-
Bolstering the security of inter-domain routing
Since the creation of the internet, the Border Gateway Protocol (BGP) has been the default routing protocol to route traffic among organizations (Internet Service Providers [ISPs] and Autonomous Systems [ASes])). While the BGP protocol performs adequately in identifying viable paths that reflect local routing policies and preferences to destinations, the lack of built-in security allows the protocol to be exploited. To improve the security of inter-domain routing traffic exchange, NIST has begun development of a Special Publication (SP 800-189 – in preparation) that provides security recommendations for the use of Inter-domain protocols and routing technologies.
-
-
DHS S&T’s Transition to Practice program unveils 2017 cohort
Eight new cybersecurity technologies developed by researchers at federally funded laboratories and academic research centers are ready for the commercial market. DHS S&T’s Transition to Practice (TTP) program will showcase its 2017 cohort 16 May in Washington. D.C.
-
-
New executive order on cybersecurity highlights need for deterrence, protection of key industries
President Trump’s new executive order on cybersecurity for federal computer networks and key elements of the country’s infrastructure – such as the electricity grid and core communications networks – builds meaningfully on the work of the Obama administration. Cybersecurity is ultimately an exercise in risk management. Given the range of possible threats and the pace at which they may appear, it is impossible to protect everything, everywhere, all the time. But it is possible to make sure that the most valuable resources (such as particular networks and systems, or specific data) are properly protected by, at minimum, good cyber-hygiene – and ideally, more. Overall, the order is a solid document, with guidance that is both measured and clear. Key to its success – and ultimately to the country’s security in cyberspace – will be the relationship the government builds with private industry. Protecting the country won’t be possible without both groups working in tandem.
-
-
The Darknet offers more robust protection against attacks
Researchers have discovered why cyberattacks usually fail against the Darknet, a part of the internet that guarantees users’ privacy and anonymity. This hidden network is used for sensitive and often illegal purposes such as drug trafficking or exchanging child pornography and can counter large attacks on its own by spontaneously adding more network capacity.
-
-
Internet Atlas maps the physical elements of the internet to enhance security
Despite the internet-dependent nature of our world, a thorough understanding of the internet’s physical makeup has only recently emerged. Researchers have developed Internet Atlas, the first detailed map of the internet’s structure worldwide. Though the physical elements of the internet may be out of sight for the average user, they are crucial pieces of the physical infrastructure that billions of people rely on.
-
-
2017 Cyber Defense Competition tests infrastructure vulnerability
More than 100 college and high school students from nine states honed their cyber defense skills against experts at the U.S. Department of Energy’s (DOE) Argonne National Laboratory during Argonne’s second annual Collegiate Cyber Defense Competition. In the competition, fifteen college teams defended mock electrical and water utilities from the repeated cyberattacks of a team of experts from Argonne, the Illinois and Wisconsin National Guard, and the technology industry.
-
-
House kills web privacy protections; ISPs free to collect, sell customers’ information
The House of Representative on Tuesday voted 215 to 205 kill the privacy rules, formulated by the FCC, which were aimed at preventing internet service providers (ISPs) from selling their customers’ web browsing histories and app usage to advertisers. Without these protections, Comcast, Verizon, AT&T, and other ISPs will have complete freedom to collect information about their customers’ browsing and app-usage behavior, then sell this information to advertisers.
-
-
New brain-inspired cybersecurity system detects “bad apples” 100 times faster
Cybersecurity is critical — for national security, corporations and private individuals. Sophisticated cybersecurity systems excel at finding “bad apples” in computer networks, but they lack the computing power to identify the threats directly. These limits make it easy for new species of “bad apples” to evade modern cybersecurity systems. And security analysts must sort the real dangers from false alarms. The Neuromorphic Cyber Microscope, designed by Lewis Rhodes Labs in partnership with Sandia National Laboratories, directly addresses this limitation. Due to its brain-inspired design, it can look for the complex patterns that indicate specific “bad apples,” all while using less electricity than a standard 60-watt light bulb.
-
-
“Lip password” uses a person’s lip motions to create a password
The use of biometric data such as fingerprints to unlock mobile devices and verify identity at immigration and customs counters are used around the world. Despite its wide application, one cannot change the scan of their fingerprint. Once the scan is stolen or hacked, the owner cannot change his/her fingerprints and has to look for another identity security system. Researchers have invented a new technology called “lip motion password” (lip password) which utilizes a person’s lip motions to create a password.
-
-
RAND study examines 200 real-world “Zero-Day” software vulnerabilities
Zero-day software vulnerabilities – security holes that developers haven’t fixed or aren’t aware of – can lurk undetected for years, leaving software users particularly susceptible to hackers. A new study from the RAND Corporation, based on rare access to a dataset of more than 200 such vulnerabilities, provides insights about what entities should do when they discover them.
-
-
Simulated ransomware attack highlights vulnerability of industrial controls
Ransomware generated an estimated $200 million for attackers during the first quarter of 2016, and the researchers believe it’s only a matter of time before critical industrial systems are compromised and held for ransom. Cybersecurity have developed a new form of ransomware that was able to take over control of a simulated water treatment plant. After gaining access, the researchers were able to command programmable logic controllers (PLCs) to shut valves, increase the amount of chlorine added to water, and display false readings. The simulated attack was designed to highlight vulnerabilities in the control systems used to operate industrial facilities such as manufacturing plants, water and wastewater treatment facilities, and more.
-
-
Cybersecurity degree approved for Kennesaw State
The cybersecurity field in the U.S. will need an additional 1.5 million workers by the year 2020. The Board of Regents of the University System of Georgia on Tuesday approved an online Bachelor of Science in Cybersecurity at Kennesaw State University. The cybersecurity major includes elements of information technology, information security and assurance, and criminal justice, giving students a combination of technical knowledge and information security management skills.
-
-
How Florida is helping train the next generation of cybersecurity professionals
Our increasingly connected and digital world is vulnerable to attack and needs more skilled professionals who know how to defend it. As connected devices proliferate, particularly smart devices creating what has been called the “Internet of Things,” the problem is getting worse. While we don’t know where and when the next cyber threats will arise, we can be sure that our society’s use of and demand for digital connections will only grow. As a result, we’ll also see the demand for cybersecurity professionals rise – and the opportunities for new ways of thinking, learning and collaborating.
-
-
Center for Long-Term Cybersecurity unveils 2017 research grantees
The Center for Long-Term Cybersecurity (CLTC) has announce the recipients of its 2017 research grants. In total, twenty-seven different groups of researchers will share a total of nearly $1 million in funding. CLTC says that the projects span a wide range of topics related to cybersecurity, including new methods for making crypto-currencies more secure; protecting health information stored on mobile devices; teaching high-school computer science students how to “program for privacy”; and exploring potential limits on the use of digital controls in nuclear reactors.
-
-
Protecting quantum computing networks against hackers
As we saw during the 2016 U.S. election, protecting traditional computer systems, which use zeros and ones, from hackers is not a perfect science. Now consider the complex world of quantum computing, where bits of information can simultaneously hold multiple states beyond zero and one, and the potential threats become even trickier to tackle. Even so, researchers have uncovered clues that could help administrators protect quantum computing networks from external attacks.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.