• U.S. contemplates responses to a cyber-Pearl Harbor attack on critical infrastructure

    Cybersecurity experts often contemplate how U.S. security agencies would react to a cyber-9/11 or a digital Pearl Harbor, in which a computer attack would unplug the power grid, disable communications lines, empty bank accounts, and result in loss of life. “Ultimately, it absolutely could happen,” says one expert. “Yeah, that thought keeps me up at night, in terms of what portion of our critical infrastructure could be really brought to its knees.”

  • First known Arabic cyber-espionage group attacking thousands globally: Kaspersky Lab

    The Kaspersky Lab Global Research and Analysis Team the other day announced the discovery of Desert Falcons, a cyber-espionage group targeting multiple high profile organizations and individuals from Middle Eastern countries. Kaspersky Lab said its experts consider this actor to be the first known Arabic group of cyber mercenaries to develop and run full-scale cyber-espionage operations. In total Kaspersky Lab experts were able to find signs of more than 3,000 victims in 50+ countries, with more than one million files stolen.

  • Army Reserves, six universities establish cybersecurity training centers for cyber warriors

    The U.S. Army Reserves (USAR) Cyber Public Private Partnership Initiative (Cyber P3) sees the USAR partner with six universities to establish six centers of cybersecurity training for USAR. Each school in the Cyber P3 will be able to give reservists the training necessary to receive advanced foundational cyber skills and the potential equivalency for cyber Military Occupational Specialty Qualification, which would enable them to become specialists in the Army. They will also have the opportunity to enroll at the schools with scholarships provided through the program and the G.I. Bill. 

  • Obama continues push for cybersecurity bill

    Following his remarks on cybersecurity at the 2015 State of the Union address, President Barack Obama will attenda summit on Cybersecurity and Consumer Protectionat Stanford Universitythis Friday. Attendees will include major stakeholders in cybersecurity and consumer financial protection issues, including executives from the financial services, telecommunications, and retail industries, as well as law enforcement officials and consumer advocates. Obama has requested $14 billion for cybersecurity initiatives in the 2016 federal budget, a 10 percent increase from 2015 budget.

  • U.S. yet to develop a strategy to secure nation’s critical infrastructure

    For years, the U.S. government has warned federal and state agencies about the threat posed by hackers who may target computer systems responsible for operating nuclear plants, electric substations, oil and gas pipelines, transit systems, chemical facilities, and drinking water facilities. In February 2013, President Barack Obama issued a directive stating, “It is the policy of the United States to strengthen the security and resilience of its critical infrastructure against both physical and cyber threats.” Two years later the federal government has yet to develop or adopt a consensus on how to secure America’s critical infrastructure from cyber criminals.

  • New Chinese cyber rules aim to facilitate intellectual property theft: U.S. tech companies

    The Chinese government’s cyberspace policy group in late 2014 approved a 22-page document which contained strict procurement rules for technology vendors. Those rules would require U.S. firms selling computer equipment in China to turn over sensitive intellectual property — including source codes — submit their products for “intrusive security testing,” and use Chinese encryption algorithms. U.S. companies selling equipment to Chinese banks will be required to set up research and development centers in China, get permits for workers servicing technology equipment, and build “ports” which allow Chinese officials to manage and monitor data processed by their hardware. U.S. tech companies charge that the new rules would make it easier for China to steal U.S. companies’ intellectual property.

  • Cyber protection of DHS’s and other federal facilities is weak: GAO

    While most cybersecurity threats against government agencies tend to focus on network and computer systems, a growing number of access control systems, responsible for regulating electricity use, heating, ventilation, and air-conditioning (HVAC), and the operation of secured doors and elevators are also vulnerable to hacking. .” GAO warns that despite the seriousness of the vulnerabilities, agencies tasked with securing federal facilities have not been proactive.

