• CybersecurityIn our Wi-Fi world, the internet still depends on undersea cables

    By Nicole Starosielski

    Not many people realize that undersea cables transport nearly 100 percent of transoceanic data traffic. These lines are laid on the very bottom of the ocean floor. They’re about as thick as a garden hose and carry the world’s Internet, phone calls and even TV transmissions between continents at the speed of light. A single cable can carry tens of terabits of information per second. The cables we all rely on to send everything from e-mail to banking information across the seas remain largely unregulated and undefended. Any single cable line has been and will continue to be susceptible to disruption. And the only way around this is to build a more diverse system, because the thing that protects global information traffic is the fact that there’s some redundancy built into the system. But as things are, even though individual companies each look out for their own network, there is no economic incentive or supervisory body to ensure the global system as a whole is resilient. If there’s a vulnerability to worry about, this is it.

  • Infrastructure protectionPNNL to help DHS address critical infrastructure vulnerabilities

    The Department of Energy’s Pacific Northwest National Laboratory (PNNL) has been named a supporting laboratory to the National Infrastructure Simulation and Analysis Center (NISAC). NISAC is a Department of Homeland Security (DHS) program which addresses the potential vulnerabilities and consequences of disruption of U.S. critical infrastructure. PNNL says it will contribute advanced computer modeling and simulation capabilities to look at the dependencies, interdependencies, vulnerabilities, and complexities of important critical infrastructure sectors such as dams, water, transportation, energy, and information technology.

  • CybersecurityNSF awards $74.5 million to 257 interdisciplinary cybersecurity research projects

    The NSF the other day announced the awarding $74.5 million in research grants through the NSF Secure and Trustworthy Cyberspace (SaTC) program. In total, the SaTC investments include a portfolio of 257 new projects to researchers in thirty-seven states. The largest, multi-institutional awards include research better to understand and offer reliability to new forms of digital currency known as cryptocurrencies, which use encryption for security; invent new technology to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the “science of censorship resistance” by developing accurate models of the capabilities of censors.

  • CybersecurityTwo new projects tackle e-mail security

    In the early, halcyon days of the Internet, researchers were more interested in sharing information rather than securing it. Now, decades later, securing the world’s most widely used medium for business communication is a full-time job for researchers and IT specialists around the globe. The modern working world cannot exist without e-mail, but hackers exploit this vital service to steal money and valuable information. The National Institute of Standards and Technology (NIST) is tackling this threat with two new projects.

  • CybersecurityStrengthening U.S. cybersecurity capabilities by bolstering cyber defense, deterrence

    Top officials from the Defense Department and the intelligence community told a Senate panel that defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities. Director of National Intelligence James R. Clapper said that for the third year in a row, cyberthreats headed the list of threats reported in the annual National Intelligence Worldwide Threat Assessment. “Although we must be prepared for a large Armageddon-scale strike that would debilitate the entire U.S. infrastructure, that is not … the most likely scenario,” Clapper said. Rather, the primary concern is low- to moderate-level cyberattacks from a growing range of sources that will continue and probably expand, adding that in the future he expects to see more cyber operations that manipulate electronic information to compromise its integrity, as opposed to deleting or disrupting access to it.

  • Mobile securityDHS S&T awards $10.4 million in mobile security research contracts

    The mobile technology industry has continuously expanded with new devices and apps, allowing people to simplify how and where business is conducted. While increasing the use of mobile technology can enhance productivity, improved security is needed to ensure that sensitive information is not at risk to current and emerging cyber threats. DHS S&T the other day announced $10.4 million in cybersecurity Mobile Technology Security (MTS) research and development (R&D) awards to enhance the security of mobile devices for the federal government.

  • view counter
  • CybersecurityFederally funded network anomaly-detection technology licensed to Ernst & Young

    The Transition to Practice (TTP) program, established in 2012 as part of S&T’s Cybersecurity Division, looks to transition federally funded cybersecurity technologies from the laboratory to enterprise consumers. S&T the other day announced that the PathScan technology, a network anomaly-detection tool developed by Los Alamos National Laboratory, has been licensed to Ernst & Young LLP (EY).

