• Shortage of cyber workers in the U.S.

    The United States is lacking an adequate number of individuals within the federal government and private sector with the technical skills necessary to secure cyberspace; there is an even greater shortage of cybersecurity experts that can design secure systems and networks, write nonvulnerable computer code and create the tools needed to prevent, detect and mitigate damage due to malicious acts

  • The worst database security breaches in the U.S., U.K.

    On 6 February 2010 AvMed Health Plans announced that personal information of current and former subscribers have been compromised by the theft of two company laptops from its corporate offices in Gainesville, Florida; the information was comprehensive, including Social Security numbers and protected health information; attempts the thwart the theft have been unsuccessful, leaving the identity data of nearly 1,100,000 vulnerable; this is only one of many cases of database breaches — and the number of cases is growing

  • Cybersecurity solution detects cyber attacks as they happen

    A winning entry in a cyber security competition gives analysts a way to look at computer network traffic and determine how a system was penetrated; it also supplies critical data that can be used to reduce system vulnerabilities and limit future attacks

  • House's homeland security bill doubles cybersecurity R&D budget

    The 2010 Homeland Security Science and Technology Authorization Act would double the cybersecurity research and development budget to $75 million for each of the next two years and authorize another $500 million for a study to find ways to promote industry best practices through, for example, liability requirements that hold hardware and software vendors responsible for damages caused by a security breach

  • Dell warns of hardware trojan

    Computer maker Dell is warning that some of its server motherboards have been delivered to customers carrying an unwanted extra: computer malware; it could be confirmation that the “hardware trojans” long posited by some security experts are indeed a real threat; the Pentagon is spending millions on research designed to ensure it can trust the microchips in critical systems, especially those made outside the United States

  • Digital retaliation: Turkish hackers steal personal information of 122,000 Israelis

    A month ago Israel stopped several ships, sponsored by a Turkish fundamentalist Islamic organization, which tried to breach the Israeli blockade of the Gaza Strip; nine Turkish militants were killed after they had attacked Israeli soldiers; Turkish hackers launched a retaliatory attack on Israeli digital databases, stealing the e-mail addresses and credit card and PayPal account information of 122,000 Israelis; the hackers also attacked 2,100 Israeli Web sites; security expert advises affected Israelis to change passwords, and credit cards.

  • Malicious virus targets SCADA systems

    Supervisory Control and Data Acquisition, or SCADA, stands for large-scale distributed remote processing systems that gather data in real time to control critical industrial, infrastructure, or facility processes and equipment; SCADA is used to control U.S. critical infrastructure — power plants, oil and gas refining, telecommunications, transportation, dams, water, waste control, and more; Siemens is warning customers of a new and highly sophisticated virus that targets SCADA systems; these systems are typically not connected to the Internet for security reasons, but this virus spreads when an infected USB stick is inserted into a computer

  • A first: 15 nations agree to start working together on cyber arms control

    A group of nations — including the United States, China, and Russia — have for the first time showed a willingness to engage in reducing the threat of attacks on each others’ computer networks; when the group last met in 2005, they failed to find common ground. This time, by crafting a short text that left out controversial elements, they were able to reach a consensus; the Russians proposed a treaty in 1998 that would have banned the use of cyberspace for military purposes. The United States has not been willing to agree to that proposal, given that the difficulty in attributing attacks makes it hard to monitor compliance

  • UTSA's cyber security center moves into new home

    The Institute for Cyber Security Center for Infrastructure Assurance and Security at the University of Texas at San Antonio is moving to a new home on campus; Congress, DHS, and the Defense departments have thrown their money behind UTSA, which the New York Times has named one of the best places to get training as a “cyber sleuth”

  • Experts: securing U.S. critical infrastructure against cyberattack not feasible

    Experts say securing the U.S. power grid and other computer systems that operate the nation’s critical infrastructure against cyberattack is unrealistic, because companies cannot afford to check if suppliers have provided trustworthy products

  • U.S. nuclear safety agency unveils new data, physical security controls

    NNSA the rollout of new information and physical security controls aimed at balancing efficiency and safety; officials said, though, that the implementation of cybersecurity improvements is about a year behind the progress the agency has made on physical protection

  • Algorithm could improve hospital records security

    An algorithm secures patients’ records by ensuring that access to information is available to those who need it, but only when necessary; for example, once a patient has been admitted to hospital, the admissions staff do not necessarily need access to the patient’s records anymore; in many hospitals, those staff members nonetheless continue to have access to every record on file; using the algorithm, those staffers would only be able to access the patient’s record during admission processing; after that, they would find your information unavailable

  • NSA: Perfect Citizen program is purely "research and engineering effort"

    Perfect Citizen, a new National Security Agency (NSA) project, would deploy sensors in networks running critical infrastructure such as the electricity grid and nuclear-power plants; the sensors would detect intrusion and other unusual activity indicating a cyberattack on U.S. critical infrastructure; NSA spokeswoman says the program is “purely a vulnerabilities-assessment and capabilities-development contract—- This is a research and engineering effort” and “There is no monitoring activity involved, and no sensors are employed in this endeavor”

  • U.S. quietly launches protection program against cyber attacks on critical infrastructure

    The administration has quietly launched Perfect Citizen, a digital surveillance project to be run by the NSA; the project’s goal is to detect and detect cyber attacks on private companies and government agencies running critical infrastructure such as the electricity grid, nuclear-power plants, dams, and more; the program would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack — although it would not persistently monitor the whole system