-
Security vs. privacy
Those who ask you to choose security or privacy and those who vote on security or privacy are making false choices. That’s like asking air or water? You need both to live. Maslow placed safety (of which security is a subset) as second only to food, water, sex, and sleep. As humans we crave safety. As individuals and societies, before we answer the question “security or privacy,” we first have to ask “security from whom or what?” and “privacy from whom and for whom?”
-
-
Norwich University receives $10 million for cybersecurity research
Norwich University in Vermont has secured another round of funding for cybersecurity research. $9.9 million in federal funds will go toward a project aiming to ensure that private and public sector groups can better plan for cyberattacks. The university’s Applied Research Institute (NUARI) will direct the money for its Distributed Environment for Critical Infrastructure Decision-making Exercises (DECIDE) program.
-
-
U.S. “black budget” reveals unwieldy bureaucracy, misplaced priorities: expert
Classified budget figures and successes and failures by American intelligence agencies, exposed for the first time this week by the Washington Post, show a massive bureaucracy with misplaced priorities, according to a cybersecurity and privacy expert. “The major failure identified in all of the post-9/11 assessments was a ‘failure to connect the dots,’” the expert said. “Nevertheless, the vast majority of the black budget is being spent on data acquisition — collecting more dots — rather than analysis.”
-
-
U.S. power plants, utilities face growing cyber vulnerability
American power plants and utility companies face a growing cyber vulnerability. No U.S power plant has so far suffered a significant cyberattack, even if small-scale attacks are nearly constant, but experts say preventative actions must be taken to ensure safety. Utilities provide services which, if disrupted for long periods of time, may result in economic chaos and may even lead to social unrest.
-
-
NSA revelations hobble pursuit of a comprehensive cyberdefense initiative
NSA director General Keith Alexander has proposed a digital version of Ronald Reagan’s space-based Star Wars missile defense program, which Reagan unveiled in 1983. In Alexander’s vision, when a cyberattack is launched at the United States, the defense system would intercept and thwart the attack before it caused any damage. Intercepting a cyberattack would require the NSA to tap, track, and scan all cyber traffic entering the United States. The technology needed to intercept cyberattacks, however, is strikingly similar to the technology the NSA uses for the types of surveillance Snowden exposed. Post-Snowden, it is doubtful that the administration would pursue a comprehensive cyberdefense initiative, or that lawmakers would accept it.
-
-
Heuristic approach: Incorporating built-in defenses against viruses into software
Antivirus software running on your computer has one big weak point — if a new virus is released before the antivirus provider knows about it or before the next scheduled antivirus software update, your system can be infected. Such zero-day infections are common. A key recent development in antivirus software, however, is to incorporate built-in defenses against viruses and other computer malware for which they have no prior knowledge.
-
-
Cybersecurity jobs average over $100,000 a year
According to Semper Secure, a public-private partnership with representatives from the government and industry executives, workers in the cybersecurity industry earn an average salary of $116,000 a year.Someone with less than a year of experience, no certifications, and just an associate’s degree could pull in a salary of $91,000.
-
-
Next NIST workshop on critical infrastructure cybersecurity framework: Dallas, 11 September 2013
Registration is now open for the fourth in a series of workshops to bring together representatives from government, industry, and academia to establish a voluntary Cybersecurity Framework which will help reduce risks to critical infrastructure. The workshop will be held 11-13 September 2013, at the University of Texas at Dallas, and will be the final public session before the preliminary framework is formally released later this year.
-
-
Researchers successfully spoof an $80 million yacht at sea
Researchers were able successfully to spoof an $80 million private yacht using the world’s first openly acknowledged GPS spoofing device. Spoofing is a technique that creates false civil GPS signals to gain control of a vessel’s GPS receivers. The purpose of the experiment was to measure the difficulty of carrying out a spoofing attack at sea and to determine how easily sensors in the ship’s command room could identify the threat.
-
-
iOS security weaknesses uncovered
Researchers have discovered two security weaknesses that permit installation of malware onto Apple mobile devices using seemingly innocuous applications and peripherals, uncovering significant security threats to the iOS platform.
-
-
Senate panel signs off on cybersecurity bill
The Senate Commerce Committee has approved a cybersecurity bill aiming to bolster protection of U.S. critical infrastructure. The full Senate will vote on the bill by the end of the year. The bill codifies parts of of President Obama’s February 2013 cybersecurity executive order. Among other things, the executive order instructs the National Institute of Standard and Technology (NIST) to draft a set of cybersecurity practices and standards.
-
-
Cisco’s $2.7 billion acquisition of Sourcefire signals a trend
Cisco Systems’ $2.7 billion acquisition of Sourcefire, a Columbia, Maryland-based cybersecurity firm, may be the start of trend, as firms are looking to keep hackers at bay in a more connected world. The Maryland and northern Virginia areas around Washington, D.C. have become a hub for cybersecurity companies.
-
-
Cars’ computers could be the next targets of cyberattacks
Computers, known as Electronic Control Units (ECUs), were first installed more than thirty years ago, during the first gas crisis, to serve as computerized carburetors. Eventually these computers were upgraded for innovations like cruise control and anti-lock brakes. In modern cars, ECUs “talk” to each other, and “listen” and respond to the messages they receive, over an open network, making them vulnerable to hacking, and potentially dangerous.
-
-
Black Hat event highlights vulnerability of U.S. critical infrastructure
Cybersecurity researchers at the Black Hat conference now going on in Las Vegas, will demonstrate how hackers can gain access to U.S. critical infrastructure, and even cause explosions in oil and gas facilities, by altering the readings on wireless sensors used by the oil and gas industry. The faulty sensors typically cost between $1,000 and $2,000 each, and hundreds or even thousands of them are used at a single oil, gas, or water facility.
-
-
NIST seeking comments on energy industry security scenarios
The National Cybersecurity Center of Excellence (NCCoE) works with industry, academic, and government experts to create open, standards-based, modular, end-to-end solutions to cybersecurity challenges that are broadly applicable across a sector. The solutions are customizable to the needs of individual businesses, and help them more easily comply with relevant standards and regulations. The work is organized around use cases that describe sector-specific challenges.
-
More headlines
The long view
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.