• CybersecurityThe security of fitness trackers could – and should – be improved

    The security of wearable fitness trackers could be improved to better protect users’ personal data, a new study suggests. Vulnerabilities in the devices – which track heart rate, steps taken and calories burned – could threaten the privacy and security of the data they record, scientists say.

  • Extremists & social mediaCan taking down websites really stop terrorists and hate groups?

    By Thomas Holt, Joshua D. Freilich, and Steven Chermak

    Racists and terrorists, and many other extremists, have used the internet for decades and adapted as technology evolved, shifting from text-only discussion forums to elaborate and interactive websites, custom-built secure messaging systems and even entire social media platforms. Recent efforts to deny these groups online platforms will not kick hate groups, nor hate speech, off the web. In fact, some scholars theorize that attempts to shut down hate speech online may cause a backlash, worsening the problem and making hate groups more attractive to marginalized and stigmatized people, groups, and movements. The tech industry, law enforcement, and policymakers must develop a more measured and coordinated approach to the removal of extremist and terrorist content online. The only way to really eliminate this kind of online content is to decrease the number of people who support it.

  • GridCircuit simulation methods protect the power grid

    In December 2015, Russian hackers pummeled Ukraine’s power grid, disrupting the flow of electricity for nearly a quarter-million Ukrainians. Then, in December 2016, roughly a year after the first attack, the hackers struck again. But this time, they targeted an electric transmission station in Kiev, the capital of Ukraine. Each cyberattack lasted no more than six hours, but security experts were still alarmed: hackers had just demonstrated their ability to infiltrate the grid and drastically alter the flow of society. Americans began to worry. If hackers could target Ukraine, then what would stop them from targeting other countries in western Europe or even the United States?

  • GridUsing AI to prevent, minimize electric grid failures

    A project led by the Department of Energy’s SLAC National Accelerator Laboratory will combine artificial intelligence with massive amounts of data and industry experience from a dozen U.S. partners to identify places where the electric grid is vulnerable to disruption, reinforce those spots in advance, and recover faster when failures do occur. It is the first project to employ AI to help the grid manage power fluctuations, resist damage and bounce back faster from storms, solar eclipses, cyberattacks, and other disruptions.

  • Considered opinionRT, Sputnik and Russia’s new theory of war

    By Jim Rutenberg

    The 2016 Russian government’s disinformation campaign helped Donald Trump win the November election, and key to that effective campaign were lies expertly manufactured by Russian disinformation specialists and spread through two Russian government propaganda outlets, RT and Sputnik, and on social media. The U.S. intelligence community says that RT and the rest of the Russian information machine were working with “covert intelligence operations” to do no less than “undermine the U.S.-led liberal democratic order.” The U.S. intelligence assessment warned ominously, “Moscow will apply lessons learned from its Putin-ordered campaign aimed at the U.S. presidential election to future influence efforts worldwide, including against U.S. allies and their election processes.”

  • Infrastructure protectionSafety of controlling critical infrastructures via mobile phone networks questioned

    Critical infrastructures such as wind power stations are partially controlled via mobile phone networks. Using state-of-the-art tests, researchers are investigating how well protected that form of communication is from external attacks.

  • The Russian connectionDHS instructs government agencies to stop using Kaspersky Lab’s software

    DHS on Wednesday, referring to reports about the links between the Russian cybersecurity company and Russian intelligence agencies, ordered all U.S. government agencies to stop using Kaspersky Lab software products. DHS gave the agencies thirty days to identify any Kaspersky products they were using, and ninety days to remove all such products. A former FBI official, referring to Eugene Kaspersky, the company founder, said: “He wouldn’t help us at all… From the early 2000s, it was felt Kaspersky was an FSB [the successor agency of the KGB] guy and everything he’d developed was just a huge front.”

  • iPhone 8Is the new iPhone designed for cybersafety?

