• Cold War to cyber war, here’s how weapon exports are controlled

    It was reported last week that the U.K. government is pushing for new restrictions on software — in particular, on tools that would prevent surveillance by the state. This was the focus of negotiations to incorporate cyber security technologies into the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. Wassenaar was born of the Cold War in 1996. The idea was to inhibit the Soviets (and Chinese) by preventing the export of military equipment and the technology that could be used to make, maintain or defeat that equipment. The push to include cybersecurity in Wassenaar negotiations is unlikely to be effective but will reassure nervous politicians and officials.

  • Cybersecurity isn’t all about doom and gloom

    Much is made in the press of the devastating effects that weak cybersecurity is having on the economy in the United Kingdom and globally. The threat is compounded by a significant skills shortage. The U.K. government thinks the problem is so severe that it has identified cybersecurity as a Tier 1 national security threat and invested 860 million pounds to defend the country’s digital shores. What all this means is that there is money to be made from cybersecurity and small businesses should not fear it but embrace it. The business opportunities are boundless in cybersecurity. One area that is promising in this sense is the move towards smart cities. As the infrastructure around us, such as traffic lights and utilities becomes more regularly controlled via computers, market opportunities emerge

  • New Silicon Valley focus on cybersecurity

    The last time Silicon Valley focused on cybersecurity was in the 1990s. That focus saw the emergence of two giants: McAfee and Symantec. The two companies remain the most recognizable household names, thanks to their traditional firewall and anti-virus products. Now they find the arena which they thought was their own encroached from two sides. On one side there are tech giants like Hewlett-Packard and Cisco Systems, which see new revenue opportunity in cybersecurity. On the other side there is a rush of start-ups backed by large investments of venture capital.

  • Cyberweapons to defend electricity's perimeter

    Cyber war, cyber terror, and cyber crime target all manner of operations and, by design, cannot be detected until they have already done their damage. Nobody is immune to such attacks, and particularly target-rich environments include government bodies and critical power industries such as bulk electricity supply (BES). Hackers and cyberdefenders clash just outside of, at, or inside an organization’s electronic security perimeter (ESP). To counter such threats, a bulk electricity solution — North American Electric Reliability Corp.’s (NERC) Critical Infrastructure Protection (CIP) standards regarding BES cybersecurity — was launched in January 2008 through Federal Energy Regulatory Commission (FERC) oversight. How effective is the use of cyberweapons in protecting electricity’s perimeter?

  • Protecting cars from hackers

    A U.S. senator has asked twenty automobile manufacturers how each plans to stave off wireless hacking attempts on the computer systems of the vehicle they manufacture, and also how they protect driver privacy. The questions by Senator Ed Markey (D-Massachusetts) indicate that he will demand that carmakers apply computer-industry security processes, including implementation of anti-virus software, incident logging, incident-response planning, software vulnerability patching, and third-party penetration testing — the last of which would stage real hacker attacks on mass-production vehicles.

  • NIST's cybersecurity framework for infrastructure

    Company which are managing critical infrastructure in the United States and disregard the Preliminary Cybersecurity Framework, issued by the National Institute of Standards and Technology (NIST) in late October, do so at their own peril. The framework is now in its final comment stage and due to be released in mid-February. It lays out a set of comprehensive but voluntary cybersecurity practices.

  • EU issues new manual for defending ICS against cyberattacks

    ENISA, the EU’s cybersecurity agency, has issued a new manual for better mitigating attacks on Industrial Control Systems (ICS). ICS support vital industrial processes primarily in the area of critical information infrastructure such as the energy and chemical transportation industries, where sufficient knowledge is often lacking. As ICS are now often connected to Internet platforms, additional security preparations must be taken. ENISA says that the new guide provides the necessary key considerations for a team charged with ICS Computer Emergency Response Capabilities (ICS-CERC).

  • Federal IT spending to exceed $11 billion by 2018

    A new report from Delteks, contracted spending on cybersecurity will continue to grow from nearly $9 billion in FY2013 to $11.4 billion in FY2018, driven by multiple initiatives aimed at improving the overall cybersecurity posture of federal agencies. Persistent threats, complex and evolving policy issues, and changing technologies highlight ongoing cyber-workforce shortages to drive investments despite constrained federal IT funding.

  • Cybersecurity Manhattan Project needed

    On a daily basis, cyberattacks successfully steal U.S. intellectual property and military weapons plans, disrupt banking systems operations, and gain access to personal information which is supposed to be secure. The question: What it will take to harness America’s resources to push the country into developing effective national cyberdefense capabilities? Should it take another 9/11? Experts say that the whole must be greater than the sum of its parts. Power grid cyberattack exercises, increased cyberwarrior staffing at U.S. Cybercom, and the authorization of preemptive cyberattacks by Presidential Policy Directive 20 are individually good steps. But where is the whole? The unifying call to action? The United States may not be able to have another Manhattan Project, but it should be able to develop a Manhattan Project mentality, one which is orchestrated and executed by the U.S. cybersecurity czar or perhaps the DHS.

  • NSA planted sleeper malware in 50,000 computer networks

    The NSA has planted 50,000 sleeper malware packages – in effect, digital sleeper agents – in more than 50,000 computer networks around the world. The agents, controlled by the NSA’s Tailored Access Operations (TAO) unit, can be activated on command to harvest information of cause disruption. To plant the digital agents, the NSA employed methods typically used by Internet scammers and fraudsters.

  • Cyber Gym in Israel trains cyber-defenders

    A group of IT and infrastructure companies in Israel have teamed up to launch Cyber Gym.The facility, inaugurated this month by Israel Electric Corp. (IEC), will train participants to defend against cyber attacks.When Sivan Shalom,  Israel’s Infrastructure and Energy Minister, was asked whether Israel was more concerned about a physical or a virtual attack, he said: “I think the future battle will be in cyberspace.”

  • Digital privacy services enjoying a surge in demand

    Digital privacy services such as encrypted e-mail, secure instant messaging, and services that provide hard-to-track IP addresses are enjoying a surge in demand as individuals and businesses seek to protect information from spies and hackers in the wake of the National Security Agency’s (NSA) surveillance program revelations. These services promise security, but may also slow down computer performance. Moreover, they are not likely to deter those who are determined to hack into a particular computer network.

  • Akamai to acquire cloud-based security solutions provider Prolexic

    Organizations, faced with an ever-changing threat landscape, require comprehensive security solutions that address many different protection scenarios. These include securing mission critical Web properties and applications from attack, as well as protecting the full suite of enterprise IP applications — including e-mail, file transfers, and VPN — across a data center. Akamai acquires Prolexic in order to extend its Web optimization and security offerings by adding cloud-based security solutions for protecting data centers and enterprise applications.

  • Developing cyber resilience to meet increasing cyberthreats

    Managing resilience for cyber systems requires metrics that reflect the relationships among system components in physical, information, cognitive, and social domains. In a paper, researchers describe a framework for understanding the concept of cyber resilience, and lay out a systematic method by which to generate resilience metrics for cyber systems.

  • Cybersecurity paradigm shift: from reaction to prediction and prevention

    The intensification of cyberattacks on corporations and government agencies has led to a surge of new companies offering cybersecurity solutions, and Israel boasts some of the world’s top cybersecurity firms.Until recently, investment dollars generally supported startups with a focus on defensive cyber solutions, but now firms like Israel’s CyberArk, providers of proactive and full-service cyber solutions, are of growing interest of tech investors.