• CybersecurityAdvancing the science of cybersecurity

    Cyberattacks on corporations, agencies, national infrastructure and individuals have exposed the fragility and vulnerability of the internet and networked systems. Achieving truly secure cyberspace requires addressing both the technical vulnerabilities in systems, as well as those that arise from human behaviors and choices. NSF awards $70 million to support interdisciplinary cybersecurity research.

  • CybersecurityCybersecurity policy ideas for a new administration

    A new report, Cybersecurity Policy Ideas for a New Presidency, published by the UC Berkeley Center for Long-Term Cybersecurity (CLTC), aims to help the Trump administration prepare to tackle the complex challenge of cybersecurity. “This brief brochure reviews ideas we hope the incoming Trump administration will consider as it develops a new cybersecurity agenda,” the authors write. “We lay out options and programs — some simple, some less so — that the president should consider at each step in his first term.”

  • view counter
  • CybersecurityDHS releases Strategic Principles for Securing the Internet of Things

    DHS the other day issued a set of Strategic Principles for Securing the Internet of Things (IoT), Version 1.0. These principles highlight approaches and suggested practices to fortify the security of the IoT. They aim to equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems.

  • CybersecurityGermany launches broad cybersecurity strategy

    The German government on Wednesday adopted a new cybersecurity strategy to counter a rising number of threats targeting government institutions, critical infrastructure, businesses, and citizens. The new strategy was adopted in response to a dramatic increase in sophisticated cyberattacks originating in Russia and China. Chancellor Angela Merkel on Tuesday, and Interior Minister Thomas de Maziere on Wednesday, warned that Russia would be using hacking and disinformation campaign in an effort to influence next year’s election in Germany.

  • CybersecurityCyberSeek: An interactive resource for cybersecurity career information

    The U.S. rapidly growing cybersecurity jobs market has many more openings available than trained workers to fill them. For example, there are 128,000 positions for “Information Security Analysts,” but only 88,000 workers currently employed in those positions — a talent shortfall of 40,000 workers for cybersecurity’s largest jobs. Jobs requesting cloud security skills remain open ninety-six days on average — longer than any other IT skill. NIST last week introduced CyberSeek, an interactive online tool designed to make it easier for cybersecurity job seekers to find openings and for employers to identify the skilled workers they need.

  • Password securityReplacing vulnerable password with secure keystroke biometrics

    Lapses in computer security can be seen as downright negligent, in a time when major data breaches and leaks dominate international headlines on a regular basis. But it also draws attention to a more compelling question: just how secure are text-based passwords, really? Experts believe that there should be alternatives to the ubiquitous, text-based user authentication method – and that one such alternative is a new method of user authentication using keystroke biometrics.

  • CyberthreatsThe risk of cyber 9/11 or cyber Pearl Harbor exaggerated: Expert

    Addressing the implications of cybersecurity threats for the stability of international world order, an expert acknowledged that states will find it difficult to maintain cybersecurity in an increasingly porous and congested cyberspace, but said that cyber-experts exaggerate the threat to essential state infrastructures.

  • CybersecurityWhat CSPs can learn from the latest DDoS attacks

    Around the world, communications service providers (CSPs) and subscribers were affected by the 21 October 2016 DDoS attack, making it virtually impossible to reach many popular Web sites for several hours. Although CSPs weren’t targeted directly, they were still affected since the outages drove additional caching DNS traffic caused by the errors from failed DNS requests. This spike in traffic slowed overall network performance, likely driving up customer support call volumes from unhappy subscribers. The attacks highlighted the easily overlooked — yet vital — role that DNS plays on the Internet. An expert offers a few key steps CSPs can take to prepare for similar attacks in the future.

  • CybersecurityDHS S&T awards UCSD $1.4 million to measure Internet vulnerabilities

    DHS S&T has awarded $1,356,071 to UCSD to develop new capabilities better to enable cyber security researchers to measure the Internet’s vulnerabilities to cyberattacks. The award is part of S&T’s Cyber Security Division’s (CSD) larger Internet Measurement and Attack Modeling (IMAM) project.

  • CybersecurityShould NSA and cyber command have separate leadership?

    By Stuart Madnick

    The National Security Agency is the nation’s digital spying organization. U.S. Cyber Command is a military unit focused on cyberwarfare. Does it make sense for one person to lead them both at the same time? I believe that the NSA and Cyber Command should be under separate leadership, so each can pursue its mission with undivided focus and complete intensity. The NSA can gather intelligence. Cyber Command can defend our military networks and be ready to attack the systems of our enemies.

  • CybersecurityDHS awards U Texas San Antonio $3 million to develop, deliver cybersecurity training

    The Department of Homeland Security (DHS) has selected a team led by the University of Texas at San Antonio (UTSA) to develop and deliver cybersecurity training through the Continuing Training Grants (CTG) Program. The 2016 CTG is a $3 million grant to develop and deliver cybersecurity training to support the national preparedness goal to make the United States more secure and resilient.

  • CybersecurityNIST’s regional approach to addressing U.S. cybersecurity challenge

    NIST has awarded grants totaling nearly $1 million for five projects that are taking a community approach to addressing the U.S. shortage of skilled cybersecurity employees. The NIST-led National Initiative for Cybersecurity Education (NICE), a partnership among government, academia, and the private sector, will oversee the grants as part of its mission to support cybersecurity education, training, and workforce development.

  • Digital divideNorth Korea has only has 28 Web sites, mistakenly leaked official data reveals

    Launching an effective cyberwar against North Korea would be difficult because the secretive country has only twenty-eight registered domains. The information about the surprisingly small number of North Korean registered domains was the result of incorrect configuration of one of North Korea’s top-level name servers. The incorrect configuration made the server reveal a list of all the domain names under the domain .kp.

  • CybersecuritySetting up a decoy network to help deflect a hacker's hits

    Computer networks may never float like a butterfly, but information scientists suggest that creating nimble networks that can sense jabs from hackers could help deflect the stinging blows of those attacks. The researchers created a computer defense system that senses possible malicious probes of the network and then redirects that attack to a virtual network that offers little information about the real network.

  • CybersecurityA chip that checks for sabotage, flags defects

    With the outsourcing of microchip design and fabrication a worldwide, $350 billion business, bad actors along the supply chain have many opportunities to install malicious circuitry in chips. These Trojan horses look harmless but can allow attackers to sabotage healthcare devices; public infrastructure; and financial, military, or government electronics. Researchers are developing a unique solution: a chip with both an embedded module that proves that its calculations are correct and an external module that validates the first module’s proofs.