• CybersecurityCybercrime fighting tool moves from government to private sector

    Some Department of Energy facilities experience thousands of attempted cyberattacks every day. But the FLOWER software app, developed and patented by DOE’s Pacific Northwest National Laboratory, has been used by other tools and cyber analysts to detect, deter, and mitigate coordinated attacks.

  • CybersecurityNSA funds cybersecurity project to bolster security of cloud-based computing

    A University of Arkansas at Little Rock researcher has received funding from the U.S. National Security Agency (NSA) to improve cybersecurity skills for students and the general population. The cybersecurity lab project, “Networking and Network Security in the Cloud (NetSiC),” will address issues related to cloud-based computing environments and help students practice networking and cyber defense skills.

  • CybersecurityCombatting cyber threats

    New initiatives from the Cybersecurity Policy & Research Institute at the University of California, Irvine will help combat one of our greatest security challenges: vulnerabilities and attacks in cyberspace. These efforts include research on cyberattack attribution and supply chain security, the development of law enforcement training, the launch of a cyber-victims defense clinic, and a curriculum development effort for high school students.

  • CybersecurityNew director for CMU’s Software Engineering Institute's CERT Division

    Carnegie Mellon University’s Software Engineering Institute the other day announced the appointment of Roberta G. (Bobbie) Stempfley as director of the SEI’s CERT Division. A federally funded research and development center, SEI helps government and industry organizations develop and operate software systems that are secure and reliable. The CERT Coordination Center was founded at the SEI in 1988 as the world’s first computer security incident response team.

  • CybersecurityTraining cybersecurity professionals to protect critical infrastructure

    Idaho National Laboratory and the Department of Homeland Security (DHS) announce the successful completion of the 100th iteration of the Industrial Control Systems Cybersecurity (301) training course; a course tailored to defending systems used across the critical infrastructure sectors. Since April 2007, over 4,000 cybersecurity professionals have participated in the advanced course.

  • CybersecurityBug-bounty program to strengthen DHS cyber defenses

    Congress is considering a bill would establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – in order to strengthen cyber defenses at DHS by utilizing “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and data systems.

  • CybersecurityBolstering the security of inter-domain routing

    Since the creation of the internet, the Border Gateway Protocol (BGP) has been the default routing protocol to route traffic among organizations (Internet Service Providers [ISPs] and Autonomous Systems [ASes])). While the BGP protocol performs adequately in identifying viable paths that reflect local routing policies and preferences to destinations, the lack of built-in security allows the protocol to be exploited. To improve the security of inter-domain routing traffic exchange, NIST has begun development of a Special Publication (SP 800-189 – in preparation) that provides security recommendations for the use of Inter-domain protocols and routing technologies.

  • CybersecurityDHS S&T’s Transition to Practice program unveils 2017 cohort

    Eight new cybersecurity technologies developed by researchers at federally funded laboratories and academic research centers are ready for the commercial market. DHS S&T’s Transition to Practice (TTP) program will showcase its 2017 cohort 16 May in Washington. D.C.

  • CybersecurityNew executive order on cybersecurity highlights need for deterrence, protection of key industries

    By Frank J. Cilluffo and Sharon L. Cardash

    President Trump’s new executive order on cybersecurity for federal computer networks and key elements of the country’s infrastructure – such as the electricity grid and core communications networks – builds meaningfully on the work of the Obama administration. Cybersecurity is ultimately an exercise in risk management. Given the range of possible threats and the pace at which they may appear, it is impossible to protect everything, everywhere, all the time. But it is possible to make sure that the most valuable resources (such as particular networks and systems, or specific data) are properly protected by, at minimum, good cyber-hygiene – and ideally, more. Overall, the order is a solid document, with guidance that is both measured and clear. Key to its success – and ultimately to the country’s security in cyberspace – will be the relationship the government builds with private industry. Protecting the country won’t be possible without both groups working in tandem.

  • CybersecurityThe Darknet offers more robust protection against attacks

    Researchers have discovered why cyberattacks usually fail against the Darknet, a part of the internet that guarantees users’ privacy and anonymity. This hidden network is used for sensitive and often illegal purposes such as drug trafficking or exchanging child pornography and can counter large attacks on its own by spontaneously adding more network capacity.

  • CybersecurityInternet Atlas maps the physical elements of the internet to enhance security

    Despite the internet-dependent nature of our world, a thorough understanding of the internet’s physical makeup has only recently emerged. Researchers have developed Internet Atlas, the first detailed map of the internet’s structure worldwide. Though the physical elements of the internet may be out of sight for the average user, they are crucial pieces of the physical infrastructure that billions of people rely on.

  • Cybersecurity2017 Cyber Defense Competition tests infrastructure vulnerability

    More than 100 college and high school students from nine states honed their cyber defense skills against experts at the U.S. Department of Energy’s (DOE) Argonne National Laboratory during Argonne’s second annual Collegiate Cyber Defense Competition. In the competition, fifteen college teams defended mock electrical and water utilities from the repeated cyberattacks of a team of experts from Argonne, the Illinois and Wisconsin National Guard, and the technology industry.

  • PrivacyHouse kills web privacy protections; ISPs free to collect, sell customers’ information

    The House of Representative on Tuesday voted 215 to 205 kill the privacy rules, formulated by the FCC, which were aimed at preventing internet service providers (ISPs) from selling their customers’ web browsing histories and app usage to advertisers. Without these protections, Comcast, Verizon, AT&T, and other ISPs will have complete freedom to collect information about their customers’ browsing and app-usage behavior, then sell this information to advertisers.

  • CybersecurityNew brain-inspired cybersecurity system detects “bad apples” 100 times faster

    Cybersecurity is critical — for national security, corporations and private individuals. Sophisticated cybersecurity systems excel at finding “bad apples” in computer networks, but they lack the computing power to identify the threats directly. These limits make it easy for new species of “bad apples” to evade modern cybersecurity systems. And security analysts must sort the real dangers from false alarms. The Neuromorphic Cyber Microscope, designed by Lewis Rhodes Labs in partnership with Sandia National Laboratories, directly addresses this limitation. Due to its brain-inspired design, it can look for the complex patterns that indicate specific “bad apples,” all while using less electricity than a standard 60-watt light bulb.

  • Cybersecurity“Lip password” uses a person’s lip motions to create a password

    The use of biometric data such as fingerprints to unlock mobile devices and verify identity at immigration and customs counters are used around the world. Despite its wide application, one cannot change the scan of their fingerprint. Once the scan is stolen or hacked, the owner cannot change his/her fingerprints and has to look for another identity security system. Researchers have invented a new technology called “lip motion password” (lip password) which utilizes a person’s lip motions to create a password.