-
Worry: Hackers can take over power plants
In many cases, operating systems at power plants and other critical infrastructure are decades old; sometimes they are not completely separated from other computer networks used by companies to run administrative systems or even access the Internet; those links between the administrative networks and the control systems provide gateways for hackers to insert malicious codes, viruses, or worms into the programs that operate the plants
-
-
INL's International Symposium on Resilient Control Systems (ISRCS)
Idaho National Laboratory is helping generate innovative research and codify resilience in next-generation control system designs by hosting the 3rd International Symposium on Resilient Control Systems in Idaho Falls 10-12 August; INL says it sponsors the symposium to support a multidisciplinary approach to the complex nature of control system interdependencies that ensure safe and secure operation of critical components of the U.S. infrastructure including electrical grids, water supplies, and transportation
-
-
Commerce Department seeks comments on cybersecurity and its impact on innovation
The U.S. Commerce Department seeks comments from all stakeholders, including the commercial, academic and civil society sectors, on measures to improve cyber security while sustaining innovation; the department says that the Internet has become vitally important to U.S. innovation, prosperity, education, civic activity, and cultural life as well as aspects of America’s national security, and that a top priority of the department is to ensure that the Internet remains an open and trusted infrastructure, both for commercial entities and individuals
-
-
As demand for cybersecurity professionals grows, shortages are felt
Federal agencies, contractors, and tech companies compete with each other for cyber security work force; measuring the size of the cyber security sector is difficult, but surveys show demand for technical expertise is skyrocketing; the number of jobs posted on ClearanceJobs.com by companies and recruiters looking for professionals with active federal security clearances has jumped 11 percent to 6,100 openings this year from fewer than 5,500 in the same time period last year; Maryland wants to become U.S. cybersecurity capital
-
-
Indonesia joins countries mulling BlackBerry ban to fight terror
Indonesia considers joining a growing list of countries, including India, Saudi Arabia and the UAE in banning BlackBerry devices; Research in Motion is receiving increasing pressure to allow government access to data generated by the hand-held devices
-
-
Smart Grid offers target-rich opportunities for hackers
SCADA systems are vulnerable to hacking, but the smart grid is even more vulnerable; security experts at the Black Hat conference in Las Vegas last week warned that the accelerated deployment of smart-grid technology could leave critical infrastructure and private homes vulnerable to hackers; hacking may come in a benign form — customers might simply figure out how to lower their electricity bills by manipulating how much energy their meters say they are using; hacking may also have more sinister aspects: large-scale attacks may also be possible, and the smart grid’s serious vulnerabilities make it possible to shut down the power supply to an entire city
-
-
New identity theft scheme: stealing kids' Social Security numbers
The latest identity theft scheme: stealing kids’ Social Security numbers years before these kids grow up to use these numbers; the scheme allows people to establish phony credit and run up huge debts — debts that the kids may never be able to pay off
-
-
U.S. "cyber flank" exposed
Former head of the CIA and the NSA warns the U.S.“cyber flank” was exposed and it was losing clout to influence rules of war on the Internet; “Our flank is totally exposed,” Michael Hayden said at the Black Hat computer security gathering in Las Vegas, comparing the U.S. tactical position on the Internet to a battle of land troops; “If tomorrow they show up on that flank they are going to roll down.”; the retired general said he was in “absolute awe and wonderment” at the Chinese cyber espionage campaign but that they were certainly not the only nation doing it; he faulted an Internet built on the premise of quickly and freely sharing information for creating an open landscape that gives attackers an edge over defenders
-
-
Hacker built, and demonstrated, a $1,500 cell-phone tapping device
Security researcher demonstrated a device, which he built for just $1,500, which can intercept some kinds of cell phone calls and record everything that is said; the attack illustrates weaknesses in GSM, one of the world’s most widely used cellular communications technologies
-
-
First Cyber Security Challenge winner announced
The United Kingdom suffers from a dearth of cybersecurity experts; several private and public organizations have launched the Cyber Security Challenge competition — a series of challenges and games that would test the talent and skills of people; the challenges is built around eight key skill areas which include digital forensics, network analysis, and logical thinking
-
-
ATMs easily compromised by hacker at Black Hat
A disturbingly high percentage of the world’s automated teller machines (ATMs) are vulnerable to physical and remote attacks that can steal administrative passwords and personal identification numbers, to say nothing of cash
-
-
Identifying future digital leakers, whistle-blowers
Digital encoding could catch future informants; the Wikileaks saga will likely result in an overhaul of how governments protects information; in addition to using watermarking, government agencies could adapt existing digital-rights-management technologies; such technologies can perform various tasks that might be relevant: identify when the same computer is downloading voluminous amounts of material, restrict downloading to authorized users, and stop users from copying or passing restricted files to other computers
-
-
New cybersecurity threat: smartphone apps that do more than what they say they do
A large proportion of applications contain third-party code with the capability to interact with sensitive data in a way that may not be apparent to users or developers; Apple reviews its applications before accepting them into its App Store, but even that is not foolproof when it comes to detecting erroneous or malicious components within apps, which might end up collecting or storing information that has nothing to do with the intended usage case of the app
-
-
Five hot topics to be discussed at Black Hat and Defcon
Among the many topics to be discussed at Black Hat, which opens today, and DefCon, which opens Friday, is SCADA networks vulnerability; many of these networks have developed a no man’s land between IT and industrial systems, and these networks’ computers are often at risk because nobody seems to take complete ownership of them; there will be a talk about where bugs show up in the infrastructure; the speaker is Jonathan Pollet, whose company, Red Tiger Security, has collected data on 38,000 vulnerabilities — and the types of exploits that have been written for them
-
-
Breakthrough: UCLA engineering devises new location-based cryptography method
Location-based security is ensured by using quantum mechanics; this type of cryptography could be useful in several settings — for example, one could communicate with a military base with a guarantee that only someone physically present at the base will have access to the information; furthermore, the location-based method eliminates the need for distributing and storing keys, one of the most difficult tasks in cryptography
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.