• Educating, strengthening the cybersecurity workforce

    As Americans become more dependent on modern technology, the demand to protect the nation’s digital infrastructure will continue to grow. CSU, designated as Centers of Academic Excellence in Information Assurance by the NSA and DHS, says that in an effort to produce career-ready cybersecurity professionals and to combat cybercrime nationwide, the California State University is creating educational opportunities for students and faculty members.

  • U.K. hospitals, clinics hit by large-scale ransomware cyberattack

    The NHS has confirmed that hospitals across England have been hit by a large-scale cyberattack. The attack has locked staff out of their computers and forced emergency patients to be diverted to hospitals not hit by the attack. The IT systems of NHS facilities across England have been hit simultaneously – and the screens of computers connected to the networks under attack showed a pop-up message demanding a ransom in exchange for allowing staff access to the PCs.

  • DHS S&T’s Transition to Practice program unveils 2017 cohort

    Eight new cybersecurity technologies developed by researchers at federally funded laboratories and academic research centers are ready for the commercial market. DHS S&T’s Transition to Practice (TTP) program will showcase its 2017 cohort 16 May in Washington. D.C.

  • New executive order on cybersecurity highlights need for deterrence, protection of key industries

    President Trump’s new executive order on cybersecurity for federal computer networks and key elements of the country’s infrastructure – such as the electricity grid and core communications networks – builds meaningfully on the work of the Obama administration. Cybersecurity is ultimately an exercise in risk management. Given the range of possible threats and the pace at which they may appear, it is impossible to protect everything, everywhere, all the time. But it is possible to make sure that the most valuable resources (such as particular networks and systems, or specific data) are properly protected by, at minimum, good cyber-hygiene – and ideally, more. Overall, the order is a solid document, with guidance that is both measured and clear. Key to its success – and ultimately to the country’s security in cyberspace – will be the relationship the government builds with private industry. Protecting the country won’t be possible without both groups working in tandem.

  • Bypassing encryption: “Lawful hacking” is the next frontier of law enforcement technology

    The discussion about how law enforcement or government intelligence agencies might rapidly decode information someone else wants to keep secret is – or should be – shifting. One commonly proposed approach, introducing what is called a “backdoor” to the encryption algorithm itself, is now widely recognized as too risky to be worth pursuing any further. The scholarly and research community, the technology industry and Congress appear to be in agreement that weakening the encryption that in part enables information security – even if done in the name of public safety or national security – is a bad idea. Backdoors could be catastrophic, jeopardizing the security of billions of devices and critical communications. A lawful hacking approach offers a solution that appears to gain greater favor with experts than encryption backdoors. A group of scholars proposed some ways we should begin thinking about how law enforcement could hack. Agencies are already doing it, so it’s time to turn from the now-ended debate about encryption backdoors and engage in this new discussion instead.

  • Cyber Security R&D Showcase coming in July

    The 2017 Cyber Security R&D Showcase and Technical Workshop is scheduled for 11-13 July at Washington, D.C.’s Mayflower Hotel. In all, fifteen research areas will be featured: mobile security, cyber-physical system security, software assurance, data privacy, identity management, distributed denial of service defense, next generation cyber infrastructure, technology transition, cyber risk economics, cybersecurity research infrastructure, modeling of internet attacks, support for law enforcement, moving-target defense, cloud security and insider threats. During the conference, attendees can choose from more than 115 technical presentations representing a combined $250 million of federally funded R&D.

  • New meter to change how users create passwords

    One of the most popular passwords in 2016 was “qwertyuiop,” even though most password meters will tell say it is a weak choice. The problem is that no existing meters offer any good advice to make it better — until now. Researchers have unveiled a new, state-of-the-art password meter that offers real-time feedback and advice to help people create better passwords. To evaluate its performance, the team conducted an online study in which they asked 4,509 people to use the meter to create a password.

  • Why we choose terrible passwords, and how to fix them

    The first Thursday in May is World Password Day, but don’t buy a cake or send cards. Computer chip maker Intel created the event as an annual reminder that, for most of us, our password habits are nothing to celebrate. Instead, they – and computer professionals like me – hope we will use this day to say our final goodbyes to “qwerty” and “123456,” which are still the most popular passwords. So no more excuses. Let’s put on our party hats and start changing those passwords. World Password Day would be a great time to ditch “qwerty” for good, try out a password manager and turn on multi-factor authentication. Once you’re done, go ahead and have that cake, because you’ll deserve it.

