-
DARPA’s Cyber Grand Challenge aims to see fully automated network security systems developed
There is an increasingly serious cybersecurity problem: the inadequacy of current network security systems, which require expert programmers to identify and repair system weaknesses — typically after attackers have taken advantage of those weaknesses to steal data or disrupt processes. Such disruptions pose greater risks than ever as more and more devices, including vehicles and homes, get networked in what has become known as “the Internet of things.” DARPA is addressing this problem, with teams from around the world starting a two-year track toward the world’s first tournament of fully automated network security systems. Computer security experts from academia, industry, and the larger security community have organized themselves into more than thirty teams to compete in DARPA’s Cyber Grand Challenge — first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched.
-
-
Roots of Trust research focuses on protecting cyber physical systems
“Roots of Trust” refers to a set of security functions in a device or system, which are implicitly trusted by the device’s operating system and applications, and which constitute the foundation for security. The Cyber Security Research Alliance (CSRA) the other day said it will prioritize research in Roots of Trust for cyber physical systems (CPS), to help address growing cyber security threats to public and private critical infrastructure.
-
-
Develop tool to make the Internet of Things safer
There is a big push to create the so-called Internet of Things, where all devices are connected and communicate with one another. As a result, embedded systems — small computer systems built around microcontrollers — are becoming more common. They remain vulnerable, however, to security breaches. Some examples of devices that may be hackable: medical devices, cars, cell phones and smart grid technology. Computer scientists have developed a tool that allows hardware designers and system builders to test security- a first for the field.
-
-
Is your iPhone at risk after the Oleg Pliss hack?
iPhone users in Australia were greeted with an alarming message this week when they tried to use their devices. They were told that a hacker or group of hackers going by the name Oleg Pliss had taken control of their phone and will lock it permanently unless a $100 ransom is paid. It’s not yet clear whether the attack is likely to affect iPhone users outside Australia but even if it doesn’t, the attack has raised questions about the security of the iPhone. Apple products have a reputation for being more secure than others and this is the first major attack of its kind. iPhone is one of the most secure smartphones and that is still true. This attack is a very clever compromise but it does not actually hack into your phone. Instead, Oleg Pliss seems to have found a way of attacking the remote server that supports an iPhone user’s iCloud account.
-
-
Future cyberattacks to cause more trouble than Heartbleed
Many of the future cyberattacks could take advantage of vulnerabilities similar to Heartbleed, a major Internet security flaw which allows attackers to gain access to encrypted passwords, credit card details, and other data on trusted Web sites including Facebook, Gmail, Instagram, and Pinterest. A new report said that hackers could soon use similar holes in computer security to shut down energy grids, disrupt public services, and steal vast amounts of private data worth billions of dollars, unless institutions take measures today to ready themselves against future Heartbleed-like threats.
-
-
Testing distributed computing to protect against cyberattacks on power grids
The power grid is complicated, divided up into sections that cover everything from a single municipal area (like New York City) to large regions (like the entire state of California). Each of these sections is controlled by a single control center. If that control center stops functioning, because of a cyberattack or for any other reason, it is no longer capable of monitoring and maintaining the grid, resulting in severe instabilities in the system. The SmartAmerica Challenge, which kicked off in late 2013 to highlight U.S. research in the field of cyberphysical systems, aims to address power grid security concerns.
-
-
Snowden revelations spur a surge in encrypted e-mail services
The Edward Snowden revelations about National Security Agency(N.S.A) surveillance programs have fueled a surge of new e-mail encryption services. “A lot of people were upset with those revelations, and that coalesced into this effort,” said the co-developer of a new encrypted e-mail service which launched last Friday. The company notes that its servers are based in Switzerland, making it more difficult for U.S. law enforcement to reach them.
-
-
Researchers crack supposedly impregnable encryption algorithm in two hours
Without cryptography, no one would dare to type their credit card number on the Internet. Security systems developed to protect the communication privacy between the seller and the buyer are the prime targets for hackers of all kinds, hence making it necessary for encryption algorithms to be regularly strengthened. A protocol based on “discrete logarithms,” deemed as one of the candidates for the Internet’s future security systems, was decrypted by École polytechnique fédérale de Lausann (EPFL) researchers. Allegedly tamper-proof, it could only stand up to the school machines’ decryption attempts for two hours.
-
-
NIST seeking comments on revisions to ICS security guide
The National Institute of Standards and Technology (NIST) has issued for public review and comment a proposed major update to its Guide to Industrial Control Systems (ICS) Security. The NIST guide, downloaded more than 2.5 million times since its initial release in 2006, advises on how to reduce the vulnerability of computer-controlled industrial systems used by industrial plants, public utilities and other major infrastructure operations to malicious attacks, equipment failures, errors, inadequate malware protection and other software-related threats.
-
-
Cybersecurity bill not likely before a crisis proves its necessity
A recent simulation, with 350 participants from congressional staffs, the cybersecurity sector, and the U.S. military, examined whether or not Congress was capable of passing a comprehensive cybersecurity legislation to protect the country’s critical infrastructure from debilitating cyberattacks. The simulation participants concluded that Congress is not likely to act unless there is a major cyber crisis, and that until such crisis occurs, smaller measures, such as the president’s voluntary cybersecurity framework, are the best that can be hoped for.
-
-
States lack expertise, staff to deal with cyberthreats to utilities
The vulnerability of national electric grids to cyberattacks has caught the attention of federal utility regulators and industry safety groups, but state commissions tasked with regulating local distribution utilities are slow to respond to emerging cybersecurity risks. The annual membership directory of state utility regulators lists hundreds of key staff members of state commissions throughout the country, but not a single staff position had “cybersecurity” in the title.
-
-
Attackers exploited Microsoft security hole before company’s announcement
Before Microsoft alerted its customers of a security flaw in Windows XP over a week ago, a group of advanced hackers had already discovered and used the vulnerability against targeted financial, energy, and defense companies.
-
-
FBI warns healthcare providers about cybersecurity
The FBI has issued a private industry notification (PIN), warning healthcare providers that their cybersecurity networks are not sufficiently secure compared to the networks of the financial and retail sectors, making healthcare systems even more vulnerable to attacks by hackers seeking Americans’ personal medical records and health insurance data. Healthcare data are as valuable on the black market than credit card numbers because the data contain information that can be used to access bank accounts or obtain prescription for controlled substances.
-
-
U.S. military communication satellites vulnerable to cyberattacks
A new report warns that satellite communication terminals used by U.S. military aircrafts, ships, and land vehicles to share location data, are vulnerable to cyberattacks through digital backdoors. A forensic security review of codes embedded inside the circuit boards and chips of the most widely used SATCOM terminals identified multiple hacker entry points.
-
-
Sandia offers free classes to high school students at the Lab’s Cyber Technologies Academy
In the rapidly changing world of cybersecurity, who better to learn from than the professionals who live in that world every day? High school students are getting just that opportunity through Sandia National Laboratories’ Cyber Technologies Academy, free classes for high school students interested in computer science and cybersecurity.
-
More headlines
The long view
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.