Category: Blog

Standalone 5G Networks: Potential Vulnerabilities that Could Result in Denial of Service for Customers

Standalone 5G Networks5G networks promise high speeds, lower latency, and more robust security compared to its predecessors – and this has created a lot of buzz. As a result, there is a lot of competition among operators to roll out the network while manufacturers are already producing 5G devices.

The deployment of 5G around the world has also been facilitated by a need for always-connected computers, widespread internet of things (IoT), and dependence on smartphones. All of this is constraining the 4G LTE technology.

With the current uptake in remote working due to COVID-19, 5G is expected to see more deployment.

However, despite the promised benefits, there are varying concerns about the potential vulnerabilities of this network. Since there are various security concerns, this article will highlight those involving the standalone 5G networks.

What is 5G Standalone Network?

5G stands for the fifth generation of networks that are designed to address gaps and errors existing in the architecture of previous generation networks. However, its implementation is through a gradual phasing out of the existing networks.

Note that the 5G network involves two streams, which include the standalone (SA) and non-standalone (NSA). The NSA relies on the existing 4G infrastructure because 5G standards are not fully finalized.

On the other hand, the standalone is a completely new, end-to-end 5G network. To offer ultra-low latency and high capacities, service providers will have to fully implement the standalone 5G infrastructure.

Despite the radical and beneficial transformation promised by 5G networks, there are concerns that it might become a multidimensional cyberattack vulnerability.

Vulnerabilities for Subscribers and Mobile Network Operators

Unlike previous networks, 5G is a software-defined network and involves network function virtualization, which makes it more vulnerable.

The previous networks implement hardware choke points because they are centralized and hardware-based; whereas 5G digital routing lacks inspection and control chokepoints.

This new architecture has seen various research carried out to check its viability. As a result, industry professionals and government officials have already raised concern over the network’s security and overall architecture.

An investigation by global cybersecurity firm Positive Technologies focused on 5G standalone core in terms of its architecture security, the interaction of network elements, as well as subscriber authentication and registration procedures.

The examination revealed that “the stack of technologies in 5G potentially leaves the door open to attacks on subscribers and the operator’s network. Such attacks can be performed from the international roaming network, the operator’s network, or partner networks that provide access to services.”

The vulnerabilities were discovered in two protocols that are, PFCP and HTTP/2, which are used in 5G standalone networks.

Exploitation in Packet Forwarding Control Protocol (PFCP) would result in denial of service. This is because the PFCP is used to manage subscriber connections. A PFCP session includes three procedures: session establishment, modification, and deletion. It’s at this point that denial of service can be carried out by attackers through a session deletion request, a session modification request, or redirection of data through a session modification request.

For the HTTP/2, the Positive Technologies research found that an attacker could obtain the network functions profile and impersonate any network service. This is because the HTTP/2 protocol is responsible for vital network functions that register and store profiles on 5G networks. The attacker then would have access to authentication status, current location, and subscriber settings for network access. It’s also possible that an attacker would be able to delete NF profiles, which could result in a financial loss as well as damage subscriber trust.

If not handled correctly, the 5G standalone network security issues will place critical infrastructures such as hospitals, transport, and utilities at risk.

Solution and Conclusion

According to the report, the vulnerabilities would appear due to misconfigurations. With vendors competing to launch 5G networks, attackers will take advantage of poor configurations.

Therefore, it calls for proper configuration of the architecture to stop these types of attacks. Unfortunately, errors still might occur. To detect configuration errors in the networks, regular security audits should be performed.

It’s also vital that apart from ensuring proper equipment configuration, security monitoring, and enhancing the implementation of firewalls are also top priorities.

In conclusion, 5G’s high speeds, low latency, and high bandwidth will be highly beneficial. However, potential security holes could cost more than the cost of implementing this technology. As a business owner considering the 5G network, do not let your guard down just because the new network promises to address gaps and errors in previous generation networks.

Deciding if a Roth IRA Conversion is For You

Deciding if a Roth IRA Conversion is For YouRoth IRAs can be a powerful tax tool, but they are often misunderstood and misused. Investment income in Roth IRAs compound tax-free and most distributions are tax-free as well. Another benefit is that there are no required minimum distributions (RMDs) throughout the original owner’s life. Long-term Roth distributions are tax-free to the beneficiaries who inherit the IRA as long as they fully distribute the Roth within 10 years of inheriting.

