• Protecting Device Software from Zero-Day Attacks with TrustMS

    An essential step to protecting mobile and embedded devices from cyberattacks is ensuring that software is not vulnerable to malicious attacks. More than 12,000 new common vulnerabilities were identified in 2019 alone. Verifying that devices are secure is a daunting challenge, as thousands of apps and driver updates are released each year and many will contain vulnerabilities that have not yet been discovered. Thanks to the newly-developed Trusted Mobile System (TrustMS), it is now possible to secure app software by preventing attackers from taking advantage of these vulnerabilities.

  • Beyond 9/11: U.S. Security Needs in the 21st Century

    The year 2020 has featured an array of safety and security concerns for ordinary Americans, including disease and natural disasters. How can the U.S. government best protect its citizens? That is the focus of a new scholarly book with practical aims, Beyond 9/11: Homeland Security for the Twenty-First Century, The volume features chapters written by 19 security experts, and closely examines the role of the Department of Homeland Security (DHS), which was created after the September 2001 terrorist attacks on the U.S.

  • Finding the Origins of a Hacker

    Industrial control systems run utilities that provide the electricity to keep the lights on or that deliver the water that people expect to gush out when they turn on a tap. Today those systems can be attacked via malicious code that an adversary inserts into the normal operating instructions.

  • The Clean Network Program: Digital Age Echoes of the “Long Telegram”?

    In August, Secretary of State Mike Pompeo launched the Clean Network program—“the Trump administration’s comprehensive approach to guarding our citizens’ privacy and our companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party.” The Clean Network program’s scope—stretching from submarine cables traversing the oceans to citizens downloading smartphone apps—reveals the breadth of the administration’s concerns about the political, ideological, and technological inroads China has made in cyberspace. These concerns recall the warning George Kennan gave in his famous “long telegram” in 1946 about the Soviet Union’s “elaborate and far flung apparatus for exertion of its influence in other countries.”

  • War, Terrorism, and Catastrophe in Cyber Insurance: Understanding and Reforming Exclusions

    Insurance is one of the most promising tools for addressing pervasive cyber insecurity. A robust market for insuring cyber incidents could, among other things, financially incentivize organizations to adopt better cyber hygiene—thereby reducing cyber risk for society as a whole. But cyber insurance, however, is not yet mature enough to fulfill its potential, Jon Bateman writes, and endless lawsuits hamper its effectiveness. Reforms and new solutions are sorely needed.

  • Foreign Interference in U.S. Elections Focuses on Cultivating Distrust to Reduce Political Consensus

    The Soviet Union and then Russia institutionalized active political interference measures over many decades and advanced them into a comprehensive foreign policy tool. The strategy is used to undermine democratic governance processes in the United States and its allies, with the overarching aim to weaken the United States and its allies, while advancing Russia as a global power. Russian-backed attempts to create discord in the United States have made use of existing movements across the American political ideological spectrum and worked to create new ones.

  • Cyber Vulnerabilities Affecting Bluetooth-Based Medical Devices

    Internet-of-Things (IoT) such as smart home locks and medical devices, depend largely on Bluetooth low energy (BLE) technology to function and connect across other devices with reduced energy consumption. The Greyhound framework, named after the breed of dogs known for their hunting abilities, was designed to systematically sniff out security lapses in Wi-Fi and Bluetooth enabled devices.

  • Foreign Actors Will Likely Spread Disinformation about 2020 Election Results: FBI, CISA

    In a testimony before Congress last week, FBI Director Christopher Wray warned lawmakers that Russia is not letting up in its efforts to sway the outcome of the November presidential election. He said that what worried him the most was “the steady drumbeat of misinformation and amplification” of false claims about the integrity on the American voting system and the spreading of lies about mail-in voting. The purpose is to sow doubt and confusion about the election results, thus readying the ground for a challenge to, or even a rejection of, the results. On Tuesday, the FBI and CISA issued a public service announcement about foreign actors and cybercriminals spreading disinformation about election results.

  • Thwarting the Biggest Cybersecurity Threat to Voting in the 2020 Election

    While the controversy over the integrity of mail-in votes continues, in-person voting this time around faces potential security risks that could alter the outcome. As was the case in the 2016, Russia’s social media campaign to help its preferred candidate is already underway. For November 2020, however, Russia is planning to add another, more insidious and more threatening layer of election interference, which raises this question: Who protects the voting machines that most Americans use to submit their ballots on election day? According to Tulane University’s William “Bill” Rials, local governments, which oversee the protection of these machines and their respective databases, should be acting now to prevent cybersecurity attacks that can disrupt electronic voting.

  • The Phish Scale: NIST’s New Tool Lets IT Staff See Why Users Click on Fraudulent Emails

    Researchers at the National Institute of Standards and Technology (NIST) have developed a new tool called the Phish Scale that could help organizations better train their employees to avoid a particularly dangerous form of cyberattack known as phishing.

  • Russia Is Back, Wilier Than Ever — and It’s Not Alone

    Moscow’s hacking and disinformation tactics have evolved since 2016, while Americans help spread doubts about the November election. Russian operatives are using a sneakier, more sophisticated version of their 2016 playbook to undermine the November election — and this time, Mark Scott writes, groups inside and outside the U.S. are furthering their goal of sowing chaos.

  • Defending the 2020 Election against Hacking: 5 Questions Answered

    Journalist Bob Woodward reports in his new book, Rage, that the NSA and CIA have classified evidence that the Russian intelligence services placed malware in the election registration systems of at least two Florida counties in 2016, and that the malware was sophisticated and could erase voters. This appears to confirm earlier reports. Meanwhile, Russian intelligence agents and other foreign players are already at work interfering in the 2020 presidential election. Douglas W. Jones, a computer science professor and author of Broken Ballots: Will Your Vote Count?, writes that the list of things keeping him awake at night about the November election is long – violence; refusal to accept results if the in-person and mail-in votes differ; machine malfunction; human error, and more – but when you “add in the possibility of hacked central tabulating software in key counties, and there’s plenty to lose sleep over.”

  • Security Solution Traps Cybercriminals in a Virtual Network

    Researchers are developing a new cyber-security deception solution that uses artificial intelligence to lure hackers away and prevent breaches of network systems. The “Lupovis” solution under development by the team at the University of Strathclyde’s Center for Intelligent and Dynamic Communications makes the hunter become the hunted.

  • Russian Government Hackers Targeted Political Consulting Firm Working for Biden

    Russia’s broad effort to help Donald Trump win reelection in November now extends to hacking political consulting firms. Reuters reports. Microsoft recently alerted Washington, D.C.-based SKDKnickerbocker, a campaign strategy and communications firm working with the Biden campaign, that Russian government hackers tried to hack the company. The hackers failed to gain access to the company’s networks, according to a source familiar with its response, Reuters said.

  • DHS Blocked Circulation of a July Intelligence Bulletin Detailing Russian Disinformation Attacks on Biden

    DHS, in early July, blocked publication of a departmental intelligence bulletin which warned intelligence and law enforcement agencies of a broad Russian effort to promote “allegations about the poor mental health” of former Vice President Joe Biden, according to internal emails and a draft of the document obtained by ABC News. Critics of DHS’s decision say that the perplexing decision would fuel fears that U.S. intelligence is being politicized. “By blocking information from being released that describes threats facing the nation,” said John Cohen, the former undersecretary for intelligence at DHS under President Barack Obama, “it undermines the ability of the public and state and local authorities to work with the federal government to counteract the threat.”