• Problems using mobile technologies in public health care

    Many health care providers in remote locations around the world are actively using newer mobile technologies like text messaging and fingerprint identification to deliver important services and timely information to their patients. While the efforts are well-intended, two new studies find that such approaches need to be closely monitored to make sure they are meeting targeted goals. The two recently published studies identified multiple problems integrating mobile technologies into public health care.

  • Significance vulnerabilities discovered in high-performance computer chips

    Researchers have uncovered significant and previously unknown vulnerabilities in high-performance computer chips that could lead to failures in modern electronics. The researchers found they could damage the on-chip communications system and shorten the lifetime of the whole computer chip significantly by deliberately adding malicious workload.

  • Answering the pressing cyber-risk economics questions

    When it comes to improving the cybersecurity posture of the U.S. critical infrastructure and vital data assets, there are a host of questions that need to be answered before actionable cybersecurity risk-management strategies can be developed and resources deployed.

  • Strict password policies help prevent fraud

    The all-too-common practice of using the same email address/password combination to log into multiple websites can be damaging, especially for employers with many users and valuable assets protected by passwords, like universities. Researchers show that longer minimum passwords are the most effective way to prevent password reuse and reduce potential exposure in a third-party data breach.

  • S&T awards $11.6 million to defend against network, internet disruptions

    Five research organizations were awarded separate contracts totaling $11,511,565 to develop new methods to identify and attribute Network/Internet-scale Disruptive Events (NIDEs), the DHS S&T announced last week.

  • Dojo by BullGuard establishes lab at Cyber@BGU

    Dojo by BullGuard, an Internet of Things (IoT) security specialist, and BGN Technologies, the technology transfer company of Ben-Gurion University of the Negev (BGU), have announced a partnership to develop advanced technologies for automated IoT threat detection, employing artificial intelligence and machine learning algorithms.

  • Germany creates cybersecurity R&D agency

    The German government today (Wednesday) announced the creation of a new federal agency to develop cutting-edge cyber defense technology. The agency would resemble the U.S. Defense Advanced Research Projects Agency (DARPA), which is credited with developing the early internet and GPS. The German agency, unlike DARPA, will focus on cyber defense ad cyber protection. DARPA’s range of defense-related research and development is much broader.

  • Making electronic documents more trustworthy

    Today, the expeditious delivery of electronic documents, messages, and other data is relied on for everything from communications to navigation. As the near instantaneous exchange of information has increased in volume, so has the variety of electronic data formats–from images and videos to text and maps. Verifying the trustworthiness and provenance of this mountain of electronic information is an exceedingly difficult task – especially since the software used to process electronic data is error-prone and vulnerable to exploitation through maliciously crafted data inputs, opening the technology and its underlying systems to compromise.

  • Security gaps identified in internet protocol IPsec

    Researchers have demonstrated that the Internet protocol “IPsec” is vulnerable to attacks. The Internet Key Exchange protocol “IKEv1,” which is part of the protocol family, has vulnerabilities that enable potential attackers to interfere with the communication process and intercept specific information.

  • Microprocessor designers realize security must be a primary concern

    Fifty years after the founding of Intel, engineers have begun to second-guess many of the chip-making industry’s design techniques. Recently, security researchers have found that some innovations have let secrets flow freely out of computer hardware the same way software vulnerabilities have led to cyberattacks and data breaches. This realization has led to calls from microchip industry leaders, including icons John Hennessy and David Patterson, for a complete rethinking of computer architecture to put security first. Identifying and securing these newly identified hardware vulnerabilities and side-channels will be challenging, but the work is important – and a reminder that designers and architects must always think about other ways attackers might try to compromise computer systems.

  • Buried internet infrastructure at risk as sea levels rise

    Thousands of miles of buried fiber optic cable in densely populated coastal regions of the United States may soon be inundated by rising seas, according to a new study. The study, presented at a meeting of internet network researchers, portrays critical communications infrastructure that could be submerged by rising seas in as soon as fifteen years. “Most of the damage that’s going to be done in the next 100 years will be done sooner than later,” says Ban authority on the “physical internet.” “That surprised us. The expectation was that we’d have 50 years to plan for it. We don’t have 50 years.”

  • Better detection, analysis of malicious attacks

    DHS S&T has selected Cyber 20/20, Inc. of Newark, Delaware to develop security capabilities for financial services as part of S&T’s Silicon Valley Innovation Program (SVIP). Cyber 20/20’s project—Trained Using Runtime Analysis from Cuckoo Outputs (TURACO)—expands the capabilities of Cuckoo, an open-source sandbox, to better detect and analyze malicious attacks.

  • More secure blockchain applications

    Health IT interoperability has been an elusive goal, with data silos between hospitals, clinics, pharmacies, and payers making exchange of information difficult. Vanderbilt engineers have successfully developed and validated the feasibility of blockchain-based technologies for secure, confidential sharing of patient medical records in a case study that demonstrates how blockchain could solve a huge healthcare challenge.

  • Mapping DHS’s new cybersecurity strategy, highlighting S&T’s R&D support

    Last month at a cybersecurity conference, Homeland Security Secretary Kirstjen Nielsen previewed the May unveiling of DHS’s new cybersecurity strategy and issued a stern warning to cybercriminals. The new DHS Cybersecurity Strategy was released 15 May. Nielsen said: “I have a news flash for America’s adversaries: Complacency is being replaced by consequences. We will not stand on the sidelines while our networks are compromised. We will not abide the theft of our data, our innovation and our resources. And we will not tolerate cyber meddling aimed at the heart of our democracy.”

  • Mobile security messages 20 percent more effective if warnings vary in appearance

    Using brain data, eye-tracking data and field-study data, researchers have confirmed something about our interaction with security warnings on computers and phones: the more we see them, the more we tune them out. But the major study also finds that slight changes to the appearance of warnings help users pay attention to and adhere to warnings 20 percent more of the time.