• NIST releases update of Industrial Control Systems Security Guide

    The National Institute of Standards and Technology (NIST) has issued the second revision to its Guide to Industrial Control Systems (ICS) Security. It includes new guidance on how to tailor traditional IT security controls to accommodate unique ICS performance, reliability, and safety requirements, as well as updates to sections on threats and vulnerabilities, risk management, recommended practices, security architectures and security capabilities and tools.

  • Administration rejects criticism of NSA’s surveillance of foreign hackers

    Just two years after the Edward Snowden leaks exposed the NSA’s domestic surveillance program, another report released last Friday from the Snowden files shares information about the NSA’s efforts to track foreign hackers. As with the NSA’s controversial foreign surveillance program which kept metadata records of suspected foreign terrorists’ conversations with Americans, the NSA’s hacker program may incidentally gather Americans’ private information from the files of foreign hackers.

  • D.C.-area becoming the Silicon Valley of cybersecurity

    A recent string of multi-billion dollar cybersecurity acquisitions in the greater Washington, D.C. metro area has led to the region being seen as a major hotbed for the industry. Spending by the Department of Defense (DOD) and a number of federal agencies has led to big contracts for many in the region, fuelling much of the growth. As the DOD focuses more of its budget on cyber issues and defense, the market has grown. “The D.C./NoVA/MD area, also known as the Cyber Corridor, is becoming the Silicon Valley of security,” say the CEO of one cybersecurity firm.

  • Criminals receive 1,425 percent return on investment from malware attacks: Report

    Trustwave yesterday released its 2015 Trustwave Global Security Report which analyzes the top cybercrime, data breach, and security threat trends from 2014. Among the report’s findings: Attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment); spam volume continues to decrease making up 60 percent of total inbound mail (compared to 69 percent in 2013 and more than 90 percent at its peak in 2008), but six percent of it included a malicious attachment or link, a slight increase from 2013.

  • “Dark Internet” inhibits law enforcement’s ability to identify, track terrorists

    For several months, Islamic State militants have been using instant messaging apps which encrypt or destroy conversations immediately. This has inhibit U.S. intelligence and law enforcement agencies from identifying and monitoring suspected terrorists, even when a court order is granted, because messaging companies and app developers say they are unable to unlock the coded conversations and/or do not have a record of the conversations. “We’re past going dark in certain instances,” said Michael B. Steinbach, the FBI’s top counterterrorism official. “We are dark.”

  • Can the power grid survive a cyberattack?

    It is very hard to overstate how important the U.S. power grid is to American society and its economy. Every critical infrastructure, from communications to water, is built on it and every important business function from banking to milking cows is completely dependent on it. And the dependence on the grid continues to grow as more machines, including equipment on the power grid, get connected to the Internet. The grid’s vulnerability to nature and physical damage by man, including a sniper attack in a California substation in 2013, has been repeatedly demonstrated. But it is the threat of cyberattack that keeps many of the most serious people up at night, including the U.S. Department of Defense. In a 2012 report, the National Academy of Sciences called for more research to make the grid more resilient to attack and for utilities to modernize their systems to make them safer. Indeed, as society becomes increasingly reliant on the power grid and an array of devices are connected to the internet, security and protection must be a high priority.

  • Combating cyber threats to the global financial industry

    Today more than fifteen billion devices are connected to the Internet; in the next five years, that number will grow to fifty billion. With each new device presenting an opportunity to be infiltrated and compromised by hackers, it is easy to understand why the importance of cybersecurity continues to skyrocket. So explained keynote speaker Elizabeth Petrie, director of strategic intelligence analysis for Citigroup, who kicked off a one-day conference at the University of Delaware on cybersecurity issues impacting the global financial industry.

  • USMobile launches Scrambl3 mobile, Top Secret communication-standard app

    Irvine, California-based USMobile, a developer of private mobile phone services, yesterday launched Scrambl3, a smartphone app that enables users to create their own Private Mobile Network. When Scrambl3 users communicate with each other, Scrambl3 creates a Dark Internet Tunnel between their smartphones. This Tunnel cloaks the calls and texts by making them invisible on the Internet. Scrambl3 App for Android-based phones is available for a 60-day free beta offering from the Google Play Store.

