• DHS S&T awards $10.4 million in mobile security research contracts

    The mobile technology industry has continuously expanded with new devices and apps, allowing people to simplify how and where business is conducted. While increasing the use of mobile technology can enhance productivity, improved security is needed to ensure that sensitive information is not at risk to current and emerging cyber threats. DHS S&T the other day announced $10.4 million in cybersecurity Mobile Technology Security (MTS) research and development (R&D) awards to enhance the security of mobile devices for the federal government.

  • DHS S&T awards U Oregon a 1.38M contract for DDoS research

    DDoS attacks are used to render key resources unavailable. A typical DDoS attack might disrupt an organization’s Web site and temporarily block a consumer’s ability to access the site. A more strategic attack could make a key resource inaccessible during a critical period. DHS S&T awarded a $1.38 million contract to the University of Oregon to create technology to defend against large and sophisticated Distributed Denial of Service (DDoS) attacks. The University of Oregon’s DrawBridge project will become part of the DHS S&T Cyber Security Division’s larger DDoSD program.

  • Federally funded network anomaly-detection technology licensed to Ernst & Young

    The Transition to Practice (TTP) program, established in 2012 as part of S&T’s Cybersecurity Division, looks to transition federally funded cybersecurity technologies from the laboratory to enterprise consumers. S&T the other day announced that the PathScan technology, a network anomaly-detection tool developed by Los Alamos National Laboratory, has been licensed to Ernst & Young LLP (EY).

  • Draft guide to help energy companies reduce cyber risk

    DHS reported that 5 percent of the cybersecurity incidents its Industrial Control Systems Cyber Emergency Response Team responded to in fiscal year 2014 were tied to weak authentication. Four percent were tied to abuse of access authority. The National Cybersecurity Center of Excellence (NCCoE) is requesting comments on a draft guide to help energy companies better control who has access to their networked resources, including buildings, equipment, information technology, and industrial control systems.

  • Calif. state auditor: Many state entities vulnerable to cyberattack, disruption

    In the past few years, retailers, financial institutions, and government agencies have increasingly fallen victim to cyberattacks. California state auditor says that given the size of California’s economy and the value of its information, the state presents a prime target for similar information security breaches. Despite the need to safeguard the state’s information systems, the state auditor says that its review found that many state entities have weaknesses in their controls over information security. These weaknesses leave some of the state’s sensitive data vulnerable to unauthorized use, disclosure, or disruption.

  • DHS S&T awards Mobile Technology Security (MTS) research grants

    The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) on Monday announced a $759,727 cybersecurity Mobile Technology Security (MTS) research and development (R&D) award which will help secure mobile devices for the federal government. The goal of the next-generation mobile security management tools project is to look at innovative technology solutions which protect the operating layer of the mobile device, but also incorporate user identities and actions to protect against vulnerabilities.

  • Smartphone encryption will deter criminals more than it would impede the police

    In the debate over default encryption of smartphones, top law enforcement officials have been vocal in their opposition. Law enforcement and intelligence agencies argue that encryption obstructs investigations and hampers efforts to track criminals and solve crimes. Other argue that strong, default encryption could actually deter crimes, because protecting a smartphone with a password is just another obstruction to criminals, and default encryption would be a deterrent to crime in the industry by saving sensitive information even in the event of a theft.

  • U.S. should promote international cybersecurity standardization: Interagency report

    A new draft report by an interagency working group lays out objectives and recommendations for enhancing the U.S. government’s coordination and participation in the development and use of international standards for cybersecurity. The report recommends the government make greater effort to coordinate the participation of its employees in international cybersecurity standards development to promote the cybersecurity and resiliency of U.S. information and communications systems and supporting infrastructures. These efforts should include increased training, collaborating with private industry and working to minimize risks to privacy.

  • Hackers exploit flaws in mobile phones’ security

    Owners of smartphones have developed a sense of security, using them as if they were sitting in front of their computers at home. Once used for voice transmission only, mobile phones, or smartphones, have grown to become devices used for shopping, bill paying, bank transactions, and a host of other applications. Unfortunately, they are not nearly as secure as most users think they are. Hackers have found a number of flaws, and are capable of exploiting them.

  • Securing data from attacks by ever more powerful supercomputers

    For the powerful quantum computers that will be developed in the future, cracking online bank account details and credit cards number will be a cinch. But a team of cryptographers is already working at future-proofing the privacy of today’s Internet communications from tomorrow’s powerful computers. The researchers have developed upgrades to the Internet’s core encryption protocol that will prevent quantum computer users from intercepting Internet communications.

  • U.Va. upgrades IT systems after massive Chinese cyberattack

    The University of Virginia announced Sunday (16 August) that it has successfully completed a comprehensive system security upgrade in response to a cyberattack originating in China. The University said it had taken these actions further to enhance the security of data and information stored on university resources and to aid in prevention of future cyberattacks. The cyberattack on U.Va. is the second massive cyberattack by Chinese government hackers on an American institution of higher learning. Last fall, the Penn State College of Engineering was the target of two sophisticated cyberattacks by Chinese government hackers.

  • Researchers carefully protect dangerous pathogens – but how secure are all their data?

    Ebola, smallpox, anthrax and many others: the most dangerous microorganisms are strictly regulated in the United States. The federal government oversees use of sixty-five so-called select agents with “the potential to pose a severe threat to public, animal or plant health, or to animal or plant products.” There has never been as much research performed with these pathogens —to learn more, find cures, or create vaccines — as in the past decade. The sprawl of high containment laboratories has led to a parallel increase in individuals with access to these agents. As of January 2015, approximately 11,000 individuals were on the list. The deadly infectious agents must be kept safely under lock and key, where they can’t threaten the general population or fall into the wrong hands. But even the most physically secure research lab could be the site of a devastating data security breach. As they stand now, information security guidelines published by science regulators with regard to select agents lack the critical level of detail needed to protect data effectively.

  • Easy-to-get tools allow hackers to open garage doors, take over cars

    Pro hacker Samy Kamkar, speaking at the DEF CON event, described how last month he opened a garage door with an easy-to-get text messaging box, and then gained access to the car inside the garage by using General Motors’ RemoteLink app, and turned the engine on. The security of this system has since been beefed up, but this demonstration showed that the car manufacturers have a long way to go on securing their cars against crafty hackers.

  • New analysis method discovers eleven security flaws in popular Internet browsers

    Georgia Tech researchers developed a new cyber security analysis method which discovered eleven previously unknown Internet browser security flaws, and were honored with the Internet Defense Prize, an award offered by Facebook in partnership with USENIX, at the 24th USENIX Security Symposium. Their research explores vulnerabilities in C++ programs (such as Chrome and Firefox) which result from “bad casting” or “type confusion.” Bad casting enables an attacker to corrupt the memory in a browser so that it follows a malicious logic instead of proper instructions.

  • Einstein 3 Accelerated (E3A) deployment gets a push forward

    The two recent network breaches at the Office of Personnel Management (OPM), which allowed the pilfering of sensitive personal information of millions of federal employees, their families, clearance applicants, and contractors, has drawn attention to the Department of Homeland Security’s $3 billion network monitoring program called Einstein. The question now is whether that program is the capable of preventing another intrusion in the future.