• Bolstering small businesses cybersecurity

    Small-business owners may think that they are too small to be victims of cyber hackers, but NIST experts know otherwise. NIST reaches out to small businesses, helping them understands the challenges they face in protecting their data and systems. The agency has just released Small Business Information Security: The Fundamentals, a guide written for small-business owners not experienced in cybersecurity, which explains basic steps they can take better to protect their information systems.

  • Germany launches broad cybersecurity strategy

    The German government on Wednesday adopted a new cybersecurity strategy to counter a rising number of threats targeting government institutions, critical infrastructure, businesses, and citizens. The new strategy was adopted in response to a dramatic increase in sophisticated cyberattacks originating in Russia and China. Chancellor Angela Merkel on Tuesday, and Interior Minister Thomas de Maziere on Wednesday, warned that Russia would be using hacking and disinformation campaign in an effort to influence next year’s election in Germany.

  • Using hardware to fight computer viruses

    More than 317 million pieces of new malware — computer viruses, spyware, and other malicious programs — were created in 2014 alone, according to work done by Internet security teams at Symantec and Verizon. Malware is growing in complexity, with crimes such as digital extortion (a hacker steals files or locks a computer and demands a ransom for decryption keys) becoming large avenues of cyberattack. Fighting computer viruses is not just for software anymore, as researchers study how hardware can help protect computers too.

  • Germany worries about Russian cyberattacks influencing German election

    Chancellor Angela Merkel has said Russia could launch a cyberattack campaign in an effort to influence Germany’s general elections next year. “We are already, even now, having to deal with information out of Russia or with Internet attacks that are of Russian origin or with news which sows false information,” the German chancellor said. Hans-George Maassen, the director of Germany’s domestic intelligence agency, issued a formal warning earlier this year, saying that that the German government, business, educational facilities, and critical infrastructure were under “permanent threat” from Russian cyberattacks.

  • CyberSeek: An interactive resource for cybersecurity career information

    The U.S. rapidly growing cybersecurity jobs market has many more openings available than trained workers to fill them. For example, there are 128,000 positions for “Information Security Analysts,” but only 88,000 workers currently employed in those positions — a talent shortfall of 40,000 workers for cybersecurity’s largest jobs. Jobs requesting cloud security skills remain open ninety-six days on average — longer than any other IT skill. NIST last week introduced CyberSeek, an interactive online tool designed to make it easier for cybersecurity job seekers to find openings and for employers to identify the skilled workers they need.

  • Vanderbilt hosts student-teams hackathon this weekend

    More than 350 students from Vanderbilt University and Southern and Midwest schools such as Purdue, Georgia Tech, and the University of Illinois will work around the clock during VandyHacks, a hackathon, or invention marathon, beginning Friday evening 11 November and ending Sunday, 13 November.

  • Vulnerability flaws in some voting machines

    Voting security surface in every election round, but this time there is an additional worry: Russia’s hacking campaign in the run-up to Election Day has added a new dimension to the more traditional security worries. Experts say now is the time to take decisive action to protect the U.S. election system. “Starting on November 9, we really need to have a strong national conversation about what we’re going to do with our voting systems so that the next election we don’t have this same issue” one cybersecurity expert said.

  • Future mischief: Russia’s disinformation campaign will continue after elections

    The continuing dumping of e-mails which Russian government hackers stole from the Clinton campaign has led U.S. intelligence officials to worry that Russia will escalate its disinformation campaign after Election Day. A senior U.S. intelligence official said that Putin is not interested only in discrediting the legitimacy of Tuesday’s elections, but is eager to undermine the effectiveness of the next president, regardless of who he or she is. “Don’t think that the Russian activity was solely about the election, or about Trump,” the officials said. “It wasn’t. It was about their agenda, what they are trying to accomplish” in expanding Russia’s power and influence around the world.

  • U.S. readies retaliation if Russian disrupts Election Day

    Russian government hackers have interfered in the political process leading up to the 8 November elections by undermining the campaign of Hillary Clinton. In preparation for an American retaliation in the event Russia tries to change the counting of actual votes on election day, U.S. government cyber operatives have “penetrated” Russia’s telecommunications networks and electric grid. The penetration, and the sleeper malware left behind, would allow the United States to hit back in case Russian intelligence agencies do carry out a cyberattack on U.S. election systems on Tuesday.

