Notices by Ravi Nayyar (ravirockks@infosec.exchange), page 3

'The United Kingdom's biggest airport, Heathrow Airport, is experiencing a significant power outage due to a fire at an electrical substation that supplies the airport's power and it will be closed until midnight on March 21.

'To maintain the safety of our passengers and colleagues, Heathrow will be closed until 23:59 on 21 March ...

'Eurocontrol, which manages air traffic control operations across Europe, said on its operations website that no arrivals were being allowed at Heathrow due to the power outage and there were diversion plans in place for flights.

'The London Fire Brigade said its crews were tackling the fire in Hayes in west London and had evacuated about 150 people as a precaution'.

Good grief. Shoutout to the firies, and line personnel from the power company and airport working to get this resolved.

Cyber is not your only source of risk.
https://www.abc.net.au/news/2025-03-21/heathrow-airport-closes-after-power-outage-substation-fire/105081908

'One answer is a more joined up [US] national intelligence effort that sees the generational threat posed by the Chinese Communist Party as an imperative, if not an organising principle. That would certainly be the choice of [Director CIA] Ratcliffe ...

'... a warning to the USIC to avoid duplicating technology development by the private sector ... takes to task the current USIC for not adhering to an "obligation to share" relevant intelligence, especially on cyber threats to industry. [!!!]

'Of particular concern are moves to pause entry-level recruitment processes or even to dismiss probationary staff ... cascading effects ... especially for streams requiring careful selection and considerable training ...

'[Project 2025] rejects expansion of the Five Eyes alliance ... favouring instead "ad hoc or quasi-formal intelligence expansion […] amongst nations trying to counter the threat from China".

'This includes the potential value of using China as a central organising principle for an [Oz] intelligence community that is also required to deal with other persistent, if not as strategic, national security challenges.

'... Australia’s defence intelligence agencies should be thinking about an even more important engagement role, if there is a swing in confidence and influence within the US system from the civilian to the military.

'... we need to prioritise investing in truly sovereign intelligence capabilities for Australia—both as a hedge against the unknowable future and as a tangible and valuable contribution to the continuing partnership'.
https://www.aspistrategist.org.au/trumps-upending-of-us-intelligence-implications-for-australia/

‘Meanwhile, voters at several polling booths across Perth and in Bunbury reported problems with a shortage of both ballot papers and staff, meaning many were unable to cast their votes at all.

‘Hundreds were reportedly queuing outside booths as polling closed.

‘But the WA Electoral Commission said no one had been denied the chance to vote, despite "longer-than-expected queues at some polling places".

‘The result also took much longer than expected to be called because of apparent delays in results coming through from electoral commission.

‘Former Liberal leader Zak Kirkup told ABC Radio his party had been told votes at at least one polling booth in the state's south would not be counted on the night due to staff shortages’.
https://www.abc.net.au/news/2025-03-09/wa-election-results-wrap-explained/105028522

Trump may have helped the Liberals' election chances by providing a trigger to consolidate their (dwindling) base (Conservatives nowhere to be seen in the narrative battle), but then the PRC jumps in.

Which is weird, considering the leanings of the PRC.
https://asia.nikkei.com/Economy/Trade-war/China-hits-Canada-with-retaliatory-tariffs-on-some-farm-food-products

Via a letter published under UK FOI laws:

'The Foreign Secretary wrote to Angela Rayner in September asking her to “call in” the decision, ... paving the way for the [new Chinese mega] embassy to be approved.

'... the Chinese government resubmitted its plans in August, after Labour won power, and Ms Rayner decided to bring the application into her department for review.

'As a new embassy, I consider that this application is clearly in the interest of a foreign government, and of more than local importance. [What about the interests of the UK and FVEY?]

'The issue was raised personally by Xi Jinping at a meeting with Sir Keir Starmer in November ... [Is it foreign interference if it's naked?]

'Intelligence agencies reportedly warned the Government of highly sensitive cables directly under the site, amid concerns that they could be hacked by Chinese officials operating with diplomatic immunity inside the embassy. [EXCUSE ME?]

'The application was also previously opposed by the Metropolitan Police, ... that it would attract too many protesters and cause a public nuisance'. [Do Britons care about Taiwan/Tibet/Xinjiang/Hong Kong, though, to protest in numbers?]

While we debate Trump's foreign policy, we overlook the free kick being given by a FVEY member to the Chinese, including to the detriment of its own domestic security. As if MI5 wasn't burdened enough.

I thought the Poms hit rock-bottom when they couldn't chase 180 at the Junction in 50 overs a few months back. Yeah, they've done much worse.
https://archive.md/hLqVP

@ai6yr Ah, yes, that will win the midterms: vandalism always works in getting working class voters, already confused about what the Left is trying to achieve for them in the first place, on board.

@hacks4pancakes Is this condoning of violent forms of 'protest' an admission from the Left that it cannot win, in the US case, a Presidential election, no matter how megadonors/content creators it throws at the contest?

Get a grip, folks. This is as senseless as allegedly progressive groups in my country and the UK wanting to do protests against Israel in front of _synagogues_, despite themselves repeatedly saying that 'our principled opposition to Israel has nothing to do with Judaism'.

@hacks4pancakes When we normalise violent protest and intimidation, we end up with what's been happening in Australia over the summer with synagogues, as well as cars, schools and homes in neighbourhoods with large Jewish populations being torched/vandalised with hate symbols. Recall what DG ASIO said in his threat assessment.

Indeed, the Left needs to realise that it can't scream at everyone else about immoral conduct when it gleefully politicises violence, including acts of terrorism, justifying it as 'resistance/decolonisation'.

