• Iona College to Launch BS, BA, MS concentrations in cybersecurity

    Iona College announced the launch in fall 2014 of undergraduate and graduate programs in computer science with a concentration in cyber security. The concentration will be offered for the Bachelor of Science, Bachelor of Arts, and the Master of Science degrees. The programs will provide students with fundamental cyber security skills, theoretical as well as hands-on experience. Students are exposed to new research ideas across many cyber security areas including software security, Web application security, mobile security, networking security, database security, and cryptography.

  • Ukrainian computer systems attacked by sophisticated malware with "Russian roots"

    Ukrainian computer systems and networks have been targeted by at least twenty-two attacks launched by “committed and well-funded professionals” since January 2013, defense contractor BAE Systems found. BAE declined to identify the source of the attacks, but a German company said the espionage software has “Russian roots.” The malware design “suggests that attackers possess an arsenal of infiltration tools and bears all the hallmarks of a highly sophisticated cyber operation,” the BAE report said.

  • U.S. Army releases first field manual for war in the electromagnetic spectrum

    Sergei Gorshkov, former Admiral of the Fleet of the Soviet Union, once remarked that “the next war will be won by the side that best exploits the electromagnetic spectrum.” The U.S. Army agrees, releasing its first field manualfor Cyber Electromagnetic Activities (CEMA). The Pentagon defines cyber electromagnetic activities as activities leveraged to seize, retain, and exploit an advantage over adversaries and enemies in both cyberspace and the electromagnetic spectrum, while simultaneously denying and degrading adversary and enemy the use of such capabilities, and protecting the mission command system.

  • Pro-regime Syrian hackers threaten cyberattacks on CENTCOM

    Last Friday, the Syrian Electronic Army (SEA) threatened to launch a cyberattack on U.S. Central Command (CENTCOM) if the United States would conducts cyberwarfare operations against Syria.

    The SEA is a group of Syrian computer hackers who support Syrian President Bashar al-Assad. Cyber experts say the group’s threat should not be dismissed. “This is a very capable group that has done some very significant things against well-defended targets,” says Bob Gourley, a former Chief Technology Officer for the Defense Intelligence Agency (DIA).

  • Israeli defense company launches cybersecurity solutions section

    In recent months the Israel Aerospace Industries (IAI) has increased its cyberdefense-related activities. Esti Peshin, director of the company’s cyber section and a veteran of the IDF’s hush-hush sigint Unit 8200, says IAI is now developing solutions for clients in Israel and abroad. “We’re a start-up, but with the backing of a company that earns $3.5 billion a year,” she said. Ultimately, she implied, these defensive measures can be turned into offensive capabilities. “Intelligence is a subset of attack,” Peshin said. “This is, first of all, a national mission.”

  • New cyber-attack model helps hackers time the next Stuxnet

    Taking the enemy by surprise is usually a good idea. Surprise can only be achieved if you get the timing right — timing which, researchers argue, can be calculated using a mathematical model, at least in the case of cyber-wars. The researchers say that based on the stakes of the outcome, a cyberweapon must be used soon (if stakes are constant) or later (if the stakes are uneven). In other words, when the gain from a cyberattack is fixed and ramifications are low, it is best to attack as quickly as possible. When the gain is high or low and ramifications are high, it is best to be patient before attacking.

  • Israeli legal expert urges development of ethics code for cyberwarfare

    Col. Sharon Afek, former deputy military advocate general, says that countries would benefit from developing an ethics code to govern cyber warfare operations. He notes that existing law already prohibits cyber operations which would directly lead to loss of life, injury, or property damage, such as causing a train to derail or undermining a dam. “Israel faces a complex and challenging period in which we can expect both a cyber arms race with the participation of state and non-state entities, and a massive battle between East and West over the character of the future legal regime,” he writes. He acknowledges, though, that only a catastrophic event like “Pearl Harbor or Twin Towers attack in cyberspace” would accelerate developments in this area.

