• World leaders urged to oppose encryption back doors

    In an open letter made public on Monday, nearly 200 Internet and digital rights leaders and experts, companies, and organizations are calling on the Obama administration and other world leaders to reject efforts to create “back doors” to encryption. “Encryption tools, technologies, and services are essential to protect against harm and to shield our digital infrastructure and personal communications from unauthorized access,” the letter states.

  • Administration tries to harness Silicon Valley’s talent for fight against ISIS

    Senior administration intelligence officials are meeting today (Friday) with Silicon Valley’s major technology firms — companies including Facebook, Twitter, Apple, Microsoft, YouTube , LinkedIn, Dropbox, and others — in an effort to recruit them and their technological know-how in the fight against radicalization and terrorism.

  • Kaplan launches cybersecurity education company

    Education provider Kaplan announced Wednesday that it has created a 12-person spin-off, split from a separate sister company called Cybervista, to offer Web-based cybersecurity courses. The creation of this new cybersecurity unit is an indication that the private sector is aware of, and trying to benefit from, the shortage of qualified security employees.

  • Tool improves government computer network security

    Government agencies, along with state and local governments, could receive a helping hand from a computer network security tool developed by computer scientists and engineers at DOE’s Lawrence Livermore National Laboratory. The LLNL software-based technology, known as the Network Mapping System (NeMS), does not allow a rogue computer which has gained access to a computer network to use a company’s virus protection systemd. The goal is to uncover any unauthorized devices to ensure a company is not at risk.

  • Jihadi cyberattacks; ISIS’s sex slaves; Iran’s missile test

    Hackers affiliated with the Jihadist group have been developing the capabilities to attack U.S. government and civilian targets, and such targets in other countries; Theologians working with ISIS have issued detailed and specific ruling on women slaves – explaining when “owners” of these women can have sex with them and who else among ISIS members may be entitled for sex services from enslaved women; On 26 December, the Iranian navy fired several rockets near three Western warships in the Gulf of Hormuz.

  • Making mobile health more secure

    With Internet-connected medical technology and digitized health records on the rise, cybersecurity is a growing concern for patients and hospitals alike. For example, a patient’s insulin pump may accept dosage instructions from unauthorized smartphones that have been infected with malicious software, or a patient’s fertility-tracking app could expose itself to nearby strangers by probing for a Bluetooth device to connect with. One research team is taking a holistic approach to strengthening the medical system’s security — from the computer networks that support hospitals, to the cloud, to the smart phone in your pocket.

  • A sixth-grader helps people with secure passwords

    It is cheaper than a couple of subway rides, more powerful than almost any hacker (except maybe the NSA). And, if you think about it, not so hard to remember. For $4, and 11-year old sixth-grader will fix you up with a secure password — actually a pass phrase of six words. She uses a well-known technique called Diceware that uses rolls of dice to select words at random from an encoded list.

  • Images, codes offer alternative to multiple device password systems

    A system using images and a one-time numerical code could provide a secure and easy to use alternative to multi-factor methods dependent on hardware or software and one-time passwords. The developers of the system believe their new multi-level authentication system GOTPass could be effective in protecting personal online information from hackers. It could also be easier for users to remember, and be less expensive for providers to implement since it would not require the deployment of potentially costly hardware systems.

  • Iranian hackers attacked New York dam

    In 2013, Iranian government hackers infiltrated the control system of Bowman Avenue Dam in Rye, New York, located twenty-five miles from New York City. Using a cellular modem, the hackers could have released larger volumes of upstream water without warning. As dams go, the Rye dam is small at about 20ft tall. There was some confusion initially, as DHS and DOE thought a similarly named dam in Oregon — the Arthur R. Bowman Dam – was the one hacked. The Oregon dam, at 245 feet, is much bigger, and hacking its control systems could have had much more serious consequences.

  • WiFi signals can be used to detect attackers

    Wireless devices are increasingly used for critical roles, such as security systems or industrial plant automation. Although wireless transmissions can be encrypted to protect transmitted data, it is hard to determine whether a device has been tampered with. Computer scientists have discovered that physical attacks on devices connected to the Internet can be detected by analyzing WiFi signals.

  • Terrorists used encrypted apps to plan, coordinate Paris attacks

    The leaders of U.S. and European law enforcement and intelligence agencies have been explicit in their warnings: commercially available communication devices equipped with end-to-end encryption software make it impossible for security services to track terrorists plotting an attack – or monitor the terrorists’ communication while the attack is under way. Sources close to the investigation of the 13 November Paris terrorist attacks have now confirmed that the terrorists used the encrypted WhatsApp and Telegram messengers apps to communicate for a period before the attacks – and with each other during the attacks. What was said in those encrypted messages, and who sent and received these messages, may never be known, because the companies themselves do not have the key – or back door – to decrypt these messages. Thus, security services could not monitor such messages before an attack in order to prevent it, and cannot read these message after an attack to learn more about the terrorists’ network and support system.

  • Safer cyberspace through experimental cybersecurity research

    How do cybersecurity experts discover how properly to defend a system or build a network which is secure? As in other domains of science, this process involves hypothesis, experimentation, and analysis — or at least it should. In reality, cybersecurity research can happen in an ad hoc fashion, often in crisis mode in the wake of an attack. A group of researchers has imagined a different approach, one in which experts can test their theories and peers can review their work in realistic but contained environments — not unlike the laboratories found in other fields of science. The researchers issued a report calling for a new generation of experimental cybersecurity research.

  • The mind of a cyberterrorist, a neglected aspect of cybersecurity

    A new study is delving into an aspect of cybersecurity rarely explored before now: the human component. The reason why this topic is lesser known, a leading expert says, is that security professionals become very focused on the technological side of responding to attacks and lack the social psychology background to analyze and understand the human being on the other side of that attack.

  • U.S. officials barred from reviewing social media postings of visa applicants

    Officials from DHS and the Department of State, as a general policy, do not check social media postings of applicants out of civil liberties concerns. With this policy in place, the department’s officials who handled Tashfeen Malik’s application could not have seen her pro-ISIS postings and note her growing radicalization. Officials from United States Citizenship and Immigration Services (USCIS) and U.S. Immigration and Customs Enforcement (ICE) pressed for a change in DHS policy in light of the fact that social media  is increasingly used by followers of jihadist groups to declare their allegiance, but the disclosures by Edward Snowden about NSA surveillance programs was behind the reluctance of DHS high officials to change the policy for fears such a change would further damage the administration’s standing with civil rights groups and European allies.

  • Protecting the U.S. electrical grid from cyberattack

    Across the United States, 3,200 separate organizations own and operate electrical infrastructure. The widely dispersed nature of the nation’s electrical grid and associated control systems has a number of advantages, but since the late 1990s, cost pressures have driven the integration of conventional information technologies into these independent industrial control systems, resulting in a grid which is increasingly vulnerable to cyberattack, either through direct connection to the Internet or via direct interfaces to utility IT systems. DARPA is soliciting proposal for creating automated systems to restore power within seven days or less after a cyberattack on the grid.