    By Arun Vishwanath

    As eager customers meet the new iPhone, they’ll explore the latest installment in Apple’s decade-long drive to make sleeker and sexier phones. But to me as a scholar of cybersecurity, these revolutionary innovations have not come without compromises. Many of Apple’s decisions about the iPhone were driven by design – including wanting to be different or to make things simpler – rather than for practical reasons. Apple has steadily strengthened the encryption of the data on its phones, but other developments have made people less safe and secure. Today, unsafe decisions are far easier to make on your phone than on your computer. And more people now use their phones for doing more things than ever before. Making phones slimmer, shinier and sexier is great. But making sure every user can make cybersafe decisions is yet to be “Designed by Apple.” Here’s hoping the next iPhone does that.

  • CybersecurityBolstering web security without compromising performance

    Chances are, you are reading this article on a web browser that uses HTTPS, the protocol over which data is sent between a web browser and the website users are connected to. In fact, nearly half of all web traffic passes through HTTPS. Despite the “S” for security in “HTTPS,” this protocol is far from perfectly secure.

  • Considered opinionRussia used Facebook events to organize anti-immigrant rallies on U.S. soil

    By Ben Collins, Kevin Poulsen, and Spencer Ackerman

    Shaping the minds of Americans by leaking hacked emails and pushing fake news was just one component of the Russian campaign to subvert American democracy and institutions. Russian government agents went a step further by trying to create behavior change. Hiding behind false identities, these Russian government operatives used Facebook’s event-management tool remotely to organize and promote political protests in the United States.

  • CybersecurityWestern energy sector target of sophisticated attack by Russian-linked group Dragonfly

    The energy sector in Europe and North America is being targeted by a new wave of cyberattacks that could provide attackers with the means to severely disrupt affected operations. The group behind these attacks is known as Dragonfly. The group has been in operation since at least 2011 but has re-emerged over the past two years from a quiet period following exposure by Symantec and a number of other researchers in 2014. This “Dragonfly 2.0” campaign, which appears to have begun in late 2015, shares tactics and tools used in earlier campaigns by the group.

  • CybersecurityEquifax breach will haunt Americans for decades

    Cyberexperts say that the Equifax giant cybersecurity breach which compromised the personal information of as many as 143 million Americans — almost half the country – will have long-term consequences for many Americans. Looking ahead, for decades almost 50 percent of the U.S. population will have trouble applying for home loans, credit cards, cell phones, or simply passing background checks.

  • R&DS&T awards $8.6 million for enhancing security of mobile apps for the government

    DHS S&T has awarded funding to five R&D projects that will enhance the secure use of mobile applications for the federal government. These Mobile Application Security (MAS) R&D projects focus on continuous validation and threat protection for mobile apps and integrating security throughout the mobile app lifecycle.

  • Considered opinionRussia’s fake Americans

    By The New York Times "Editorial" writers

    It is commonly believed that Russia’s interference in the 2016 presidential campaign consisted mainly of the hacking and leaking of Democratic emails and unfavorable stories circulated abroad about Hillary Clinton. A startling new report by the New York Times, and new research by the cybersecurity firm FireEye, now reveal that the Kremlin’s stealth intrusion into the election was far broader and more complex, involving a cyber-army of bloggers posing as Americans and spreading propaganda and disinformation to an American electorate on Facebook, Twitter, and other platforms. The Russian social media scheming is further evidence of what amounted to unprecedented foreign invasion of American democracy. If President Trump and Congress are not outraged by this, American voters should ask why.

  • The Russian connectionRussia’s broad cyber campaign to undermine Western democracies

    Russia was successful in its disinformation and hacking campaign to help Donald Trump win the November 2016 U.S. presidential election, but the Alliance for Securing Democracy notes that the Russian subversion of the U.S. electoral process was only one of many such attempts, and that it offers an example for the challenges global democracy faces. Russia has interfered in the affairs of at least twenty-seven European and North American countries since 2004, using cyberattacks and disinformation campaigns to subvert and undermine the political systems of these countries.