-
NIST releases update of Industrial Control Systems Security Guide
The National Institute of Standards and Technology (NIST) has issued the second revision to its Guide to Industrial Control Systems (ICS) Security. It includes new guidance on how to tailor traditional IT security controls to accommodate unique ICS performance, reliability, and safety requirements, as well as updates to sections on threats and vulnerabilities, risk management, recommended practices, security architectures and security capabilities and tools.
-
-
Administration rejects criticism of NSA’s surveillance of foreign hackers
Just two years after the Edward Snowden leaks exposed the NSA’s domestic surveillance program, another report released last Friday from the Snowden files shares information about the NSA’s efforts to track foreign hackers. As with the NSA’s controversial foreign surveillance program which kept metadata records of suspected foreign terrorists’ conversations with Americans, the NSA’s hacker program may incidentally gather Americans’ private information from the files of foreign hackers.
-
-
D.C.-area becoming the Silicon Valley of cybersecurity
A recent string of multi-billion dollar cybersecurity acquisitions in the greater Washington, D.C. metro area has led to the region being seen as a major hotbed for the industry. Spending by the Department of Defense (DOD) and a number of federal agencies has led to big contracts for many in the region, fuelling much of the growth. As the DOD focuses more of its budget on cyber issues and defense, the market has grown. “The D.C./NoVA/MD area, also known as the Cyber Corridor, is becoming the Silicon Valley of security,” say the CEO of one cybersecurity firm.
-
-
Criminals receive 1,425 percent return on investment from malware attacks: Report
Trustwave yesterday released its 2015 Trustwave Global Security Report which analyzes the top cybercrime, data breach, and security threat trends from 2014. Among the report’s findings: Attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment); spam volume continues to decrease making up 60 percent of total inbound mail (compared to 69 percent in 2013 and more than 90 percent at its peak in 2008), but six percent of it included a malicious attachment or link, a slight increase from 2013.
-
-
“Dark Internet” inhibits law enforcement’s ability to identify, track terrorists
For several months, Islamic State militants have been using instant messaging apps which encrypt or destroy conversations immediately. This has inhibit U.S. intelligence and law enforcement agencies from identifying and monitoring suspected terrorists, even when a court order is granted, because messaging companies and app developers say they are unable to unlock the coded conversations and/or do not have a record of the conversations. “We’re past going dark in certain instances,” said Michael B. Steinbach, the FBI’s top counterterrorism official. “We are dark.”
-
-
Can the power grid survive a cyberattack?
It is very hard to overstate how important the U.S. power grid is to American society and its economy. Every critical infrastructure, from communications to water, is built on it and every important business function from banking to milking cows is completely dependent on it. And the dependence on the grid continues to grow as more machines, including equipment on the power grid, get connected to the Internet. The grid’s vulnerability to nature and physical damage by man, including a sniper attack in a California substation in 2013, has been repeatedly demonstrated. But it is the threat of cyberattack that keeps many of the most serious people up at night, including the U.S. Department of Defense. In a 2012 report, the National Academy of Sciences called for more research to make the grid more resilient to attack and for utilities to modernize their systems to make them safer. Indeed, as society becomes increasingly reliant on the power grid and an array of devices are connected to the internet, security and protection must be a high priority.
-
-
Combating cyber threats to the global financial industry
Today more than fifteen billion devices are connected to the Internet; in the next five years, that number will grow to fifty billion. With each new device presenting an opportunity to be infiltrated and compromised by hackers, it is easy to understand why the importance of cybersecurity continues to skyrocket. So explained keynote speaker Elizabeth Petrie, director of strategic intelligence analysis for Citigroup, who kicked off a one-day conference at the University of Delaware on cybersecurity issues impacting the global financial industry.
-
-
USMobile launches Scrambl3 mobile, Top Secret communication-standard app
Irvine, California-based USMobile, a developer of private mobile phone services, yesterday launched Scrambl3, a smartphone app that enables users to create their own Private Mobile Network. When Scrambl3 users communicate with each other, Scrambl3 creates a Dark Internet Tunnel between their smartphones. This Tunnel cloaks the calls and texts by making them invisible on the Internet. Scrambl3 App for Android-based phones is available for a 60-day free beta offering from the Google Play Store.
