• France asks social media companies to help in fighting radicalization, terrorism

    The French government has asked leading social media and tech firms, Google, Facebook, and Twitter to work directly with French law enforcement during investigations and to immediately remove terrorist propaganda when authorities alert them to it.The Islamic State (ISIS), along with other Islamist militant groups, are using social media to disseminate their violent messages, recruit new followers and fighters, and share videos of executed hostages. Roughly 20,000 foreign fighters, including 3,400 from Western nations, have joined ISIS and other extremist groups in Syria and Iraq.

  • Obama’s cybersecurity initiative: a start but businesses – and individuals – need to do more

    The linchpin of President Obama’s recently launched cybersecurity initiative is to encourage the private sector to share information to better defend against cyberattacks. Yet U.S. companies have historically been wary of openly talking about their cybersecurity efforts with competitors and with government — for good reason. Many businesses fear that sharing threat-related information could expose them to liability and litigation, undermine shareholder or consumer confidence, or introduce the potential for leaks of proprietary information. For some companies, Edward Snowden’s revelations of sweeping government surveillance programs have reinforced the impulse to hold corporate cards close to the vest. Yet on the heels of a deluge of high-profile cyberattacks and breaches against numerous U.S. companies, we may finally have reached a tipping point, where potential harm to reputation and revenue now outweighs the downside of disclosure from a corporate perspective. Obama’s executive order is thus a spur to get the ball rolling but, frankly, there is a limit to what government alone can (and should) do in this area. Changes in attitudes and behaviors are needed across the board, right down to families and individuals.

  • New document details U.S.-Iran cyber tit-for-tat

    Just as U.S. Secretary of State John Kerry and his Iranian counterpart discuss plans to ensure Iran does not weaponized its nuclear program, a newly disclosed National Security Agency (NSA) document details the intensifications of cyber skirmishes between the two countries. While the document does not describe the specific targets in Iran, it acknowledges, for the first time, that the NSA’s attacks on Iran’s nuclear program, a George W. Bush administration project, initiated the cycle of retaliation and escalation of the U.S.-Iran cyber conflict.

  • DHS S&T announces licensing of cyber security technology

    The other day, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced that technology from its Cyber Security Division Transition to Practice (TTP) program has been licensed for market commercialization. This is S&T’s second technology that has successfully gone through the program to the commercial market. The technology, Hyperion, developed by Oak Ridge National Laboratory, is a malware forensics detection and software assurance technology which has been licensed to R&K Cyber Solutions LLC, a Manassas, Virginia-based application development and cyber solution company.

  • Data breaches notwithstanding, many companies still blasé about cybersecurity

    Cybersecurity industry analysts predicted that the 2014 data breaches which plagued Target, Home Depot, and JPMorgan – to name but a few — would elevate information security to “top priority concern” among corporate executives. This has not been the case, as recent surveys of chief information security officers (CISOs) and technology executives at the world’s largest companies show mixed attitudes at best.

  • U.S. contemplates responses to a cyber-Pearl Harbor attack on critical infrastructure

    Cybersecurity experts often contemplate how U.S. security agencies would react to a cyber-9/11 or a digital Pearl Harbor, in which a computer attack would unplug the power grid, disable communications lines, empty bank accounts, and result in loss of life. “Ultimately, it absolutely could happen,” says one expert. “Yeah, that thought keeps me up at night, in terms of what portion of our critical infrastructure could be really brought to its knees.”

  • U.S. farming sector increasingly vulnerable to cyberattacks

    America’s farms and agricultural giants are not exempt from cyberattacks, according to officials who spoke at Thursday’s farm-outlook forum hosted by the U.S. Department of Agriculture (USDA). The farming sector is increasingly vulnerable to cyberattacks as farmers and agribusinesses rely more on data, with satellite-guided tractors and algorithm-driven planting services expanding across the U.S. Farm Belt. For industrial farmers, data breaches and manipulation are especially worrisome, considering that many rely on new farm-management services that collect information on soil content and past crop yields to generate planting recommendations.