  • U Wisconsin, shedding 1960s anti-classified research image, launches cybersecurity center

    A new cybersecurity research center being built in partnership with private firms and the University of Wisconsin(UW) system aims to attract high-tech research dollars to the state, but administrators must balance the secrecy required for classified research with the openness which is the foundation of academic science. The state legislature passed a 2014 law allowing UW to accept contract for classified work partly in hopes that the school system will lose the perception of being an anti-classified-research environment, a perception dating back to campus protests against military research in the 1960s.

  • Universities adding cybersecurity programs to their curricula to meet growing demand

    The cyberattacks of recent years have not only increased the demand for employees who understand the field of information assurance and cybersecurity, they have also created a demand in cybersecurity education. Universities across the country are adding cybersecurity concentrations to their curricula to train students who will later help secure network systems.

  • DHS releases the wrong FOIA-requested documents, exposing infrastructure vulnerabilities

    On 3 July 2014, DHS, responding to a Freedom of Information Act(FOIA) request on Operation Aurora, a malware attack on Google, instead released more than 800 pages of documents related to the Aurora Project, a 2007 research effort led by Idaho National Laboratoryto show the cyber vulnerabilities of U.S. power and water systems, including electrical generators and water pumps. The research project found that once these infrastructure systems are infiltrated, a cyberattack can remotely control key circuit breakers, thereby throwing a machine’s rotating parts out of synchronization and causing parts of the system to break down.

  • Bolstering cybersecurity by taking a step back in time to analog security systems

    Richard Danzig, the vice chairman for the RAND Corporation and a former secretary of the navy, is saying it is timeto take a step back in time and incorporate analog security systems into cyber infrastructure. “Merge your system with something that is analog, physical, or human so that if the system is subverted digitally it has a second barrier to go through,” he said. “If I really care about something then I want something that is not just a digital input but a human or secondary consideration,” he says.

  • If South Korea’s nuclear plant staff are vulnerable, then so are the reactors

    Does it matter that a South Korean nuclear plant was hacked and plans of the complex stolen? As it is South Korea that’s the subject of this latest attack, everyone tends to assume it must have had something to do with North Korea. With a target as sensitive as a nuclear power plant, not unreasonably people are asking if safety could be compromised by a cyberattack. Could hackers cause the next Chernobyl or Three Mile Island? This points to an important and infrequently discussed problem, the vulnerability of critical national infrastructure. Cyber-attacks like these are a great way of levelling the playing field: why invest in massively expensive nuclear weapons program if you can simply shut down your enemies’ power, gas, water, and transportation systems? Increasingly more and more infrastructure is connected to the Internet, with all the security risks that entails.

  • Obama signs five cybersecurity measures into law

    Last week President Barack Obama signed five cybersecurity-related pieces of legislation, including an update to the Federal Information Security Management Act(FISMA) — now called the Federal Information Security Modernization Act — the law which governs federal government IT security. Other cyber legislation the president signed includes the Homeland Security Workforce Assessment Act, the Cybersecurity Workforce Assessment Act, the National Cybersecurity Protection Act (NCPA), and the Cybersecurity Enhancement Act.

  • Sony cancels Christmas release of “The Interview”

    Sony Pictures announced it has cancelled the Christmas release of “The Interview,” the a film at the center of a hacking campaign, after dire threats to moviegoers and a decision by major movie theater groups to cancel screenings in the United States. “Those who attacked us stole our intellectual property, private e-mails, and sensitive and proprietary material, and sought to destroy our spirit and our morale — all apparently to thwart the release of a movie they did not like,” the company said in a statement.

  • New cyber test range trains soldiers for simultaneous cyber and combat operations

    A unique mix of training technologies sponsored by the Office of Naval Research (ONR) is preparing front-line soldiers to conduct cyber and combat operations simultaneously, as Marines demonstrated during a recent amphibious exercise off the coast of Virginia. During last month’s Bold Alligator exercise, Marines used ONR’s Tactical Cyber Range to emulate adversary communications hidden in a noisy, dense electromagnetic spectrum —as much a battleground in today’s digital world as any piece of land.