-
-
Rumor-detection software detects, corrects erroneous claims on Twitter
A week after the Boston marathon bombing, hackers sent a bogus tweet from the official Twitter handle of the Associated Press. It read: “Breaking: Two Explosions in the White House and Barack Obama is injured.” Before the AP and White House could correct the record, the stock market responded, dropping more than 140 points in a matter of minutes. Losses mounted into the billions. The market recovered just as quickly, but analysts said the timeframe could well have been long enough for in-the-know perpetrators to profit through trading. Researchers have developed software to help society identify and correct erroneous claims on Twitter.
-
-
Exposure to media coverage of terrorist acts, disasters may cause long-term negative health effects
The city of Boston endured one of the worst terrorist attacks on U.S. soil in April of 2013, when two pressure-cooker bombs exploded near the finish line of the Boston Marathon. While emergency workers responded to the chaos and law enforcement agencies began a manhunt for the perpetrators, Americans fixed their attention to television screens, Internet news sites and forums, and Twitter, Facebook, and other social media. In doing so, some of those people may have been raising their acute stress levels which, in some cases, have been linked with long-term negative health effects. For some individuals, intense exposure to the Boston Marathon bombing through media coverage could be associated with more stress symptoms than those who had direct exposure to the attack.
-
-
A growing threat: Car hacking
A string of high-profile hacks — the most recent on President Obama’s personal email account — have made cybercrime an ever-growing concern in the United States. Despite the publicity, most people still think of hacking as something which is done only to information systems like computers and mobile devices. In reality, hacking is no longer confined to the information world. The level of automation in modern physical systems means that even everyday automobiles are now vulnerable to hacking. Researchers are now looking into the growing threat of automotive hacking. “More and more in your everyday life you see that we’re automating physical systems,” one researcher says. “And unlike an information system, a physical system could kill you by accident.”
-
-
Tech companies urge rejection of push by FBI, DOJ for electronic devices “backdoors”
In a 19 May letter to President Barack Obama, a group of Silicon Valley tech companies, cyber-security experts, and privacy advocacy groups urged the president to reject the implementation of “backdoors” in smartphone and computer encryption. The letter offered evidence of the strong objection of the tech industry to demands from the Justice Department and the Federal Bureau of Investigation (FBI) to allow secret backdoor passages into consumer electronics, which would make it possible for law enforcement to read encrypted private communications and data.
-
-
One false tweet sent financial markets into a tailspin
A false tweet from a hacked account owned by the Associated Press (AP) in 2013 sent financial markets into a tailspin. The Dow Jones Industrial Average dropped 143.5 points and the Standard & Poor’s 500 Index lost more than $136 billion of its value in the seconds that immediately followed the post. Once the nature of the tweet was discovered, the markets corrected themselves almost as quickly as they were skewed by the bogus information, but the event, known as Hack Crash, demonstrates the need better to understand how social media data is linked to decision making in the private and public sector.
-
-
How a hacker could hijack a plane from their seat
Reports that a cybersecurity expert successfully hacked into an airplane’s control system from a passenger seat raises many worrying questions for the airline industry. It was once believed that the cockpit network that allows the pilot to control the plane was fully insulated and separate from the passenger network running the in-flight entertainment system. This should make it impossible for a hacker in a passenger seat to interfere with the course of the flight. But the unfolding story of this hacker’s achievement, which has prompted further investigation by authorities and rebuttals from plane manufacturers, means that this assumption needs to be revisited.
-
-
Ongoing attack against oil tankers aims to defraud oil brokers
A new report details a malicious and largely unknown targeted attack on oil tankers. First discovered in January 2014, the ongoing attack on oil cargos began in August 2013, and is designed to steal information and credentials for defrauding oil brokers. Despite having been compromised by this cyber-attack, which has been dubbed the “Phantom Menace,” none of the dozens of affected companies have been willing to report the invasion and risk global attention for vulnerabilities in their IT security networks.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.