• NIST issues expanded draft of its smart grid cyber security Strategy for public review

    The coming Smart Grid will offer efficiency and savings, but also new cybervulnerabilities; NIST has issued the second draft proposal of its smart grid cybersecurity requirements; the document identifies more than 120 interfaces that will link diverse devices, systems, and organizations engaged in two-way flows of electricity and information and classifies these connections according to the risks posed by a potential security breach

  • Oak Ridge develops powerful intrusion detection systems

    The attack analysis program uses machine learning to increase effectiveness; ORCA effectively sits on top of off-the-shelf intrusion detection systems, and its correlation engine processes information and learns as cyberevents arrive; the correlation engine supplements or replaces the preset rules used by most intrusion detection systems to detect attacks or other malicious events

  • Group aims to set standard for cloud security

    A new consortium aims to provide a Common Assurance Metric (CAM) that will consist of objective, quantifiable measurements; it will draw from existing standards, which are often industry specific, to provide an international, cross-sector approach

  • FBI wants two year retention for ISP data

    Since 1986 U.S. phone companies have been obliged to keep records of who makes calls, who they call, when they call, and how long the call lasts; Now, the Feds want to include Web activity tools; it is not clear is whether the FBI means which Web sites are visited or the specific URLs

  • U.S. scientists get free cloud free access

    Microsoft and the U.S. National Science Foundation (NSF) will provide free access to cloud computing resources for select NSF-funded researchers for the next three years; those selected will get to use remote Microsoft Azure data centers full of Windows/Dell servers and storage so that they can run compute-intensive algorithms on masses of data

  • U.K. police looking for PC crime breathalyser

    U.K. e-crime cops turn to technology to boost frontline forensics; the Police Central e-Crime Unit (PCeU) is looking for “digital triage” tools that would give frontline police with little training in digital forensics the ability to search for anything from text in e-mails relating to stolen goods to illegal images

  • Terrorists hack gambling Web sites to finance operations

    Terrorists hack gambling Web sites to finance terrorist operations; one group of al Qaeda sympathizers made more than $3.5 million in fraudulent charges using credit card accounts stolen via online phishing scams and the distribution of Trojans; the group conducted 350 transactions at 43 different online gambling sites, using more than 130 compromised credit cards

  • Google turns to NSA for assistance in thwarting Chinese cyberattacks

    Google has developed a reputation as a company that likes to keep its distance from government agencies; the cyberattacks on Google by the Chinese intelligence services has caused Google to reconsider; it is now finalizing a new deal with the NSA to share data – the company’s first formal agreement with the NSA; the spy agency will help Google develop better defenses against Chinese encroachment

  • Cybersecurity bill urges research, task force

    HR 4061 would provide up to $396 million in research grants over the next four years to develop best practices and standards to protect computer networks; the bill also calls for $94 million to go toward scholarships for students who pursue this field of study; the bill would require the National Institute of Standards and Technology (NIST) to establish a cybersecurity awareness program and implement standards for managing personal information stored on computer system

  • DNI Dennis Blair: U.S. critical infrastructure severely threatened

    Blair: “The United States confronts a dangerous combination of known and unknown vulnerabilities, strong and rapidly expanding adversary capabilities, and a lack of comprehensive threat awareness”

  • Security experts worry over iPad security risks

    Security experts that the fact that the iPad will be locked down as the iPhone is, will not prevent hackers using phishing attacks and browser exploits from attacking to new device; while the iPad uses the same OS as the iPhone, it is more powerful; this means attacks based on doctored PDF files may potentially become a risk

  • Critical infrastructure executives fear China

    Operators of electrical grids, telecommunications networks, and other critical infrastructure say their systems are under constant cyber attack; more than 54 percent of the respondents said their critical systems have already suffered large-scale attacks or stealthy infiltrations

  • E-passports vulnerable to traceability attacks, allowing real-time tracking of passport holders

    The electronic passports issued by the United States, the United Kingdom, and some fifty other countries are vulnerable to “traceability attacks”: hackers can remotely track an e-passport holder in real time without first knowing the cryptographic keys that protect the personal information embedded in the e-passport

  • Stealth data: a new dimension in PC data protection

    Researchers at St. Poelten University of Applied Sciences develop the first viable steganographic solution for windows; data can now be protected better than ever before with the Windows operating system, without leaving the slightest trace or giving away the tiniest hint of its existence

  • Targeted attacks top telco nightmares, replacing botnet floods

    Targeted attacks against backend systems have replaced botnet-powered traffic floods as the main concerns for security staff at telcos and large ISPs; the most potent DDoS attacks recorded in 2009 hit 49 Gbps, a relatively modest 22 percent rise from the 40 Gbps peak reached in 2008