• U.S. always ends up regulating new technologies for public safety; the Internet is no exception

    Homeland Security News Wire’s executive editor Derek Major talked with CSIS’s James Lewis about the cybersecurity challenges the United States faces, Stuxnet, China’s hacking campaign, cyber arms control efforts, and more; on the stalled cybersecurity bill, opposed by critical infrastructure operators as being too burdensome, Lewis says: “It takes America about 20-40 years to come to terms with a new technology, but we always end up regulating it for public safety. This will be no different. We are in year 17.”

  • Most cybersecurity incidents in Europe remain undetected or not reported

    In a new report, the EU cyber security agency takes a snapshot of existing and future EU legislation on security measures and incident reporting; the analysis underlines important steps forward, but also identifies gaps in national implementation, as most incidents are not reported

  • Siemens software which controls power plants vulnerable to hackers

    RuggedCom is a Canadian subsidiary of Siemenswhich sells networking equipment for use in harsh environments with extreme and inclement weather; many critical infrastructure operators of power plants, water systems, dams, and more; a security specialist discovered a flaw in the software, a flaw which allows hackers to spy on communication of infrastructure operators and gain credentials to access computer systems which control power plants as well as other critical systems

  • U.S. may already have authority to issue infrastructure protection regulations

    While the president and Congress continue to debate the cybersecurity bill, the White House Office of Management and Budget may already have sufficient statutory authority to enact new regulations through the normal notice-and-comment rulemaking process; the basis for such regulations would be the Data Quality Act (DQA) which sets the standards for the integrity of data used by federal agencies in public disseminations

  • Obama considering executive order for infrastructure protection

    President Barack Obama is exploring whether to issue an executive order to protect the U.S. critical computer infrastructure from cyber attacks; White House sources say an executive order is being considered after a 2 August procedural vote in the Senate that all but doomed a scyberecurity bill endorsed by Obama as well as current and former national security officials from both Republican and Democratic administrations

  • The five biggest stories at Black Hat

    The annual Black Hat Briefings conference, held last week in Las Vegas, is the world’s biggest, and arguably the most important, gathering of security researchers; here are the five biggest stories to take away from last week’s Black Hat meeting in Las Vegas

  • Global air control system largely defenseless against hacking

    The ADS-b system, the multi-billion dollar communication system deployed at airports around the world over the last few years, has two major flaws: first, it has no means of verifying who is actually sending a message, which means that a hacker can impersonate an aircraft and send malicious and misleading information to control towers and to other aircraft; second, the position, velocity, and other information broadcast by aircraft is not encrypted and can be grabbed from the air; a presenter at the Black Hat cybersecurity event showed how it is possible to use the information to plot the route of Air Force Phone on an iPad; these two vulnerabilities can be easily exploited by anyone with modest technical skills and about $2,000 worth of electronics

  • Winners of the California Cyber Summer Camp Capture the Flag competition announced

    Cal Poly Pomona, in partnership with Booz Allen Hamilton and the U.S. Cyber Challenge, hosted the U.S. Cyber Challenge California Cyber Summer Camp in Pomona, California; the camp curriculum included in-depth workshops on a range of topics, including penetration testing, reverse engineering, and forensics; the week was capped off by a virtual “capture the flag” competition and awards ceremony on the last day

  • Researchers say spoofed GPS signals can be countered

    From cars to commercial airplanes to military drones, global positioning system (GPS) technology is everywhere — and researchers have known for years that it can be hacked, or as they call it, “spoofed”; the best defense, they say, is to create countermeasures that unscrupulous GPS spoofers can not deceive

  • Game lets players try their hand at computer security

    A new game — Control-Alt-Hack — gives teenage and young-adult players a taste of what it means to be a computer-security professional defending against an ever-expanding range of digital threats; the game’s creators will present it this week in Las Vegas at Black Hat 2012; educators in the continental United States can apply to get a free copy of the game while supplies last; it is scheduled to go on sale in the fall for a retail price of about $30

  • Mobile device necessitate “stateless” IT security architecture

    I n a new report, Forrester analysts say that to stay ahead of evolving mobile business requirements, security and risk (S&R) and infrastructure and operations (I&O) executives cannot rely on the old approach of end-to-end control over the data path, device, and applications; instead, they must embrace a “stateless” architecture in which IT decouples security controls from the devices and the infrastructure, derives trust dynamically, and avoids costly new investment of in-house applications and infrastructure

  • Sharp increase in cyberattacks on U.S. critical infrastructure

    The number of reported cyberattacks on U.S. critical infrastructure increased sharply – from 9 incidents in 2009 to 198 in 2011; water sector-specific incidents, when added to the incidents which affected several sectors, accounted for more than half of the incidents; in more than half of the most serious cases, implementing best practices such as login limitation or properly configured firewall, would have deterred the attack, reduced the time it would have taken to detect an attack, and minimize its impact

  • Infrastructure security market to reach $32.55 billion in 2012

    The global infrastructure security market, in terms of government spending, will reach a value of $32.55 billion in 2012; a new report says that spending on bolstering the cyber aspects of infrastructure security has little utility by itself unless the physical integrity of the infrastructure is also appropriately safeguarded

  • First successful "spoofing" of UAVs demonstrated

    A research team successfully demonstrated for the first time that the GPS signals of an unmanned aerial vehicle (UAV), or drone, can be commandeered by an outside source — a discovery that could factor heavily into the implementation of a new federal mandate to allow thousands of civilian drones into the U.S. airspace by 2015

  • DHS FY2013 $5.75 billion IT budget request focuses on mobility, data center consolidation

    DHS FY2013 IT spending requests are roughly even with FY2012 levels, with emphasis on commodity IT, mobility, and data center consolidation; the overall 2013 DHS budget request is just under $40 billion; the department’s IT budget request is just over $5.75 billion; down from $5.79 billion in FY2012