• Cyber incidents doubled in 2017

    The Online Trust Alliance (OTA) has just released its Cyber Incident & Breach Trends Report. OTA’s annual analysis found that cyber incidents targeting businesses nearly doubled from 82,000 in 2016 to 159,700 in 2017. Since the majority of cyber incidents are never reported, OTA believes the actual number in 2017 could easily exceed 350,000. The report analyzes data breaches, ransomware targeting businesses, business email compromise (BEC), distributed denial of service attacks (DDoS), and takeover of critical infrastructure and physical systems over the course of a year.

  • Hybrid warfare: Russia is “arch exponent” of the disappearing “distinct states of ‘peace’ and ‘war’”: U.K. military chief

    The West’s adversaries “have become masters at exploiting the seams between peace and war. What constitutes a weapon in this grey area no longer has to go ‘bang’. Energy, cash - as bribes - corrupt business practices, cyber-attacks, assassination, fake news, propaganda and indeed military intimidation are all examples of the weapons used to gain advantage in this era of ‘constant competition,’ and the rules-based international architecture that has assured our stability and prosperity since 1945 is, I suggest therefore, threatened,” Sir Nicholas Carter, the British Army chief of staff, said last week. “The deduction we should draw from this is that there is no longer two clear and distinct states of ‘peace’ and ‘war’; we now have several forms. Indeed the character of war and peace is different for each of the contexts in which these ‘weapon systems’ are applied,” he added. “The arch exponent of this [new approach to war] is Russia…. I believe it represents the most complex and capable state-based threat to our country since the end of the Cold War. And my fellow Chiefs of Staff from the United States, France, and Germany shared this view.”

  • Artificial intelligence is the weapon of the next Cold War

    By Jeremy Straub

    As during the Cold War after the Second World War, nations are developing and building weapons based on advanced technology. During the Cold War, the weapon of choice was nuclear missiles; today it’s software, whether it is used for attacking computer systems or targets in the real world. Russian rhetoric about the importance of artificial intelligence is picking up – and with good reason: As artificial intelligence software develops, it will be able to make decisions based on more data, and more quickly, than humans can handle. As someone who researches the use of AI for applications as diverse as drones, self-driving vehicles and cybersecurity, I worry that the world may be entering – or perhaps already in – another cold war, fueled by AI. In a recent meeting at the Strategic Missile Academy near Moscow, Russian President Vladimir Putin suggested that AI may be the way Russia can rebalance the power shift created by the U.S. outspending Russia nearly 10-to-1 on defense each year. Russia’s state-sponsored RT media reported AI was “key to Russia beating [the] U.S. in defense.” With Russia embracing AI, other nations that don’t or those that restrict AI development risk becoming unable to compete – economically or militarily – with countries wielding developed AIs. Advanced AIs can create advantage for a nation’s businesses, not just its military, and those without AI may be severely disadvantaged. Perhaps most importantly, though, having sophisticated AIs in many countries could provide a deterrent against attacks, as happened with nuclear weapons during the Cold War.

  • Novel solution to better secure voice over internet communication

    Researchers have developed a novel method to better protect Crypto Phones from eavesdropping and other forms of man-in-the-middle attacks. Crypto Phones consist of smartphone apps, mobile devices, personal computer or web-based Voice over Internet Protocol applications that use end-to-end encryption to ensure that only the user and the person they are communicating with can read what is sent. In order to secure what is being communicated, Crypto Phones require users to perform authentication tasks.

  • Downtime of a top cloud service provider could cost U.S. economy $15 billion

    Businesses in the United States could lose $15 billion if a leading cloud service provider would experience a downtime of at least three days. A new study finds that if a top cloud provider went down, manufacturing would see direct economic losses of $8.6 billion; wholesale and retail trade sectors would see economic losses of $3.6 billion; information sectors would see economic losses of $847 million; finance and insurance sectors would see economic losses of $447 million; and transportation and warehousing sectors would see economic losses of $439 million.

  • World Economic Forum launches new cybersecurity center “to prevent a digital dark age”

    Without collaboration and robust defenses, cyberattacks could cripple economies, nation states, and societies. The World Economic Forum says that urgent action is needed to create safe operating environment for new technologies like artificial intelligence, robotics, drones, self-driving cars, and the Internet of Things. The Forum has launched a new Global Center for Cybersecurity, which will offer a platform for governments, companies, and international organizations to diminish the impact of malicious activities on the web.

  • House bill will hold Putin, others accountable for election meddling

    Representatives Ileana Ros-Lehtinen (R-Florida) and Brad Schneider (D-Illinois) introduced H.R. 4884, the Defending Elections from Threats by Establishing Redlines (DETER) Act, a House companion to S. 2313 which was introduced by U.S. Senators Chris Van Hollen (D-Maryland) and Marco Rubio (R-Florida) earlier this month. The DETER Act would impose sanctions against Russia should it meddle again and requests a presidential strategy for deterring future interference by China, Iran, North Korea, or any other foreign government.

  • Dutch intelligence instrumental in launching FBI’s investigation into U.S. election meddling

    In 2014, Dutch government hackers from AIVD, the Dutch intelligence agency, managed to infiltrate “the computer network of the infamous Russian hacker group Cozy Bear,” a Dutch newspaper reports. A year later, the Dutch operatives witnessed “Russian hackers launching an attack on the Democratic Party in the United States.” The penetration of the Russian network allowed the Dutch intelligence services to provide the FBI with valuable information. The Steele Dossier was taken so seriously by the FBI not only because Christopher Steele was a credible and reliable Russia expert – but because much of the raw intelligence contained in the dossier dovetailed with information the FBI already had from other sources – one of them being Dutch intelligence.

