• Using jokes as an encryption method

    Encrypting a message with a strong code is the only safe way to keep your communications secret, but it will be obvious to anyone seeing such a message that the sender is hiding something, regardless of whether they are encrypting their e-mails for legitimate or illicit purposes. The solution: hiding a secret message in plain sight – for example, in simple jokes.

  • Napolitano testifies on cybersecurity executive order

    Two Senate panels questioned DHS Secretary Janet Napolitano yesterday at a hearing on President Obama’s cybersecurity executive order and what issues need to be addressed in cyber legislation. “We simply cannot afford to wait any longer to adequately protect ourselves,” Said Senator Jay Rockefeller (D-West Virginia), chairman of the Senate Commerce Committee.

  • Tech companies, telecoms clash over cybersecurity executive order

    Last August a cybersecurity bill died in Congress amid partisan bickering. On 12 February this year, President Obama packed many of that bill’s elements into a cybersecurity executive order. To make the order more acceptable to some of its congressional and industry critics, the president introduced an exemption which would take large technology companies off the list of companies subject to the new cybersecurity standards. This exemption placated some of the original cybersecurity bill’s critics, but angered others, chief among them telecommunication companies.

  • New trends in cybersecurity and information security education

    The Federal Information Systems Security Educators’ Association (FISSEA)promotes cybersecurity awareness, training, and education. The annual meeting,to be held 19-21 March 2013 at NIST headquartersin Gaithersburg, Maryland, is geared toward both new and seasoned security officers, IT managers, information security educators and researchers, cybersecurity trainers and teachers, and those involved in instructional design and curriculum development.

  • U.S. military “unprepared” for cyberattacks by “top-tier,” cyber-capable adversary: Pentagon

    A new Pentagon study concludes that the U.S. military is unprepared for a full-scale cyber-conflict with a top-tier, cyber-capable adversary. The report says the United States must increase its offensive cyberwarfare capabilities, and that the U.S. intelligence agencies must invest more resources in obtaining information about other countries’ cyberwar capabilities and plans. The report says that the United States must maintain the threat of a nuclear strike as a deterrent to a major cyberattack by other countries. The report warns that the Pentagon cannot be confident its military computer systems and communication networks are not compromised because many of the components of these systems and networks are made in countries which pose the main cyberthreat to U.S. national security.

  • New ways to store data securely with untrusted cloud providers

    Cloud storage security is an especially important issue for anyone dealing with large amounts of data that are supposed to be stored for a long period, such as archival and backup data. Researchers received a top honor for their ideas on better ways to ensure the integrity and long-term reliability of data stored at potentially untrusted cloud storage providers.

  • RFI for cybersecurity framework for critical infrastructure

    In his 12 February 2013 Executive Order, President Obama called for the development of a Cybersecurity Framework to reduce cyber risks to critical infrastructure such as power plants and financial, transportation, and communications systems. The National Institute of Standards and Technology (NIST) the other day issued a Request for Information (RFI) in the Federal Register as its first step in the process to developing that framework.

  • Report details history, earlier versions of Stuxnet

    In 2010, Symantec reported on a new and highly sophisticated worm called Stuxnet. This worm became known as the first computer software threat which was used as a cyber-weapon. In a new report, Symantec says that clues in the code pointed to other versions of the worm which could potentially perform different actions leaving an open question about Stuxnet and how it came to be.

  • U.S. responds to China’s cyberattacks with anti-theft trade strategy

    The Obama administration yesterday (Wednesday) unveiled the details of a broad strategy to counter the systemic theft by Chinese government agencies of U.S. trade and technology and trade secrets. The administration’s plan calls for new diplomatic push to discourage intellectual property theft abroad and better coordination at home to help U.S. companies protect themselves.

  • U.S. weighing retaliatory measures against China for hacking campaign

    As incontrovertible evidence emerged for the role of Chinese government in initiating and orchestrating the massive, sustained Chinese hacking campaign against U.S. private companies, government agencies, and critical infrastructure assets, the administration has intensified discussions of retaliatory measures the United States may take against China.

  • Spotting potential targets of nefarious e-mail attacks

    The weakest link in many computer networks is a gullible human. With that in mind, computer science researchers want to figure out how to recognize potential targets of nefarious e-mails and put them on their guard.

  • Chinese government orchestrates cyberattacks on U.S.: experts

    For more than a decade now, China has engaged in a sustained, systemic, and comprehensive campaign of cyber attacks against the United States. The Chinese government has enlisted China’s sprawling military and civilian intelligence services, with their armies of cyber-specialists, in a cyber-campaign aiming to achieve three goals: steal Western industrial secrets and give them to Chinese companies, so these companies could compete and weaken their Western rivals; hasten China’s march toward regional, then global, economic hegemony; achieve deep penetration of U.S. critical infrastructure in order to gain the ability to disrupt and manipulate American critical infrastructure – and paralyze it during times of crisis and conflict. A detailed 60-page study, to be released today , offers, for the first time, proof that the most sophisticated Chinese hacker groups, groups conducting the most threatening attacks on the United States, are affiliated with the headquarters of China’s military intelligence lead unit — PLA Unit 61398.

  • Beefing up public-key encryption

    MIT researchers show how to secure widely used encryption schemes against attackers who have intercepted examples of successful decryption.

  • Quantum cryptography to secure electric grid

    Novel methods for controlling the electric grid are needed to accommodate new energy sources such as renewables whose availability can fluctuate on short time scales. This requires transmission of data to and from control centers; but for grid-control use, data must be both trustworthy and delivered without delays. The Los Alamos National Laboratory quantum cryptography team successfully completed the first-ever demonstration of securing control data for electric grids using quantum cryptography.

  • Obama to issue cybersecurity executive order today

    President Barack Obama is expected to issue an executive order tomorrow to dealing protecting U.S. critical infrastructure from cyberattacks. The order will be issues one day after the president’s State of the Union address. The order will establish a critical infrastructure council which will be run by DHS and will include members of the Departments of Defense, Justice, and Commerce as well as the National Intelligence Office. The council will be tasked with formulating new regulations for federal agencies, or broadening regulations  already in place. The regulations will most likely include the sharing of data between private corporations and the federal government.