-
Social media grappling with problems posed by terrorists-supporting contents
Terrorist organizations have adopted social media as a tool for spreading propaganda and recruiting new members. Social media allow terrorist groups to interact with an audience and spread their message to a broader base. Legal scholars warn that as social media networks become the modern space for public discourse, they must be careful about publishing certain content because they could come under legal scrutiny for materially supporting terrorist organizations.
-
-
Maryland creates fund to support cybersecurity startups
The Maryland Technology Development Corporation, (TEDCO) an independent public organization founded by the Maryland General Assemblyand funded by the state, has created a $1 million fund to invest in startups developing new cybersecurity technologies.
-
-
New framework facilitates use of new Android security modules
Computer security researchers have developed a modification to the core Android operating system that allows developers and users to plug in new security enhancements. The new Android Security Modules (ASM) framework aims to eliminate the bottleneck that prevents developers and users from taking advantage of new security tools.
-
-
Winners announced in U.S. Cyber Challenge Western regional competition
Angela Rey, Lee Christensen, and Vincent Venem were on the winning team for the 2014 U.S. Cyber Challenge (USCC) Western Regional “Capture the Flag” competition. The seventy participants were selected based in part on their scores from Cyber Quests, an online competition offered through the USCC in April that drew more than 1,600 participants from almost 700 schools nationwide.
-
-
Energy companies slow to buy cyberdamage insurance
The U.S. oil industry will spend $1.87 billion on cybersecurity defense systems by 2018, but less than 20 percent of U.S. companies overall are covered for cyberdamages. “Imagine what could happen if a large refinery or petrochemical facility’s safety monitoring systems were hijacked near an urban area, or a subsea control module was no longer able to be controlled by the people who should be controlling it,” says one expert. “As we’ve all seen from Deepwater Horizon [the 2010 BP Gulf oil spill] those risks and damages can be astronomical. It requires an immediate response.”
-
-
Financial firms go beyond NIST's cybersecurity framework
The National Institute of Standards and Technology(NIST) released its Framework for Improving Critical Infrastructure Cybersecurityin February 2014. Utilities, banks, and other critical industries welcomed the guidelines, but many considered the framework to be a baseline for what was needed to continuously protect their networks from cyberattacks. Some financial firms have developed industry-based cyber policies through association such as the Financial Services Information Sharing and Analysis Center’s (FS-ISAC) Third Party Software Security Working Group. The group has been reviewing cyber policies since 2012, before the NIST guidelines were finalized.
-
-
All-industry cybersecurity association needed: Experts
A new report is calling for a professional association committed to serving the cybersecurity industry. Theacknowledged the shortage of qualified cybersecurity professionals, as well as the difficulty of recruiting, training, and hiring potential candidates.Experts say that a cybersecurity association could help assess the needs of employers seeking cybersecurity professionals, establish ongoing training and development programs, and also help develop cybersecurity standards across all industries.
-
-
Program aiming to facilitate cyberthreat information sharing is slow to take off
President Barack Obama’s 2013 executive orderto improve critical infrastructure cybersecurity allows DHS to expand an information-sharing program, once restricted to Pentagoncontractors, to sixteencritical infrastructure industries. The Enhanced Cybersecurity Servicesprogram transmits cyber threat indicators to selected companies so they may prepare their network protection systems to scan for those indicators. A DHS inspector general (IG) reportreleased on Monday has found that just about forty companies from three of the sixteen industries — energy, communications services, and defense — are part of the program. Moreover, only two ISPs are authorized to receive the indicators.
-
-
Two major security vulnerabilities found in majority of world’s smartphones
Researchers have uncovered two major vulnerabilities in smart phones from manufacturers including Apple, Google Android, and Blackberry, among others. These flaws could put up to 90 percent of the world’s two billion smartphones at risk for stolen data, password theft, and the potential for hackers even to take control of the device.
-
-
Keith Alexander turns government experience into lucrative private sector career
Cybersecurity industry insiders are questioning the ethics behind recently retired NSA chief Keith Alexander’s decision to launch IronNet Cybersecurity, a private consultancy, equipped with patents for what he refers to as a game-changing cybersecurity model. Alexander says there is nothing out of the ordinary here. “If I retired from the Army as a brain surgeon, wouldn’t it be OK for me to go into private practice and make money doing brain surgery? I’m a cyber guy. Can’t I go to work and do cyber stuff?”
-
-
Utilities increasingly aware of grid vulnerability
An analysis by the federal government shows that if only nine of the country’s 55,000 electrical substations were shut down due to mechanical failure or malicious attack, the nation would experience coast-to-coast blackout. Another report finds cybersecurity as one of the top five concerns for U.S. electric utilities in 2014. The report also found that 32 percent of the surveyed electric utilities had deployed security systems with the “proper segmentation, monitoring and redundancies” needed for adequate cyber protection.
-
-
SATCOMS vulnerable to hacking
Satellite communications systems (SATCOMS) used by soldiers on the front lines, airplanes, and ships are vulnerable to hacking, according to analyst Ruben Santamarta’s presentation at the recent Black Hatcybersecurity conference.While none of the vulnerabilities discovered could directly cause a plane to crash, or override pilot commands, they could delay or intercept communications, exposing security and classified information to bad actors.
-
-
Training cyber security specialists for U.S. critical cyber infrastructure
Lawrence Livermore National Laboratory is joining Bechtel BNI and Los Alamos National Laboratory to train a new class of cyber defense professionals to protect the U.S. critical digital infrastructure. The Bechtel-Lawrence Livermore-Los Alamos Cyber Career Development Program is designed to allow the national labs to recruit and rapidly develop cyber security specialists who can guide research at their respective institutions and create solutions that meet the cyber defense needs of private industry. About 80 percent of the nation’s critical digital infrastructure and assets are owned and operated by private industry.
-
-
Expanding the scope and impact of cybersecurity and privacy research
As our lives and businesses become ever more intertwined with the Internet and networked technologies, it is crucial to continue to develop and improve cybersecurity measures to keep our data, devices and critical systems safe, secure, private and accessible. The other day, the National Science Foundation’s (NSF) Secure and Trustworthy Cyberspace (SaTC) program announced two new center-scale “Frontier” awards to support large, multi-institution projects that address grand challenges in cybersecurity science and engineering with the potential for broad economic and scientific impact.
-
-
SWAMP: Improving software assurance activities
The Software Assurance Market Place, or SWAMP, is an online, open-source, collaborative research environment that allows software developers and researchers to test their software for security weaknesses, improve tools by testing against a wide range of software packages, and interact and exchange best practices to improve software assurance tools and techniques.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.