Network security | Homeland Security Newswire

  • CybersecurityMicroprocessor designers realize security must be a primary concern

    By Mark Hempstead

    Fifty years after the founding of Intel, engineers have begun to second-guess many of the chip-making industry’s design techniques. Recently, security researchers have found that some innovations have let secrets flow freely out of computer hardware the same way software vulnerabilities have led to cyberattacks and data breaches. This realization has led to calls from microchip industry leaders, including icons John Hennessy and David Patterson, for a complete rethinking of computer architecture to put security first. Identifying and securing these newly identified hardware vulnerabilities and side-channels will be challenging, but the work is important – and a reminder that designers and architects must always think about other ways attackers might try to compromise computer systems.

  • Internet infrastructureBuried internet infrastructure at risk as sea levels rise

    Thousands of miles of buried fiber optic cable in densely populated coastal regions of the United States may soon be inundated by rising seas, according to a new study. The study, presented at a meeting of internet network researchers, portrays critical communications infrastructure that could be submerged by rising seas in as soon as fifteen years. “Most of the damage that’s going to be done in the next 100 years will be done sooner than later,” says Ban authority on the “physical internet.” “That surprised us. The expectation was that we’d have 50 years to plan for it. We don’t have 50 years.”

  • CybersecurityBetter detection, analysis of malicious attacks

    DHS S&T has selected Cyber 20/20, Inc. of Newark, Delaware to develop security capabilities for financial services as part of S&T’s Silicon Valley Innovation Program (SVIP). Cyber 20/20’s project—Trained Using Runtime Analysis from Cuckoo Outputs (TURACO)—expands the capabilities of Cuckoo, an open-source sandbox, to better detect and analyze malicious attacks.

  • CybersecurityMore secure blockchain applications

    Health IT interoperability has been an elusive goal, with data silos between hospitals, clinics, pharmacies, and payers making exchange of information difficult. Vanderbilt engineers have successfully developed and validated the feasibility of blockchain-based technologies for secure, confidential sharing of patient medical records in a case study that demonstrates how blockchain could solve a huge healthcare challenge.

  • CybersecurityMapping DHS’s new cybersecurity strategy, highlighting S&T’s R&D support

    Last month at a cybersecurity conference, Homeland Security Secretary Kirstjen Nielsen previewed the May unveiling of DHS’s new cybersecurity strategy and issued a stern warning to cybercriminals. The new DHS Cybersecurity Strategy was released 15 May. Nielsen said: “I have a news flash for America’s adversaries: Complacency is being replaced by consequences. We will not stand on the sidelines while our networks are compromised. We will not abide the theft of our data, our innovation and our resources. And we will not tolerate cyber meddling aimed at the heart of our democracy.”

  • CybersecurityMobile security messages 20 percent more effective if warnings vary in appearance

    Using brain data, eye-tracking data and field-study data, researchers have confirmed something about our interaction with security warnings on computers and phones: the more we see them, the more we tune them out. But the major study also finds that slight changes to the appearance of warnings help users pay attention to and adhere to warnings 20 percent more of the time.

  • Cyberspace & the lawCyber and international law in the 21st century

    “Cyber space is not – and must never be – a lawless world. It is the U.K.’s view that when states and individuals engage in hostile cyber operations, they are governed by law just like activities in any other domain,” said the U.K. Attorney General Jeremy Wright, QC MP, on 23 May 2018, setting out, for the first time, the U.K.’s position on applying international law to cyberspace. “What this means is that hostile actors cannot take action by cyber means without consequence, both in peacetime and in times of conflict. States that are targeted by hostile cyber operations have the right to respond to those operations in accordance with the options lawfully available to them and that in this as in all things, all states are equal before the law.”

  • Cyberspace & the lawFailing to keep pace: The cyber threat and its implications for our privacy laws

    “The time has come — indeed, if it has not already passed — to think seriously about some fundamental questions with respect to our reliance on cyber technologies: How much connected technology do we really want in our daily lives? Do we want the adoption of new connected technologies to be driven purely by innovation and market forces, or should we impose some regulatory constraints?” asked NSA General Counsel Glenn Gerstell in a Wednesday presentation at Georgetown University. “Although we continue to forge ahead in the development of new connected technologies, it is clear that the legal framework underpinning those technologies has not kept pace. Despite our reliance on the internet and connected technologies, we simply haven’t confronted, as a U.S. society, what it means to have privacy in a digital age.”

  • CybersecurityDHS S&T awards first Phase 4 award for IOT security

    Atlanta-based Ionic Security is the first company to successfully complete prototype testing and move to the pilot deployment phase as part of DHS S&T’s Silicon Valley Innovation Program (SVIP). SVIP offers up to $800,000 in non-dilutive funding to eligible companies.

  • CybersecurityCybersecurity teams which do not interact much perform best

    Scientists recently found that the best, high-performing cybersecurity teams have relatively few interactions with their team-members and team captain. While this result may seem counterintuitive, it is actually consistent with major theoretical perspectives on professional team development.

  • CybersecurityTool measures individuals’ likelihood to fall for internet scams

    Researchers have developed an online questionnaire which measures a range of personality traits to identify individuals who are more likely to fall victim to internet scams and other forms of cybercrime. The psychometric tool asks participants to answer a range of questions in order to measure how likely they are to respond to persuasive techniques.

  • CybersecurityDeveloping secure mobile apps

    Mobile devices such as smartphones and tablets and the applications (apps) we load onto them have become indispensable to our daily lives—both personal and professional. However, mobile apps are susceptible to malware, ransomware, spyware, coding flaws and other attacks that could compromise personal data stored on the device. Apps also can be used to gain access to sensitive enterprise resources.

     

  • CybersecurityDHS S&T to demonstrate cyber technologies at RSA

    DHS S&T will exhibit and demonstrate thirteen mature cybersecurity technology solutions that are ready for pilot deployment and commercialization at the RSA 2018 cybersecurity conference, 16-19 April, in San Francisco.

  • Cyber-secure citiesNYC Secure launched: Cybersecurity initiative to protect New Yorkers online

    NYC Mayor de Blasio last week announced the launch of NYC Secure, a cybersecurity initiative aimed at protecting New Yorkers online. Using an evolving suite of solutions, NYC Secure will defend New Yorkers from malicious cyber activity on mobile devices, across public Wi-Fi networks, and beyond. The first NYC Secure programs will include a free City-sponsored smartphone protection app which, when installed, will issue warnings to users when suspicious activity is detected on their mobile devices.

  • Network vulnerability4G LTE networks vulnerability allows adversaries to send fake emergency alerts

    Researchers have identified several new vulnerabilities in 4G LTE networks, potentially allowing hackers to forge the location of a mobile device and fabricate messages. The vulnerabilities would allow adversaries to send fake emergency paging messages to a large number of devices, drain a victim device’s battery by forcing it to perform expensive cryptographic operations, disconnect a device from the core network, and more.