• How Data Privacy Laws Can Fight Fake News

    Governments from Russia to Iran have exploited social media’s connectivity, openness, and polarization to influence elections, sow discord, and drown out dissent. While responses have also begun to proliferate, more still are needed to reduce the inherent vulnerability of democracies to such tactics. Recent data privacy laws may offer one such answer in limiting how social media uses personal information to micro-target content: Fake news becomes a lot less scary if it can’t choose its readers.

  • New Vulnerability Found in Internet-Connected Building Automation Devices

    Critical internet-connected smart building devices used in countless commercial and industrial properties, have been found to be vulnerable to a new malicious attack. The vulnerability exploits the properties in the building automation protocol (Bacnet) which enables technicians and engineers performing monitoring, setup changes and remote control of a wide range of key smart systems that impact temperature control, and other monitoring systems.

  • U.S. Elections Are Still Not Safe from Attack

    Russia’s attack on American elections in 2016, described in Special Counsel Robert Mueller’s recent report as “sweeping and systematic,” came as a shock to many. It shouldn’t have. Experts had been warning of the danger of foreign meddling in U.S. elections for years. Already by 2016, the wholesale adoption of computerized voting had weakened safeguards against interference and left the United States vulnerable to an attack. So, too, the shift to digital media and communications had opened new gaps in security and the law that could be used for manipulation and blackmail.

  • Hacking One of the World's Most Secure Industrial Programmable Logic Controllers (PLC)

    Researchers have managed to take control of a Siemens PLC, which is considered to be one of the safest controllers in the world. As part of the attack, the researchers analyzed and identified the code elements of the Siemens proprietary cryptographic protocol, and on the basis of their analysis, created a fake engineering station, an alternative to Siemens’ official station. The fake engineering station was able to command the controller according to the will of the attackers.

  • A Hacker’s Treasure: IoT Data Not Trashed

    While consumers are aware that data needs to be wiped from smart phones and computers before discarding, the proliferation of internet connected (IoT) devices poses new challenges and risks, as they too retain valuable data.

  • Foreign Campaign Intervention May Go Way Beyond Russia to China, Iran, North Korea, and Saudi Arabia

    The risk of foreign intervention goes far beyond Russia. Indeed, this type of action has happened many times in U.S. history. What’s new in 2020 is that, over the past few years, Russians have shown other nations how easy it is to sow disinformation and disrupt democratic elections. Many countries, including the United States, seek to make the voting process easy so balloting is designed much more for user-friendliness than electoral security. At the same time, technology companies have created social media platforms that are easily exploited through disinformation, false news, and fake videos. What’s more, the use of this technology to disrupt campaigns is cheap and difficult to trace.

  • Unlocking Market Forces to Solve Cyber Risk

    Markets have been slow to adjust to the multi-dimensional perils of cyber risk. Even headline-grabbing cyber incidents such as breaches of Equifax, Target, Anthem, Sony and Home Depot—along with NotPetya’s devastation of Merck, FedEx, and Maersk—have thus far had only fleeting impacts on assessments of major corporations’ prospects by investors, credit rating agencies and insurers. This disparity reflects the broader problem of a “cyber risk gap” between corporations’ exposure to cyber risks and the adequacy of their efforts to address it. Investors, insurers, credit rating agencies and others presently face this gap, and have been only slowly waking up to its magnitude.

  • Practicing Cybersecurity Gets Easier

    It’s expensive to train the people who defend us from cyberattacks. When big companies hold a large-scale exercise, they often take several months to prepare for it. Lots of people and computers, routers and other hardware form a complex infrastructure to create an attack that is as realistic as possible. That’s a good approach, but at the same time it is time consuming and expensive. This is where the Norwegian Cyber Range comes in, enabling medium and smaller players to train, too.

  • Combatting Russia’s Assault on Democracies: Lessons from Europe

    A 2018 report by the Senate Foreign Relations Committee says: “For years, Vladimir Putin’s government has engaged in a relentless assault to undermine democracy and the rule of law in Europe and the United States. Mr. Putin’s Kremlin employs an asymmetric arsenal that includes military invasions, cyberattacks, disinformation, support for fringe political groups, and the weaponization of energy resources, organized crime, and corruption.” For people pondering the potential effects of Russian interference in the 2020 elections here in the United States, it is worth understanding what other democracies are doing to confront the same problem and what lessons can be learned from their experiences.

  • Tech Companies Not Doing Enough to Fight Phishing Scams

    Technology companies could be doing much more to protect individuals and organizations from the threats posed by phishing, according to new research. However, users also need to make themselves more aware of the dangers to ensure potential scammers do not obtain access to personal or sensitive information.

  • State Election Offices Made for an Easy Target for Russian Hackers

    In the months before the 2016 presidential election, one U.S. state received a notification from a federally backed cybersecurity group, warning about suspicious cyber activity directed at its networks. The state IT officials did not share the alert with other state government leaders and as late at January 2018, the same officials reported nothing “irregular, inconsistent, or suspicious” took place before the vote. In fact, GRU, Russia’s military intelligence agency, had scanned one of the state’s “election-related” domains, according to a new Senate report.

  • Hacking Connected Cars to Gridlock Whole Cities

    In the year 2026, at rush hour, your self-driving car abruptly shuts down right where it blocks traffic. You climb out to see gridlock down every street in view, then a news alert on your watch tells you that hackers have paralyzed all Manhattan traffic by randomly stranding internet-connected cars. Researchers warn that even with increasingly tighter cyber defenses, the amount of data breached has soared in the past four years, but objects becoming hackable can convert the rising cyber threat into a potential physical menace.

  • 2020 Election Security Can’t Wait Till 2020

    In the wake of last week’s testimony by Special Counsel Robert Mueller and the detailed report released by the Senate Intelligence Committee, the press coverage has emphasized—understandably—the need to harden U.S. defenses against various forms of cyber interference that Russia—and now Iran, too—appear intent on carrying out in the 2020 election. While it’s true that 2020 election security is critical, it’s important to emphasize that protecting our elections can’t wait until 2020 is upon us. That’s because, if our foreign adversaries’ goal is (as the Senate Intelligence Committee report confirmed) to undermine American confidence in our own democracy, the opportunities to do so are already unfolding.

  • Sounding the Alarm about Another Kind of 9/11

    Richard Clarke knows some things about clear and present dangers. As the first U.S. counterterrorism czar, he tried to alert important White House decision-makers before September 11 about the threat of a terrorist attack on U.S. soil, but those warnings were largely ignored; afterwards, he famously apologized publicly for the government’s failures. These days, Clarke is trying to get people to think hard about the next big attack—the cyber version—and all the ones that have already happened.

  • Hackers’ Latest Target: School Districts

    Some hackers demand ransom; others sweep up personal data for sale to identity thieves. But whatever hackers’ motives, school systems around the country have been the targets of their cyberattacks. Nearly two-thirds of school districts in the United States serve fewer than 2,500 students, and many do not have a staff member dedicated solely to cybersecurity.