  • Moods can impact cybersecurity behavior

    As professionals return to work after holidays, their moods are undoubtedly affected by the emotional impact of their holiday experiences, but these moods may be more critical to workplace cybersecurity than previously realized. New research suggests that people’s positive or negative moods can affect the likelihood that they will engage in insecure computing behavior in the workplace.

  • Fake news kicks into high gear in Czech presidential runoff

    By Alan Crosby

    Jiri Drahos, the pro-West, pro-EU challenger of incumbent Czech president Milos Zeman, came in second in the first round of the Czech presidential election, held 12-13 January. Zeman is one of Russian President Vladimir Putin’s strongest allies in central Europe, and the Russian government’s disinformation specialists have been ordered to help him win the runoff election, which will be held 27-28 January. These specialists have been successful in their social media efforts to boost the political strength of Marine Le Pen and her National Front in France; Geert Wilders and his Party of Freedom in the Netherlands; the Alternative für Deutschalnd (AfD) in Germany; Beppe Grillo and his Five Star movement in Italy; and increase the influence of other populist, ethno-nationalist movements such as Golden Dawn in Greece, Ataka in Bulgaria, and Jobbik in Hungary. They have also helped Donald Trump win the 2016 election. In the last two weeks, these disinformation experts have been targeting Drahos and his pro-West supporters.

  • Making network-connected systems less vulnerable

    The rise of network-connected systems that are becoming embedded seemingly everywhere–from industrial control systems to aircraft avionics–is opening up a host of rich technical capabilities in deployed systems. Even so, as the collective technology project underlying this massive deployment of connectivity unfolds, more consumer, industrial, and military players are turning to inexpensive, commodity off-the-shelf (COTS) devices with general-purpose designs applicable for a range of functionalities and deployment options. While less costly and more flexible, commodity components are inherently less secure than the single-purpose, custom devices they are replacing. DARPA says it trains its sights on the expansive attack surface of commodity off-the-shelf devices.

  • How secure is your data when it’s stored in the cloud?

    By Haibin Zhang

    Data stored in the cloud is nearly always stored in an encrypted form that would need to be cracked before an intruder could read the information. But as a scholar of cloud computing and cloud security, I’ve seen that where the keys to that encryption are held varies among cloud storage services. In addition, there are relatively simple ways users can boost their own data’s security beyond what’s built into systems they use. Ultimately, for people who don’t want to learn how to program their own tools, there are two basic choices: Find a cloud storage service with trustworthy upload and download software that is open-source and has been validated by independent security researchers. Or use trusted open-source encryption software to encrypt your data before uploading it to the cloud; these are available for all operating systems and are generally free or very low-cost.

  • So what did we learn? Looking back on four years of Russia’s cyber-enabled “Active Measures”

    By Clint Watts

    Americans continue to investigate, deliberate, and wallow in the aftermath of Russia’s rebirth of “Active Measures” designed to defeat their adversaries through the “force of politics rather than the politics of force.” Kremlin interference in the 2016 U.S. presidential election represents not only the greatest Active Measures success in Russian history, but the swiftest and most pervasive influence effort in world history. Never has a country, in such a short period of time, disrupted the international order through the use of information as quickly and with such sustained effect as Russia has in the last four years. Russia achieved this victory by investing in capabilities where its adversaries have vulnerabilities — cyberspace and social media. Putin’s greatest success through the employment of cyber-enabled Active Measures comes not from winning any single election, but through the winning of sympathetic audiences around the world he can now push, pull, and cajole from within the borders of his adversaries. Much has been learned about Russia’s hackers and troll farms in the year since the 2016 presidential election, but there remain greater insights worth exploring from a strategic perspective when looking at the Kremlin’s pursuit of information warfare holistically.

  • What we didn’t learn from Twitter’s news dump on Russiagate

    By Peter W. Singer

    On Friday evening, amid a pending U.S. government shutdown and a presidential porn payoff scandal, Twitter released its long-awaited report on Russian uses of its platform to interfere in the 2016 presidential election. The numbers were striking. Twitter officials said, they had found a cluster of 3,814 accounts that were “a propaganda effort by a Russian government-linked organization known as the Internet Research Agency (IRA).” These were supplemented by a broader project of 50,258 automated accounts — bots — which spread the messaging further. In total, 677,775 people in the United States followed one of these accounts or retweeted or liked a Tweet from these accounts during the election period. Peter Singer writes that social media is about scale and networking, and this combination means that, in actuality, the numbers released by Twitter are far worse than they seem.

  • Rubio, Van Hollen introduce legislation to deter foreign interference in American elections

    U.S. Senators Marco Rubio (R-Florida) and Chris Van Hollen (D-Maryland) on Tuesday introduced the Defending Elections from Threats by Establishing Redlines (DETER) Act. The senators said it sends a powerful message to any foreign actor seeking to disrupt our elections: if you attack American candidates, campaigns, or voting infrastructure, you will face severe consequences. “We cannot be a country where foreign intelligence agencies attempt to influence our political process without consequences,” said Senator Rubio. “This bill will help to ensure the integrity of our electoral process by using key national security tools to dissuade foreign powers from meddling in our elections.”