  • New software obfuscation system a cryptography game changer

    A team of researchers has designed a system to encrypt software so that it only allows someone to use a program as intended while preventing any deciphering of the code behind it. This is known in computer science as “software obfuscation,” and it is the first time it has been accomplished. Previously developed techniques for obfuscation presented only a “speed bump,” forcing an attacker to spend some effort, perhaps a few days, trying to reverse-engineer the software. The new system puts up an “iron wall,” making it impossible for an adversary to reverse-engineer the software without solving mathematical problems that take hundreds of years to work out on today’s computers — a game-change in the field of cryptography.

  • Snowden’ leaks derailed important cybersecurity initiatives

    Edward Snowden’s leaks created such a climate of distrust around the NSA that many important cybersecurity initiatives died, stalled, or became non-starters. Security experts say that this is a case of throwing the baby out with the bathwater, and that the result of these stalled cybersecurity initiatives is that the United States is now more vulnerable to cyberattacks on its infrastructure, and government agencies and American corporations more exposed to sensitive information being compromised and stolen. U.S. officials have found it more difficult to respond to cyberattacks from Russia, China, and elsewhere. “All the things [the NSA] wanted to do are now radioactive, even though they were good ideas,” says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies(CSIS).

  • National cyber complex to open next to Ben-Gurion University of the Negev campus

    A new national cyber complex called CyberSpark will open at the Advanced Technology Park (ATP) which is located next to Ben Gurion University of the Negev. Fortune 500 companies Lockheed Martin and IBM announced they would invest in CyberSpark R&D facilities, joining other cybersecurity leaders Deutsche Telekom, EMC, RSA, and many startups. The 15-building ATP is the only type of complex of its kind in the world that includes Fortune 500 companies and cyber-incubators, academic researchers, and educational facilities as well as national government and security agencies. The CyberSpark will also include a high school geared toward science and technology.

  • Gaza-based Palestinian hackers compromise Israeli defense ministry computer

    Hackers broke into a computer at the Israeli Ministry of Defense through an e-mail attachment tainted with malicious software. The attachment looked as if it had been sent by the country’s internal security service, the Shin Bet. it was likely that Palestinians were behind the cyberattack, saying that the more recent attacks were similar to cyberattacks against Israeli computers more than a year ago. Those attacks originated in the Hamas-controlled Gaza Strip. The attackers used an e-mail attachment to infect the computers with Xtreme RAT malware, which is a remote access Trojan. The malware allows hackers complete control of an infected machine. They can steal information, load additional malicious software onto the network, or use the invaded computer as a base of operations from which to conduct reconnaissance and attempt to gain deeper access into the network.

  • House approves $447 for Cyber Command

    The House of Representatives approved a fiscal 2014 stop-gap budget last Monday (it approved to full spending bill on Wednesday), which allocates $447 million to the Defense Department’s Cyber Command. This is more than twice the $191 million budget for Cyber Command in 2013.

  • U.S. Air Force plans to add 1,000 new cybersecurity personnel

    Budget cuts notwithstanding, the U.S. Air Force plans to add 1,000 new personnel between 2014 and 2016 as part of its cybersecurity units. The 24th Air Force at Joint Base San Antonio-Lackland, Texas is home to the U.S. Air Force cyber command. With a budget of about $1 billion and a staff of roughly 400 military and civilian personnel, the command oversees about 6,000 cyber defense personnel throughout the Air Force.

  • NERC’s critical infrastructure protection standards ambiguous, unclear: analysts

    In January 2008, to counter cybersecurity threats to critical infrastructure assets such as bulk electricity supply (BES), North American Electric Reliability Corp.’s (NERC) launched its Critical Infrastructure Protection (CIP) standards for BES cybersecurity. The NERC-CIP is marked by uncertainties and ambiguous language, raising concerns in the industry and among industry observers as companies try to enforce the standards. “Industry now screams for a defined control set with very specific requirements that don’t permit subjective and ambiguous interpretations,” comments one analyst.

  • NIST's cybersecurity framework for infrastructure

    Company which are managing critical infrastructure in the United States and disregard the Preliminary Cybersecurity Framework, issued by the National Institute of Standards and Technology (NIST) in late October, do so at their own peril. The framework is now in its final comment stage and due to be released in mid-February. It lays out a set of comprehensive but voluntary cybersecurity practices.