• Washington, D.C. area leads nation in cybersecurity jobs

    The Washington, D.C metropolitan area had more than 23,000 cybersecurity job postings in 2013, making the region the leading destination for cybersecurity jobs, followed by the New York metro area with 15,000 cybersecurity job postings in 2013. On a state-by state basis, Virginia ranks second and Maryland ranks sixth, with Virginia reporting 25.1 cybersecurity job postings per 10,000 residents and Maryland posting 18.1 jobs per 10,000 residents.

  • Blackstone to acquire Accuvant, an enterprise information security specialist

    Denver, Colorado-based Accuvant, a specialist in enterprise information security, has reached a definitive agreement under which Blackstone will acquire a majority stake in Accuvant as part of their private equity portfolio. The transaction is expected to close in April pending relevant regulatory approvals.

  • Platform for operating systems would outwit cyber criminals

    As smartphone use surges, consumers are just beginning to realize their devices are not quite as secure as they thought. A Swedish research team is working on a way to secure mobile operating systems so that consumers can be confident that their data is protected.

  • Experts call for a new organization to oversee grid’s cybersecurity

    In 2013, U.S. critical infrastructure companies reported about 260 cyberattacks on their facilities to the federal government. Of these attacks, 59 percent occurred in the energy sector. A new report proposes that energy companies should create an industry-led organization to deflect cyber threats to the electric grid. Modeled after the nuclear industry’s Institute of Nuclear Power Operations, the proposed organization, to be called the Institute for Electric Grid Cybersecurity, would oversee all the energy industry players that could compromise the electric grid if they came under a cyberattack.

  • NIST’s voluntary cybersecurity framework may be regarded as de facto mandatory

    The National Institute of Standards and Technology’s (NIST) voluntary cybersecurity frameworkissued in February establishes best practices for companies that support critical infrastructure such as banking and energy. Experts now warn that recommendations included in the framework may be used by courts, regulators, and even consumers to hold institutions accountable for failures that could have been prevented if the cybersecurity framework had been fully implemented by the respective institution.

  • University of Texas at San Antonio ranked top U.S. cybersecurity school

    The University of Texas at San Antonio (UTSA) ranks as the top school for cybersecurity courses and degree programs according to a Hewlett-Packard (HP)-sponsored surveyof 1,958 certified IT security professionals. The schools undergraduate and graduate programs received top marks for academic excellence and practical relevance.

  • CounterTack, developer of an end-point threat detection solution, closes out Series B funding at $15 million

    CounterTack, a developer of real-time endpoint threat detection solutions, has closed out its Series B financing round with an additional $3 million to complete a $15 million raised. With this extension, the Venture Capital unit of Siemens (SFS VC) joins CounterTack investors including Goldman Sachs, Fairhaven Capital, and a group of private financiers to fund an accelerated technology expansion and market delivery of CounterTack’s Sentinel platform.

  • CloudLock, a cloud security specialist, raises $16.5 million Series C round

    CloudLock, a cloud security specialist, has raised $16.5 million in a Series C funding round from new investor Bessemer Venture Partners, and participation of existing investors Cedar Fund and Ascent Venture Partners. The company says that 2013 saw continuing growth in adoption by cloud-bound organizations of the company’s people-centric security automation approach, with a pure SaaS content-aware and policy-based solution, by companies in different verticals, across multiple cloud platforms like Google Apps and Salesforce.

  • Skeptics doubt voluntary Cybersecurity Framework will achieve its goal

    The Framework for Improving Critical Infrastructure Cybersecurity, developedby NIST following Executive Order 13636to promote cybersecurity, has been received with both support and skepticism from critical infrastructure industries. The 41-page document, put together by industry and government experts, offers guidelines on cybersecurity standards and best practices to critical infrastructure firms. It says its role is to be a complement to industries’ existing risk management practices.Skepticssay that without incentives, legislation, or enforcement, the guidelines will not be adopted.”The marketplace will punish any company that implements anything that could be considered excessive security, because it will increase their costs,” says an industry insider.

  • Israeli defense company launches cybersecurity solutions section

    In recent months the Israel Aerospace Industries (IAI) has increased its cyberdefense-related activities. Esti Peshin, director of the company’s cyber section and a veteran of the IDF’s hush-hush sigint Unit 8200, says IAI is now developing solutions for clients in Israel and abroad. “We’re a start-up, but with the backing of a company that earns $3.5 billion a year,” she said. Ultimately, she implied, these defensive measures can be turned into offensive capabilities. “Intelligence is a subset of attack,” Peshin said. “This is, first of all, a national mission.”

  • New software obfuscation system a cryptography game changer

    A team of researchers has designed a system to encrypt software so that it only allows someone to use a program as intended while preventing any deciphering of the code behind it. This is known in computer science as “software obfuscation,” and it is the first time it has been accomplished. Previously developed techniques for obfuscation presented only a “speed bump,” forcing an attacker to spend some effort, perhaps a few days, trying to reverse-engineer the software. The new system puts up an “iron wall,” making it impossible for an adversary to reverse-engineer the software without solving mathematical problems that take hundreds of years to work out on today’s computers — a game-change in the field of cryptography.

  • Snowden’ leaks derailed important cybersecurity initiatives

    Edward Snowden’s leaks created such a climate of distrust around the NSA that many important cybersecurity initiatives died, stalled, or became non-starters. Security experts say that this is a case of throwing the baby out with the bathwater, and that the result of these stalled cybersecurity initiatives is that the United States is now more vulnerable to cyberattacks on its infrastructure, and government agencies and American corporations more exposed to sensitive information being compromised and stolen. U.S. officials have found it more difficult to respond to cyberattacks from Russia, China, and elsewhere. “All the things [the NSA] wanted to do are now radioactive, even though they were good ideas,” says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies(CSIS).

  • New state-of-the-art cybersecurity resource available to software developers

    Cybercrime is booming; it is an estimated $100 billion industry in the United States and shows no signs of slowing down. Attackers have an arsenal of weapons at their disposal, including social engineering — or phishing — penetrating weak security protocols and exploiting software vulnerabilities that can serve as an “open window” into an organization’s IT environment. Closing those windows requires effective and accessible tools to identify and root out software vulnerabilities. Supported by a $23.4 million grant from DHS’s Science and Technology Directorate (S&T), the Software Assurance Marketplace, or SWAMP, provides a state-of-the-art facility that serves as an open resource for software developers, software assurance tool developers, and software researchers who wish to collaborate and improve software assurance activities in a safe, secure environment.

  • Pace of acquisitions of cybersecurity startups quickens

    With the number and scope of cybersecurity breaches on the rise, cybersecurity startups offering innovative security solutions have become a sought-after target in the merger and acquisition market. These innovative companies are eagerly sought not only for their technologies, but also as an investment vehicle, with the average valuation acquiring companies willing to pay approaching ten times revenue. “To pay ten times on services in the normal world is crazy, in the security world it’s normal,” says an industry insider.

  • Chemical, defense companies subject to Chinese Nitro attacks

    More and more chemical and defense companies around the world are victims of Nitro attacks. These attacks, launched by government-backed Chinese hackers, install PoisonIvy, a Remote Access Tool (RAT) stealthily placed on computer systems to steal information. The majority of the computers infected belong to firms in the United States, Bangladesh, and the United Kingdom.