• Georgia Tech releases 2015 Emerging Cyber Threats Report

    In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspace in nation-state conflicts.

  • Surge in cyberattacks drives growth in cybersecurity insurance

    More than 3,000 American businesses were hacked in 2013, many of them small and mid-size firms without cybersecurity insurance. That surge in cyberattacks has led to a growing cybersecurity industry, with firms offering products and solutions to secure network systems. Insurance companies are also claiming their stake in the booming industry. Today, roughly fifty U.S. companies offer cybersecurity insurance. American businesses will spend up to $2 billion on cyber-insurance premiums this year, a 67 percent increase from the $1.2 billion spent in 2013.

  • New cyber initiative to put Israel’s Beer-Sheva region on the world’s cyber map

    Ben-Gurion University of the Negev is a central component of the new CyberSpark initiative, an ecosystem with all the components which will allow it to attain a position of global leadership in the cyber field. The CyberSpark initiative is the only complex of its type in the world – a government-academic-industry partnership which includes Fortune 500 companies and cyber-incubators, academic researchers and educational facilities, as well as national government and security agencies. The CyberSpark Industry Initiative will serve as a coordinating body for joint cyber industry activities with government agencies, the Israel Defense Force (IDF), and academia.

  • New approach to computer security: Wrist-bracelet

    In a big step for securing critical information systems, such as medical records in clinical settings, researchers have created a new approach to computer security that authenticates users continuously while they are using a terminal and automatically logs them out when they leave or when someone else steps in to use their terminal. The approach, called Zero-Effort Bilateral Recurring Authentication, or ZEBRA, requires the user to wear a bracelet with a built-in accelerometer, gyroscope, and radio on his or her dominant wrist; such bracelets are commonly sold as fitness devices. When the user interacts with a computer terminal, the bracelet records the wrist movement, processes it, and sends it to the terminal.

  • A tool helps malware identification in smartphones

    With the massive sales of smartphones in recent years (more than personal computers in all of their history), malware developers have focused their interest on these platforms. The amount of malware is constantly increasing and it is becoming more intelligent. Researchers have developed a tool to help security analysts protect markets and users from malware. This system allows a large number of apps to be analyzed in order to determine the malware’s origins and family.

  • Energy companies slow to buy cyberdamage insurance

    The U.S. oil industry will spend $1.87 billion on cybersecurity defense systems by 2018, but less than 20 percent of U.S. companies overall are covered for cyberdamages. “Imagine what could happen if a large refinery or petrochemical facility’s safety monitoring systems were hijacked near an urban area, or a subsea control module was no longer able to be controlled by the people who should be controlling it,” says one expert. “As we’ve all seen from Deepwater Horizon [the 2010 BP Gulf oil spill] those risks and damages can be astronomical. It requires an immediate response.”

  • Financial firms go beyond NIST's cybersecurity framework

    The National Institute of Standards and Technology(NIST) released its Framework for Improving Critical Infrastructure Cybersecurityin February 2014. Utilities, banks, and other critical industries welcomed the guidelines, but many considered the framework to be a baseline for what was needed to continuously protect their networks from cyberattacks. Some financial firms have developed industry-based cyber policies through association such as the Financial Services Information Sharing and Analysis Center’s (FS-ISAC) Third Party Software Security Working Group. The group has been reviewing cyber policies since 2012, before the NIST guidelines were finalized.

  • All-industry cybersecurity association needed: Experts

    A new report is calling for a professional association committed to serving the cybersecurity industry. Theacknowledged the shortage of qualified cybersecurity professionals, as well as the difficulty of recruiting, training, and hiring potential candidates.Experts say that a cybersecurity association could help assess the needs of employers seeking cybersecurity professionals, establish ongoing training and development programs, and also help develop cybersecurity standards across all industries.

  • Program aiming to facilitate cyberthreat information sharing is slow to take off

    President Barack Obama’s 2013 executive orderto improve critical infrastructure cybersecurity allows DHS to expand an information-sharing program, once restricted to Pentagoncontractors, to sixteencritical infrastructure industries. The Enhanced Cybersecurity Servicesprogram transmits cyber threat indicators to selected companies so they may prepare their network protection systems to scan for those indicators. A DHS inspector general (IG) reportreleased on Monday has found that just about forty companies from three of the sixteen industries — energy, communications services, and defense — are part of the program. Moreover, only two ISPs are authorized to receive the indicators.

  • Keith Alexander turns government experience into lucrative private sector career

    Cybersecurity industry insiders are questioning the ethics behind recently retired NSA chief Keith Alexander’s decision to launch IronNet Cybersecurity, a private consultancy, equipped with patents for what he refers to as a game-changing cybersecurity model. Alexander says there is nothing out of the ordinary here. “If I retired from the Army as a brain surgeon, wouldn’t it be OK for me to go into private practice and make money doing brain surgery? I’m a cyber guy. Can’t I go to work and do cyber stuff?”

  • Utilities increasingly aware of grid vulnerability

    An analysis by the federal government shows that if only nine of the country’s 55,000 electrical substations were shut down due to mechanical failure or malicious attack, the nation would experience coast-to-coast blackout. Another report finds cybersecurity as one of the top five concerns for U.S. electric utilities in 2014. The report also found that 32 percent of the surveyed electric utilities had deployed security systems with the “proper segmentation, monitoring and redundancies” needed for adequate cyber protection.

  • Demand for cyberattack insurance grows, but challenges remain

    The surge in cyberattacks against the private sector and critical infrastructure has led to a growth in demand for cyber insurance; yet most insurers are unable properly to assess their clients’ cyber risk, let alone issue the appropriate pricing for their cyber coverage.Insurers which traditionally handle risks like weather disasters and fires, are now rushing to gain expertise in cyber technology.On average, a $1 million cyber coverage could cost $20,000 to $25,000.

  • Pennsylvania cybersecurity group takes down international criminal network

    Over the past month, a coalition of cybersecurity forces in Pittsburgh, Pennsylvania made of regional FBI officers and members of Carnegie Mellon University’s CERT cyberteam, took down the Gameover Zeus cyber theft network, which had employed data ransom and theft schemes. The criminal group was able to snatch funds up to seven figures from owners’ bank accounts.

  • Six more bugs found in popular OpenSSL security tool

    OpenSSL is a security tool that provides facilities to other computer programs to communicate securely over the public Internet. OpenSSL is also used in some common consumer applications, such as software in Google’s Android smartphones. So when the Heartbleed vulnerability in OpenSSL was discovered and widely publicized in April this year, system administrators had to rush to update their systems to protect against it. Computer system administrators around the world are groaning again as six new security problems have been found in the OpenSSL security library.

  • Squiggly lines may be the future of password security

    As more people use smart phones or tablets to pay bills, make purchases, store personal information, and even control access to their houses, the need for robust password security has become more critical than ever. A new study shows that free-form gestures — sweeping fingers in shapes across the screen of a smart phone or tablet — can be used to unlock phones and grant access to apps. These gestures are less likely than traditional typed passwords or newer “connect-the-dots” grid exercises to be observed and reproduced by “shoulder surfers” who spy on users to gain unauthorized access.