• ArgumentHuawei and the Third Offset

    In order to effectively mitigate the security risks posed by Huawei, the U.S. Department of Defense needs to fund and integrate cutting-edge technologies from the private sector. Offset strategies are intended to counterbalance an adversary’s military advantages by developing asymmetric technological strengths.

  • CybersecuritySaving the IoT from Botnets

    The advent of the Internet of Thing, essentially smart devices with connectivity to the internet has wrought many benefits, but with it comes the problem of how to cope with third party users with malicious or criminal intent.

  • PrivacyNot All Privacy Apps Are Created Equal

    By Adam Conner-Simons

    New privacy laws like Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have spawned a new industry of companies and platforms advertising that they can anonymize your data and be compliant with the law. But MIT researcher Aloni Cohen says that he has his doubts about these claims, and his team’s latest work shows that there’s reason to be skeptical.

  • CybersecuritySome Mobile Phone Apps Contain Hidden Secrets Compromising Users’ Private Data

    Researchers have discovered that a large number of cell phone applications contain hardcoded secrets allowing others to access private data or block content provided by users. The study’s findings: that the apps on mobile phones might have hidden or harmful behaviors about which end users know little to nothing.

  • PerspectiveCryptocurrency Laundering Is a National Security Risk

    As U.S. adversaries get more acquainted with blockchain technology, their hostile cyber operations are likely to rely increasingly on cryptocurrency activity. And rogue states are likely to become more innovative in using cryptocurrencies as they try to dampen the impact of U.S. economic sanctions.

  • CybersecurityPreventing Quantum Cyberattacks

    From defense and health information to social networking and banking transactions, communications increasingly rely on cryptographic security amid growing fears of cyberattacks. However, can such sensitive data be unhackable?

  • RansomwareDeal with Ransomware the Way Police Deal with Hostage Situations

    By Scott Shackelford and Megan Wade

    When faced with a ransomware attack, a person or company or government agency finds its digital data encrypted by an unknown person, and then gets a demand for a ransom. The two major ways people have so far responded – pay the ransom of hire a specialist to recover the data — are missing another option that we have identified in our cybersecurity policy studies. Police have a long history of successful crisis and hostage negotiation – experience that offers lessons that could be useful for people and organizations facing ransomware attacks.

  • PerspectiveCyber Attacks against Hospitals and the COVID-19 Pandemic: How Strong are International Law Protections?

    In a situation where most, if not all of us are potential patients, few government-provided services are more important than the efficient delivery of health care. The strain on hospitals around the world is rapidly growing, to which states have responded by mobilizing military medical units, nationalizing private medical facilities, and building emergency hospitals. All of this underlines the urgent need to understand what protections the law offers against attacks – including cyberattacks – on medical facilities.

  • CybersecurityStrengthening Cybersecurity in Sports Stadiums

    Someone pulled a fire alarm during the February 2018 school shooting in Parkland, Florida, which killed 17 students and teachers. The alarm caused more students to move into the hallways and into harm’s way. “Hackers no longer use cyberattacks to cause cyber damage,” says an expert. Instead, “they are using these attacks to cause physical damage or put people in locations to maximize physical damage.” Sports venues, with tens of thousands of spectators, are especially vulnerable. To combat the cyber threat in sports, scientists built an assessment tool for team and stadium owners to fix vulnerabilities.

  • Better protectionProtecting U.S. Energy Grid and Nuclear Weapons Systems

    To deter attempts to disable U.S. electrical utilities and to defend U.S. nuclear weapon systems from evolving technological threats, Sandia researchers have begun two multiyear initiatives to strengthen U.S. responses.

  • CybersecurityHow Secure Are 4- and 6-Digit Mobile Phone PINs

    Apple and Android implement a number of measures to protect their users’ devices. An international team of IT security experts has investigated how useful they are. They found that six-digit PINs actually provide little more security than four-digit ones. They also showed that the blacklist used by Apple to prevent particularly frequent PINs could be optimized and that it would make even greater sense to implement one on Android devices.

  • PerspectiveTime for Regulators to Take Cyber Insurance Seriously

    In April 1997, Steven Haase and some of his colleagues in the insurance industry hosted a “Breach on the Beach” party at the International Risk Insurance Management Society’s annual convention in Honolulu to launch the first ever cyber-insurance policy. Josephine Wolff writes that it would be years, still, before cyber insurance would generate sufficiently significant sales numbers to attract the interest of most major insurers and their customers. More than two decades later, cyber insurance has expanded into a multibillion-dollar global business, with 528 U.S. insurance firms reporting that they offered cyber-specific policies in 2018.

  • Epidemics & cybersecurityCyberexperts Step in As Criminals Seek to Exploit Coronavirus Fears

    Experts from the National Cyber Security Center have revealed a range of attacks being perpetrated online as cyber criminals seek to exploit COVID-19. Techniques seen since the start of the year include bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected.

  • CybersecurityVulnerabilities of Password Managers

    Security experts recommend using a complex, random and unique password for every online account, but remembering them all would be a challenging task. That’s where password managers come in handy. Some commercial password managers, however, may be vulnerable to cyber-attack by fake apps, new research suggests.

  • Cybersecurity“Speed and Agility,” “Layered Cyber Deterrence” to Bolster American Cyber Defenses

    The Cyberspace Solarium Commission (CSC) the other day released its report on how to best protect the nation’s critical infrastructure from a cyberattack of significant consequence. In the report, the CSC lays out a comprehensive strategy to restore deterrence in cyberspace and provides extensive policy and legislative actions to enable this strategy. The report lays out more than 75 recommendations to improve the cybersecurity of U.S. critical infrastructure and recommends a strategy of “layered cyber deterrence” that seeks to shape behavior in cyberspace, deny benefits to adversaries who would seek to exploit cyberspace to their advantage, and impose costs against those who would nonetheless choose to target America in and through cyberspace.