As the annual contribution limits are rather small, most Roth IRA contributions are made by converting a traditional IRA to a Roth IRA. The downside to conversion is that you’ll have to pay tax on the gross amount converted. Considering this can require a substantial cash outlay and that all the Roth IRA benefits are backloaded, deciding to make a conversion can be a difficult call.

Most people aren’t sure it will pay off in the long term and don’t like the idea of paying taxes now instead of in the future. Consequently, too often people try to make a conversion decision through intuition instead of objectively considering the important factors.

It’s best to use a spreadsheet to do an analysis or work with a tax advisor because you will need to consider many factors, including assumptions about tax rates, investment returns, how long you’ll own the accounts, how much you will convert, etc.

Generally, a conversion becomes more advantageous if tax rates increase and this impact is compounded by higher investment returns. Finally, remember that you can leave the Roth to your heirs who can take distributions tax-free.

Roth IRA conversions are not the right option for everyone, but where it’s appropriate the benefits can be substantial.

What To Know About Filing For Bankruptcy

What To Know About Filing For BankruptcyAbout one million Americans file for personal bankruptcy each year, with one in 10 households having filed at some point. Given the loss of jobs, reduced income, and the coronavirus recession in 2020, those numbers could increase this year if the economic recovery is not both swift and omnipresent.

There are two main types of personal bankruptcy: Chapter 7 and Chapter 13. Chapter 7, which is the more common option, will liquidate the filer’s assets in order to discharge all or a portion of the outstanding debt. People generally choose this route because they are in way over their heads and do not earn enough income to pay their debts in any type of normal time frame.

Chapter 13, on the other hand, provides some immediate breathing room while helping the filer develop a payment plan based on a reduced percentage of the debt. This percentage is determined by how much he makes and what he can feasibly pay each month. While a Chapter 7 bankruptcy remains on your credit report for 10 years, while Chapter 13 bankruptcy is a bit less punitive staying on record for only seven years. As the filer works to pay down his debt and sticks to his plan, his credit score will gradually improve over time. In some cases, the debtor may be able to apply for an FHA, VA, or USDA home loan a year after his bankruptcy filing, or two to four years if applying for a conventional mortgage.

Bankruptcy can provide immediate relief from creditors calling and threatening to evict, foreclose, repossess, shut off, or garnish wages. However, be prepared for some level of pain, such as the bankruptcy court seizing property to be sold to pay your creditors, and/or your credit cards being canceled.

You may see television ads to get debt relief without having to file bankruptcy. Be aware that while these programs may negotiate a debt settlement to something you can better afford, they will not skirt the wrath of the dreaded credit rating agencies. Any time an entity negotiates a reduction in your debt, this will show up as a negative factor on your credit score, and will likely remain that way for many years. A more recent issue that not everyone is aware of is that some employers have started checking the credit reports of job applicants. This makes it all the more difficult to pay off your debt if you can’t get a job because of your past payment history. Your best option is to secure a reliable income before you work with a debt relief agency or file for bankruptcy.

Before entering any type of debt relief program, it’s a good idea to consult with a qualified, non-profit credit counseling agency for a free debt analysis. Don’t go to just anyone; make sure it is a legitimate resource which, by law, is required to serve your best interest. Shady debt counseling vendors are inclined to recommend a debt solution that works out better for the agency than their clients.

If you do decide to file for bankruptcy, be aware that court fees cost about $300, plus lawyer fees tend to run between $1,000 and $3,000 for a Chapter 7 filing and approximately $3,000 to $6,000 for a Chapter 13 filing.

COVID-19 Vaccination Considerations for Employers

COVID-19 Vaccination Considerations for EmployersLooking at a 2009 letter from the U.S. Department of Labor, Occupational Safety and Health Administration (OSHA), employers may be able to require their employees to take the COVID-19 vaccine, with a few exceptions (such as the likelihood of a life-threatening reaction to it). With the COVID-19 vaccine being rolled out, how can employers balance workplace safety, maintain productivity and stay within the law?

According to the Centers for Disease Control & Prevention (CDC), the early vaccination stages will likely focus on those who are at particular risk of severe and life-threatening complications from COVID-19. This is expected to include elderly individuals, especially those who live in nursing homes. It’s also expected to include frontline healthcare workers who may be exposed to COVID-19 and could expose patients to COVID-19.

Looking to the Past for Guidance on Employer Vaccine Mandates

The natural question for employers is if and how they are able to mandate a COVID-19 vaccination for employees. When it comes to OSHA and the U.S. Equal Employment Opportunity Commission (EEOC), neither agency has given any actionable guidance on mandating the COVID-19 vaccine.

