• Siemens, McAfee team up to defend against critical infrastructure attacks

    McAfee and Siemens will work together to help secure critical infrastructure against cyber attacks that target industrial control processes like the Stuxnet worm which destroyed nuclear centrifuges at an Iranian nuclear enrichment facility; the two companies are targeting Advanced Persistent Threats aimed at the manufacturing and process industry; this new security product could help ease security fears for critical infrastructure operators who rely on industrial control programs for nearly every automated process; McAfee says it’s Application Control system product would have protected Iran’s centrifuges from the Stuxnet virus that caused them to spin out of control

  • Russian bloggers fall victim to cyber attacks

    Earlier this month LiveJournal, a major Russian blogging site, was the victim of a large cyber attack; bloggers believe that it was a move meant to silence political dissent in advance of the country’s elections; the site was brought down by a distributed denial of service (DDos) attack; SUP, the owners of LiveJournal, said that the recent attacks were the worst in its company’s history and unprecedented in that it targeted the entire website rather than individual blogs; the majority of Russia’s opposition leaders and political activists maintain blogs on LiveJournal that they use as platforms to gain support and spread their message

  • Joint EU and U.S. cyber security exercise to be held this year

    The United States and the European Union (EU) recently announced that they will hold joint cyber war exercises by the end of 2011; the exercise comes as part of a broader agreement to expand efforts to jointly defend against cyber security threats; the two sides agreed to share best practices, engage the private sector, and increase global cyber incident response capabilities; in particular, the agreement will focus on fighting botnets, securing industrial control systems, and enhancing the resilience and stability of the internet

  • Iran admits Stuxnet's damage

    A senior Iranian official admitted that the Stuxnet malware, which infected tens of thousands of computers and servers used in Iran’s nuclear weapons complex inflicted serious damage on Iran’s nuclear program, including large-scale accidents and loss of life

  • Chips may sabotage hi-tech weapons

    Countries producing sophisticated weapon systems do not want these systems to fall into the wrong hands; one idea is to plant a chip in these weapons which would allow the country that supplied them to destroy or disable them remotely; already there are worries that with chip manufacturing moving outside the United States, foreign powers may bribe or coerce chip manufacturers into planting “backdoor” circuits in chips these manufacturers sell American defense contractors

  • Call for creating a U.S. cybersecurity emergency response capability

    Lawmakers call for the creation of a cybersecurity emergency response capability to help businesses under major cyber attacks; “Who do you call if your CIO is overwhelmed, if you’re a local bank or utility?” Senator Sheldon Whitehouse (D-Rhode Island) asked; “How can we preposition defenses for our critical infrastructure, since these attacks come at the speed of light?”

  • Demand for gov. cybersecurity specialists outstrips supply

    The demand for IT personnel continues to grow, but there has been a subtle shift with regard to the qualifications most sought after; new studies found that professionals with the right IT skills and an active government security clearance earned 12 percent more than non-cleared personnel; in the Washington, D.C., area, the pay bump is 20 percent

  • Senator seeks to end wasteful government cybersecurity spending

    Senator Tom Carper (D – Delaware) is actively seeking ways to end wasteful government cybersecurity spending; Carper believes that the government can spend its money more efficiently on IT security; he believes that too many government programs are expensive, inefficient, and do not actually secure government networks; Carper was careful to note that he was not advocating for budget cuts, but rather more efficient spending; Carper has proposed mandating that all agencies only purchase technology that is preconfigured with encryption or other security measures; he is currently working with Senators Joseph Lieberman (I-Connecticut) and Susan Collins (R-Maine) on the Cybersecurity and Internet Freedom Act of 2011, which contains many of his proposals

  • Keeping digital data safe

    The recent Epsilon data leak incident was serious, as it exposed a large number of people to an attack called “spear phishing,” in which an attacker targets specific users or organizations with attempts to steal personal information; this incident could have been much worse: many third-party organizations have aggregated large amounts of our personal information in one place, making us increasingly vulnerable to the type of attack we saw with Epsilon — and attack in which a single breach can result in the compromise of a large amount of user data

  • Internet threat landscape offers a grim picture

    A new Symantec report paints a grim picture of the Internet threat landscape; Symantec detected more than three billion malware attacks from 286 million malware variants in 2010 — up 93 percent on 2009; 49 percent of malicious sites found through Web searches were pornographic; in 2010, 6,253 software vulnerabilities were reported, higher than in any previous year; fourteen vulnerabilities were used in zero-day attacks, including four different Windows zero-days used in the Stuxnet attack; the bad guys also demonstrated a firm grasp of new technology: social networking sites are a huge target, and hackers are exploiting the boom in URL shortening services such as bit.ly; smartphones are also beginning to attract malware

  • RSA explains how hackers stole critical SecurID data

    Cyber security giant RSA detailed how hackers recently infiltrated its systems and stole critical data related to its SecurID two factor authentication products which are used by the Department of Defense, major banks, and other government agencies around the world; hackers used a “spear-phishing attack,” fake emails containing malicious code, to first gain access to its networks; once inside the network, hackers were able to target high-level RSA employees with access to sensitive information and copy their data; experts warn that these types of attacks primarily exploit people, so educating employees to not open these types emails that may contain malicious code is critical

  • U.S. industrial processes vulnerable to Stuxnet-like attack

    Cyber security experts recently warned that U.S. manufacturing plants and critical infrastructure were vulnerable to a Stuxnet-like attack; industrial plants, transportation systems, electrical grids, and even nuclear plants could be crippled by new cyber weapons that target specialized control core processes; concern has spread after the Stuxnet virus targeted these systems and created physical damage; experts have likened Stuxnet to “the arrival of an F-35 into a World War I battlefield”

  • OMB reports on 2010 cybersecurity attacks

    A new report on U.S. government cybersecurity says that in 2010 there were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team;the number represented a 39 percent increase over 2009, when 30,000 incidents were reported by the feds of 108,710 attacks overall

  • Android and Windows 7 phone confound hackers in competition

    Android smartphones and the Windows 7 phone foiled hackers at the recent Pwn2Own hacking competition, while the Apple iPhone and Blackberry were successfully broken into; the results do not necessarily mean that Android and Windows 7 phones are more secure; several factors determine the relative protection a device has against hackers including the security of the software itself and the amount of research that has already been conducted on the device’s weakness; observers were surprised to see the Android repel attacks, but were not shocked when the iPhone was hacked

  • DHS struggles with IT hiring

    DHS has actively sought to recruit more employees with critical cyber security skills, but has struggled with internal obstacles that have slowed hiring; in 2010 DHS set a goal of hiring 1,000 employees with cyber security skills in three years, but so far has only managed to hire roughly 200 in 2010 and it plans to hire 100 this year; the new employees will focus on network and systems engineering, incident response, and risk and strategic analysis; obstacles to hiring include lengthy security clearance processing times, noncompetitive pay, and an outdated job classification system