• Capabilities-based – rather than actuarial -- risk analysis would make businesses safer

    Many businesses and organizations, when applying cost-benefit analysis and a risk-management analysis to measure cyber risk, are relying on the assumption that the likelihood of a future attack depends heavily on how many attacks have occurred in the past. Since there has yet to be a full-scale attack on critical infrastructure in the United States, it is simple to conclude that the risk of a cyberattack on critical infrastructure is low, therefore justifying low investment in additional security initiatives. An actuarial risk analysis may conclude that there is little likelihood of such as attack occurring, but a capabilities-based risk analysis recognizes that since adversaries are capable of such an attack, it is in an organization’s best interest to secure against it.

  • Cryptolocker has you between a back-up and a hard place

    Cryptolocker, a particularly vicious form of malware that first appeared in September 2013, is a game-changer. After getting into your computer, it will encrypt all your data files, from your word documents to your photos, videos, and PDFs. It will then ask for a ransom of around $300 or 0.5 bitcoins to get them back. It has been one of the most commented developments in computer security circles in recent times, and copycats are appearing. The criminals are netting tens or hundreds of millions in ransoms, and at least some of the ill-gotten gains secured from Cryptolocker are likely to be reinvested. The criminals behind it will likely pay for access to bigger botnets to reach a wider base of victims. Future versions of the virus will in all likelihood be more prevalent and will extend across other platforms, like smartphones and tablets.

  • Delaware launches cyber initiative

    Delaware is joining the number of states that have decided to invest in a statewide cybersecurity workforce to combat the growing threat of cyberattacks directed at both private and public institutions.Delaware hopes its cyber initiative will accelerate current efforts to develop a stronger cyber workforce. The Delaware Cyber Initiative proposes $3 million for a collaborative learning and research network in the form of part research lab, part business park, dedicated to cyber innovation.

  • Protecting personal data on smartphone

    Social networking and the instantaneous sharing of information have revolutionized the way we communicate. Our mobile phones are able to automatically obtain information such as our current location and activities. This information can be easily collected and analyzed to expose our private life. What is even more malicious is that the personal data contained in our smartphones can be disclosed via installed applications without our being informed.

  • Quantum mechanics may lead to ultra-secure Internet

    In 1935 Einstein and researchers highlighted a “spooky” theory in quantum mechanics, which is the strange way entangled particles stay connected even when separated by large distances. In the 1990s, scientists realized you can securely transmit a message through encrypting and using a shared key generated by Einstein’s strange entanglement to decode the message from the sender and receiver. Using the quantum key meant the message was completely secure from interception during transmission.

  • Making the grid smarter makes it more vulnerable to hackers

    The U.S. electric grid is constantly under attack despite attempts by utilities to boost physical security and cyberdefenses. In 2013 a DHS cyber emergency team responded to more than eighty incidents involving energy companies. “If you’re a utility today, depending on your scale, you’re under attack at this moment,” says Robert Weisenmiller, chairman of the California Energy Commission.

  • “Hacker schools” grow to meet growing demand for programmers

    The increasing demand for computer programmers in the job market has led to the growth of “hacker schools,” an alternative to traditional education that offers students a quicker, cheaper, and effective way to learn computer programing. Hacker schools do not offer certificates or diplomas, instead they target students who currently have degrees in other fields but who want a career change.

  • Universities struggle to balance cybersecurity, openness

    Since January 2013, more than fifty academic institutions across the country have been targets of cyberattacks, compromising personal information and intellectual property. Unlike other organizations, universities cannot mandate what devices are used to access their networks, and they must accommodate faculty, students, and researchers spread across the globe. Academic network systems are attractive to hackers because they contain valuable intellectual property.

  • Howard County, Md. attracts cybersecurity firms

    Howard County, Maryland boasts a growing presence of cybersecurity firms and specialists at a time when the industry is gaining attention. The proximity of the county to government agencies has helped cybersecurity firms gain federal contracts, and the proximity of large cybersecurity consumers like the NSA offers cybersecurity firms in Howard County a large pool of cybersecurity specialists to select from when NSA employees decide to shift to the private sector.

  • NERC drill finds U.S. grid preparedness insufficient

    The North American Electric Reliability Corporation (NERC) reported that its recent GridEx II exercise has highlighted the fact that nearly all the utilities which took part in the two-day drill last November – a drill aiming to test the preparedness of the U.S. power grid to withstand cyber and physical attacks – admitted that their planning for such attacks was insufficient. NERC’s president, Gerry Cauley, said that protecting utilities against cyber and physical attacks should be considered in the context of measures taken to protect the grid from other threats. He noted that utilities are already hardening their systems against storms like Hurricane Sandy, while working to determine their vulnerability to solar activity that changes the earth’s magnetic field.

  • Hacking prof’s computer to change a grade is easier than studying

    Academic institutions are easy targets since many do not invest in sophisticated IT personnel or employ the latest cybersecurity programs. Some students have noticed this, and more and more universities are facing a new hacking problem: students hacking their professors’ computers in order to improve their grades. “It became so much easier to change my grades than going to class and working real hard,” a Purdie University student told an Indiana court.

  • Cyber war in Ukraine – business as usual for the Russian bear

    In a war — declared or otherwise — bravery and perseverance are not enough. Communications are important. Effectiveness means being able to command your troops and gather information. It also means being able to trust your communications. Disrupting and distorting communications is a dark art, the “new black” in overt and covert conflict. This is what we are seeing in Ukraine. Russia appears to be having a fine time covertly sabotaging Ukrainian networks.

  • Iona College to Launch BS, BA, MS concentrations in cybersecurity

    Iona College announced the launch in fall 2014 of undergraduate and graduate programs in computer science with a concentration in cyber security. The concentration will be offered for the Bachelor of Science, Bachelor of Arts, and the Master of Science degrees. The programs will provide students with fundamental cyber security skills, theoretical as well as hands-on experience. Students are exposed to new research ideas across many cyber security areas including software security, Web application security, mobile security, networking security, database security, and cryptography.

  • Ukrainian computer systems attacked by sophisticated malware with "Russian roots"

    Ukrainian computer systems and networks have been targeted by at least twenty-two attacks launched by “committed and well-funded professionals” since January 2013, defense contractor BAE Systems found. BAE declined to identify the source of the attacks, but a German company said the espionage software has “Russian roots.” The malware design “suggests that attackers possess an arsenal of infiltration tools and bears all the hallmarks of a highly sophisticated cyber operation,” the BAE report said.

  • FERC orders development of physical security standards for transmission grid

    The Federal Energy Regulatory Commission (FERC) on Friday directed the North American Electric Reliability Corporation (NERC) to develop reliability standards requiring owners and operators of the Bulk-Power System to address risks due to physical security threats and vulnerabilities.