• NIST's cybersecurity framework for infrastructure

    Company which are managing critical infrastructure in the United States and disregard the Preliminary Cybersecurity Framework, issued by the National Institute of Standards and Technology (NIST) in late October, do so at their own peril. The framework is now in its final comment stage and due to be released in mid-February. It lays out a set of comprehensive but voluntary cybersecurity practices.

  • EU issues new manual for defending ICS against cyberattacks

    ENISA, the EU’s cybersecurity agency, has issued a new manual for better mitigating attacks on Industrial Control Systems (ICS). ICS support vital industrial processes primarily in the area of critical information infrastructure such as the energy and chemical transportation industries, where sufficient knowledge is often lacking. As ICS are now often connected to Internet platforms, additional security preparations must be taken. ENISA says that the new guide provides the necessary key considerations for a team charged with ICS Computer Emergency Response Capabilities (ICS-CERC).

  • Federal IT spending to exceed $11 billion by 2018

    A new report from Delteks, contracted spending on cybersecurity will continue to grow from nearly $9 billion in FY2013 to $11.4 billion in FY2018, driven by multiple initiatives aimed at improving the overall cybersecurity posture of federal agencies. Persistent threats, complex and evolving policy issues, and changing technologies highlight ongoing cyber-workforce shortages to drive investments despite constrained federal IT funding.

  • Cybersecurity Manhattan Project needed

    On a daily basis, cyberattacks successfully steal U.S. intellectual property and military weapons plans, disrupt banking systems operations, and gain access to personal information which is supposed to be secure. The question: What it will take to harness America’s resources to push the country into developing effective national cyberdefense capabilities? Should it take another 9/11? Experts say that the whole must be greater than the sum of its parts. Power grid cyberattack exercises, increased cyberwarrior staffing at U.S. Cybercom, and the authorization of preemptive cyberattacks by Presidential Policy Directive 20 are individually good steps. But where is the whole? The unifying call to action? The United States may not be able to have another Manhattan Project, but it should be able to develop a Manhattan Project mentality, one which is orchestrated and executed by the U.S. cybersecurity czar or perhaps the DHS.

  • NSA planted sleeper malware in 50,000 computer networks

    The NSA has planted 50,000 sleeper malware packages – in effect, digital sleeper agents – in more than 50,000 computer networks around the world. The agents, controlled by the NSA’s Tailored Access Operations (TAO) unit, can be activated on command to harvest information of cause disruption. To plant the digital agents, the NSA employed methods typically used by Internet scammers and fraudsters.

  • Cyber Gym in Israel trains cyber-defenders

    A group of IT and infrastructure companies in Israel have teamed up to launch Cyber Gym.The facility, inaugurated this month by Israel Electric Corp. (IEC), will train participants to defend against cyber attacks.When Sivan Shalom,  Israel’s Infrastructure and Energy Minister, was asked whether Israel was more concerned about a physical or a virtual attack, he said: “I think the future battle will be in cyberspace.”

  • U.S., U.K. intelligence worried about Snowden’s “insurance policy” cache

    Edward Snowden has so far released about 500 of the classified documents he secretly downloaded while working for an NSA contractor. Source familiar with the case say he had downloaded between 50,000 and 200,000 classified NSA and British government documents. Those close to him suggest that in addition to continuing a steady release of secret documents over the next two to three years, the potentially most damaging information he obtained, information which includes the names of thousands of intelligence agents and informers employed by the United States and its allies, is kept in a secret cache as an insurance policy against arrest or physical harm.

  • Surveillance programs prompt start-up entry into privacy protection market

    Revelations of the surveillance programs of the National Security Agency(NSA) and the U.K. Government Communications Headquarters(GCHQ) have sparked technical innovations, legal challenges, and pursuits of political reforms in the United States and Britain. While some established providers of secure e-mails have bowed out, new companies are moving in to offer consumers protection from prying.

  • Digital privacy services enjoying a surge in demand

    Digital privacy services such as encrypted e-mail, secure instant messaging, and services that provide hard-to-track IP addresses are enjoying a surge in demand as individuals and businesses seek to protect information from spies and hackers in the wake of the National Security Agency’s (NSA) surveillance program revelations. These services promise security, but may also slow down computer performance. Moreover, they are not likely to deter those who are determined to hack into a particular computer network.

  • Akamai to acquire cloud-based security solutions provider Prolexic

    Organizations, faced with an ever-changing threat landscape, require comprehensive security solutions that address many different protection scenarios. These include securing mission critical Web properties and applications from attack, as well as protecting the full suite of enterprise IP applications — including e-mail, file transfers, and VPN — across a data center. Akamai acquires Prolexic in order to extend its Web optimization and security offerings by adding cloud-based security solutions for protecting data centers and enterprise applications.

  • Developing cyber resilience to meet increasing cyberthreats

    Managing resilience for cyber systems requires metrics that reflect the relationships among system components in physical, information, cognitive, and social domains. In a paper, researchers describe a framework for understanding the concept of cyber resilience, and lay out a systematic method by which to generate resilience metrics for cyber systems.

  • Cybersecurity paradigm shift: from reaction to prediction and prevention

    The intensification of cyberattacks on corporations and government agencies has led to a surge of new companies offering cybersecurity solutions, and Israel boasts some of the world’s top cybersecurity firms.Until recently, investment dollars generally supported startups with a focus on defensive cyber solutions, but now firms like Israel’s CyberArk, providers of proactive and full-service cyber solutions, are of growing interest of tech investors.

  • NSA, DHS partner with academia to train next generation cyber specialists

    Universities across the United States have partnered with the NSA and DHS to prepare the next generation of cybersecurity professionals in anticipation of growing and more serious cyberattacks on the United States. Nearly 200 schools are designing new academic programs to attract more students to the growing field of cybersecurity, and with NSA and DHS as partners, the universities are preparing students for important roles in securing the nation’s digital infrastructure.

  • Hacktivists have been stealing information from U.S. computers for a year

    The FBI reports that activist hackers linked to the group Anonymous have been accessing the computers of numerous government agenciesfor almost a year, and stealing sensitive information. The hackers took advantage of a flaw in Adobe Systems’ColdFusion software to launch a series of intrusions which began December 2012, and then left “back doors” to return to the computers multiple times.

  • Government, private sector prioritize cybersecurity education

    As government and private sector organizations transmit and store more information electronically, the need for professionals with skills to protect and evaluate sensitive information is increasing. American companies and government agencies are expanding various initiatives aimed at increasing the number of cybersecurity professionals in the country.