• Cybersecurity Guide Tailored to the Hospitality Industry

    A new practical cybersecurity guide from the National Institute of Standards and Technology (NIST) can help hotel owners reduce the risks to a highly vulnerable and attractive target for hackers: the hotel property management system (PMS), which stores guests’ personal information and credit card data. 

  • The U.S. Government Needs to Overhaul Cybersecurity. Here’s How.

    After the 2015 hack of the U.S. Office of Personnel Management, the SolarWinds breach, and—just weeks after SolarWinds—the latest Microsoft breach, it is by now clear that the U.S. federal government is woefully unprepared in matters of cybersecurity. Jonathan Reiber and Matt Glenn write that “it is time for a different model for cybersecurity. U.S. military bases have layers of walls, guards, badge readers, and authentication measures to control access. The United States needs the same mindset for its cybersecurity.”

  • What Would Happen If States Started Looking at Cyber Operations as a “Threat” to Use Force?

    How are threats of force conveyed in cyberspace? Duncan B. Hollis and Tsvetelina van Benthem write that when, in the spring of 2020, hackers compromised the SolarWinds Orion software by “trojanizing” the so-called Sunburst backdoor, they raised a question: “If the presence of backdoors in a victim’s network allows for future exploits capable of causing functionality losses generating destruction (or even deaths), could their presence be seen as threatening such results? More broadly, when does a cyber operation that does not itself constitute a use of force threaten force?”

  • New Initiative Aims to Ensure 5G Networks Are Reliable, Secure

    The transition to 5G will affect every device connected to the internet. Later this year, a team of Stanford researchers will demonstrate how a tight formation of computer-controlled drones can be managed with precision even when the 5G network controlling it is under continual cyberattack. The demo’s ultimate success or failure will depend on the ability of an experimental network control technology to detect the hacks and defeat them within a second to safeguard the navigation systems.

  • Russian-Backed Hackers Target German Lawmakers

    Suspected Russian state-backed hackers with a history of running disinformation campaigns against NATO have targeted dozens of German lawmakers, German media reported on 26 March. The hackers used spear-phishing e-mails to target the private e-mail accounts of members of the German parliament and regional state assemblies, in the latest suspected Russian-backed effort against lawmakers in the country.

  • Covert Action, Espionage, and the Intelligence Contest in Cyberspace

    In recent months, the world learned that China carried out an indiscriminate hack against Microsoft Exchange, while Russia hacked U.S. information technology firm SolarWinds and used cyber capabilities in an attempt to influence the 2020 U.S. presidential election. Michael Poznansky writes that the attacks raise important questions about how best to characterize these and other kinds of disruptive cyber events. Cyber-enabled espionage and covert cyber operations both qualify as intelligence activities, but they are also distinct in key ways from one another. “Failing to appreciate these differences impedes our ability to understand the richness of cyber operations, underlying motivations, the prospect for signaling, and metrics of success,” he writes.

  • Computer Chip Pitted against 500+ Hackers. The Chip Won.

    An “unhackable” computer chip lived up to its name in its first bug bounty competition, foiling over 500 cybersecurity researchers who were offered tens of thousands of dollars to analyze it and three other secure processor technologies for vulnerabilities. MORPHEUS technology from the University of Michigan emerged unscathed from a DARPA virtual hackathon.

  • Russia, Iran Meddled in November's Election; China Did Not: U.S. Intelligence

    A just-released assessment by U.S. intelligence officials finds Russia and Iran did seek to influence the outcome of the November 2020 presidential election. But the assessment also concludes that, despite repeated warnings by a number of top Trump officials, China ultimately decided to sit it out. In the run-up to the November election, President Donald Trump, DNI John Ratcliffe, NSC Adviser Robert O’Brien, and AG William Barr. Among other Trump supporters, argued the Chinese interference in the election posed as much of a threat to the election as Russian interference, with Barr arguing that China posed an even greater threat. The intelligence community’s unanimous conclusions that “China did not deploy interference efforts and considered but did not deploy influence efforts intended to change the outcome of the U.S. Presidential election,” will likely lead to new questions about how the intelligence was presented to the public.

  • Rapidly Restoring the Electrical Grid after Cyberattack

    Some 330 million Americans rely on the nation’s critical infrastructure to keep the country humming. Disruptions to electrical grids, communications systems, and supply chains can be catastrophic, yet all of these are vulnerable to cyberattack. RADICS program delivers novel technologies, custom testbed, and evaluation exercises to enable utilities and first responders to quickly restore critical infrastructure amidst a cyberattack.

  • U.S. Set to Retaliate against Russia, China for Massive Cyber Attacks

    Senior officials in the Biden administration on Friday said that the administration is finalizing its decision on how to retaliate forcefully for state-sponsored hacking, as fears in the United States and Western Europe are growing over the consequences of two recent major cyberattacks. Officials said that U.S. retaliatory measures – “some seen, some unseen” – will be coming in matter of weeks, nit months.

  • The Microsoft Exchange Hack and the Great Email Robbery

    The world is probably days away from the “Great Email Robbery,” in which a large number of threat actors around the globe are going to pillage and ransom the email servers of tens of thousands of businesses and local governments, Nicholas Weaver writes. Or at least pillage those that the purported Chinese actors haven’t already pillaged.” And now the Biden administration has a real hard policy problem: What now? The SolarWinds hack may have been significant, but [the Exchange attack] will affect far more institutions,” Weaver writes. “The Exchange attack showed complete disregard for possible consequences on behalf of those responsible for the breach,” but “without consequences, such broad attacks will simply continue.”

  • Cyber Threat Looms Large over German Election

    Whether hacking attacks or disinformation campaigns, online meddling could sway public opinion and influence the outcome of the September vote, experts warn. Recent incidents suggest that the threat is real.

  • Was SolarWinds a Different Type of Cyber Espionage?

    The Biden administration announced that it will impose sanctions and other measures against Russia in response to the SolarWinds incident. The cybersecurity firm FireEye disclosed the compromise of numerous government and private-sector networks in December 2020. SolarWinds is among the top cybersecurity breaches the U.S. government has ever confronted and has raised critical questions about the integrity of federal networks and Russia’s ultimate intentions. “Given the incident’s significance, it is understandable that the Biden administration is grappling with how to appropriately address it,” Erica D. Borghard writes. But setting aside important limitations of economic sanctions as a policy tool to address malign cyber behavior, “there is a gap between how administration officials are framing the nature of the SolarWinds incident and what the available evidence indicates about it,” she adds.

  • A Framework for Secure Cyber-Physical Systems

    Cyber-physical systems (CPS), which combine modern networking with physical actuators, can be vulnerable against hackers. Recently, researchers at DGIST developed a new framework for CPSs that is resilient to a sophisticated kind of cyberattack. Unlike existing solutions, the proposed approach allows for real-time detection and recovery from the attack while ensuring stable operation. This paves the way for secure and reliable CPSs across various application domains, such as smart cities and unmanned public transportation.

  • SolarWinds Hack Bigger, More Dangerous than Previously Thought, Tech Execs Warn

    Executives with technology companies impacted by the massive cybersecurity breach known as the SolarWinds hack are giving U.S. lawmakers more reason to worry, warning the intrusion is both bigger and more dangerous than first realized.