I look at examples like the above 'PSA' and I think, 'have you people learnt nothing since your Ivy League students issued statements celebrating/condoning/justifying October 7 and subsequent targeting of Jewish students?'

YES!

Publicly referring to stuff, which isn't an armed attack, as a 'hybrid attack' is akin to glamming up 'Chinese prepositioning in CNI' as 'Volt Typhoon'.

Obviously, for operational purposes, you internally categorise threats per risk/TTPs/etc.

But for public messaging, a threat to/attack on our polities must be called 'a threat to/attack on our polities'.

Tangentially, what does the Pentagon mean by 'Low-Intensity Conflict' re that particular ASD position?
https://therecord.media/estonian-spy-chief-russia-hybrid-attacks-are-real-attacks

'Water bombers were temporarily grounded during Sunday's bushfire emergency in Dunsborough due to private drones over the fire ground'.

Tossers.
https://www.abc.net.au/news/2025-02-17/dunsborough-residents-return-home-after-bushfire/104945484

‘… condensing the usual ten-week basic training program to just one month before three months of cyber-specialist training begins … [GOOD.]

‘… a £40,939 ($50,974) starting salary, one the MoD says is among the highest it offers for entry-level roles. They can also earn up to £25,000 ($31,132) in additional skills pay.

‘… placed into operational roles by the end of the year after the completion of their training. They'll either be based at the MoD's digital HQ in Corsham working on network and system security, or be drafted into the National Cyber Force in Samlesbury to carry out counter operations against adversaries.

‘They'll also have to pass each force's health and fitness criteria and a timed aptitude test, although they will never be based in the field or combat zones’.

Good stuff.
https://www.theregister.com/2025/02/10/uk_armed_forces_cyber_hires/

'Many of the same companies that protected Ukraine will be needed to protect Taiwan. But many U.S. technology firms today have a far greater economic stake in China than they did in Russia in 2022, and it’s highly uncertain whether they would choose to support Taiwan.

'The government must seek to contract these new capabilities before conflict breaks out, pre-position these technologies’ physical assets in potential geopolitical hotspots, and begin to treat the companies that are providing these services as allies. [Like with having cable repair/merchant ships on standby?]

'... the personal relationships that encouraged direct, fast communication between the Ukrainian government and the big U.S. companies that could help it may not exist ... They are far more aware of the risk that conflicts can last longer than expected, that costs can accumulate to significant levels, and even that overwhelming public support to help a country in conflict can wane ...

'Taiwan is wary of relying on Starlink access, as well, owing to Musk’s business links to China ...

'[AWS, Google, MSFT] continues to rely on Chinese manufacturing and sells to the Chinese market ... importance of developing a U.S. strategy for the commercial frontier, centered on guaranteeing to allies such as Taiwan the availability of essential technological capabilities before a military confrontation arises.

'The U.S. government should manage public-private partnerships with active diplomacy, treating corporate entities and their leaders as it would allies ... including them in national security discussions, providing certain personnel with security clearances, and sharing information ...

'Other tech leaders watched Musk deal with the complexities of war without the apparent [narrative] support of the U.S. government ...

'... must recognize that, although corporate interests and national interests will not always align, commercial capabilities may be essential to national security objectives ... The United States’ continued ability to defend its allies and partners may soon depend on how well it can harness U.S. tech companies’ growing power'.
https://www.foreignaffairs.com/united-states/private-sector-frontline

@GossiTheDog

Whether it’s the marking/arson attacks on Jews’ homes in your country and mine, (attempted) firebombing of synagogues and indeed the decisions by the Pro-Palestine side (ie progressives who claim their ‘advocacy against Israel’ is not against the Jewish faith) to protest in front of/near synagogues, I am really confused by what liberalism or progressivism is.

Is it progressive to aggressively raise the issue of civcas in Gaza/West Bank but stay utterly silent/celebrate/desire another October 7/attack on places of worship belonging to an identity group that is not a vote bank for the Left?

@GossiTheDog Could you explain why it is viewed as progressive to rip/scratch off posters calling for the release of the hostages in Western CBDs?

@GossiTheDog Two more questions on the Left’s response to hostages (and they’re not on the Red Cross’s bizarre lack of effort/interest over 2023 and 2024 in even visiting the hostages to review LOAC compliance by Hamas):

Why do progressives never unanimously call for the hostages to be released? Or is this like how many progressives remain silent on the plight of Yazidi girls under ISIS?

From an email from USYD earlier today.

Malicious insider incident: someone with access to the uni parking provider‘s domain sent an unauthorised email to USYD folk.

Parking provider reckons this is because of a commercial feud between it and its parking tech provider.

cc: @campuscodi, @rohan_p

FCC chair acknowledging that the FCC’s leaving of telecom cybersecurity to glorified self-regulation was stupid.

Not sure how the size of the threat is new, but good to see this official realisation.

https://www.politico.com/newsletters/weekly-cybersecurity/2024/12/16/the-rocky-road-ahead-for-states-anti-disinfo-efforts-00194434

People blaming law enforcement’s opposition to E2EE for Salt Typhoon must, in the same breath, blame catastrophic cyber governance at telcos.

Anyone can be hostile to encrypted apps, but it is the telcos’ Boards that make security decisions at the telcos, not law enforcement.

Salt Typhoon breached US telcos because of longstanding, catastrophic cultural—>security failures at said telcos.

The FCC is quite late.
https://www.fcc.gov/document/rosenworcel-proposed-requiring-telecom-carriers-secure-their-networks

'[Salt Typhoon] breached at least eight US telecommunications providers ...

'... we do not believe any have fully removed the Chinese actors from these networks ...'

We have a number.
https://edition.cnn.com/2024/12/04/politics/us-telecom-providers-chinese-hack/index.html