• Platform for operating systems would outwit cyber criminals

    As smartphone use surges, consumers are just beginning to realize their devices are not quite as secure as they thought. A Swedish research team is working on a way to secure mobile operating systems so that consumers can be confident that their data is protected.

  • Collecting digital user data without compromising privacy

    The statistical evaluation of digital user data is of vital importance for analyzing trends. It can also undermine users’ privacy. Computer scientists have now developed a novel cryptographic method that makes it possible to collect data and protect the privacy of the user at the same time.

  • U.S. Army releases first field manual for war in the electromagnetic spectrum

    Sergei Gorshkov, former Admiral of the Fleet of the Soviet Union, once remarked that “the next war will be won by the side that best exploits the electromagnetic spectrum.” The U.S. Army agrees, releasing its first field manualfor Cyber Electromagnetic Activities (CEMA). The Pentagon defines cyber electromagnetic activities as activities leveraged to seize, retain, and exploit an advantage over adversaries and enemies in both cyberspace and the electromagnetic spectrum, while simultaneously denying and degrading adversary and enemy the use of such capabilities, and protecting the mission command system.

  • Pro-regime Syrian hackers threaten cyberattacks on CENTCOM

    Last Friday, the Syrian Electronic Army (SEA) threatened to launch a cyberattack on U.S. Central Command (CENTCOM) if the United States would conducts cyberwarfare operations against Syria.

    The SEA is a group of Syrian computer hackers who support Syrian President Bashar al-Assad. Cyber experts say the group’s threat should not be dismissed. “This is a very capable group that has done some very significant things against well-defended targets,” says Bob Gourley, a former Chief Technology Officer for the Defense Intelligence Agency (DIA).

  • Securing Industry 4.0

    An increasing number of unsecured, computer-guided production machinery and networks in production facilities are gradually evolving into gateways for data theft. New security technologies may directly shield the sensitive data that is kept there.

  • Safeguarding networks when disasters strike

    Disasters both natural and human-caused can damage or destroy data and communications networks. Several presentations at the 2014 OFC Conference and Exposition, being held 9-13 March in San Francisco, will present new information on strategies that can mitigate the impacts of these disasters. Researchers created an algorithm that keeps data safe by moving or copying the data from data centers in peril to more secure locations away from the disaster. The algorithm assesses the risks for damage and users’ demands on the network to determine, in real-time, which locations would provide the safest refuge from a disaster. Other researchers suggest that if fiber-optic cables are down, wireless communication can fill the void and be part of a temporary, emergency network. For such a system to work, however, wireless technology would have to be integrated with the fiber-optic network that transports data around the world.

  • BGU startup Titanium Core wins Cybertition cyber security competition

    Ben-Gurion University of the Negev startup Titanium Core won the first Jerusalem Venture Partners (JVP)-sponsored Cybertition cyber security competition. Titanium Core uses a multilayered security approach to repel attacks on mission-critical systems, provide real-time attack information, and prevent threats from moving onto other computer systems. The company will receive $1 Million investment from JVP and space in the JVP Cyber Labs incubator, located in the cyber center in Beer-Sheva, adjacent to Ben-Gurion University.

  • Experts call for a new organization to oversee grid’s cybersecurity

    In 2013, U.S. critical infrastructure companies reported about 260 cyberattacks on their facilities to the federal government. Of these attacks, 59 percent occurred in the energy sector. A new report proposes that energy companies should create an industry-led organization to deflect cyber threats to the electric grid. Modeled after the nuclear industry’s Institute of Nuclear Power Operations, the proposed organization, to be called the Institute for Electric Grid Cybersecurity, would oversee all the energy industry players that could compromise the electric grid if they came under a cyberattack.

  • NIST’s voluntary cybersecurity framework may be regarded as de facto mandatory

    The National Institute of Standards and Technology’s (NIST) voluntary cybersecurity frameworkissued in February establishes best practices for companies that support critical infrastructure such as banking and energy. Experts now warn that recommendations included in the framework may be used by courts, regulators, and even consumers to hold institutions accountable for failures that could have been prevented if the cybersecurity framework had been fully implemented by the respective institution.

  • University of Texas at San Antonio ranked top U.S. cybersecurity school

    The University of Texas at San Antonio (UTSA) ranks as the top school for cybersecurity courses and degree programs according to a Hewlett-Packard (HP)-sponsored surveyof 1,958 certified IT security professionals. The schools undergraduate and graduate programs received top marks for academic excellence and practical relevance.

  • CounterTack, developer of an end-point threat detection solution, closes out Series B funding at $15 million

    CounterTack, a developer of real-time endpoint threat detection solutions, has closed out its Series B financing round with an additional $3 million to complete a $15 million raised. With this extension, the Venture Capital unit of Siemens (SFS VC) joins CounterTack investors including Goldman Sachs, Fairhaven Capital, and a group of private financiers to fund an accelerated technology expansion and market delivery of CounterTack’s Sentinel platform.

  • CloudLock, a cloud security specialist, raises $16.5 million Series C round

    CloudLock, a cloud security specialist, has raised $16.5 million in a Series C funding round from new investor Bessemer Venture Partners, and participation of existing investors Cedar Fund and Ascent Venture Partners. The company says that 2013 saw continuing growth in adoption by cloud-bound organizations of the company’s people-centric security automation approach, with a pure SaaS content-aware and policy-based solution, by companies in different verticals, across multiple cloud platforms like Google Apps and Salesforce.

  • Collegiate cyber defense competition advances to regional finals

    Seven members of the University of Maine Cyber Defense Team will compete at the annual Northeast Collegiate Cyber Defense Competition at the University of New Hampshire in March. The team was one of nine out of a pool of fourteen schools that qualified for the regional competition. The competition simulates security operations for a small company. Teams must quickly familiarize themselves with network systems and software before beginning to defend against attacks while also providing customer service to users.

  • Latest cybersecurity threat: WiFi virus

    Researchers have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans. The team designed and simulated an attack by a virus and found that not only could it spread quickly between homes and businesses, but it was able to avoid detection and identify the points at which WiFi access is least protected by encryption and passwords.

  • NIST seeking comments on its cryptographic standards process

    As part of a review of its cryptographic standards development process, NIST said it was seeking public comment on a new draft document that describes how the agency develops those standards. In November 2013, NIST announced it would review its cryptographic standards development process after concerns were raised about the security of a cryptographic algorithm in NIST Special Publication 800-90 (2006) an its updated version, 800-90A (2007).