In light of an Emergency Use Authorization (EUA) for both the Pfizer and Moderna vaccines, further government agency direction is likely to follow over the next few months. Until there is more definitive guidance, the most relevant and likely direction is to look back at how the different agencies handled this same question with the H1N1 epidemic.

U.S. Equal Employment Opportunity Commission

In 2009, the EEOC provided guidance based on the Americans with Disabilities Act (ADA) and Title VII of the Civil Rights Act of 1964, which state that employers are within their right to mandate that workers take the flu shot. However, for workers with disabilities that prevent them from receiving inoculations and for workers objecting to vaccines according to their religious beliefs, their employer must provide a “reasonable accommodation.”

If a reasonable accommodation is available, the employer is responsible for providing it. However, according to the ADA, if a reasonable accommodation is not available; it would create an “undue hardship” for the business; or if the worker would “pose a direct threat” to their coworkers’ well-being and welfare that isn’t able to be reduced via the reasonable accommodation, employers aren’t required to provide that reasonable accommodation.

When it comes to the subjective reasonable accommodation and undue hardship test, the employer must look at the worker’s individual disability, his role and what responsibilities it entails, the type of vaccine being mandated, and the employer’s circumstances. For example, if someone cannot be vaccinated, they may be accommodated by continuing to work remotely, work within the constraints of social distancing guidelines, face masks, etc. However, if the worker’s role requires close contact with others, the ability of the employer to accommodate the employee will be more in question.

Title VII similarly requires business owners who mandate vaccines as a requirement of employment to make reasonable accommodations for workers who assert a sincerely held religious belief, practice, or observance that prevents the worker from accepting a vaccine. In this case, employers may ask the employee who claims a religious exemption for reliable documentation attesting to the religious objection.

Much like the ADA, Title VII also states that if the reasonable accommodation causes an undue hardship, the employer is not required to make such an accommodation. One distinction for this exception under Title VII is that the undue hardship standard is met when the “more than de minimis cost” to the business is reached. For the ADA’s undue hardship threshold to be met, the accommodation in question must create significant difficulty or expense. For employees who have non-religious beliefs that they explain prevents them from taking a vaccination, this is not covered under Federal Law but might be applicable in certain states.

Looking back to 2009, an OSHA letter stated that businesses can require employees to take a seasonal flu vaccine, with some caveats. One exception is if they have a pre-existing medical condition that can cause grave illness or death, they may qualify for an exemption. As the EEOC suggests, asking and not mandating that employees get vaccinated might garner good results before there’s any pushback from a vaccination mandate.

Businesses can offer vaccines at their place of work, paying for it for every employee who wants it. However, in the course of offering vaccines for workers, logistics must be considered because things are still evolving as the two vaccines (and others) are projected to become more and more available. Employers must consider the time frame of availability for vaccines (depending on the business’ industry, workers’ ages, etc.), pay for time spent on vaccination (potentially if there’s a reaction, etc.), how payment for vaccines will work, delivery and storage of the vaccine, etc.

While the rollout for the COVID-19 vaccine is ongoing, now is the time for employers to determine how they will handle the inoculation with their employees. 

Sources

https://www.osha.gov/laws-regs/standardinterpretations/2009-11-09

https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act

https://www.eeoc.gov/foia/eeoc-informal-discussion-letter-254

Paying the Price for Vice: The Evolving Landscape of Excise Taxes in America

Excise Taxes in AmericaWhile excise or vice taxes have long been a part of the American tax landscape related to alcohol and cigarettes, the recent invention of vaping and legalization of marijuana and other substances is changing the landscape.

What Are Excise Taxes?

Excise taxes are taxes on specific types of consumable products such as alcohol or tobacco for one of two reasons. First, as vice taxes in order to raise revenue to cover the costs related to consumption; and second, to deter consumption itself. Unlike other types of consumption taxes such as sales tax, these are specific to certain products.

Do They Change Behavior?

Theoretically, when you increase the price of a product such as alcohol through the addition of excise taxes, demand should go down. While this may be a deterrent and limit demand, excise taxes certainly haven’t proven to be a feasible way to eliminate behaviors. A pack of cigarettes can cost upward of $15 in major cities, but there are still people smoking. It’s a similar situation with drinking and gambling.

