• Bug-bounty program to strengthen DHS cyber defenses

    Congress is considering a bill would establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – in order to strengthen cyber defenses at DHS by utilizing “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and data systems.

  • Bolstering the security of inter-domain routing

    Since the creation of the internet, the Border Gateway Protocol (BGP) has been the default routing protocol to route traffic among organizations (Internet Service Providers [ISPs] and Autonomous Systems [ASes])). While the BGP protocol performs adequately in identifying viable paths that reflect local routing policies and preferences to destinations, the lack of built-in security allows the protocol to be exploited. To improve the security of inter-domain routing traffic exchange, NIST has begun development of a Special Publication (SP 800-189 – in preparation) that provides security recommendations for the use of Inter-domain protocols and routing technologies.

  • DHS S&T’s Transition to Practice program unveils 2017 cohort

    Eight new cybersecurity technologies developed by researchers at federally funded laboratories and academic research centers are ready for the commercial market. DHS S&T’s Transition to Practice (TTP) program will showcase its 2017 cohort 16 May in Washington. D.C.

  • New executive order on cybersecurity highlights need for deterrence, protection of key industries

    President Trump’s new executive order on cybersecurity for federal computer networks and key elements of the country’s infrastructure – such as the electricity grid and core communications networks – builds meaningfully on the work of the Obama administration. Cybersecurity is ultimately an exercise in risk management. Given the range of possible threats and the pace at which they may appear, it is impossible to protect everything, everywhere, all the time. But it is possible to make sure that the most valuable resources (such as particular networks and systems, or specific data) are properly protected by, at minimum, good cyber-hygiene – and ideally, more. Overall, the order is a solid document, with guidance that is both measured and clear. Key to its success – and ultimately to the country’s security in cyberspace – will be the relationship the government builds with private industry. Protecting the country won’t be possible without both groups working in tandem.

  • The Darknet offers more robust protection against attacks

    Researchers have discovered why cyberattacks usually fail against the Darknet, a part of the internet that guarantees users’ privacy and anonymity. This hidden network is used for sensitive and often illegal purposes such as drug trafficking or exchanging child pornography and can counter large attacks on its own by spontaneously adding more network capacity.

  • Internet Atlas maps the physical elements of the internet to enhance security

    Despite the internet-dependent nature of our world, a thorough understanding of the internet’s physical makeup has only recently emerged. Researchers have developed Internet Atlas, the first detailed map of the internet’s structure worldwide. Though the physical elements of the internet may be out of sight for the average user, they are crucial pieces of the physical infrastructure that billions of people rely on.

  • 2017 Cyber Defense Competition tests infrastructure vulnerability

    More than 100 college and high school students from nine states honed their cyber defense skills against experts at the U.S. Department of Energy’s (DOE) Argonne National Laboratory during Argonne’s second annual Collegiate Cyber Defense Competition. In the competition, fifteen college teams defended mock electrical and water utilities from the repeated cyberattacks of a team of experts from Argonne, the Illinois and Wisconsin National Guard, and the technology industry.

  • House kills web privacy protections; ISPs free to collect, sell customers’ information

    The House of Representative on Tuesday voted 215 to 205 kill the privacy rules, formulated by the FCC, which were aimed at preventing internet service providers (ISPs) from selling their customers’ web browsing histories and app usage to advertisers. Without these protections, Comcast, Verizon, AT&T, and other ISPs will have complete freedom to collect information about their customers’ browsing and app-usage behavior, then sell this information to advertisers.

  • New brain-inspired cybersecurity system detects “bad apples” 100 times faster

    Cybersecurity is critical — for national security, corporations and private individuals. Sophisticated cybersecurity systems excel at finding “bad apples” in computer networks, but they lack the computing power to identify the threats directly. These limits make it easy for new species of “bad apples” to evade modern cybersecurity systems. And security analysts must sort the real dangers from false alarms. The Neuromorphic Cyber Microscope, designed by Lewis Rhodes Labs in partnership with Sandia National Laboratories, directly addresses this limitation. Due to its brain-inspired design, it can look for the complex patterns that indicate specific “bad apples,” all while using less electricity than a standard 60-watt light bulb.

  • “Lip password” uses a person’s lip motions to create a password

    The use of biometric data such as fingerprints to unlock mobile devices and verify identity at immigration and customs counters are used around the world. Despite its wide application, one cannot change the scan of their fingerprint. Once the scan is stolen or hacked, the owner cannot change his/her fingerprints and has to look for another identity security system. Researchers have invented a new technology called “lip motion password” (lip password) which utilizes a person’s lip motions to create a password.

  • RAND study examines 200 real-world “Zero-Day” software vulnerabilities

    Zero-day software vulnerabilities – security holes that developers haven’t fixed or aren’t aware of – can lurk undetected for years, leaving software users particularly susceptible to hackers. A new study from the RAND Corporation, based on rare access to a dataset of more than 200 such vulnerabilities, provides insights about what entities should do when they discover them.

  • Simulated ransomware attack highlights vulnerability of industrial controls

    Ransomware generated an estimated $200 million for attackers during the first quarter of 2016, and the researchers believe it’s only a matter of time before critical industrial systems are compromised and held for ransom. Cybersecurity have developed a new form of ransomware that was able to take over control of a simulated water treatment plant. After gaining access, the researchers were able to command programmable logic controllers (PLCs) to shut valves, increase the amount of chlorine added to water, and display false readings. The simulated attack was designed to highlight vulnerabilities in the control systems used to operate industrial facilities such as manufacturing plants, water and wastewater treatment facilities, and more.

  • Cybersecurity degree approved for Kennesaw State

    The cybersecurity field in the U.S. will need an additional 1.5 million workers by the year 2020. The Board of Regents of the University System of Georgia on Tuesday approved an online Bachelor of Science in Cybersecurity at Kennesaw State University. The cybersecurity major includes elements of information technology, information security and assurance, and criminal justice, giving students a combination of technical knowledge and information security management skills.

  • How Florida is helping train the next generation of cybersecurity professionals

    Our increasingly connected and digital world is vulnerable to attack and needs more skilled professionals who know how to defend it. As connected devices proliferate, particularly smart devices creating what has been called the “Internet of Things,” the problem is getting worse. While we don’t know where and when the next cyber threats will arise, we can be sure that our society’s use of and demand for digital connections will only grow. As a result, we’ll also see the demand for cybersecurity professionals rise – and the opportunities for new ways of thinking, learning and collaborating.

  • Center for Long-Term Cybersecurity unveils 2017 research grantees

    The Center for Long-Term Cybersecurity (CLTC) has announce the recipients of its 2017 research grants. In total, twenty-seven different groups of researchers will share a total of nearly $1 million in funding. CLTC says that the projects span a wide range of topics related to cybersecurity, including new methods for making crypto-currencies more secure; protecting health information stored on mobile devices; teaching high-school computer science students how to “program for privacy”; and exploring potential limits on the use of digital controls in nuclear reactors.