-
If you seek to “switch off” encryption, you may as well switch off the whole Internet
Prime Minister David Cameron has stated that the U.K. government will look at “switching off” some forms of encryption in order to make society safer from terror attacks. This might make a grand statement but it is impossible to implement and extremely technologically naïve. Encryption is a core part of the Internet; its use is increasing every day — Google’s services, including search and e-mail, use encrypted streams, as do Facebook and Twitter and many other widely used sites. Encryption makes it almost impossible for eavesdroppers to read the contents of the traffic. It is the foundation upon which all e-commerce is based. The technical case for switching off encryption is thus simply a non-starter. In fact we are moving in the opposite direction, replacing the old, open Internet with one that incorporates security by design. If you wish to switch off encryption, it will unpick the stitching that holds the Internet together.
-
-
-
Cyber protection of DHS’s and other federal facilities is weak: GAO
While most cybersecurity threats against government agencies tend to focus on network and computer systems, a growing number of access control systems, responsible for regulating electricity use, heating, ventilation, and air-conditioning (HVAC), and the operation of secured doors and elevators are also vulnerable to hacking. .” GAO warns that despite the seriousness of the vulnerabilities, agencies tasked with securing federal facilities have not been proactive.
-
-
U Wisconsin, shedding 1960s anti-classified research image, launches cybersecurity center
A new cybersecurity research center being built in partnership with private firms and the University of Wisconsin(UW) system aims to attract high-tech research dollars to the state, but administrators must balance the secrecy required for classified research with the openness which is the foundation of academic science. The state legislature passed a 2014 law allowing UW to accept contract for classified work partly in hopes that the school system will lose the perception of being an anti-classified-research environment, a perception dating back to campus protests against military research in the 1960s.
-
-
Universities adding cybersecurity programs to their curricula to meet growing demand
The cyberattacks of recent years have not only increased the demand for employees who understand the field of information assurance and cybersecurity, they have also created a demand in cybersecurity education. Universities across the country are adding cybersecurity concentrations to their curricula to train students who will later help secure network systems.
-
-
Obama to unveil several cybersecurity initiatives this week
President Barack Obama, in anticipation of the 20 January State of the Union address, has been sharing details of his address to a generate buzz. This week, Obama will focus on cybersecurity initiatives, including identity theft and electronic privacy laws, aimed at protecting citizens and the private sector. Obama will also announce a policy package designed to provide affordable access to broadband Internet nationwide.
-
-
Cybercrime imposing growing costs on global economy
A new report has found that the cost of cybercrime to the global community and infrastructure is not only incredibly high, but steadily rising as well. The study concluded that up to $575 billion a year — larger than some countries’ economies — is lost due to these incidents. The emergence of the largely unregulated, and unprotected, Internet of Things will make matters only worse.
-
-
Medical devices, not only medical records, are vulnerable to hackers
Health organizations have spent millions of dollars to protect hospital computer systems and software from malware, but hospitals today are increasingly equipped with many medical devices linked to Wi-Fi, making the devices a portal to hospital room operations. Infusion pumps deliver measured doses of nutrients or medications such as insulin or other hormones, antibiotics, chemotherapy drugs, and pain relievers into a patient’s body. Although it has yet to happen, it is quite possible for a hacker to infiltrate an active infusion pump on a hospital’s Wi-Fi and change the dosage. Hackers can also use the pump’s network access to inject malware in the hospital’s network systems, giving them entry to patients’ medical records. The records can then be sold to identity thieves.
-
-
DHS releases the wrong FOIA-requested documents, exposing infrastructure vulnerabilities
On 3 July 2014, DHS, responding to a Freedom of Information Act(FOIA) request on Operation Aurora, a malware attack on Google, instead released more than 800 pages of documents related to the Aurora Project, a 2007 research effort led by Idaho National Laboratoryto show the cyber vulnerabilities of U.S. power and water systems, including electrical generators and water pumps. The research project found that once these infrastructure systems are infiltrated, a cyberattack can remotely control key circuit breakers, thereby throwing a machine’s rotating parts out of synchronization and causing parts of the system to break down.
-
-
Bolstering cybersecurity by taking a step back in time to analog security systems
Richard Danzig, the vice chairman for the RAND Corporation and a former secretary of the navy, is saying it is timeto take a step back in time and incorporate analog security systems into cyber infrastructure. “Merge your system with something that is analog, physical, or human so that if the system is subverted digitally it has a second barrier to go through,” he said. “If I really care about something then I want something that is not just a digital input but a human or secondary consideration,” he says.
-
-
FBI, DHS study threats against news organizations covering “The Interview” incident
Last week, the FBI and DHS issued a joint intelligence bulletin to law enforcement agencies across the country urging them to remain vigilant, citing a series of threats against movie theaters that show “The Interview” and news organizations that continue to cover the incident between Sony Entertainmentand Guardians of Peace, the hacking group allegedly backed by North Korea. A Tennessee man has since emerged saying he issued the threat against the news organizations and that he was just “messing around,” but the FBI is trying to determine whether the threat to news organizations was indeed a hoax.
-
-
2014: The year of security breach awareness
2014 will be seen as the “Year of the Breach,” or at the least, the “Year of Raised Awareness of Breaches,” according to observers of IT security trends over the course of the year. The legal repercussions for hackers are small, and usually non-existent, but the cost in damage to the victims of hacking can be huge. A survey by the Ponemon Institute revealed that in 2014, the average cost of a cyberattack was $20.8 million for a company in the financial services sector, and $8.6 million for a retail store — costs which ultimately affect the public at large.
-
-
Businesses brace for more, and more sophisticated, cyberattacks in 2015
The recent Sony Pictureshack is one more reason for industries to prepare for a series of cyberattacks which will likely occur in 2015. From massive data leaks to distributed denial-of-service (DDoS) attacks, hackers will continue to find vulnerabilities within targeted network systems. “In 2015, attackers will continue to look for new vulnerabilities so that they can ‘hack the planet’,” says one cyber expert.
-
-
Disease can be monitored, predicted by analyzing views of Wikipedia articles
Scientists can now monitor and forecast diseases around the globe more effectively by analyzing views of Wikipedia articles. Researchers were able successfully to monitor influenza in the United States, Poland, Japan and Thailand, dengue fever in Brazil and Thailand, and tuberculosis in China and Thailand. They were also able to forecast all but one of these, tuberculosis in China, at least twenty-eight days in advance.
-
-
If South Korea’s nuclear plant staff are vulnerable, then so are the reactors
Does it matter that a South Korean nuclear plant was hacked and plans of the complex stolen? As it is South Korea that’s the subject of this latest attack, everyone tends to assume it must have had something to do with North Korea. With a target as sensitive as a nuclear power plant, not unreasonably people are asking if safety could be compromised by a cyberattack. Could hackers cause the next Chernobyl or Three Mile Island? This points to an important and infrequently discussed problem, the vulnerability of critical national infrastructure. Cyber-attacks like these are a great way of levelling the playing field: why invest in massively expensive nuclear weapons program if you can simply shut down your enemies’ power, gas, water, and transportation systems? Increasingly more and more infrastructure is connected to the Internet, with all the security risks that entails.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.