-
NSA: Perfect Citizen program is purely "research and engineering effort"
Perfect Citizen, a new National Security Agency (NSA) project, would deploy sensors in networks running critical infrastructure such as the electricity grid and nuclear-power plants; the sensors would detect intrusion and other unusual activity indicating a cyberattack on U.S. critical infrastructure; NSA spokeswoman says the program is “purely a vulnerabilities-assessment and capabilities-development contract—- This is a research and engineering effort” and “There is no monitoring activity involved, and no sensors are employed in this endeavor”
-
-
Sector Report for July 8, 2010: Cybersecurity
This report contains the following stories.
Plus 1 additional story.
-
-
U.S. quietly launches protection program against cyber attacks on critical infrastructure
The administration has quietly launched Perfect Citizen, a digital surveillance project to be run by the NSA; the project’s goal is to detect and detect cyber attacks on private companies and government agencies running critical infrastructure such as the electricity grid, nuclear-power plants, dams, and more; the program would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack — although it would not persistently monitor the whole system
-
-
GAO: U.S. lacks cybersecurity R&D master plan, leadership, coordination
GAO says United States does not have prioritized national cybersecurity research and development agenda; “Without a current national cybersecurity R&D agenda, the nation is at risk that agencies and private sector companies may focus on their individual priorities, which may not be the most important national research priorities,” auditors wrote
-
-
Security tensions at the core of the cloud concept hobble cloud growth
The cloud model and the notion of data having a specific location are somewhat antithetical: some cloud-service providers attempt to maintain security and availability by locating the data in multiple servers or data centers, or by locating it in an undisclosed data center; cloud-service providers are thus in a tight situation with regard to secrecy about their data centers and security procedures: many of these providers believe that this information must remain secret, but many customers — including giant potential customers such as the U.S. federal government — want to be made aware of such information before signing on with a provider
-
-
Secureworks World Cup of cyber security finds India the safest nation, U.S. the least safe
Digitally speaking, the United States is the least cyber-secure country in the world: with 265,700,000 active PCs, there were 441,003,516 attempted cyber attacks, or 1,660 attacks per 1,000 computers; India is the safest digital country in the world, with a mere 52 attacks per 1,000 PCs
-
-
U.S. Naval Academy to launch cyber security center
The building and labs would cost $100 million, with work beginning in 2014; a Baltimore lawmaker who also is chairman of a House subcommittee that deals with technical and tactical intelligence says: “The future of war fighting is cyber security… We [the United States] have been cyber-attacked on a regular basis; our future leaders need to understand cyber security”
-
-
Industrial espionage puts German companies, jobs at risk
Companies failing to protect themselves from external attack risk losing their competitive edge; in the information age, the threat of industrial espionage is all too real, with thousands of jobs at stake in Germany
-
-
Lebanon: alleged Israeli spy had access to "most significant segment" of cell phone network
Lebanon arrested a high-level employee of one of the two Lebanese mobile phone networks, saying he has been working for Israeli intelligence since 1996; the authorities say he may have planted monitoring devices allowing the Israelis to tap directly into the Alfa network, one of the two major cell phone companies operating in Lebanon
-
-
A smarter, faster, more controllable cloud
Different types of cloud applications have different needs; a highly interactive application such as a voice chat program probably needs a high-quality connection; a file-backup service that transfers data in bulk might benefit from the least expensive transit between machines; a proposed system would let cloud developers control the way their data travels across different machines
-
-
Chase: IE6 "more secure" than Chrome, Opera
Banking giant Chase said it found the old IE6 to be more secure — and popular — than either Google’s Chrome or Opera; the bank’s online banking services will, therefore, continue to support aging the IE 6 but drop support for Chrome and Opera; also making the cut are Mozilla’s Firefox 2.0 and higher and version 3.0 and higher of Apple’s Safari on the Mac — but not the PC
-
-
Obama emphasizes identity management
The Obama administration is planning to promote identity management throughout the government; Howard Schmidt: “The ability to interact with the government in a very secure manner, where privacy and civil liberties are protected and you can only do that with some of the things you look at from an identity management perspective”
-
-
U.S. government to direct more to cybersecurity
The three themes undergirding the Obama administration’s multi-billion dollar cybersecurity strategy: first, “tailored trustworthy spaces,” which means creating different security levels for different government and non-government Internet activities; second, “moving targets,” in which the search is for security systems that change constantly to increase uncertainty for hackers; third, “economic incentives,” which involves seeking to find ways to motivate users to adopt cybersecurity defenses
-
-
Lawmakers to combine cybersecurity bills
Reforming the Federal Information Security Management Act (FISMA) and defining the role of the White House and other agencies are common themes in the many cybersecurity bills now circulating on the Hill
-
-
Smart Grid cybersecurity market to reach $3.7 billion by 2015
Spending on security for the smart grid will represent approximately 15 percent of total smart grid capital investment between now and 2015; cumulative investment in the security sector will reach $21 billion between 2010 and 2015, with annual revenue reaching $3.7 billion by 2015; among other incentives, one key condition for smart grid funding awarded last year under the federal stimulus program was that the awardees incorporate strong security into their smart grid initiatives
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.