• Mathematician explains how to defend against quantum computing attacks

    The encryption codes that safeguard internet data today won’t be secure forever. Future quantum computers may have the processing power and algorithms to crack them. A new paper clarifies misunderstandings about the complex field of public key cryptography and provides a common basis of understanding for the technical experts who will eventually be tasked with designing new internet security systems for the quantum computing age.

  • Serious security vulnerabilities found in home, business, industrial robots

    Researchers have identified numerous vulnerabilities in multiple home, business, and industrial robots available on the market today. The vulnerabilities identified included many graded as high or critical risk, leaving the robots susceptible to cyberattack. Once a vulnerability has been exploited, a hacker could potentially gain control of the robot for cyber espionage, turn a robot into an insider threat, use a robot to expose private information, or cause a robot to perform unwanted actions when interacting with people, business operations, or other robots. In the most extreme cases, robots could be used to cause serious physical damage and harm to people and property.

  • Russia's interference in U.S., European elections could be “act of war”: NATO commander

    General Sir Adrian Bradshaw, the Deputy Supreme Allied Commander Europe, has said that Russian cyberattacks on NATO member states could be deemed an act of war and trigger the principle of the military alliance’s collective defense. Bradshaw said reports of Russian interference in American and European elections and Russian international disinformation campaign could lead alliance leaders to broaden the definition of an “attack.” European intelligence agencies have said that Russia’s successful interference in the U.S. 2016 presidential election has emboldened Moscow to replicated in Europe the methods it used in the U.S. There is already evidence that Russia has launched a hacking and disinformation campaign aiming to help far-right, ethno-nationalist, and populist politicians win the coming elections in France, the Netherlands, and Germany.

  • Game theory insights could improve cyberwarfare strategy

    Whether a nation should retaliate against a cyberattack is a complicated decision, and a new framework guided by game theory could help policymakers determine the best strategy. A new study examines when a victim should tolerate a cyberattack, when a victim should respond — and how. The researchers use historical examples to illustrate how the Blame Game applies to cases of cyber or traditional conflict involving the United States, Russia, China, Japan, North Korea, Estonia, Israel, Iran, and Syria.

  • Building privacy right into software code

    It is the programmer’s job to enforce these privacy restrictions. Because privacy-related code is scattered throughout all the programs Facebook uses to run its systems, the programmer must be vigilant everywhere. To make sure nobody finds out where I am unless I want them to, the programmer must tell the system to check my privacy settings everywhere it uses my location value, directly or indirectly. The best way to avoid these problems is to take the task of privacy protection away from humans and entrust it to the computers themselves. We can – and should – develop programming models that allow us to more easily incorporate security and privacy into software. Prior research in what is called “language-based information flow” looks at how to automatically check programs to ensure that sloppy programming is not inadvertently violating privacy or other data-protection rules.

  • Simulated ransomware attack highlights vulnerability of industrial controls

    Ransomware generated an estimated $200 million for attackers during the first quarter of 2016, and the researchers believe it’s only a matter of time before critical industrial systems are compromised and held for ransom. Cybersecurity have developed a new form of ransomware that was able to take over control of a simulated water treatment plant. After gaining access, the researchers were able to command programmable logic controllers (PLCs) to shut valves, increase the amount of chlorine added to water, and display false readings. The simulated attack was designed to highlight vulnerabilities in the control systems used to operate industrial facilities such as manufacturing plants, water and wastewater treatment facilities, and more.

  • Tech coalition fights DHS proposal to collect social media passwords

    Earlier this week, the Center for Democracy & Technology announced the creation of a coalition of tech companies, NGOs, and privacy advocates to oppose efforts by DHS to collect social media passwords from individuals entering the United States. The coalition focuses on visa applicants who might be compelled to share their passwords under new DHS policies.

  • Cybersecurity of the power grid: A growing challenge

    Called the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this country. Today, it is made up of more than 7,000 power plants, 55,000 substations, 160,000 miles of high-voltage transmission lines, and millions of miles of low-voltage distribution lines. This web of generators, substations, and power lines is organized into three major interconnections, operated by 66 balancing authorities and 3,000 different utilities. That’s a lot of power, and many possible vulnerabilities. The grid has been vulnerable physically for decades. Today, we are just beginning to understand the seriousness of an emerging threat to the grid’s cybersecurity.

  • A computer’s blinking light could transmit data

    A desktop computer’s tiny blinking LED light would hardly arouse the suspicions of anyone working in an office after hours. However, that LED could be silently winking out an optical stream of the computer’s secrets to a data-stealing drone.

  • Cybersecurity degree approved for Kennesaw State

    The cybersecurity field in the U.S. will need an additional 1.5 million workers by the year 2020. The Board of Regents of the University System of Georgia on Tuesday approved an online Bachelor of Science in Cybersecurity at Kennesaw State University. The cybersecurity major includes elements of information technology, information security and assurance, and criminal justice, giving students a combination of technical knowledge and information security management skills.

  • Russia, Trump and the 2016 election: What’s the best way for Congress to investigate?

    Exactly how will the U.S. conduct a fair and accurate investigation into Russian meddling in the 2016 election and links with President Donald Trump’s campaign? U.S. congressional leaders are discussing options. At a time when Congress is sharply polarized along partisan lines, congressional investigations tend to become microcosms of that polarization. This is all the more true when an investigation involves an issue about which the president is vulnerable to political embarrassment or attack. If the intelligence committee proves unable to conduct a thorough and bipartisan investigation of Russian meddling and Trump’s campaign, pressure will build on America’s leaders to establish a more independent probe. Hanging in the balance could be whether the United States can forge consensus about what happened and how to prevent it from happening again.

  • How science should respond to fake news

    The rise of fake news has dominated the world of politics since the last U.S. election cycle. But fake news is not at all new in the world of science. “Fake news about science has always existed,” says one expert. “What has changed now is social media and the potential to disseminate this kind of news much faster among social networks.”

  • How Florida is helping train the next generation of cybersecurity professionals

    Our increasingly connected and digital world is vulnerable to attack and needs more skilled professionals who know how to defend it. As connected devices proliferate, particularly smart devices creating what has been called the “Internet of Things,” the problem is getting worse. While we don’t know where and when the next cyber threats will arise, we can be sure that our society’s use of and demand for digital connections will only grow. As a result, we’ll also see the demand for cybersecurity professionals rise – and the opportunities for new ways of thinking, learning and collaborating.

  • Protecting bulk power Systems from hackers

    Most of us take turning the lights on for granted. In reality, the energy we draw from the electrical grid to brighten homes, freeze food and watch TV is part of a complicated and widespread system. Understanding that system’s vulnerabilities and reliability is a crucial step towards improving its security. Reliability measures of electrical grid has risen to a new norm as it involves physical security and cybersecurity. Threats to either can trigger instability, leading to blackouts and economic losses.

     

  • Center for Long-Term Cybersecurity unveils 2017 research grantees

    The Center for Long-Term Cybersecurity (CLTC) has announce the recipients of its 2017 research grants. In total, twenty-seven different groups of researchers will share a total of nearly $1 million in funding. CLTC says that the projects span a wide range of topics related to cybersecurity, including new methods for making crypto-currencies more secure; protecting health information stored on mobile devices; teaching high-school computer science students how to “program for privacy”; and exploring potential limits on the use of digital controls in nuclear reactors.