will or name a power of attorney might choose a virtual lawyer for the sake of simplicity. A homebuyer, looking to keep costs manageable might hire a virtual lawyer for closing since their prices are both more transparent and affordable. A couple seeking to draft a cohabitation agreement may find similar benefits in an online lawyer.

The fact is that virtual legal services are not only here to stay – they are on the rise. Fortunately, the future is friendly; online law firms offer the same legal expertise as their physically housed counterparts, with the added benefits of being accessible and affordable.

Continue Reading

Tech

Starlink Struggles in Testing

Published

 on

We are now two years on from the launch of the first satellite in the Starlink system, and reviews for the beta test are rolling in. As with anything Musk has a hand in, there’s been a lot of talk about what Starlink can accomplish. Some are firm believers that the service will live up to its hype, while others insist Starlink is another case of Musk’s overpromising and underdelivering. As the latest reports have shown, Starlink could be shaping up for the latter rather than the former.

The Starlink Potential

The basic idea behind Starlink is that it will act as a faster and more reliable satellite internet service than any that came before. Directly, Starlink could be seen as a successor to systems like Anik F2, a high-throughput satellite that launched in 2004. Offering speeds up to 30 times faster than dial-up, at up to 1.5Mbps, these early incarnations held promise.

The only real issue with these early systems is that to achieve geostationary orbit they had to be placed around 36,000 km high. Even in perfect conditions, this distance would incur a latency (or round trip wait time) of approximately 550 milliseconds. While this could be useful for general browsing duty, more fast-paced and active uses such as movie streaming or online gaming were rendered unplayable with such delay.

To avoid this issue, Starlink has instead gone with an enormous net of satellites in three tiers, with the closest placed at 500km above the earth’s surface. To maintain orbit, these need to move extremely quickly, which is why Starlink is aiming to launch tens of thousands of satellites. The more added, the better the coverage. The outcome of this difference is a supposed eventual goal of 300Mbps bandwidth and a latency of 20 milliseconds.

Source: Pixabay

Testing Results

In the beta tests, Starlink in action is far from living up to the dream. The major problems to arise have been found in two related areas; unreliable connections and the difficulty of dish placement. In simple terms, Starlink can only operate at peak effectiveness when it’s given a completely free field of view to the sky. Any surrounding trees, houses, or geography will diminish the dish’s ability to track satellites. Add shoddy reliability even in perfect circumstances, and the dream isn’t as great as many hoped.

Speeds in beta tests have tended to hover around a 90Mbps download speed, which isn’t too terrible, and latency still usually played under the all-important 100 milliseconds mark. However, without reliable connections, such speeds are practically moot. Speeds can vary wildly over a day, and with so many satellites constantly needing new connections, downtime can occur regularly and often. Dealing with a couple of hours of downtime a day might be acceptable if it can be planned around, but when it happens seemingly at random it becomes far less permissible.

 

Real-Life Uses

As for what Starlink could be used for today, that much relies on luck. Consider two common uses, streaming movies online and playing online casino games. In streaming movies, quality could be fine for large chunks of a film, with constant interruptions where the movie has to pause, buffer, or drop to lower quality to ensure consistency. This is frustrating and could be a deal-breaker for some.

In accessing and playing on something like the best online Canada casinos, demands tend to be much lower than with systems like movie streaming. This applies to all facets of the experience, from browsing comparison websites to find bonuses and features to collecting deposit matches, and playing the games themselves. Each step here requires very little bandwidth, but each could also be broken by the low connection reliability. Safety features of these casinos mean a constant connection needs to apply at all times when playing games, where Starlink’s drops could render even small titles unplayable.

Source: Pixabay

Future Perfect?

Proponents of Starlink are quick to point out that the growing net of satellites will improve coverage reliability, and this much is true to some degree. That said, the major benefits will only ever apply to those with completely unobstructed lines of sight to the sky. This is an unlikely scenario for most people, though in the right place at the right time, the potential is there.

Ultimately, the most profound benefits afforded by Starlink could apply not to general internet connections in developed nations, but rather as specialized systems for remote and developing areas. Having a satellite dish for high-speed internet in such places could introduce massive benefits in terms of education and communication opportunities. The results of such systems are untold improvements to ways of life, and in this, we have to have faith in what Starlink could accomplish.

With rollout increasing all the time, and a goal for integration into larger vehicles like ships and RVs stated somewhere down the line, we’re yet to see the peak of what Starlink can accomplish. Should it fail to measure up, however, its government subsidies could be cut, and the project could utterly fail. Though, should this occur, the lessons learned from Starlink are immense and might prove indispensable for satellite communications technology in the future. Either way, the Starlink experiment seems to have been worth the effort.

 

Continue Reading

Tech

Google dangles paid upgrade to businesses using Gmail addresses

Published

 on

Alphabet Inc’s Google on Monday unveiled an option for small businesses to upgrade their Gmail accounts for greater calendaring, video chat and email newsletter functionalities.

Google Workspace Individual, which starts at $7.99 monthly including a temporary $2 discount, adds to the company’s expanding efforts to have users subscribe to some of its services such as YouTube and Google Photos in exchange for more support and features than are available for free. Subscription sales could help Google grow revenue beyond advertising.

The small-business offering compares with existing plans aimed at larger organizations that have their own websites to use in email addresses.

Javier Soltero, vice president for Google Workspace, told reporters that his unit had been informally saving photos of business cards or work vehicles mentioning an “@Gmail.com” address to “remind ourselves of the sheer number of people using our consumer products to run their businesses.”

Those that upgrade for appointment booking, newsletter production and other tools should be able to provide a more professional experience to clients, he said.

Workspace Individual will launch soon in the United States, Canada, Mexico, Brazil, Australia and Japan.

Google announced other changes to Workspace on Monday. Big businesses will be able to control encryption of their files on Google Drive for the first time and prevent Google from unlocking them. Airbus SE is an early customer.

All users now have access to Google Chat, the company’s successor to instant-message program Google Hangouts.

Now for the first time in years, free and paid users alike will have the same set of chat and email services, providing a common foundation that makes it simpler to develop new features, Soltero said.

 

(Reporting by Paresh Dave; Editing by Marguerita Choy)

Continue Reading

Trending