  • First known Arabic cyber-espionage group attacking thousands globally: Kaspersky Lab

    The Kaspersky Lab Global Research and Analysis Team the other day announced the discovery of Desert Falcons, a cyber-espionage group targeting multiple high profile organizations and individuals from Middle Eastern countries. Kaspersky Lab said its experts consider this actor to be the first known Arabic group of cyber mercenaries to develop and run full-scale cyber-espionage operations. In total Kaspersky Lab experts were able to find signs of more than 3,000 victims in 50+ countries, with more than one million files stolen.

  • Poor decision-making may lead to cybersecurity breaches

    Recent high-profile security breaches, such as those at Target, Anthem Inc., and Sony Pictures, have attracted scrutiny to how the seemingly minor decisions of individuals can have major cybersecurity consequences. One expert says that social interactions affect the processes behind personal cybersecurity decision-making. “We all have small supercomputers in our pockets now,” he notes. “Regular people like you and me make a lot of important security decisions on a daily basis.”

  • Obama signs cybersecurity executive order, promotes information-sharing hubs

    President Barack Obama, at last week’s White House Summit on Cybersecurity and Consumer Protection, reiterated the need for more companies to collaborate with each other as well as with the federal government to develop cybersecurity solutions that protect consumer privacy while keeping hackers out of network systems.One strategy Obama encouraged in his speech was the creation of information-sharing groups, called hubs, built around vertical industry sectors.

  • Grants competition to improve security, privacy of online identity verification systems

    The National Institute of Standards and Technology (NIST) is launching a competition for a fourth round of grants to pilot online identity verification systems that help improve the privacy, security, and convenience of online transactions. The pilot grants support the National Strategy for Trusted Identities in Cyberspace (NSTIC), a White House initiative launched in 2011. NSTIC’s goal is to improve trust online through the creation of a vibrant “Identity Ecosystem,” in which individuals and organizations are able to better trust one another because they follow agreed-upon standards and processes for secure, privacy-enhancing and interoperable identity solutions online.

  • Improving security monitoring of energy industry networked control systems

    There are a number of useful products on the market for monitoring enterprise networks for possible security events, but they tend to be imperfect fits for the unusual requirements of control system networks. A network monitoring solution that is tailored to the needs of control systems would reduce security blind spots. The National Cybersecurity Center of Excellence (NCCoE) is seeking collaborators on an effort to help energy companies improve the security of the networked technologies they rely upon to control the generation, transmission and distribution of power.

  • DHS to rely on big data to protect critical infrastructure, networks

    DHS officials responsible for protecting federal civilian networks and critical industries from cyberattacks are going to rely more on big data analytics to predict, detect, and respond to future hacks, according to a White House progress reportreleased on 5 February. The report details how cybersecurity officials are “working across government and the private sector to identify and leverage the opportunities big data analytics presents to strengthen cybersecurity.”

  • CEO responsibilities for data breach

    The job of a chief executive officer (CEO) is becoming more difficult every year. Today, in addition to being strategic visionaries and leaders, most CEOs must deal with complex legal issues surrounding their organizations. More often they are being held personally responsible for mistakes made by their organizations. Security breaches are one of the fastest growing legal issues facing many C-level executives. All C-level executives need to be prepared to handle a potential security crisis with the help of IT, legal, and PR (public relation) teams.Taking rapid countermeasures and openly communicating about breaches are key factors in effectively managing expectations of a company’s shareholders and customers.

  • Spotting, neutralizing hackers when they are already inside your systems

    Since the Internet gained popularity in the 1990s, the traditional model of cybersecurity has been to build systems and software which could keep hackers out of computers. As hackers continue to tap into complex security systems, however, some cybersecurity experts are advising companies to focus on tricking or neutralizing hackers once they have infiltrated networks, rather than spending money only on trying to keep them out.