• DHS releases the wrong FOIA-requested documents, exposing infrastructure vulnerabilities

    On 3 July 2014, DHS, responding to a Freedom of Information Act(FOIA) request on Operation Aurora, a malware attack on Google, instead released more than 800 pages of documents related to the Aurora Project, a 2007 research effort led by Idaho National Laboratoryto show the cyber vulnerabilities of U.S. power and water systems, including electrical generators and water pumps. The research project found that once these infrastructure systems are infiltrated, a cyberattack can remotely control key circuit breakers, thereby throwing a machine’s rotating parts out of synchronization and causing parts of the system to break down.

  • Bolstering cybersecurity by taking a step back in time to analog security systems

    Richard Danzig, the vice chairman for the RAND Corporation and a former secretary of the navy, is saying it is timeto take a step back in time and incorporate analog security systems into cyber infrastructure. “Merge your system with something that is analog, physical, or human so that if the system is subverted digitally it has a second barrier to go through,” he said. “If I really care about something then I want something that is not just a digital input but a human or secondary consideration,” he says.

  • If South Korea’s nuclear plant staff are vulnerable, then so are the reactors

    Does it matter that a South Korean nuclear plant was hacked and plans of the complex stolen? As it is South Korea that’s the subject of this latest attack, everyone tends to assume it must have had something to do with North Korea. With a target as sensitive as a nuclear power plant, not unreasonably people are asking if safety could be compromised by a cyberattack. Could hackers cause the next Chernobyl or Three Mile Island? This points to an important and infrequently discussed problem, the vulnerability of critical national infrastructure. Cyber-attacks like these are a great way of levelling the playing field: why invest in massively expensive nuclear weapons program if you can simply shut down your enemies’ power, gas, water, and transportation systems? Increasingly more and more infrastructure is connected to the Internet, with all the security risks that entails.

  • Obama signs five cybersecurity measures into law

    Last week President Barack Obama signed five cybersecurity-related pieces of legislation, including an update to the Federal Information Security Management Act(FISMA) — now called the Federal Information Security Modernization Act — the law which governs federal government IT security. Other cyber legislation the president signed includes the Homeland Security Workforce Assessment Act, the Cybersecurity Workforce Assessment Act, the National Cybersecurity Protection Act (NCPA), and the Cybersecurity Enhancement Act.

  • Sony cancels Christmas release of “The Interview”

    Sony Pictures announced it has cancelled the Christmas release of “The Interview,” the a film at the center of a hacking campaign, after dire threats to moviegoers and a decision by major movie theater groups to cancel screenings in the United States. “Those who attacked us stole our intellectual property, private e-mails, and sensitive and proprietary material, and sought to destroy our spirit and our morale — all apparently to thwart the release of a movie they did not like,” the company said in a statement.

  • New cyber test range trains soldiers for simultaneous cyber and combat operations

    A unique mix of training technologies sponsored by the Office of Naval Research (ONR) is preparing front-line soldiers to conduct cyber and combat operations simultaneously, as Marines demonstrated during a recent amphibious exercise off the coast of Virginia. During last month’s Bold Alligator exercise, Marines used ONR’s Tactical Cyber Range to emulate adversary communications hidden in a noisy, dense electromagnetic spectrum —as much a battleground in today’s digital world as any piece of land.

  • Sony hackers threaten attacks against movie goers who plan to see “The Interview”

    The hackers who attacked Sony networks are now threatening an attack on people who plan to go to see the movie “The Interview.” The hackers write in their message that they “recommend you to keep yourself distant” from movie theaters showing the movie. The hackers earlier promised to deliver a “Christmas gift.” It was not clear what they had in mind – some suggested they would release another batch of embarrassing data from Sony’s files — but it now looks as if the “gift” might well be a cyberattack on movie theaters.