  • FBI investigating fake documents targeting Clinton campaign

    The FBI, as part of a broader investigation into attempts by Russia to interfere in and influence the U.S. presidential election, is examining forged documents aiming to discredit and disrupt the Hillary Clinton campaign. Senator Tom Carper (D-Delaware), who sits on the Senate Homeland Security Committee, has referred one of the fake documents to FBI investigators, one of several documents handed over to the FBI and the U.S. Department of Justice for review in recent weeks. U.S. officials have been privately warning since August that the Russian government agencies orchestrating the hacking campaign could move beyond hacking the e-mail systems of the Democratic Party and the Clinton campaign, to include posting fictional “evidence” of voter fraud or other disinformation in the run-up to Election Day.

  • Twitter goes down and believers in conspiracy theories pounce

    Twitter service in Japan and parts of the United States was down earlier today (Monday), shortly after WikiLeaks claimed that its servers had been subjected to a cyberattack. When service was restored, some users were quick to see a conspiracy, linking the outages at WikiLeaks and Twitter to the WikiLeaks release of a new set of hacked e-mails from the Democrat National Committee. “.@Twitter was down ~ 25 min. #DDOS or US Govt? #DNCLeak2 intel docs reference killings of Vince Foster & Ron Brown,” said one tweet.

  • Replacing vulnerable password with secure keystroke biometrics

    Lapses in computer security can be seen as downright negligent, in a time when major data breaches and leaks dominate international headlines on a regular basis. But it also draws attention to a more compelling question: just how secure are text-based passwords, really? Experts believe that there should be alternatives to the ubiquitous, text-based user authentication method – and that one such alternative is a new method of user authentication using keystroke biometrics.

  • Cyberwar: Growing worries about Russia hacking, disrupting the U.S. election

    The U.S. government is worried that Russian government hackers may try to hack and disrupt the upcoming presidential election. The U.S. intelligence community, DHS, and private cybersecurity experts have already identified a broad and sustained hacking effort by hackers working for two Russian government agencies aiming to undermine the campaign of Hilary Clinton and help Donald Trump. The United States has privately warned Russia in no uncertain terms that any attempt to manipulate vote counts would result in serious breaches — still, federal and state officials are focusing on five possible ways Russia may hack the election. Experts warn that Russia’s long-term goal is to undermine the American political system by disrupting and discrediting the election process, sowing doubts and suspicion, and providing “proof” for the conspiratorial beliefs about a corrupt political system in which the electoral process is “rigged” and where “international bankers” are conspiring to “steal” the election.

  • How hard is it to rig an election?

    How do you rig an election? Republican presidential nominee Donald Trump claims our system of elections are rigged – asserting that widespread voter impersonation exists, that large numbers of dead people vote, and that many noncitizens have successfully registered to vote and regularly do so. Don’t believe it. One roadblock to rigging the elections is the fact that the American system of election administration is hyper-localism. More than 5,000 municipal and county election officials administer elections across more than 8,000 local jurisdictions across the United States. Another roadblock is the sheer number of votes involved. Presidential elections generally prompt higher turnout than any other election — in the 2012 presidential election, 130 million people cast their ballots. The sheer size of the electorate, and the sheer number of different local jurisdictions, suggest that attempting to “rig” the system would require a level of coordination even greater than the coordination needed to “get out the vote” on Election Day itself. Such a vast conspiracy cannot possibly be concealed. All of this adds up to a system of election administration that is virtually impossible to penetrate in the name of massive fraud that would shift the results of an election. So don’t believe it when someone tries to tell you the vote is rigged.

  • NICE framework provides resource for stronger cybersecurity workforce

    NIST released a resource that will help U.S. employers more effectively identify, recruit, develop, and maintain cybersecurity talent. The draft NICE Cybersecurity Workforce Framework (NCWF) provides a common language to categorize and describe cybersecurity work to help organizations build a strong staff to protect their systems and data.