  • Dissect Cyber notifies small businesses targeted by cybercriminals

    Cybercriminals are an insidious lot, constantly launching new schemes to steal money from individuals and companies. In the United States, millions of people and small businesses fall victim to internet crimes each year. Most small businesses do not have ready access to timely cybersecurity notifications of possible threats.

  • Russia’s hacking, disinformation efforts aim to influence German, French elections

    Russian government hackers and disinformation specialists were successful in their hacking and disinformation campaign in the run-up to the November 2016 election in the United States. “I think one of the lessons that the Russians may have drawn from this is that this works,” FBI director James Comey told lawmakers on Tuesday. German and French intelligence services agree with Comey. They say they have detected an intensification of Russian hacking and disinformation efforts in the run-up of the second round of France’s presidential election – to be held this coming Sunday – and Germany’s federal election, to be held in September. In both Francde and Germany, Russia’s campaign aims to strengthen populist, far-right, ultra-nationalist, and anti-American politicians and parties.

  • The lessons on Russian intelligence

    Despite President Trump’s saying that it’s all just “fake news,” James R. Clapper, who was U.S. director of national intelligence from 2010 until January, said he has no doubt that Russia successfully interfered in the 2016 election and “clearly favored” Trump over Hillary Clinton. “Clearly, the Russians — and the shots were called at the highest level — were interested first in sowing dissension and doubt and discord in this country,” Clapper said. As the campaign went on, however, he said their aims switched to helping Trump. “They, too, didn’t initially take Mr. Trump seriously, but later on they did,” Clapper said at a Harvard Kennedy School talk. Clapper said we should expect more Russian meddling in U.S. elections.

  • The Darknet offers more robust protection against attacks

    Researchers have discovered why cyberattacks usually fail against the Darknet, a part of the internet that guarantees users’ privacy and anonymity. This hidden network is used for sensitive and often illegal purposes such as drug trafficking or exchanging child pornography and can counter large attacks on its own by spontaneously adding more network capacity.

  • Online security won’t improve until companies stop passing the buck to the customer

    It’s normally in the final seconds of a TV or radio interview that security experts get asked for advice for the general public – something simple, unambiguous, and universally applicable. It’s a fair question, and what the public want. But simple answers are usually wrong, and can do more harm than good. Customers do want to protect themselves, and there is a clear demand for good security advice. But this advice needs to be realistic, needs to consider that different individuals have different circumstances that require different approaches, and put the interests of the customer first. Companies that develop security systems are in the best position to improve security, and they must take responsibility for doing so by learning from the research that reveals how individuals really use, understand, and misunderstand security technology.

  • Machine-learning-based solution to help combat phishing

    When it comes to hacking, phishing is one of the oldest tricks in the book. According to IBM security research, some 30 percent of phishing e-mails are opened by targeted recipients. Additionally, the attacks are becoming more advanced and harder to detect at first glance. A new machine-learning-based security solution could help businesses detect phishing sites up to 250 percent faster than other methods.

  • Cyber attacks ten years on: from disruption to disinformation

    Today – 27 April — marks the tenth anniversary of the world’s first major coordinated “cyberattack” on a nation’s internet infrastructure: Russian government hackers attacked the computer systems of the government of Estonia in retaliation for what Russia considered to be an insult to the sacrifices of the Red Army during the Second World War. This little-known event set the scene for the onrush of cyber espionage, fake news, and information wars we know today. A cybersecurity expert recently told the Senate Select Committee on Intelligence that to understand current Russian active measures and influence campaigns — that is, to understand cyber operations in the twenty-first century – we must first understand intelligence operations in the twentieth century. Understanding the history of cyber operations will be critical for developing strategies to combat them. Narrowly applying models from military history and tactics will offer only specific gains in an emerging ecosystem of “information age strategies.” If nations wish to defend themselves, they will need to understand culture as much as coding.