It’s All About the Benjamins

While we think of excise taxes as vice taxes today in many respects, the main point isn’t to change behavior – it is to raise revenue. Excise taxes pre-date the United States and were one of the main forms of government funding in America before income tax was created. Alcohol taxation goes back to George Washington’s presidency and incited the infamous Whiskey Rebellions. Cigarette taxes were introduced as a way to pay for the Civil War. In the end, it’s about the money generated as there are easier and more effective ways to regulate behavior.

New Products Equal New Taxes

The legalization of marijuana by states raises the issue of excise taxes on this product. Unlike tobacco, where one of the goals is to decrease consumption, the situation here is more one of legalizing something to raise consumption and generate revenue as a result.

Marijuana taxation is more akin to alcohol in the years following prohibition. In both cases, you have large-scale illegal operations and illicit consumption with the aim of moving them to legitimate status. In this sense, it’s different than other vice taxes. 

Initially, at least, the authorized market will have to operate in parallel with the black market for the same product, limiting the amount of taxes that can be raised when there is still an unregulated and untaxed alternative.

Beyond Marijuana

Aside from marijuana, there are other new products that could be taxed and generate revenue, the most notable being vapor products. While vaping products are not really that new, the market is just growing to a substantial size.

Taxing vaping products is more complicated and problematic. Some consider these products to be just as harmful as cigarettes, while others not so much. There is evidence that nicotine consumed via vaping is less harmful than through smoking cigarettes.

Theoretically then, the government should apply less taxes as a result if the harm and therefore cost to society is less.  The problem with this is that less revenue is raised. As noted before, we come back to the issue that vice taxes are often revenue-raising tools disguised as public safety measures.

Too Successful For Its Own Good

Vice taxes can be too successful, with tobacco as the best example. While people may stop buying cigarettes, they don’t stop consuming cigarettes; instead, they buy them elsewhere.

For example, more than 50 percent of cigarettes consumed in New York are purchased out of state. If you push too far, people will react.

Conclusion

Excise and vice taxes are here to stay. While varying arguments can be made that they benefit society by shaping behaviors, it is undeniable that state, local and the federal government are addicted to the revenue generated.

Details on the Expansion and Clarification of the Employee Retention Credit

Details on the Expansion and Clarification of the Employee Retention CreditThe CARES Act created the Employee Retention Credit as part of the government’s relief package to mitigate the economic impact of COVID-19. Recently, on Dec. 28, 2020, Congress enacted the Consolidated Appropriations Act, 2021, which clarified and expanded the scope of the Employee Retention Credit (ERC).

Below is a summary of the changes in key provisions of the credit and the new guidance. Noteworthy updates include a broader application of the credit and news that changes are retroactive.

Time of Availability

Previously, the credit only applied to qualified wages paid between March 12, 2020, through Dec. 31, 2020. The new legislation extends the credit period for six more months – through June 30, 2020.

Eligibility Requirements

There are two main triggers for eligibility. The first applies in all instances, with the credit available to any business whose operations were partially or totally suspended by a governmental COVID-19 order during the time the order is in effect.

The second option to become eligible differs under the new act. Previously, businesses were eligible if gross receipts were less than half of the same quarter in 2019 and remained eligible until reaching 80 percent – compared to the prior year. Under the revision, gross receipts were still compared to the same quarter in 2019. Still, beginning Jan. 1, 2021, eligibility starts at less than 80 percent for the comparable period (you don’t have to get to less than 50 percent). Further, if a business didn’t begin operations until 2020, they can compare to 2020 instead of 2019.

Percentage of Wages and Maximum Credit

The percentage of wages qualified for the credit increased from 50 percent to 70 percent. The cost of providing healthcare benefits to employees remains deductible as before.

Coupled with this is an increase in the maximum credit amount. Previously, the annual maximum credit per employee was $5,000; but starting Jan. 1, 2021, this increases to $7,000 for both the first and second quarters, for a $14,000 annual maximum.

Employer Size for Whether an Employee is Working or Not

The employer size threshold is another notable change. The original act prevented companies with more than 100 employees from taking the ERC for any employee still performing services – even if at a reduced capacity. Starting in 2021, this increases to 500 employees.

Paycheck Protection Program Loans versus ERC

Previously, companies who participated in the PPP loan program were not eligible for the Employee Retention Credit, including affiliated companies. The updated law retroactively changes this requirement. Companies that received PPP loans are now eligible for the ERC credit, but there are restrictions.

The change applies to wages paid on or after March 13, 2020. Prior PPP loan recipients cannot claim the credit for wages paid with proceeds from a PPP loan receiving forgiveness. If the company paid qualified wages over the amount of the forgiven quantity, they could claim the credit retroactively. The IRS is expected to issue more guidance on this topic.

