• CybersecurityStrict password policies help prevent fraud

    The all-too-common practice of using the same email address/password combination to log into multiple websites can be damaging, especially for employers with many users and valuable assets protected by passwords, like universities. Researchers show that longer minimum passwords are the most effective way to prevent password reuse and reduce potential exposure in a third-party data breach.

  • CybersecurityS&T awards $11.6 million to defend against network, internet disruptions

    Five research organizations were awarded separate contracts totaling $11,511,565 to develop new methods to identify and attribute Network/Internet-scale Disruptive Events (NIDEs), the DHS S&T announced last week.

  • CybersecurityDojo by BullGuard establishes lab at Cyber@BGU

    Dojo by BullGuard, an Internet of Things (IoT) security specialist, and BGN Technologies, the technology transfer company of Ben-Gurion University of the Negev (BGU), have announced a partnership to develop advanced technologies for automated IoT threat detection, employing artificial intelligence and machine learning algorithms.

  • CybersecurityGermany creates cybersecurity R&D agency

    The German government today (Wednesday) announced the creation of a new federal agency to develop cutting-edge cyber defense technology. The agency would resemble the U.S. Defense Advanced Research Projects Agency (DARPA), which is credited with developing the early internet and GPS. The German agency, unlike DARPA, will focus on cyber defense ad cyber protection. DARPA’s range of defense-related research and development is much broader.

  • Document reliabilityMaking electronic documents more trustworthy

    Today, the expeditious delivery of electronic documents, messages, and other data is relied on for everything from communications to navigation. As the near instantaneous exchange of information has increased in volume, so has the variety of electronic data formats–from images and videos to text and maps. Verifying the trustworthiness and provenance of this mountain of electronic information is an exceedingly difficult task – especially since the software used to process electronic data is error-prone and vulnerable to exploitation through maliciously crafted data inputs, opening the technology and its underlying systems to compromise.

  • CybersecuritySecurity gaps identified in internet protocol IPsec

    Researchers have demonstrated that the Internet protocol “IPsec” is vulnerable to attacks. The Internet Key Exchange protocol “IKEv1,” which is part of the protocol family, has vulnerabilities that enable potential attackers to interfere with the communication process and intercept specific information.

  • CybersecurityMicroprocessor designers realize security must be a primary concern

    By Mark Hempstead

    Fifty years after the founding of Intel, engineers have begun to second-guess many of the chip-making industry’s design techniques. Recently, security researchers have found that some innovations have let secrets flow freely out of computer hardware the same way software vulnerabilities have led to cyberattacks and data breaches. This realization has led to calls from microchip industry leaders, including icons John Hennessy and David Patterson, for a complete rethinking of computer architecture to put security first. Identifying and securing these newly identified hardware vulnerabilities and side-channels will be challenging, but the work is important – and a reminder that designers and architects must always think about other ways attackers might try to compromise computer systems.

  • Internet infrastructureBuried internet infrastructure at risk as sea levels rise

    Thousands of miles of buried fiber optic cable in densely populated coastal regions of the United States may soon be inundated by rising seas, according to a new study. The study, presented at a meeting of internet network researchers, portrays critical communications infrastructure that could be submerged by rising seas in as soon as fifteen years. “Most of the damage that’s going to be done in the next 100 years will be done sooner than later,” says Ban authority on the “physical internet.” “That surprised us. The expectation was that we’d have 50 years to plan for it. We don’t have 50 years.”

  • CybersecurityBetter detection, analysis of malicious attacks

    DHS S&T has selected Cyber 20/20, Inc. of Newark, Delaware to develop security capabilities for financial services as part of S&T’s Silicon Valley Innovation Program (SVIP). Cyber 20/20’s project—Trained Using Runtime Analysis from Cuckoo Outputs (TURACO)—expands the capabilities of Cuckoo, an open-source sandbox, to better detect and analyze malicious attacks.

  • CybersecurityMore secure blockchain applications

    Health IT interoperability has been an elusive goal, with data silos between hospitals, clinics, pharmacies, and payers making exchange of information difficult. Vanderbilt engineers have successfully developed and validated the feasibility of blockchain-based technologies for secure, confidential sharing of patient medical records in a case study that demonstrates how blockchain could solve a huge healthcare challenge.

  • CybersecurityMapping DHS’s new cybersecurity strategy, highlighting S&T’s R&D support

    Last month at a cybersecurity conference, Homeland Security Secretary Kirstjen Nielsen previewed the May unveiling of DHS’s new cybersecurity strategy and issued a stern warning to cybercriminals. The new DHS Cybersecurity Strategy was released 15 May. Nielsen said: “I have a news flash for America’s adversaries: Complacency is being replaced by consequences. We will not stand on the sidelines while our networks are compromised. We will not abide the theft of our data, our innovation and our resources. And we will not tolerate cyber meddling aimed at the heart of our democracy.”

  • CybersecurityMobile security messages 20 percent more effective if warnings vary in appearance

    Using brain data, eye-tracking data and field-study data, researchers have confirmed something about our interaction with security warnings on computers and phones: the more we see them, the more we tune them out. But the major study also finds that slight changes to the appearance of warnings help users pay attention to and adhere to warnings 20 percent more of the time.

  • Cyberspace & the lawCyber and international law in the 21st century

    “Cyber space is not – and must never be – a lawless world. It is the U.K.’s view that when states and individuals engage in hostile cyber operations, they are governed by law just like activities in any other domain,” said the U.K. Attorney General Jeremy Wright, QC MP, on 23 May 2018, setting out, for the first time, the U.K.’s position on applying international law to cyberspace. “What this means is that hostile actors cannot take action by cyber means without consequence, both in peacetime and in times of conflict. States that are targeted by hostile cyber operations have the right to respond to those operations in accordance with the options lawfully available to them and that in this as in all things, all states are equal before the law.”

  • Cyberspace & the lawFailing to keep pace: The cyber threat and its implications for our privacy laws

    “The time has come — indeed, if it has not already passed — to think seriously about some fundamental questions with respect to our reliance on cyber technologies: How much connected technology do we really want in our daily lives? Do we want the adoption of new connected technologies to be driven purely by innovation and market forces, or should we impose some regulatory constraints?” asked NSA General Counsel Glenn Gerstell in a Wednesday presentation at Georgetown University. “Although we continue to forge ahead in the development of new connected technologies, it is clear that the legal framework underpinning those technologies has not kept pace. Despite our reliance on the internet and connected technologies, we simply haven’t confronted, as a U.S. society, what it means to have privacy in a digital age.”

  • CybersecurityDHS S&T awards first Phase 4 award for IOT security

    Atlanta-based Ionic Security is the first company to successfully complete prototype testing and move to the pilot deployment phase as part of DHS S&T’s Silicon Valley Innovation Program (SVIP). SVIP offers up to $800,000 in non-dilutive funding to eligible companies.