• IT security spending grows, but confidence in cyber protection measures does not

    A new report looking at how organizations view the future of cyberthreats and these organizations’ current defenses, found that while IT spending is increasing, confidence in the efficacy of cyber protection is declining. In a survey of more than 800 IT security leaders and professionals, the report found that more than 70 percent of respondents’ networks had been breached in 2014 — a 62 percent increase from 2013. Security concerns are only going to increase as the number of Internet connected devices increase from fourteen billion today to fifty billion by 2020.

  • Wireless implantable medical devices vulnerable to hacking

    With rapidly advancing medical technologies, more and more Americans are fitted with wireless implantable medical devices (IMDs) such as cardiac pacemakers, defibrillators, cochlear implants, neuro-stimulators, and insulin pumps. This is leading to growing concerns over the vulnerability of such devices to hacking.

  • Senate panel passes revised cybersecurity bill, but privacy concerns remain

    Last Thursday, the Senate Intelligence Committeepassed the Cybersecurity Information Sharing Act(CISA) meant to encourage the private sector to share data with federal agencies, with the hopes of preventing and responding to cyberthreats before they materialized. The bill is a reincarnation of the 2013 Cyber Intelligence Sharing and Protection Act(CISPA), which drew a veto threat from President Barack Obama because of privacy concerns. Critics say that CISA, as was the case with its predecessor, would create a legal framework for companies to more closely monitor internet users and share that data with government agencies.

  • Encryption for the masses

    In the wake of the revelations that intelligence agencies have engaged in mass surveillance, both industry and society at large are looking for practicable encryption solutions which protect businesses and individuals. Previous technologies have failed in practice because they were too expensive or not user-friendly enough. German scientists have launched an open initiative called Volksverschlüsselung, which aims to bring end-to-end encryption to people.

  • The Brandeis program: Harnessing technology to ensure online privacy

    In a seminal 1890 article in the Harvard Law Review, Louis Brandeis developed the concept of the “right to privacy.” DARPA the other day announced the Brandeis program – a project aiming to research and develop tools for online privacy, one of the most vexing problems facing the connected world as devices and data proliferate beyond a capacity to be managed responsibly.

  • Biometric security could do away with passwords

    With hackers and cyber thieves running rampant online, efforts to create stronger online identity protection are leading major tech firms to invest in biometric security methods. Analysts predict that 15 percent of mobile devices will be accessed with biometrics in 2015, and the number will grow to 50 percent by 2020.

  • Guaranteeing online anonymity

    Anonymity on the Internet is possible only up to a certain degree. Therefore, it is possible that others may see who is visiting an online advice site on sexual abuse, or who frequently looks up information about a certain disease, for example. Seeing that this kind of private information can be linked to their identity, users will often resort to special online anonymization services. One of the most popular tools is Tor. “The Tor network isn’t perfect, however,” says a researcher at the Research Center for IT Security (CISPA). CISPA researchers have developed a program that can provide an accurate assessment of the level of anonymity an individual user achieves, even while basing the estimate on the fluctuations of the Tor network.

  • Security risks, privacy issues too great for moving to Internet voting

    The view held by many election officials, legislators, and members of the public is that if people can shop and bank online in relative security, there is no reason they should not be able to vote on the Internet. Contrary to this popular belief, the fundamental security risks and privacy problems of Internet voting are too great to allow it to be used for public elections, and those problems will not be resolved any time soon, according to a researcher who has studied the issue for more than fifteen years. The security, privacy, reliability, availability, and authentication requirements for Internet voting are very different from, and far more demanding than, those required for e-commerce, and cannot be satisfied by any Internet voting system available today or in the foreseeable future. Such systems are susceptible to “attack” or manipulation by anyone with access to the system, including programmers and IT personnel, not to mention criminal syndicates and even nation states.

  • Hackers exploit 1990s-era weak-encryption mandate

    Researchers have an old-new computer security vulnerability — the Factoring Attack on RSA-EXPORT Keys (FREAK), which affects SSL/TLS protocols used to encrypt data as it is transmitted over the Internet. The FREAK vulnerability goes back to an early 1990s U.S. restriction which limited software sold abroad to a maximum 512-bit code encryption. The mandate was set to allow U.S. federal intelligence agencies easily to spy on foreign software users.

  • Cyber researchers need to predict, not merely respond to, cyberattacks: U.S. intelligence

    The Office of the Director of National Intelligence wants cybersecurity researchers to predict cyberattacks rather than just respond to them, according to the agency’s Intelligence Advanced Research Projects Activity (IARPA) program. Current cyber defense methods such as signature-based detection “haven’t adequately enabled cybersecurity practitioners to get ahead of these threats,” said Robert Rahmer, who leads IARPA’s Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program. “So this has led to an industry that’s really invested heavily in analyzing the effects or symptoms of cyberattacks instead of analyzing [and] mitigating the cause.”

  • Bio-inspired analysis helps in recognizing, characterizing evolving cyberthreats

    Our reliance on cyber systems permeates virtually every aspect of national infrastructure. The volume of network traffic data generated has outpaced our ability effectively analyze it fast enough to prevent many forms of network-based attacks. In most cases new forms of attacks cannot be detected with current methods. The MLSTONES methodology leverages technologies and methods from biology and DNA research — LINEBACkER applies the MLSTONES methodology to the problem of discovering malicious sequences of traffic in computer networks. LINEBACkER allows cyber security analysts quickly to discover and analyze behaviors of interest in network traffic to enhance situational awareness, enable timely responses, and facilitate rapid forensic and attribution analysis.

  • FAA should address weaknesses in air traffic control systems: GAO

    The Federal Aviation Administration (FAA) has taken steps to protect its air traffic control systems from cyber-based and other threats, but significant security control weaknesses remain, threatening the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system (NAS), the GAO says in a new report. The GAO report says that FAA also did not fully implement its agency-wide information security program.

  • Aviation industry under-prepared to deal with cyber risk: Expert

    The aviation industry is behind the curve in terms of its response and readiness to the insidious threat posed by cyber criminality whether from criminals, terrorists, nation states, or hackers, according to Peter Armstrong, head of Cyber Strategy for Willis Group Holdings, the global risk adviser, insurance and reinsurance broker. Armstrong explained that the aviation industry’s under-preparedness is noteworthy in a sector that abhors uncertainty and works tirelessly to eradicate it.

  • North Korea’s cyber warriors target Western critical infrastructure

    North Korea has a team of roughly 3,000 cyber soldiers dedicated to launching attacks at Western interests in the private and government sector, according to Kim Heung-gwang, a former professor at North Korea’s Hamhung University of Computer Technology, a key military training facility. Heung-gwang, urging Western governments to do more to counter North Korean hacking, said the country’s hackers are targeting Western nuclear power plants, transportation networks, and electrical utilities.

  • Army seeks public collaboration in developing security software

    Researchers working on a new cybersecurity project at the Army Research Lab (ARL) in Adelphi, Maryland have made available their project to anyone on the Internet in order to prompt professional collaboration and help. This atypical development tactic is intended to kick-start public collaboration on a software tool intended to aid soldiers in understanding where hackers might be targeting military systems.