Advance Payments

There was no advance payment option; employers were required to pay employee wages before they could receive the credit. While this is still not settled, it is expected that the IRS will draft guidance allowing for advance payment of the ERC for companies with 500 or fewer employees based on 70 percent of the average quarterly payroll for the comparable quarter in 2019.

Eligibility of Governmental Entities

Previously, the ERC was not available to governmental agencies at any level; however, starting Jan. 1, 2021, public colleges and universities, agencies that provide medical care, and select other agencies such as federal credit unions are now eligible.

Conclusion

The Consolidated Appropriations Act, 2021 extended and clarified many of the Employee Retention Credit provisions up through June 30, 2021. Overall, the ERC is expanded in terms of amount, employer size, and more flexible gross receipts test. Further, PPP loan recipients are now also eligible for the credit if they meet certain criteria.

Most likely, employers will need to file amended payroll tax returns for the second and third quarters, but guidance is still pending for this and PPP loan recipients who want to access the credit.

The changes can be complex, and compliance can be cumbersome, so if any of the information outlined above applies to you, be sure to reach out to us to help you capture the most value from the changes to the Employee Retention Credit rules.

Prosecution for Use of Performance Enhancement Drugs, Modernizing Government Technology, and Enhancements for Veterans and Their Caregivers

Prosecution for Use of Performance Enhancement DrugsRodchenkov Anti-Doping Act of 2019 (HR 835) – This bill was introduced by Rep. Sheila Jackson Lee (D-TX) on Jan. 29, 2019. The purpose of this legislation is to give U.S. officials the power to prosecute individual athletes who used performance-enhancing drugs at international sports competitions involving American athletes. The legislation has been criticized by the World Anti-Doping Agency (WADA) as undermining the global anti-doping movement based on international cooperation, and because no other nation has extra-territorial jurisdiction in this field. The bill passed in the House in October, the Senate in November, and was signed into law by the president on Dec. 4.

IoT Cybersecurity Improvement Act of 2020 (HR 1668) – This bill requires the Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to establish minimum security standards for Internet of Things devices owned or controlled by the Federal Government. The legislation was introduced by Rep. Robin Kelly (D-IL) on March 11, 2019, passed in both Houses, and was signed into law on Dec. 4.

Information Technology Modernization Centers of Excellence Program Act (HR 5901) – Introduced by Rep. Ro Khanna (D-CA) on Feb. 13, this bill authorizes the establishment of an Information Technology Modernization Centers of Excellence Program. The purpose of the program is to help executive agencies adopt secure modern technology in coordination with the Department of Homeland Security. The program must provide regular reports to Congress. The legislation passed in the House in September, in the Senate in November, and was signed into law by the president on Dec. 3.

Veterans COMPACT Act of 2020 (HR 8247) – Short for Veterans Comprehensive Prevention, Access to Care and Treatment, this bill authorizes a variety of programs, policies, and reports that fall under the Department of Veterans Affairs (VA). Components of the legislation address transition assistance, suicide care, mental health education and treatment, healthcare, and female veteran care. It includes a program to provide education and training for caregivers and family members of veterans with mental health disorders. The bill also establishes a Task Force on Outdoor Recreation for Veterans to recommend public lands or other outdoor spaces to be used for medical treatment and therapy. The bill was introduced by Rep. Mark Takano (D-CA) on Sept. 14. It passed in the House in September, the Senate in November, and was signed by the president on Dec. 5.

Wounded Veterans Recreation Act (S 327) – This bill offers a free lifetime pass to National Parks and Federal Recreational Lands to any U.S. resident who has been medically determined to be permanently disabled (must furnish adequate proof of disability and citizenship or residency), as well as to any veteran with a service-connected disability. It was introduced by Sen. Jeanne Shaheen (D-NH) on Feb. 4, 2019, passed in the Senate in June, the House in November, and was signed into law by the president on Dec. 3.

Transparency and Effective Accountability Measures (TEAM) for Veteran Caregivers Act (S 2216) – Designed to upgrade VA caregiver programs by identifying and formally recognizing caregivers of veterans, and notify them of assistance available under the Program of Comprehensive Assistance for Family Caregivers. The bill also temporarily extends benefits for veterans who are determined to be ineligible for the family caregiver program, including a monthly personal caregiver stipend. This bill was introduced by Sen. Gary Peters (D-MI) on July 23, 2019. It passed in the Senate in November, the House in December, and is currently waiting for enactment by the president.