Corporate IT security

  • CybersecurityIdaho bolsters the state’s cyber defenses

    Idaho’s director of the Bureau of Homeland Security says that cyber threats remain the most important yet least understood risk to government and the private sector. He has announced plans to tackle that vulnerability in the state. The director of the Bureau says that cybersecurity will never be perfect, which makes it imperative for organizations like the Idaho Bureau of Homeland Security to focus on planning that incorporates not just defense, but also detection and the mitigation of damage that has already occurred.

  • CybersecurityPatriot Act’s reauthorization an obstacle for cyber information sharing bill

    Recent cyber hacking incidents have persuaded lawmakers to pass a cyber information sharing bill which will help protect U.S. private sector networks. Business groups and federal intelligence agencies insist that information exchange is critical to protecting the nation’s cyber infrastructure. One of the hurdles to passing such a bill is that by 1 June, Congress must reauthorize sections of the Patriot Act which are the basis for the NSA’s most controversial surveillance programs. Many lawmakers consider NSA reform to be essential before they can support the White House’s cybersecurity proposal, which would allow cyber information sharing between the public and private sector.

  • CybersecurityU.S.-U.K. cyber war games to test the two countries’ cyber resilience

    American and British security agencies have agreed to a new round of joint cyber “war games” to test each country’s cyber resilience. The move comes after a year of high profile cyberattacks against the U.S. private sector and after warnings from the U.K. Government Communications Headquarters that computer networks of British firms face daily attacks by hackers, criminal gangs, competitors, and foreign intelligence services.

  • Digital Security // By Todd Sexton8 Tips to prevent data breaches

    Securing electronic messages should be one of the top IT priorities for organizations in 2015. The process should not be overly complex or expensive, but it does require proper planning and regular revisions. While there is no such thing as a 100 percent breach-proof security system, the majority of attacks can easily be prevented by following the simple steps outlined in this article.

  • AuthenticationSmart keyboard can tell who you are – and also powers and cleans itself

    In a novel twist in cybersecurity, scientists have developed a self-cleaning, self-powered smart keyboard that can identify computer users by the way they type. The smart keyboard can sense typing patterns — including the pressure applied to keys and speed — that can accurately distinguish one individual user from another.

  • SurveillanceFormer head of MI6 calls for new surveillance pact between governments and ISPs

    The former head of British intelligence agency MI6, Sir John Sawers, has called for a new surveillance pact between Internet companies and U.S. and U.K. security services. Both groups could work together as they had in the past to prevent a repeat of terror events such as the recent Paris attacks, he said. American and British law enforcement and intelligence agencies are urging major Internet companies to provide backdoors or access to encrypted e-mails and other forms of Web communications. “I think one benefit of the last eighteen months’ debate [since Snowden’s leaks were made public] is that people now understand that is simply not possible [to keep the public secure without surveillance] and there has to be some form of ability to cover communications that are made through modern technology,” Sawers said.

  • CybersecurityMandatory cybersecurity regulations necessary to protect U.S. infrastructure: Experts

    Since last year’s cyberattacks made public the cyber vulnerabilities of major U.S. firms including Sony Entertainment, JPMorgan Chase, and Target, President Barack Obama has been on the offensive, proposing strict rules better to prosecute hackers and make U.S. firms responsible for protecting consumer information. Experts say, though, that private firms are unlikely, on their own, to make the necessary financial investment to protect against a critical infrastructure cyberattack. What is needed, these experts say, is a mandatory cybersecurity framework followed by all entities involved with critical infrastructure, strong protection of information regarding cyberattacks shared with DHS, and a sincere effort from the private sector to secure their own networks.

  • CybersecurityInformation assurance specialist licenses ORNL malware detection technology

    Washington, D.C.-based R&K Cyber Solutions LLC (R&K) has licensed Hyperion, a cybersecurity technology from the Department of Energy’s Oak Ridge National Laboratory that can quickly recognize malicious software even if the specific program has not been previously identified as a threat. By computing and analyzing program behaviors associated with harmful intent, Hyperion technology can look inside an executable program to determine the software’s behavior without using its source code or running the program.

  • Cybersecurity educationUniversities adding cybersecurity programs to their curricula to meet growing demand

    The cyberattacks of recent years have not only increased the demand for employees who understand the field of information assurance and cybersecurity, they have also created a demand in cybersecurity education. Universities across the country are adding cybersecurity concentrations to their curricula to train students who will later help secure network systems.

  • CybersecurityObama to unveil several cybersecurity initiatives this week

    President Barack Obama, in anticipation of the 20 January State of the Union address, has been sharing details of his address to a generate buzz. This week, Obama will focus on cybersecurity initiatives, including identity theft and electronic privacy laws, aimed at protecting citizens and the private sector. Obama will also announce a policy package designed to provide affordable access to broadband Internet nationwide.

  • CybersecurityCybercrime imposing growing costs on global economy

    A new report has found that the cost of cybercrime to the global community and infrastructure is not only incredibly high, but steadily rising as well. The study concluded that up to $575 billion a year — larger than some countries’ economies — is lost due to these incidents. The emergence of the largely unregulated, and unprotected, Internet of Things will make matters only worse.

  • Medical cybersecurityMedical devices, not only medical records, are vulnerable to hackers

    Health organizations have spent millions of dollars to protect hospital computer systems and software from malware, but hospitals today are increasingly equipped with many medical devices linked to Wi-Fi, making the devices a portal to hospital room operations. Infusion pumps deliver measured doses of nutrients or medications such as insulin or other hormones, antibiotics, chemotherapy drugs, and pain relievers into a patient’s body. Although it has yet to happen, it is quite possible for a hacker to infiltrate an active infusion pump on a hospital’s Wi-Fi and change the dosage. Hackers can also use the pump’s network access to inject malware in the hospital’s network systems, giving them entry to patients’ medical records. The records can then be sold to identity thieves.

  • Critical infrastructureDHS releases the wrong FOIA-requested documents, exposing infrastructure vulnerabilities

    On 3 July 2014, DHS, responding to a Freedom of Information Act(FOIA) request on Operation Aurora, a malware attack on Google, instead released more than 800 pages of documents related to the Aurora Project, a 2007 research effort led by Idaho National Laboratoryto show the cyber vulnerabilities of U.S. power and water systems, including electrical generators and water pumps. The research project found that once these infrastructure systems are infiltrated, a cyberattack can remotely control key circuit breakers, thereby throwing a machine’s rotating parts out of synchronization and causing parts of the system to break down.

  • CybersecurityBolstering cybersecurity by taking a step back in time to analog security systems

    Richard Danzig, the vice chairman for the RAND Corporation and a former secretary of the navy, is saying it is timeto take a step back in time and incorporate analog security systems into cyber infrastructure. “Merge your system with something that is analog, physical, or human so that if the system is subverted digitally it has a second barrier to go through,” he said. “If I really care about something then I want something that is not just a digital input but a human or secondary consideration,” he says.

  • CybersecurityFBI, DHS study threats against news organizations covering “The Interview” incident

    Last week, the FBI and DHS issued a joint intelligence bulletin to law enforcement agencies across the country urging them to remain vigilant, citing a series of threats against movie theaters that show “The Interview” and news organizations that continue to cover the incident between Sony Entertainmentand Guardians of Peace, the hacking group allegedly backed by North Korea. A Tennessee man has since emerged saying he issued the threat against the news organizations and that he was just “messing around,” but the FBI is trying to determine whether the threat to news organizations was indeed a hoax.