-
NIST seeking comments on energy industry security scenarios
The National Cybersecurity Center of Excellence (NCCoE) works with industry, academic, and government experts to create open, standards-based, modular, end-to-end solutions to cybersecurity challenges that are broadly applicable across a sector. The solutions are customizable to the needs of individual businesses, and help them more easily comply with relevant standards and regulations. The work is organized around use cases that describe sector-specific challenges.
-
-
Senate panel to vote this week on cybersecurity bill
The Senate Commerce Committee will this week vote on an industry-backed cybersecurity bill before Congress takes an August recess. Last year the Senate twice tried, and failed, to pass a cybersecurity bill because of GOP opposition to it. GOP lawmakers objected to a bill imposing mandatory cybersecurity standards on industry, and instead called for a bill which would make the adoption of cybersecurity standards voluntary. The bill now being considered in the Commerce Committee calls for industry and NIST to develop a cybersecurity framework for industry (something NIST is already doing following a presidential executive order), and for industry voluntarily to adopt it.
-
-
Overconfident, introverted people more likely to be e-mail phishing victims
New study shows that people who are overconfident, introverted, or women are less able accurately to distinguish between legitimate and phishing e-mails. Phishing is the use of fraudulent e-mail correspondence to obtain passwords and credit card information, or to send viruses.
-
-
Cost to U.S. of cybercrime lower than earlier estimates
The Center for Strategic and International Studies (CSIS) and security firm McAfee published a revision of McAfee’s previous estimate of the cost of cybercrime to the United States, reducing the amount from $1 trillion to $100 billion. Experts say this should not be a reason for complacency.
-
-
White House considering incentives for cybersecurity compliance
The Obama administration is considering whether to back tax breaks, insurance perks, and other legal benefits for companies which bolster their digital defenses. The incentives, which include limited protections from legal liability and tax incentives, would be set up to persuade power plants, water systems, chemical plants, and other critical infrastructure companies to comply with the voluntary cybersecurity rules which are being drafted as part of President Obama’s cybersecurity executive order.
-
-
UN warns regulators of mobile phone vulnerabilities
The United Nations is warning telecommunications regulators and government agencies about significant vulnerabilities in cell phone technology which would allow hackers to attack at least half a billion mobile phones worldwide.
-
-
Budget cuts force DHS to scale back cybersecurity programs
Sequestration-mandated federal budget cuts are beginning to have an effect on DHS cybersecurity efforts. Since March, the department has been forced to cancel two conferences and three training sessions for utility companies on how to defend against cyberattacks.Security experts are concerned that the budget cuts are affectingimpacting cybersecurity efforts at a time where more money needs to be put into securing critical infrastructure.
-
-
Are nuclear weapons safe from cyber-attacks?
Research will look into whether today’s nuclear weapons are safe from computer hacking. Specifically, the research seeks to address the question of whether the ability to use and the confidence in nuclear weapons is being eroded by new cyber capabilities being developed by an increasingly large range of actors.
-
-
Spending on cybersecurity for critical infrastructure to reach $46 billion by end of 2013
The digitization of critical infrastructures has provided substantial benefits — improved productivity, better connectivity, greater efficiencies. Yet this digitization also carries significant risks. Always-on Internet connectivity has ushered in a new cyber-age in which the stakes are higher. Better to shield critical infrastructure, cyber security spending for critical infrastructure protection will hit $46 billion globally by the end of 2013.
-
-
U.S. research universities subject to sustained cyberattack campaign by China
Leading U.S. research universities report that they have been subject to millions of Chinese hacking attempts weekly. The Chinese are aware that universities, and the professors who do research under the schools’ auspices, receive thousands of patents each year in areas such as prescription drugs, computer chips, fuel cells, aircraft, medical devices, food production, and more. The Chinese government-sponsored cyberattacks on American research universities are an expansion of efforts by China to steal information that has commercial, political, or national security value.
-
-
McAfee’s Phyllis Schneck leading candidate for DHS cybersecurity post
Phyllis Schneck, the vice president and chief technology officer for public sector at McAfee, is the likely choice to be the next deputy undersecretary for cybersecurity at DHS. The DHS deputy undersecretary for cybersecurity oversees DHS’s cyber operations, including its relationship with private businesses which run utilities and critical infrastructure.
-
-
Hackathons used by government, industry for app development, recruitment
Local and state governments, the music industry and private businesses have begun to host “hackathons” in an effort to learn more about applications that steal and use their data, recruit candidates for cybersecurity jobs, and more generally celebrate the hacking subculture.
-
-
NIST biometric publication provides two new ways to identify people
The National Institute of Standards and Technology (NIST) has issued a new publication that broadens agency security options for Personal Identity Verification (PIV) cards. The new publication adds iris images as biometric identifiers and on-card fingerprint comparison as options for the cards.
-
-
Cybersecurity funding increasing despite sequestration
Sequestration-mandated cuts continue, but more money will continue to go to cybersecurity, and job opportunities in the field will continue to grow. The Defense Department intends to spend $23 billion on cybersecurity over the next five years, and that it is seeking more than $4.6 billion for cybersecurity in 2014 fiscal year, an 18 percent jump from the 2013 fiscal year.
-
-
Consolidation expected among large cybersecurrity contractors
Europe’s largest defense company, BAE Systems, says the number of military contractors selling data protection services to governments will decrease as clients demands for ever-more-sophisticated products increase.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.