• CybersecurityBolstering web security without compromising performance

    Chances are, you are reading this article on a web browser that uses HTTPS, the protocol over which data is sent between a web browser and the website users are connected to. In fact, nearly half of all web traffic passes through HTTPS. Despite the “S” for security in “HTTPS,” this protocol is far from perfectly secure.

  • R&DS&T awards $8.6 million for enhancing security of mobile apps for the government

    DHS S&T has awarded funding to five R&D projects that will enhance the secure use of mobile applications for the federal government. These Mobile Application Security (MAS) R&D projects focus on continuous validation and threat protection for mobile apps and integrating security throughout the mobile app lifecycle.

  • CybersecurityU.S. government’s cybersecurity readiness lagging compared to almost every other industry

    SecurityScorecard the other day released its annual U.S. State and Federal Government Cybersecurity Report. The study paints a grim picture of the overall cyber health of the U.S. government entities. In the midst of investigations into a potential 2016 election hacking, regular major malware events, and an overall increase in the number of sophisticated cyberattacks, the report highlights that the government sector is lagging compared to almost every other industry. The state of U.S. government cyber health places mission-critical services and infrastructure at risk.

  • CybersecurityMSU cybersecurity scholarship program receives $3.11 million grant

    Mississippi State University will receive $3.11 million through a National Science Foundation grant to continue the university’s role in the CyberCorps Scholarship for Service program, which prepares qualified cybersecurity professionals for entry into the government workforce. As part of the grant, which will support the program for four years, East Mississippi Community College students planning to attend MSU are eligible to receive scholarships and support.

  • CybersecurityNew app detects cyberattacks quickly

    If you are awaiting exciting news from your friend, what is the better way to read your email? Has it comes in, or after a batch collects? Well, if you read it as it comes in, you will surely get the news faster. Researchers have developed a software app that can do the same for computer networks. Monitoring the activity within a network in real-time can allow cybersecurity analysts to detect cyberattacks quickly, before thieves steal data or crash your system.

  • ForensicsGeorge Mason’s new Center of Excellence for Criminal Investigations and Network Analysis

    DHS S&T has selected George Mason University in Fairfax, Virginia to lead a consortium of U.S. academic institutions and other partners for a new Center of Excellence (COE) in Criminal Investigations and Network Analysis (CINA). The Center’s research will focus on criminal network analysis, dynamic patterns of criminal activity, forensics, and criminal investigative processes.

  • CybersecurityCybercrime fighting tool moves from government to private sector

    Some Department of Energy facilities experience thousands of attempted cyberattacks every day. But the FLOWER software app, developed and patented by DOE’s Pacific Northwest National Laboratory, has been used by other tools and cyber analysts to detect, deter, and mitigate coordinated attacks.

  • CybersecurityNSA funds cybersecurity project to bolster security of cloud-based computing

    A University of Arkansas at Little Rock researcher has received funding from the U.S. National Security Agency (NSA) to improve cybersecurity skills for students and the general population. The cybersecurity lab project, “Networking and Network Security in the Cloud (NetSiC),” will address issues related to cloud-based computing environments and help students practice networking and cyber defense skills.

  • CybersecurityCombatting cyber threats

    New initiatives from the Cybersecurity Policy & Research Institute at the University of California, Irvine will help combat one of our greatest security challenges: vulnerabilities and attacks in cyberspace. These efforts include research on cyberattack attribution and supply chain security, the development of law enforcement training, the launch of a cyber-victims defense clinic, and a curriculum development effort for high school students.

  • CybersecurityNew director for CMU’s Software Engineering Institute's CERT Division

    Carnegie Mellon University’s Software Engineering Institute the other day announced the appointment of Roberta G. (Bobbie) Stempfley as director of the SEI’s CERT Division. A federally funded research and development center, SEI helps government and industry organizations develop and operate software systems that are secure and reliable. The CERT Coordination Center was founded at the SEI in 1988 as the world’s first computer security incident response team.

  • CybersecurityTraining cybersecurity professionals to protect critical infrastructure

    Idaho National Laboratory and the Department of Homeland Security (DHS) announce the successful completion of the 100th iteration of the Industrial Control Systems Cybersecurity (301) training course; a course tailored to defending systems used across the critical infrastructure sectors. Since April 2007, over 4,000 cybersecurity professionals have participated in the advanced course.

  • CybersecurityBug-bounty program to strengthen DHS cyber defenses

    Congress is considering a bill would establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – in order to strengthen cyber defenses at DHS by utilizing “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and data systems.

  • CybersecurityBolstering the security of inter-domain routing

    Since the creation of the internet, the Border Gateway Protocol (BGP) has been the default routing protocol to route traffic among organizations (Internet Service Providers [ISPs] and Autonomous Systems [ASes])). While the BGP protocol performs adequately in identifying viable paths that reflect local routing policies and preferences to destinations, the lack of built-in security allows the protocol to be exploited. To improve the security of inter-domain routing traffic exchange, NIST has begun development of a Special Publication (SP 800-189 – in preparation) that provides security recommendations for the use of Inter-domain protocols and routing technologies.

  • CybersecurityDHS S&T’s Transition to Practice program unveils 2017 cohort

    Eight new cybersecurity technologies developed by researchers at federally funded laboratories and academic research centers are ready for the commercial market. DHS S&T’s Transition to Practice (TTP) program will showcase its 2017 cohort 16 May in Washington. D.C.

  • CybersecurityNew executive order on cybersecurity highlights need for deterrence, protection of key industries

    By Frank J. Cilluffo and Sharon L. Cardash

    President Trump’s new executive order on cybersecurity for federal computer networks and key elements of the country’s infrastructure – such as the electricity grid and core communications networks – builds meaningfully on the work of the Obama administration. Cybersecurity is ultimately an exercise in risk management. Given the range of possible threats and the pace at which they may appear, it is impossible to protect everything, everywhere, all the time. But it is possible to make sure that the most valuable resources (such as particular networks and systems, or specific data) are properly protected by, at minimum, good cyber-hygiene – and ideally, more. Overall, the order is a solid document, with guidance that is both measured and clear. Key to its success – and ultimately to the country’s security in cyberspace – will be the relationship the government builds with private industry. Protecting the country won’t be possible without both groups working in tandem.