• New Silicon Valley focus on cybersecurity

    The last time Silicon Valley focused on cybersecurity was in the 1990s. That focus saw the emergence of two giants: McAfee and Symantec. The two companies remain the most recognizable household names, thanks to their traditional firewall and anti-virus products. Now they find the arena which they thought was their own encroached from two sides. On one side there are tech giants like Hewlett-Packard and Cisco Systems, which see new revenue opportunity in cybersecurity. On the other side there is a rush of start-ups backed by large investments of venture capital.

  • Cyberweapons to defend electricity's perimeter

    Cyber war, cyber terror, and cyber crime target all manner of operations and, by design, cannot be detected until they have already done their damage. Nobody is immune to such attacks, and particularly target-rich environments include government bodies and critical power industries such as bulk electricity supply (BES). Hackers and cyberdefenders clash just outside of, at, or inside an organization’s electronic security perimeter (ESP). To counter such threats, a bulk electricity solution — North American Electric Reliability Corp.’s (NERC) Critical Infrastructure Protection (CIP) standards regarding BES cybersecurity — was launched in January 2008 through Federal Energy Regulatory Commission (FERC) oversight. How effective is the use of cyberweapons in protecting electricity’s perimeter?

  • Protecting cars from hackers

    A U.S. senator has asked twenty automobile manufacturers how each plans to stave off wireless hacking attempts on the computer systems of the vehicle they manufacture, and also how they protect driver privacy. The questions by Senator Ed Markey (D-Massachusetts) indicate that he will demand that carmakers apply computer-industry security processes, including implementation of anti-virus software, incident logging, incident-response planning, software vulnerability patching, and third-party penetration testing — the last of which would stage real hacker attacks on mass-production vehicles.

  • NIST's cybersecurity framework for infrastructure

    Company which are managing critical infrastructure in the United States and disregard the Preliminary Cybersecurity Framework, issued by the National Institute of Standards and Technology (NIST) in late October, do so at their own peril. The framework is now in its final comment stage and due to be released in mid-February. It lays out a set of comprehensive but voluntary cybersecurity practices.

  • Federal IT spending to exceed $11 billion by 2018

    A new report from Delteks, contracted spending on cybersecurity will continue to grow from nearly $9 billion in FY2013 to $11.4 billion in FY2018, driven by multiple initiatives aimed at improving the overall cybersecurity posture of federal agencies. Persistent threats, complex and evolving policy issues, and changing technologies highlight ongoing cyber-workforce shortages to drive investments despite constrained federal IT funding.

  • Cyber Gym in Israel trains cyber-defenders

    A group of IT and infrastructure companies in Israel have teamed up to launch Cyber Gym.The facility, inaugurated this month by Israel Electric Corp. (IEC), will train participants to defend against cyber attacks.When Sivan Shalom,  Israel’s Infrastructure and Energy Minister, was asked whether Israel was more concerned about a physical or a virtual attack, he said: “I think the future battle will be in cyberspace.”

  • U.K. tightens animal disease surveillance

    The U.K. Animal Health and Veterinary Laboratories Agency(AHVLA) has introduced a new surveillance system to detect new and re-emerging animal disease threats in England and Wales. The new system is expected to improve the geographical and species-specific coverage of disease.The new system will rely more on private sector laboratories for gathering surveillance intelligence and less on government laboratories.

  • Airport scanner vendor failed to disclose use of Chinese components

    Recently TSA cancelled a $60 million contract with Rapiscan Systems, a manufacturer of anatomically revealing airport security scanners, after Rapiscan was found to be using unapproved Chinese components in its scanners – and failing to disclose this fact to TSA. Rapiscan, in bidding on the contract, submitted a list of U.S.-made components used in the scanners to the agency, as required by law. After the company received an approval of that list – and the $60 million contract – it ordered the same components from a Chinese company — the Shanghai Advanced Non-Destructive Testing – instructing the Chinese company to label the Chinese-made components with the same part numbers as the originally approved, U.S.-made components, apparently in an effort to make it more difficult for TSA inspectors to notice the illegal switch. Members of the House Homeland Security Committee, charging that the use of Chinese components made the machines susceptible to sabotage, disruption, or spying, want to know whether TSA was aware of Rapiscan’s shenanigans.

