• The Russia connectionSenate Intel Committee: Initial election security recommendations for 2018 election cycle

    The Senate Select Committee on Intelligence will hold an open hearing today, Wednesday, 21 March 2018, on the threats to election infrastructure. The hearing will cover Russian attempted attacks on state election infrastructure in 2016, DHS and FBI efforts to improve election security, and the view from the states on their cybersecurity posture. The committee yesterday made available its initial recommendations on election security after investigating Russian attempts to target election infrastructure during the 2016 U.S. elections.

  • PrivacyCambridge Analytica’s abuse of Facebook user data shows “profound impact of technology on democracy”

    Facebook has suspended Cambridge Analytica from its platform for violating its guidelines on the use of user data. The Center for Democracy and Technology (CDT) says that a weekend New York Times article further illuminated the scale of Cambridge Analytica’s efforts and showed how the company used personal information about users to conduct targeted political outreach. “These revelations illustrate the profound impact internet platforms can have on democracy,” CDT says.

  • The Russia connectionLawmakers question lack of effort by State, Defense in countering Russian disinformation

    A bipartisan group of six members of the U.S. Senate Foreign Relations Committee have urged the State Department and the Department of Defense to explain why tens of millions in federal funds designated to counter disinformation and propaganda from foreign governments like Russia have not been spent. The Senators’ letter comes in response to a report that the State Department has not spent any of the $120 million Congress allocated to the Department to combat foreign meddling in U.S. elections.

  • CybersecurityMulti-laboratory cyber defense competition

    In little over two weeks, over a hundred college students from across the United States will convene in one of the largest cyber defense competitions in the nation. The event, hosted and funded by the U.S. Department of Energy’s (DOE) Office of Electricity Delivery and Energy Reliability’s (OE) Infrastructure Security and Energy Restoration Division, will take place on 6-7 April 2018. This event will be simultaneously hosted at three of the Department’s national laboratories: Argonne National Laboratory, Oak Ridge National Laboratory and Pacific Northwest National Laboratory.

  • Emergency communicationHackers attacking 4G LTE networks could send fake emergency alerts

    Researchers have identified several new vulnerabilities in 4G LTE networks, potentially allowing hackers to forge the location of a mobile device and fabricate messages. Ten new and nine prior attacks were outlined in a new study, including the authentication relay attack, which enables an adversary to connect to core networks without the necessary credentials. This allows the adversary to impersonate and fake the location of a victim device.

  • The Russia connectionRussia planted sabotage-enabling malware in U.S. energy grid, other critical infrastructure

    Russia has not only attacked the infrastructure of American democracy: The U.S. government now says that Russia has engaged in a pervasive, wide-ranging cyber-assault on U.S. energy grid and other key components of the U.S. critical infrastructure. These sustained attacks on U.S. critical infrastructure – along with the Russian interference in the 2016 election and the Russian-launched NoPetya malware — were the reasons the administration on Thursday imposed a new round of sanctions on Russia.

  • CybersecurityMeltdown and Spectre: Exposing the ghost in our machines

    Researchers had found that in an effort to make computer chips more efficient, major manufacturers had inadvertently inserted an opening that would allow hackers to spy on sensitive data. In two papers that were published on 3 January, researchers coined the cyber security threats Meltdown and Spectre. The name Meltdown was chosen for the attack’s ability to “melt” the security system typically enforced by a processor’s hardware. The name Spectre was based on the root cause of the security vulnerability, speculative execution, a speed-enhancing technique in which the processor tries to predict what part of code it will be required to execute next and starts executing it. And, much like a real spectre, the attack is nearly impossible to detect.

  • CybersecurityU.S. military’s cybersecurity’s capacity and capabilities

    The military service chiefs of cybersecurity see an upward trend in the capacity, capabilities, sophistication and persistence of cyber threats against military networks, Navy Vice Adm. Michael M. Gilday, the commander of U.S. Fleet Cyber Command and U.S. 10th Fleet said on Capitol Hill Tuesday.

  • The Russia connectionNew U.S. sanctions on Russia for election interference, infrastructure cyberattacks, NoPetya

    The U.S. Treasury has issued its strongest sanctions yet against Russia in response to what it called “ongoing nefarious attacks.” The move targets five entities and nineteen individuals. Among the institutions targeted in the new sanctions for election meddling were Russia’s top intelligence services, Federal Security Service (FSB) and Main Intelligence Directorate (GRU), the two organizations whose hackers, disinformation specialists, and outside contractors such as the Internet Research Agency (IRA) troll farm were behind — and are still engaged in — a broad and sustained campaign to undermine U.S. democracy.

  • CybersecurityOff-the-shelf smart devices easy to hack

    Off-the-shelf devices that include baby monitors, home security cameras, doorbells, and thermostats were easily co-opted by cyber researchers at Ben-Gurion University of the Negev (BGU). As part of their ongoing research into detecting vulnerabilities of devices and networks expanding in the smart home and Internet of Things (IoT), the researchers disassembled and reverse engineered many common devices and quickly uncovered serious security issues.

  • CybersecurityDHS S&T release new cybersecurity research portfolio and technology guides

    DHS S&T has released two new guides — 2018 Cyber Security Division Portfolio Guide and the 2018 Cyber Security Division Technology Guide — that will boost opportunities to transition its mature cybersecurity solutions and spur community discussion about its research and development (R&D) priorities.

  • Truth decayTo stop fake news, internet platforms should choose quality over quantity: Study

    “Fake news” has made headlines and dominated social media chatter since the 2016 presidential election. It appears to be everywhere, and researchers are still determining the scale of the problem. A new study examines fake news and its prevalence and impact across Google, Facebook, and Twitter. The authors offer recommendations for stemming the flow and influence of fake news, and in particular call for more interdisciplinary research—including more collaboration between internet platforms and academia — “to reduce the spread of fake news and to address the underlying pathologies it has revealed.”

  • The Russia connectionPutin: “Jews” with Russian citizenship may have meddled in U.S. election

    In a weekend interview on NBC News, President Vladimir Putin, in an effort to deflect attention from the role the Kremlin’s hackers and disinformation specialists played in meddling in the 2016 U.S. election, said that such meddling was probably the work of “Jews” or other minorities in the Russian Federation. American Jewish organizations criticized Putin for giving voice to conspiracy theories which were at the core of the Protocols of the Elders of Zion, an anti-Semitic fabricated text, first published in Russia in 1903, purporting to describe a Jewish plan for global domination.

  • The Russia connectionAlmost no progress on securing U.S. voting machines in last two years

    By a number of key metrics, the United States has failed to make significant progress securing voting machines, despite increasing warnings about system vulnerabilities from election officials and national security experts. “The threats of both hacking and foreign interference are undeniable, yet we’re not doing all we can as a country to protect machines or ensure correct vote totals if a successful attack does occur,” says the author of a just-published study.

  • Truth decayStudy: On Twitter, false news travels faster than true stories

    By Peter Dizikes

    A new study by three MIT scholars has found that false news spreads more rapidly on the social network Twitter than real news does — and by a substantial margin. “We found that falsehood diffuses significantly farther, faster, deeper, and more broadly than the truth, in all categories of information, and in many cases by an order of magnitude,” says one researcher. “These findings shed new light on fundamental aspects of our online communication ecosystem,” says another researcher, adding that the researchers were “somewhere between surprised and stunned” at the different trajectories of true and false news on Twitter.