  • 2008 Turkish oil pipeline explosion may have been Stuxnet precursor

    The August 2008 Baku-Tbilisi-Ceyhan (BTC) oil pipeline explosion in Refahiye, eastern Turkey, was ruled at the time to be an accident resulting from a mechanical failure, which itself was a result of an oversight by Turkish government’s supervisors. Western intelligence services concluded that the explosion was the result of a cyberattack. According to people familiar with an investigation of the incident, hackers had infiltrate the pipeline’s surveillance systems and valve stations, and super-pressurized the crude oil in the pipeline, causing the explosion.

  • Improving defense of the U.S. cyber infrastructure

    Florida Institute of Technology Associate Professor Marco Carvalho has been awarded a $730,000, two-year contract by DHS Science and Technology Directorate (S&T) to design a cyberdefense framework that will allow multiple organizations in both civilian and government sectors unprecedented levels of coordination in their efforts to protect the nation’s cyber infrastructure.

  • Coordinated cyberattacks by Iran-based hackers on global critical infrastructure

    Irvine, California-based cybersecurity firm Cylance last week released a report detailing coordinated attacks by hackers with ties to Iran on more than fifty targets in sixteen countries around the globe. Victim organizations were found in a variety of critical industries, with most attacks on airlines and airports, energy, oil and gas, telecommunications companies, government agencies and universities.

  • China says U.S. does not appreciate China’s own vulnerability to cyberattacks

    At the seventh annual China-U.S. Internet Industry Forum held on 2-3 December, Lu Wei, minister of China’s Cyberspace Affairs Administration, which manages Internet information in China, urged U.S. officials and the private sector to stop claiming Chinese cyberespionage against U.S. systems and instead understand China’s Internet information policies. China has become the world’s largest Internet market with over four million websites, 600 million Web users, and four of the world’s top ten Internet firms.

  • U.S. Army creates a Cyber branch

    Soldiers who want to defend the nation in cyberspace, as part of the U.S. Army’s newest and most technologically advanced career field, now have an Army branch to join that will take its place alongside infantry, artillery, and the other Army combat arms branches. Army Secretary John McHugh and Chief of Staff Gen. Raymond Odierno approved the creation of the Cyber branch in September. “The establishment of a Cyber Branch shows how important and critical the cyber mission is to our Army, and allows us to focus innovative recruiting, retention, leader development, and talent management needed to produce world-class cyberspace professionals,” said Lt. Gen. Edward Cardon, the commanding general of Army Cyber Command.

  • Iran may resume cyberattacks on U.S. if nuclear deal is not reached

    A failure for the United States to reach a nuclear deal with Iran could result in more cyberattacks against U.S. companies, House Intelligence Committeechairman Mike Rogers (R-Michigan) said. Cyberattacks by Tehran declined dramatically after the United States, other permanent members of the Security Council, and Germany agreed to an interim nuclear deal with Iran in 2013, but should the parties fail to reach a permanent nuclear deal by the newly set March 2015 and July 2015 deadlines, financial firms, oil and gas companies, and water filtration systems could be targets of malware from Iran’s cyber army.

  • Pentagon mulls “byte for a byte” cyber retaliatory operations

    Much has been made of the phrase “an eye for an eye” throughout history, and it is beginning to appear that the oft-used motto will extend to the new fields of cyber warfare as well.This “approach is something our adversaries will readily understand,” one analyst writes. “If they escalate, we escalate. They know they will lose because we have far more cyber resources to draw on than they have, and we can cause real harm if they mess with us.”

  • NSA director: China and “one or two” other nations can damage U.S. critical infrastructure

    Adm. Michael Rogers, director of the National Security Agency and head of U.S. Cyber Command, told lawmakers yesterday that China and “one or two” other countries are capable of mounting cyberattacks which would paralyze the U.S electric grid and other critical infrastructure systems across the country. A cyberattacks of such scope has been discussed in the past – it was even dubbed a “cyber Pearl Harbor” – but Rogers was the first high official to confirm that such a crippling attack on the United States was not a mere speculation. Rogers said U.S. adversaries are conducting electronic “reconnaissance” on a regular basis so that they will be well-positioned to damage and disrupt the industrial control systems which run chemical facilities, nuclear power plants, water treatment facilities, dams, and much more.