• The SolarWinds Hack Was All but Inevitable – Why National Cyber Defense Is a “Wicked” Problem and What Can Be Done about It

    Software supply chains are vulnerable to hackers: Many U.S. companies outsource software development because of a talent shortage, and some of that outsourcing goes to companies in Eastern Europe that are vulnerable to Russian operatives. One problem is that U.S. national cyber defense is split between the Department of Defense and the Department of Homeland Security, which leaves gaps in authority. There are no easy solutions to shoring up U.S. national cyber defenses.

  • Cybersecurity Curriculum, Pilot Focused on Veterans and First Responders

    The University of Arkansas at Little Rock is part of a coalition of universities and industry partners that are developing a curriculum to increase cybersecurity talent focused on health care with $6.3 million in funding from the National Security Agency. The curriculum focuses on health care cybersecurity.

  • U.S. Response to SolarWinds Cyber Penetrations: A Good Defense Is the Best Offense

    We are in a new “Long War,” an ambient cyber conflict that will play out over decades against multiple adversaries. This is a conflict where the best offense may be a good defense. Limiting the potential harm adversaries can impose on us, while retaining the ability to inflict asymmetric damage, offers the best hope of bolstering U.S. national security and creating a world of cyber deterrence and restraint. Hopefully, SolarWinds marks the inflection point of a pivot to a more effective defense-based national cyber strategy.

  • Punitive Response to SolarWinds Would Be Misplaced, But Cyber Deterrence Still Matters

    Some analysts argue that the United States should respond to the SolarWinds breach by focusing on improving defenses, rather than on conducting a retaliatory response such as some government officials have been advocating. Apunitive response to SolarWinds may be unwise because the available evidence indicates that the objective of the operation was national security espionage. However, this does not mean that the pursuit of deterrence strategies to address other types of malicious behavior in cyberspace, beyond espionage, is a fool’s errand. Deterrence is not a one-size-fits-all concept in cyberspace—or in any other domain.

  • In the Wake of SolarWinds: Making and Breaking a Rules-Based Global Cyber Order

    We should recognize that the need to make careful distinctions between different categories of cyber operations, and shun the use of emotive and misleading language about “attacks,” should also be extended to the field of political influence via the internet. Using cyberspace to spread propaganda, influence political outcomes and reveal or invent damaging information is an extension of tactics that have been used in different ways for millennia—including by the U.S. Actually trying to rig U.S. elections by tampering with the count online would be completely different and vastly more serious.

  • K-12 Schools Need to Take Cyberattacks More Seriously

    There has been an uptick of ransomware attacks in which cybercriminals have targeted public schools throughout the United States – from Hartford, Connecticut, to Huntsville, Alabama – since the 2020-21 school year began. Federal cybersecurity officials say the attacks – which involve things that range from the theft of sensitive student data to the disruption of online classes – are expected to continue. As a researcher who specializes in cybercrime and cybersecurity, I know that public schools represent easy and attractive targets for cybercriminals.

  • Utah State University’s Seth Manesse Wins First Individual CyberForce Competition

    After a tough, day-long contest, Seth Manesse from Utah State University won the sixth CyberForce Competition. Each CyberForce Competition presents a real-world scenario in which participants must defend cyber-physical infrastructure against threats modeled on those faced by the energy sector today. The 2020 scenario involved a wind energy company in charge of over 20,000 megawatts of electricity generation that has been experiencing abnormal network activity.

  • Specific Cybersecurity Guidelines to Help Protect Our Elections

    Making elections secure means protecting against ever-evolving threats to information technology — which scans in-person and mail-in ballots, supports voter registration databases and communicates vote tallies. To reduce the risk of cyberattacks on election systems, NIST has released draft guidelines that provide a road map to help local election officials prepare for and respond to cyber threats that could affect elections. The plain-language guide provides strategies to guard election-related technology against cyberattack.

  • U.S. Trying to Insulate Electrical Grid from Cyberattacks

    With America’s electrical infrastructure getting zapped daily by an unprecedented number of cyberattacks, the federal government is taking action to prevent a potentially crippling hack of the grid. A 100-day plan was announced Tuesday by the U.S. Energy Department to harden security systems for the country’s electrical infrastructure and increase the ability to detect and neutralize cyber threats.

  • Advancing Applied Research in Cybersecurity

    The Forge Institute, along with the University of Arkansas Fayetteville (UA-Fayetteville) and University of Arkansas Little Rock (UA-Little Rock), jointly announced a partnership to advance applied research in areas that support our national defense, including cybersecurity.

  • Machine Learning Algorithm May Be Key to Timely, Inexpensive Cyberdefense

    Zero-day attacks can overwhelm traditional defenses, costing organizations money and resources. A machine learning algorithm may give organizations a powerful and cost-effective tool for defending against attacks on vulnerable computer networks and cyber-infrastructure, often called zero-day attacks, according to researchers.

  • Creating a National Network of Cybersecurity Institutes

    DHS S&T, in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), awarded $2 million to the University of Illinois at Urbana-Champaign (UIUC) to develop a plan that CISA can execute to build a national network of cybersecurity technical institutes. “CISA sees the growing cybersecurity workforce shortage in the United States as a national security risk,” said Bryan Ware, CISA assistant director of cybersecurity.

  • U.S. Expels Russian Diplomats, Imposes New Sanctions on Russia in Retaliation for Hacking, “harmful activities”

    The U.S. has imposed a new round of sanctions against Russia targeting what it calls the “harmful” foreign activities of Moscow. U.S. intelligence officials have pointed the finger at Russia for a massive hack known as SolarWinds that hit large swaths of the U.S. public and private sectors last year. Widely used software is believed to have been infected with malicious code, enabling hackers to access at least nine U.S. agencies, dozens of corporations.

  • Harnessing Chaos to Protect Devices from Hackers

    Researchers have found a way to use chaos to help develop digital fingerprints for electronic devices that may be unique enough to foil even the most sophisticated hackers. Just how unique are these fingerprints? The researchers believe it would take longer than the lifetime of the universe to test for every possible combination available.

  • Global Security Trends

    The National Intelligence Council (NIC) on Thursday released the seventh edition of its quadrennial Global Trends report. Global Trends 2040: A More Contested World is an unclassified assessment of the forces and dynamics that the NIC anticipates are likely to shape the national security environment over the next twenty years. Global competition for influence will intensify. “During the next two decades, the intensity of competition for global influence is likely to reach its highest level since the Cold War,” the report notes.