  • Virginia Tech to get $2.6 million to test unmanned aircraft systems

    The Commonwealth of Virginia announced it will award more than $2.6 million over three years in Federal Action Contingency Trust (FACT) funds to Virginia Tech to operate an unmanned aircraft systems test site in the state, officials from the governor’s office said. The test range is operated by the Mid-Atlantic Aviation Partnership, which is led by Virginia Tech and Rutgers University and represents an effort safely to develop unmanned aircraft systems. The University of Maryland has also agreed to partner with Virginia Tech and Rutgers on unmanned aircraft system integration.

  • Feds, Calif. disagree on seismic safety of U.S. tallest dam

    At 742 feet, Oroville Dam in Oroville, California is the tallest dam in the United States. It is 45-year old, and federal inspectors say it needs a comprehensive earthquake safety assessment. The California Department of Water Resources (DWR) insists that the dam, which holds 3.5 million acre-feet of water, is safe, and that such an assessment would be an “unjustified expense.” David Gutierrez, chief of California Division of Safety of Dams (DSD), says his agency will decide in January 2014 whether earthquake assessments will be made, but notes: “Oroville is not one that keeps me up at night from a seismic stability standpoint.”

  • Virtual wall to build invisible barrier for oil spills

    The outer shell of a droplet of oil on a surface has a thin skin which allows it to hold its shape like a small dome; this shell is referred to as the liquid’s surface tension. Now, researchers have developed a technique to form a virtual wall for oily liquids that will help confine them to a certain area, aiding researchers who are studying these complex molecules. This development will have future implications in the guided delivery of oil and effective blockage of oil spreading.

  • Game theory helps corporate risk manage analyze terrorism risks

    The challenges of modeling and analyzing terrorism risk are based on the reality that the adversary is one who can alter where and when to strike and has the capability to counter-attack. Before 9/11, the science of risk modeling and analysis for corporations was primarily based on data accumulated from Mother Nature, a less responsive actor. Risk models have become more precise, but this increased precision notwithstanding, terrorists are likely to act in unexpected ways. To anticipate those unexpected ways, risk managers are relying on game theory, with the assumption that exploring hypothetical situations will prepare risk managers for the unexpected.

  • Y-12 security breach update: Old nun awaits sentencing while costs of new Y-12 facility not to be released until 2015

    On 28 July 2012, three senior citizens, led by an 83-year old nun, easily breached the supposedly impregnable security systems protecting the Y-12 National Security Complex at Oak Ridge, Tennessee. The three peace activists wondered the grounds of the maximum security facility for a while before being noticed by security personnel. While the three aging protesters are awaiting sentencing, the two companies — Bechtel Corporation and Babcock and Wilcox – which were responsible for designing and implementing security at Y-12, have been named as the primary construction contractors for planning and design of the new uranium processing facility (UPF) to be built at Y-12.

  • Defending against electromagnetic-pulse attacks

    We are all familiar with the power of electromagnetic attacks from the movies: in “Ocean’s Eleven,” George Clooney’s gang disables Las Vegas’ power grid, and Keanu Reeves’ henchmen hold off the enemy robot fighters from their spaceship in the “Matrix Trilogy.” The heroes in the films succeed by sending out a very strong electromagnetic pulse, which changes the voltage in the vicinity so that regulators, switches, and circuit boards in electronic equipment go crazy. Researchers are now trying to figure out how such attacks can be detected. They have developed a measurement instrument for this purpose that is capable of determining the strength, frequency, and direction of electromagnetic attacks.

  • Weather risk management should be part of companies’ overall risk management

    Volatile weather activity is increasing around the world. While extreme events such as typhoon Haiyan in the Philippines or flood Cleopatra in Sardinia may capture the headlines, minor fluctuations in expected weather can have big impacts on business performance across a wide range of industries. A new report focuses on the growing importance of weather risks for businesses, highlighting the economic impact of fluctuating weather conditions and how companies can protect themselves, using new approaches to “weather risk management.” Weather risk management products are already widely used in the United States, where they have become more readily accepted as a standard feature of companies’ overall risk management.