  • Rumor-detection software detects, corrects erroneous claims on Twitter

    A week after the Boston marathon bombing, hackers sent a bogus tweet from the official Twitter handle of the Associated Press. It read: “Breaking: Two Explosions in the White House and Barack Obama is injured.” Before the AP and White House could correct the record, the stock market responded, dropping more than 140 points in a matter of minutes. Losses mounted into the billions. The market recovered just as quickly, but analysts said the timeframe could well have been long enough for in-the-know perpetrators to profit through trading. Researchers have developed software to help society identify and correct erroneous claims on Twitter.

  • Exposure to media coverage of terrorist acts, disasters may cause long-term negative health effects

    The city of Boston endured one of the worst terrorist attacks on U.S. soil in April of 2013, when two pressure-cooker bombs exploded near the finish line of the Boston Marathon. While emergency workers responded to the chaos and law enforcement agencies began a manhunt for the perpetrators, Americans fixed their attention to television screens, Internet news sites and forums, and Twitter, Facebook, and other social media. In doing so, some of those people may have been raising their acute stress levels which, in some cases, have been linked with long-term negative health effects. For some individuals, intense exposure to the Boston Marathon bombing through media coverage could be associated with more stress symptoms than those who had direct exposure to the attack.

  • A growing threat: Car hacking

    A string of high-profile hacks — the most recent on President Obama’s personal email account — have made cybercrime an ever-growing concern in the United States. Despite the publicity, most people still think of hacking as something which is done only to information systems like computers and mobile devices. In reality, hacking is no longer confined to the information world. The level of automation in modern physical systems means that even everyday automobiles are now vulnerable to hacking. Researchers are now looking into the growing threat of automotive hacking. “More and more in your everyday life you see that we’re automating physical systems,” one researcher says. “And unlike an information system, a physical system could kill you by accident.”

  • Tech companies urge rejection of push by FBI, DOJ for electronic devices “backdoors”

    In a 19 May letter to President Barack Obama, a group of Silicon Valley tech companies, cyber-security experts, and privacy advocacy groups urged the president to reject the implementation of “backdoors” in smartphone and computer encryption. The letter offered evidence of the  strong objection of the tech industry to demands from the Justice Department and the Federal Bureau of Investigation (FBI) to allow secret backdoor passages into consumer electronics, which would make it possible for law enforcement to read encrypted private communications and data.

  • One false tweet sent financial markets into a tailspin

    A false tweet from a hacked account owned by the Associated Press (AP) in 2013 sent financial markets into a tailspin. The Dow Jones Industrial Average dropped 143.5 points and the Standard & Poor’s 500 Index lost more than $136 billion of its value in the seconds that immediately followed the post. Once the nature of the tweet was discovered, the markets corrected themselves almost as quickly as they were skewed by the bogus information, but the event, known as Hack Crash, demonstrates the need better to understand how social media data is linked to decision making in the private and public sector.

  • How a hacker could hijack a plane from their seat

    Reports that a cybersecurity expert successfully hacked into an airplane’s control system from a passenger seat raises many worrying questions for the airline industry. It was once believed that the cockpit network that allows the pilot to control the plane was fully insulated and separate from the passenger network running the in-flight entertainment system. This should make it impossible for a hacker in a passenger seat to interfere with the course of the flight. But the unfolding story of this hacker’s achievement, which has prompted further investigation by authorities and rebuttals from plane manufacturers, means that this assumption needs to be revisited.

  • Ongoing attack against oil tankers aims to defraud oil brokers

    A new report details a malicious and largely unknown targeted attack on oil tankers. First discovered in January 2014, the ongoing attack on oil cargos began in August 2013, and is designed to steal information and credentials for defrauding oil brokers. Despite having been compromised by this cyber-attack, which has been dubbed the “Phantom Menace,” none of the dozens of affected companies have been willing to report the invasion and risk global attention for vulnerabilities in their IT security networks.