  • CybersecurityU.S. should promote international cybersecurity standardization: Interagency report

    A new draft report by an interagency working group lays out objectives and recommendations for enhancing the U.S. government’s coordination and participation in the development and use of international standards for cybersecurity. The report recommends the government make greater effort to coordinate the participation of its employees in international cybersecurity standards development to promote the cybersecurity and resiliency of U.S. information and communications systems and supporting infrastructures. These efforts should include increased training, collaborating with private industry and working to minimize risks to privacy.

  • CybersecurityNew tool to improve government computer network security

    Researchers have developed a computer network security tool to help government agencies, along with state and local governments. The software-based technology, known as the Network Mapping System (NeMS), discovers and characterizes computer networks. “It is important to know what you have on your networks, so that you can decide what best practices to apply,” says one of the researchers.

  • CybersecurityD.C.-area becoming the Silicon Valley of cybersecurity

    A recent string of multi-billion dollar cybersecurity acquisitions in the greater Washington, D.C. metro area has led to the region being seen as a major hotbed for the industry. Spending by the Department of Defense (DOD) and a number of federal agencies has led to big contracts for many in the region, fuelling much of the growth. As the DOD focuses more of its budget on cyber issues and defense, the market has grown. “The D.C./NoVA/MD area, also known as the Cyber Corridor, is becoming the Silicon Valley of security,” say the CEO of one cybersecurity firm.

  • Cyber businessPentagon to invest in Silicon Valley tech startups to help develop advanced cyber solutions

    The Pentagon will begin to invest in Silicon Valley tech startups as part of the department’s plan to develop and acquire more advanced cyber solutions to secure the country and military’s digital infrastructure. The investments will be made through In-Q-Tel, a nonprofit strategic investing firm the Central Intelligence Agency launched sixteen years ago. In-Q-Tel does not invest in companies alone, but rather relies on traditional venture firms to partner and contribute the lion’s share of the funding, so having them on board is critical for the program’s success.

  • CybersecurityComputer engineers battle malicious bots

    Defending Web sites from malicious intruder bots is not unlike fighting viruses: neutralize them and they reinvent themselves, finding new ways to penetrate. IT security designers, however, still hold an advantage over some automated programs masquerading as people. To date, there are human abilities too complex to imitate. Exploiting that weakness is central to an Internet security technology developed by researchers who have come up with a new method for distinguishing humans from computers. Their next-gen CAPTCHA — a brief test that computer users must pass in order to access a Web site — requires viewers to identify text, but presents it in video animation rather than in the distorted, static letters users now identify and reproduce to gain admittance.

  • SurveillanceNSA’s recruitment effort challenged by Snowden leaks, private sector competition

    The NSA employs roughly 35,000 people nationwide and anticipates on recruiting at least 1,000 workers each year. For 2015, the agency needs to find 1,600 recruits, hundreds of whom must come from highly specialized fields like computer science and mathematics. The agency has been successful so far, but still faces recruitment challenges in the aftermath of the Edward Snowden revelations and competition from private sector firms who offer recruits much higher salaries.

  • CybersecurityAir-gapped computer systems can be hacked by using heat: Researchers

    Computers and networks are air-gapped – that is, kept approximately fifteen inches (40 cm) apart — when they need to be kept highly secure and isolated from unsecured networks, such as the public Internet or an unsecured local area network. Typically, air-gapped computers are used in financial transactions, mission critical tasks, or military applications. Israeli researchers have discovered a new method, called BitWhisper, to breach air-gapped computer systems. The new method enables covert, two-way communications between adjacent, unconnected PC computers using heat – meaning that hackers to hack information from inside an air-gapped network, as well as transmit commands to it.

  • CybersecurityIT security spending grows, but confidence in cyber protection measures does not

    A new report looking at how organizations view the future of cyberthreats and these organizations’ current defenses, found that while IT spending is increasing, confidence in the efficacy of cyber protection is declining. In a survey of more than 800 IT security leaders and professionals, the report found that more than 70 percent of respondents’ networks had been breached in 2014 — a 62 percent increase from 2013. Security concerns are only going to increase as the number of Internet connected devices increase from fourteen billion today to fifty billion by 2020.