• Social media grappling with problems posed by terrorists-supporting contents

    Terrorist organizations have adopted social media as a tool for spreading propaganda and recruiting new members. Social media allow terrorist groups to interact with an audience and spread their message to a broader base. Legal scholars warn that as social media networks become the modern space for public discourse, they must be careful about publishing certain content because they could come under legal scrutiny for materially supporting terrorist organizations.

  • Maryland creates fund to support cybersecurity startups

    The Maryland Technology Development Corporation, (TEDCO) an independent public organization founded by the Maryland General Assemblyand funded by the state, has created a $1 million fund to invest in startups developing new cybersecurity technologies.

  • New framework facilitates use of new Android security modules

    Computer security researchers have developed a modification to the core Android operating system that allows developers and users to plug in new security enhancements. The new Android Security Modules (ASM) framework aims to eliminate the bottleneck that prevents developers and users from taking advantage of new security tools.

  • Winners announced in U.S. Cyber Challenge Western regional competition

    Angela Rey, Lee Christensen, and Vincent Venem were on the winning team for the 2014 U.S. Cyber Challenge (USCC) Western Regional “Capture the Flag” competition. The seventy participants were selected based in part on their scores from Cyber Quests, an online competition offered through the USCC in April that drew more than 1,600 participants from almost 700 schools nationwide.

  • Energy companies slow to buy cyberdamage insurance

    The U.S. oil industry will spend $1.87 billion on cybersecurity defense systems by 2018, but less than 20 percent of U.S. companies overall are covered for cyberdamages. “Imagine what could happen if a large refinery or petrochemical facility’s safety monitoring systems were hijacked near an urban area, or a subsea control module was no longer able to be controlled by the people who should be controlling it,” says one expert. “As we’ve all seen from Deepwater Horizon [the 2010 BP Gulf oil spill] those risks and damages can be astronomical. It requires an immediate response.”

  • Financial firms go beyond NIST's cybersecurity framework

    The National Institute of Standards and Technology(NIST) released its Framework for Improving Critical Infrastructure Cybersecurityin February 2014. Utilities, banks, and other critical industries welcomed the guidelines, but many considered the framework to be a baseline for what was needed to continuously protect their networks from cyberattacks. Some financial firms have developed industry-based cyber policies through association such as the Financial Services Information Sharing and Analysis Center’s (FS-ISAC) Third Party Software Security Working Group. The group has been reviewing cyber policies since 2012, before the NIST guidelines were finalized.

  • All-industry cybersecurity association needed: Experts

    A new report is calling for a professional association committed to serving the cybersecurity industry. Theacknowledged the shortage of qualified cybersecurity professionals, as well as the difficulty of recruiting, training, and hiring potential candidates.Experts say that a cybersecurity association could help assess the needs of employers seeking cybersecurity professionals, establish ongoing training and development programs, and also help develop cybersecurity standards across all industries.

  • Program aiming to facilitate cyberthreat information sharing is slow to take off

    President Barack Obama’s 2013 executive orderto improve critical infrastructure cybersecurity allows DHS to expand an information-sharing program, once restricted to Pentagoncontractors, to sixteencritical infrastructure industries. The Enhanced Cybersecurity Servicesprogram transmits cyber threat indicators to selected companies so they may prepare their network protection systems to scan for those indicators. A DHS inspector general (IG) reportreleased on Monday has found that just about forty companies from three of the sixteen industries — energy, communications services, and defense — are part of the program. Moreover, only two ISPs are authorized to receive the indicators.

  • Two major security vulnerabilities found in majority of world’s smartphones

    Researchers have uncovered two major vulnerabilities in smart phones from manufacturers including Apple, Google Android, and Blackberry, among others. These flaws could put up to 90 percent of the world’s two billion smartphones at risk for stolen data, password theft, and the potential for hackers even to take control of the device.

  • Keith Alexander turns government experience into lucrative private sector career

    Cybersecurity industry insiders are questioning the ethics behind recently retired NSA chief Keith Alexander’s decision to launch IronNet Cybersecurity, a private consultancy, equipped with patents for what he refers to as a game-changing cybersecurity model. Alexander says there is nothing out of the ordinary here. “If I retired from the Army as a brain surgeon, wouldn’t it be OK for me to go into private practice and make money doing brain surgery? I’m a cyber guy. Can’t I go to work and do cyber stuff?”

  • Utilities increasingly aware of grid vulnerability

    An analysis by the federal government shows that if only nine of the country’s 55,000 electrical substations were shut down due to mechanical failure or malicious attack, the nation would experience coast-to-coast blackout. Another report finds cybersecurity as one of the top five concerns for U.S. electric utilities in 2014. The report also found that 32 percent of the surveyed electric utilities had deployed security systems with the “proper segmentation, monitoring and redundancies” needed for adequate cyber protection.

  • SATCOMS vulnerable to hacking

    Satellite communications systems (SATCOMS) used by soldiers on the front lines, airplanes, and ships are vulnerable to hacking, according to analyst Ruben Santamarta’s presentation at the recent Black Hatcybersecurity conference.While none of the vulnerabilities discovered could directly cause a plane to crash, or override pilot commands, they could delay or intercept communications, exposing security and classified information to bad actors.

  • Training cyber security specialists for U.S. critical cyber infrastructure

    Lawrence Livermore National Laboratory is joining Bechtel BNI and Los Alamos National Laboratory to train a new class of cyber defense professionals to protect the U.S. critical digital infrastructure. The Bechtel-Lawrence Livermore-Los Alamos Cyber Career Development Program is designed to allow the national labs to recruit and rapidly develop cyber security specialists who can guide research at their respective institutions and create solutions that meet the cyber defense needs of private industry. About 80 percent of the nation’s critical digital infrastructure and assets are owned and operated by private industry.

  • Expanding the scope and impact of cybersecurity and privacy research

    As our lives and businesses become ever more intertwined with the Internet and networked technologies, it is crucial to continue to develop and improve cybersecurity measures to keep our data, devices and critical systems safe, secure, private and accessible. The other day, the National Science Foundation’s (NSF) Secure and Trustworthy Cyberspace (SaTC) program announced two new center-scale “Frontier” awards to support large, multi-institution projects that address grand challenges in cybersecurity science and engineering with the potential for broad economic and scientific impact.

  • SWAMP: Improving software assurance activities

    The Software Assurance Market Place, or SWAMP, is an online, open-source, collaborative research environment that allows software developers and researchers to test their software for security weaknesses, improve tools by testing against a wide range of software packages, and interact and exchange best practices to improve software assurance tools and techniques.