• FIDO 1.0 specifications published aiming to promote stronger authentication

    The FIDO (Fast IDentity Online) Alliance, an open industry consortium promoting standards for simpler, stronger authentication, the other day published final 1.0 drafts of its two specifications — Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).

  • Scientist develops uncrackable security code for nuclear weapons

    Nuclear weapons exist, so control of nuclear weapons is essential. Intrinsic Use Control (IUC) is a concept which is capable of providing improved quantifiable safety and use control within a nuclear weapon. As a basic concept, use control is best accomplished in the weapon itself rather than depending on administrative controls, fences, and guards. Using established technology, IUC uses passive use control to resist any attacks or unauthorized use of a weapon at either the component or the fully assembled levels.

  • U.S. spends about $10 billion a year to protect the nation's digital infrastructure

    U.S. intelligence agencies have designated cyberattacks as the most alarming threat to national security. The federal government is spending roughly $10 billion a year to protect the nation’s digital infrastructure, but hackers, some sponsored by nation-states, are successfully infiltrating civilian and military networks.Professionals from DHS, the Pentagon, and private contractors all work together in U.S. cyber centers to detect, prevent, respond, and mitigate incoming and existing cyberattacks. Several of the U.S. top cybersecurity labs are housed in nondescript office buildings with no government seals or signs.

  • Lapses in Heartbleed bug fix discovered

    First disclosed in April 2014, Heartbleed presents a serious vulnerability to the popular OpenSSL (Secure Sockets Layer) software, allowing anyone on the Internet to read the memory of systems that are compromised by the malicious bug. A detailed analysis by cybersecurity experts found that Web site administrators nationwide tasked with patching security holes exploited by the Heartbleed bug may not have done enough.

  • FBI: Lawmakers should mandate surveillance “backdoors” in apps, operating systems

    FBI director James Comey said that the agency was pushing lawmakers to mandate surveillance functions in apps, operating systems, and networks, arguing that privacy and encryption prevent or disrupt some of the agency’s investigations. According to Comey, new privacy features implemented by Google and Apple in the wake of the Snowden revelations, automatically encrypt user communication and data, making it difficult for law enforcement to gather evidence and connect links among suspected criminals and terrorists.

  • Government tries better to define cybersecurity needs

    In a science advisory board meeting on 23 October at the White House Office of Science and Technology Policy (OSTP), officials attempted to glean just where the government cybersecurity workforce stood in terms of talent and hiring necessity. There is currently no government-wide federal job description in the cybersecurity field, and that has led to meetings similar to the October summit.

  • Identifying ways to improve smartphone security

    What information is beaming from your mobile phone over various computer networks this very second without you being aware of it? Experts say your contact lists, e-mail messages, surfed Web pages, browsing histories, usage patterns, online purchase records and even password protected accounts may all be sharing data with intrusive and sometimes malicious applications, and you may have given permission. The apps downloaded to smartphones can potentially track a user’s locations, monitor his or her phone calls and even monitor the messages a user sends and receives — including authentication messages used by online banking and other sites, he says, explaining why unsecured digital data are such a big issue. Assigning risk scores to apps may slow down unwarranted access to personal information.

  • Law enforcement: Apple iOS 8 software would hinder efforts to keep public safety

    With its new iOS 8 operating software, Apple is making it more difficult for law enforcement to engage in surveillance of users of iOS8 smartphones. Apple has announced that photos, e-mail, contacts, and other personal information will now be encrypted, using the user’s very own passwords — meaning that Apple will no longer be able to respond to government warrants for the extraction of data.

  • FBI wants Congress to mandate backdoors in tech devices to facilitate surveillance

    In response to announcements by Appleand Googlethat they would make the data customers store on their smartphones and computers more secure and safer from hacking by law enforcement, spies, and identity thieves, FBI director James Comey is asking Congress to order tech companies to build their devices with “backdoors,” making them more accessible to law enforcement agencies.Privacy advocates predict that few in Congress will support Comey’s quest for greater surveillance powers.

  • Social media firms pledging to keep users anonymous still collect users’ information

    Social media firm Whisperprides itself on offering anonymity in a market where the biggest players are often considered too transparent. Its co-founder, Michael Heyward, a tech entrepreneur, describes the company as “the first completely anonymous social network,” an alternative to Facebookand Twitter. It now emerges that Whisper’s back-end systems that retain digital libraries of texts and photographs sent by users, and in some cases the location information of users.

  • Federally funded cybersecurity center launched

    The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence(NCCoE) initiative has awarded the first federally funded research and development center (FFRDC) contract for cybersecurity to MITRE Corp., a nonprofit established to operate FFRDCs. Cybersecurity professionals will work with stakeholders in government, the private sector, and academia to develop low cost and scalable cybersecurity solutions.

  • U.S. Cyber Command plans to recruit 6,000 cyber professionals, as U.S. mulls offensive cyber strategy

    Last Wednesday, House Intelligence Committee Chairman Mike Rogers (R- Michigan) told reporters that he would like to see the United States adopt a more offensive strategy in cyberspace, but added that the Pentagon, intelligence agencies, and law enforcement must first develop protocols for offensive cyber measures.The following day, U.S. Cyber Command (USCYBERCOM) announced plans to recruit 6,000 cyber professionals and create 133 teams across the country to support the Pentagon in defending the nation’s cyber infrastructure.

  • New cyber initiative to put Israel’s Beer-Sheva region on the world’s cyber map

    Ben-Gurion University of the Negev is a central component of the new CyberSpark initiative, an ecosystem with all the components which will allow it to attain a position of global leadership in the cyber field. The CyberSpark initiative is the only complex of its type in the world – a government-academic-industry partnership which includes Fortune 500 companies and cyber-incubators, academic researchers and educational facilities, as well as national government and security agencies. The CyberSpark Industry Initiative will serve as a coordinating body for joint cyber industry activities with government agencies, the Israel Defense Force (IDF), and academia.

  • Moving cybersecurity technologies from the lab to the real world more expeditiously

    Through the Department of Homeland Security’s Transition to Practice (TTP) program, cybersecurity technologies developed at Sandia National Laboratories — and at other federal labs — now stand a better chance of finding their way into the real world. The TTP program, spearheaded by DHS Science and Technology Directorate (S&T), helps move federally funded cybersecurity technologies into broader use. Getting research discoveries and new technologies over the so-called “valley of death” — the gap between early, promising research on one side and technology that’s in use on the other — is a pressing need in the national lab community.

  • Day of commercially available quantum encryption nears

    If implemented on a wide scale, quantum key distribution technology could ensure truly secure commerce, banking, communications, and data transfer. Los Alamos National Laboratory signs the largest information technology agreement in the lab’s history which aims to bring quantum encryption to the marketplace after nearly twenty years of development at the national-security science laboratory.