• Improve cybersecurity in energy delivery

    Cyber networks support many important functions within energy delivery systems, from sending data between a smart meter and utility to controlling oil or gas flow in a pipeline. However, they are vulnerable to disturbances. According to the ICS-CERT Monitor, a publication of the U.S. Department of Homeland Security, a third of the 245 reported cyber incidents in industrial control systems that happened in 2014 occurred in the energy sector. The U.S. Department of Energy (DoE) initiative awards $28.1million to a consortium of eleven universities and research organizations, with the goal of improving computer/communication networks for energy delivery systems like power grids and pipelines.

  • Protecting the U.S. power grid from cyberattacks

    In the first half of Fiscal Year 2015, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), part of the Department of Homeland Security, responded to 108 cyber incidents impacting critical infrastructure in the United States. As in previous years, the energy sector led all others with the most reported incidents. Researchers from Florida International University’s (FIU) College of Engineering and Computing have teamed up with four other universities and a utility company to help safeguard the nation’s power utilities from cyberattacks.

  • U Warwick, U.K. National Grid expand £1.5 million partnership

    Last week the University of Warwick and the U.K. National Grid have signed a Memorandum of Understanding (MoU) to extend the strategic alliance they have operated for last two years. To date that alliance has engaged in over £1.5 million worth of research and student scholarships in areas such as electricity transmission asset management, gas transmission, micro-tunneling, and cyber security.

  • Listening in on hackers talking

    Online conversations help fill critical gap in cybersecurity knowledge about attackers’ motivations, possible targets. Researchers have generated findings that shed light on how hacker communities interact and share information — and even created actionable intelligence for criminal investigations by federal agencies.

  • White House will not seek law allowing law enforcement access to encrypted messages

    The Obama administration has decided not to seek legislation which would require tech companies to design their devices in a way which would give law enforcement agencies access to individuals’ encrypted messages, the White House said on Saturday. The tech industry, led by giants Apple, Google, Facebook, IBM, and Microsoft, has mounted a vigorous campaign opposing any administration moves to weaken ever-more-sophisticated encryption systems which are designed to protect consumers’ privacy.

  • NSF awards $74.5 million to 257 interdisciplinary cybersecurity research projects

    The NSF the other day announced the awarding $74.5 million in research grants through the NSF Secure and Trustworthy Cyberspace (SaTC) program. In total, the SaTC investments include a portfolio of 257 new projects to researchers in thirty-seven states. The largest, multi-institutional awards include research better to understand and offer reliability to new forms of digital currency known as cryptocurrencies, which use encryption for security; invent new technology to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the “science of censorship resistance” by developing accurate models of the capabilities of censors.

  • Two new projects tackle e-mail security

    In the early, halcyon days of the Internet, researchers were more interested in sharing information rather than securing it. Now, decades later, securing the world’s most widely used medium for business communication is a full-time job for researchers and IT specialists around the globe. The modern working world cannot exist without e-mail, but hackers exploit this vital service to steal money and valuable information. The National Institute of Standards and Technology (NIST) is tackling this threat with two new projects.

  • Cyber vulnerability of civil nuclear facilities underestimated

    The risk of a serious cyberattack on civil nuclear infrastructure is growing, as facilities become ever more reliant on digital systems and make increasing use of commercial off-the-shelf software, according to a new report. The report finds that the trend to digitization, when combined with a lack of executive-level awareness of the risks involved, means that nuclear plant personnel may not realize the full extent of their cyber vulnerability and are thus inadequately prepared to deal with potential attacks.

  • Strengthening U.S. cybersecurity capabilities by bolstering cyber defense, deterrence

    Top officials from the Defense Department and the intelligence community told a Senate panel that defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities. Director of National Intelligence James R. Clapper said that for the third year in a row, cyberthreats headed the list of threats reported in the annual National Intelligence Worldwide Threat Assessment. “Although we must be prepared for a large Armageddon-scale strike that would debilitate the entire U.S. infrastructure, that is not … the most likely scenario,” Clapper said. Rather, the primary concern is low- to moderate-level cyberattacks from a growing range of sources that will continue and probably expand, adding that in the future he expects to see more cyber operations that manipulate electronic information to compromise its integrity, as opposed to deleting or disrupting access to it.

  • Russia-based hackers tried to break into Hillary Clinton's private server

    Russian hackers, on five separate occasions, tried to break into Hillary Clinton’s server. The malicious e-mails, disguised as New York City parking tickets, were contained in the latest batch of records released by the State Department. There is no indication that these attempts were successful or that the suspicious zip files were opened by Clinton, but her personal e-mail address was a tightly-held secret and the hacking attempts raise the question of whether she was specifically targeted.

  • Cybersecurity company licenses ORNL’s Data Diode

    Data Diode, developed by ORNL’s researchers, uses a defense-in-depth computer network strategy to create an environment in which an organization’s approved users can work freely inside an enclave of protected data but restricts file transfers outside the network. Lock Data Solutions has licensed a technology from ORNL. The technology is designed to protect a company’s data from internal and external threats.

  • Supposedly encrypted national identifying numbers easily decrypted

    Studies raise questions about the use of national identifying numbers by showing that Resident Registration Numbers (RRN) used in South Korea can be decrypted to reveal a host of personal information. A team of researchers in two experiments was able to decrypt more than 23,000 RRNs using both computation and logical reasoning. The findings suggest that, while such identifiers are encrypted to protect privacy, they remain vulnerable to attack and must be designed to avoid such weaknesses.

  • DHS S&T awards $14 million for developing defenses against DDoS attacks

    Typical DDoS attacks are used to render key resources unavailable, such as disrupting an organization’s Web site and temporarily block a consumer’s ability to access the site. A more strategic attack may render a key resource inaccessible during a critical period. The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) the other day announced the award of eight contracts totaling $14 million for research on technologies to defend against DDoS attacks.

  • Automated voice imitation can defeat voice-recognition security

    Voice biometrics is based on the assumption that each person has a unique voice that depends not only on his or her physiological features of vocal cords but also on his or her entire body shape, and on the way sound is formed and articulated. Researchers have found that automated and human verification for voice-based user authentication systems are vulnerable to voice impersonation attacks. Using an off-the-shelf voice-morphing tool, the researchers developed a voice impersonation attack to attempt to penetrate automated and human verification systems.

  • Searching for malware hidden in shortened URLs on Twitter

    Cyber-criminals are taking advantage of real-world events with high volumes of traffic on Twitter in order to post links to websites which contain malware. To combat the threat, computer scientists have created an intelligent system to identify malicious links disguised in shortened URLs on Twitter. They will test the system in the European Football Championships next summer.