• Next NIST workshop on critical infrastructure cybersecurity framework: Dallas, 11 September 2013

    Registration is now open for the fourth in a series of workshops to bring together representatives from government, industry, and academia to establish a voluntary Cybersecurity Framework which will help reduce risks to critical infrastructure. The workshop will be held 11-13 September 2013, at the University of Texas at Dallas, and will be the final public session before the preliminary framework is formally released later this year.

  • Researchers successfully spoof an $80 million yacht at sea

    Researchers were able successfully to spoof an $80 million private yacht using the world’s first openly acknowledged GPS spoofing device. Spoofing is a technique that creates false civil GPS signals to gain control of a vessel’s GPS receivers. The purpose of the experiment was to measure the difficulty of carrying out a spoofing attack at sea and to determine how easily sensors in the ship’s command room could identify the threat.

  • iOS security weaknesses uncovered

    Researchers have discovered two security weaknesses that permit installation of malware onto Apple mobile devices using seemingly innocuous applications and peripherals, uncovering significant security threats to the iOS platform.

  • Senate panel signs off on cybersecurity bill

    The Senate Commerce Committee has approved a cybersecurity bill aiming to bolster protection of U.S. critical infrastructure. The full Senate will vote on the bill by the end of the year. The bill codifies parts of of President Obama’s February 2013 cybersecurity executive order. Among other things, the executive order instructs the National Institute of Standard and Technology (NIST) to draft a set of cybersecurity practices and standards.

  • Cisco’s $2.7 billion acquisition of Sourcefire signals a trend

    Cisco Systems’ $2.7 billion acquisition of Sourcefire, a Columbia, Maryland-based cybersecurity firm, may be the start of trend, as firms are looking to keep hackers at bay in a more connected world. The Maryland and northern Virginia areas around Washington, D.C. have become a hub for cybersecurity companies.

  • Cars’ computers could be the next targets of cyberattacks

    Computers, known as Electronic Control Units (ECUs), were first installed more than thirty years ago, during the first gas crisis, to serve as computerized carburetors. Eventually these computers were upgraded for innovations like cruise control and anti-lock brakes. In modern cars, ECUs “talk” to each other, and “listen” and respond to the messages they receive, over an open network, making them vulnerable to hacking, and potentially dangerous.

  • Using "mathematical jigsaw puzzles" to encrypt software

    Researchers have designed a system to encrypt software so that it only allows someone to use a program as intended while preventing any deciphering of the code behind it. This is known in computer science as “software obfuscation,” and it is the first time it has been accomplished. Software remains completely functional but impervious to reverse-engineering.

  • Black Hat event highlights vulnerability of U.S. critical infrastructure

    Cybersecurity researchers at the Black Hat conference now going on in Las Vegas, will demonstrate how hackers can gain access to U.S. critical infrastructure, and even cause explosions in oil and gas facilities, by altering the readings on wireless sensors used by the oil and gas industry. The faulty sensors typically cost between $1,000 and $2,000 each, and hundreds or even thousands of them are used at a single oil, gas, or water facility.

  • NIST seeking comments on energy industry security scenarios

    The National Cybersecurity Center of Excellence (NCCoE) works with industry, academic, and government experts to create open, standards-based, modular, end-to-end solutions to cybersecurity challenges that are broadly applicable across a sector. The solutions are customizable to the needs of individual businesses, and help them more easily comply with relevant standards and regulations. The work is organized around use cases that describe sector-specific challenges.

  • Senate panel to vote this week on cybersecurity bill

    The Senate Commerce Committee will this week vote on an industry-backed cybersecurity bill before Congress takes an August recess. Last year the Senate twice tried, and failed, to pass a cybersecurity bill because of GOP opposition to it. GOP lawmakers objected to a bill imposing mandatory cybersecurity standards on industry, and instead called for a bill which would make the adoption of cybersecurity standards voluntary. The bill now being considered in the Commerce Committee calls for industry and NIST to develop a cybersecurity framework for industry (something NIST is already doing following a presidential executive order), and for industry voluntarily to adopt it.

  • Overconfident, introverted people more likely to be e-mail phishing victims

    New study shows that people who are overconfident, introverted, or women are less able accurately to distinguish between legitimate and phishing e-mails. Phishing is the use of fraudulent e-mail correspondence to obtain passwords and credit card information, or to send viruses.

  • Cost to U.S. of cybercrime lower than earlier estimates

    The Center for Strategic and International Studies (CSIS) and security firm McAfee published a revision of McAfee’s previous estimate of the cost of cybercrime to the United States, reducing the amount from $1 trillion to $100 billion. Experts say this should not be a reason for complacency.

  • White House considering incentives for cybersecurity compliance

    The Obama administration is considering whether to back tax breaks, insurance perks, and other legal benefits for companies which bolster their digital defenses. The incentives, which include limited protections from legal liability and tax incentives, would be set up to persuade  power plants, water systems, chemical plants, and other critical infrastructure companies to comply with the voluntary cybersecurity rules which are being drafted as part of President Obama’s cybersecurity executive order.

  • UN warns regulators of mobile phone vulnerabilities

    The United Nations  is warning telecommunications regulators and government agencies  about significant vulnerabilities in cell phone technology which would allow hackers to attack at least half a billion mobile phones worldwide.

  • Budget cuts force DHS to scale back cybersecurity programs

    Sequestration-mandated federal budget cuts are beginning to have an effect on DHS cybersecurity efforts. Since March, the department has been forced to cancel two conferences and three training sessions for utility companies on how to defend against cyberattacks.Security experts are concerned that the budget cuts are affectingimpacting cybersecurity efforts at a time where more money needs to be put into securing critical infrastructure.