• Maryland creates fund to support cybersecurity startups

    The Maryland Technology Development Corporation, (TEDCO) an independent public organization founded by the Maryland General Assemblyand funded by the state, has created a $1 million fund to invest in startups developing new cybersecurity technologies.

  • DHS receives top FISMA score for the second year in a row

    DHS has received the top score in the annual Federal Information Security Management Act (FISMA), making it the only agency to achieve a score of ninety-nine two years in a row. The act, passed in 2002, requires the Office of Management and Budget to report on federal agencies’ implementation of set processes designed to secure federal IT infrastructures.Analysts credit the achievement to DHS’ Office of Inspector General’s (OIG) push for continuous monitoring of IT systems and standards. The OIG uses commercial vulnerability scanning tools and open source management software to form a system that routinely scans the agency’s networks for compliance with FISMA metrics.

  • Research identifies Android security weaknesses caused by performance design

    Researchers have identified a weakness in one of Android’s security features. Their research, titled Abusing Performance Optimization Weaknesses to Bypass ASLR, identifies an Android performance feature that weakens a software protection called Address Space Layout Randomization (ASLR), leaving software components vulnerable to attacks that bypass the protection. The work is aimed at helping security practitioners identify and understand the future direction of such attacks.

  • “Marked ghost imaging” offers enhanced security for data storage, transmission

    Ghost imaging” sounds like the spooky stuff of frivolous fiction, but it is an established technique for reconstructing hi-res images of objects partly obscured by clouds or smoke. Now researchers are applying the same idea in reverse to securing stored or shared electronic data. Their work establishes “marked ghost imaging” technology as a new type of multi-layer verification protocol for data storage or transmission.

  • A first: San Francisco to feature encrypted Wi-Fi service

    The Chief Information Officer (CIO) for the city of San Francisco has announced that the city will implement a small, free Wi-Fi spot within the city which will offer encrypted service and, it is hoped, usher in a new standard for other urban centers.

  • DARPA’s Cyber Grand Challenge aims to see fully automated network security systems developed

    There is an increasingly serious cybersecurity problem: the inadequacy of current network security systems, which require expert programmers to identify and repair system weaknesses — typically after attackers have taken advantage of those weaknesses to steal data or disrupt processes. Such disruptions pose greater risks than ever as more and more devices, including vehicles and homes, get networked in what has become known as “the Internet of things.” DARPA is addressing this problem, with teams from around the world starting a two-year track toward the world’s first tournament of fully automated network security systems. Computer security experts from academia, industry, and the larger security community have organized themselves into more than thirty teams to compete in DARPA’s Cyber Grand Challenge — first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched.

  • West Point wins Cyber Defense Exercise, launches Army Cyber Institute

    The U.S. Military Academy at West Point has won the annual Cyber Defense Exercise (CDX) which brought together senior cadets from the five service academies for a 4-day battle to test their cybersecurity skills against the National Security Agency’s (NSA) top information assurance professionals. West Point’s win comes just as the academy announced plans for its Army Cyber Institute(ACI), intended to develop elite cyber troops for the Pentagon.

  • British intelligence agency promotes cybersecurity education

    As part of its national cybersecurity strategy to “derive huge economic and social value from a vibrant, resilient, and secure cyberspace,” the United Kingdom will issue certifications to colleges and universities offering advanced degrees in cybersecurity. The British intelligence agency, Government Communications Headquarters(GCHQ), has notified various institutions to apply for certification by 20 June 2014. Students who complete the approved courses will carry a “GCHQ-certified degree.”

  • DHS repairing internal security operations

    Last week DHS announced plans to overhaul its security operations center (SOC), the organization which protects DHS’ internal networks, and deploy a Next Generation Enterprise Security Operations Center (NextGen ESOC) which will incorporate state-of-the-art SOC technologies, concepts, and capabilities to address future security needs.

  • Delaware launches cyber initiative

    Delaware is joining the number of states that have decided to invest in a statewide cybersecurity workforce to combat the growing threat of cyberattacks directed at both private and public institutions.Delaware hopes its cyber initiative will accelerate current efforts to develop a stronger cyber workforce. The Delaware Cyber Initiative proposes $3 million for a collaborative learning and research network in the form of part research lab, part business park, dedicated to cyber innovation.

  • Howard County, Md. attracts cybersecurity firms

    Howard County, Maryland boasts a growing presence of cybersecurity firms and specialists at a time when the industry is gaining attention. The proximity of the county to government agencies has helped cybersecurity firms gain federal contracts, and the proximity of large cybersecurity consumers like the NSA offers cybersecurity firms in Howard County a large pool of cybersecurity specialists to select from when NSA employees decide to shift to the private sector.

  • Washington, D.C. area leads nation in cybersecurity jobs

    The Washington, D.C metropolitan area had more than 23,000 cybersecurity job postings in 2013, making the region the leading destination for cybersecurity jobs, followed by the New York metro area with 15,000 cybersecurity job postings in 2013. On a state-by state basis, Virginia ranks second and Maryland ranks sixth, with Virginia reporting 25.1 cybersecurity job postings per 10,000 residents and Maryland posting 18.1 jobs per 10,000 residents.

  • Ukrainian computer systems attacked by sophisticated malware with "Russian roots"

    Ukrainian computer systems and networks have been targeted by at least twenty-two attacks launched by “committed and well-funded professionals” since January 2013, defense contractor BAE Systems found. BAE declined to identify the source of the attacks, but a German company said the espionage software has “Russian roots.” The malware design “suggests that attackers possess an arsenal of infiltration tools and bears all the hallmarks of a highly sophisticated cyber operation,” the BAE report said.

  • FERC orders development of physical security standards for transmission grid

    The Federal Energy Regulatory Commission (FERC) on Friday directed the North American Electric Reliability Corporation (NERC) to develop reliability standards requiring owners and operators of the Bulk-Power System to address risks due to physical security threats and vulnerabilities.

  • BGU startup Titanium Core wins Cybertition cyber security competition

    Ben-Gurion University of the Negev startup Titanium Core won the first Jerusalem Venture Partners (JVP)-sponsored Cybertition cyber security competition. Titanium Core uses a multilayered security approach to repel attacks on mission-critical systems, provide real-time attack information, and prevent threats from moving onto other computer systems. The company will receive $1 Million investment from JVP and space in the JVP Cyber Labs incubator, located in the cyber center in Beer-Sheva, adjacent to Ben-Gurion University.