• Developing cyber resilience to meet increasing cyberthreats

    Managing resilience for cyber systems requires metrics that reflect the relationships among system components in physical, information, cognitive, and social domains. In a paper, researchers describe a framework for understanding the concept of cyber resilience, and lay out a systematic method by which to generate resilience metrics for cyber systems.

  • Cybersecurity paradigm shift: from reaction to prediction and prevention

    The intensification of cyberattacks on corporations and government agencies has led to a surge of new companies offering cybersecurity solutions, and Israel boasts some of the world’s top cybersecurity firms.Until recently, investment dollars generally supported startups with a focus on defensive cyber solutions, but now firms like Israel’s CyberArk, providers of proactive and full-service cyber solutions, are of growing interest of tech investors.

  • NSA, DHS partner with academia to train next generation cyber specialists

    Universities across the United States have partnered with the NSA and DHS to prepare the next generation of cybersecurity professionals in anticipation of growing and more serious cyberattacks on the United States. Nearly 200 schools are designing new academic programs to attract more students to the growing field of cybersecurity, and with NSA and DHS as partners, the universities are preparing students for important roles in securing the nation’s digital infrastructure.

  • Hacktivists have been stealing information from U.S. computers for a year

    The FBI reports that activist hackers linked to the group Anonymous have been accessing the computers of numerous government agenciesfor almost a year, and stealing sensitive information. The hackers took advantage of a flaw in Adobe Systems’ColdFusion software to launch a series of intrusions which began December 2012, and then left “back doors” to return to the computers multiple times.

  • Government, private sector prioritize cybersecurity education

    As government and private sector organizations transmit and store more information electronically, the need for professionals with skills to protect and evaluate sensitive information is increasing. American companies and government agencies are expanding various initiatives aimed at increasing the number of cybersecurity professionals in the country.

  • Using keyboard, mouse, and mobile device “fingerprints” to protect data

    Passwords are not secure because they can be hacked or hijacked to get at sensitive personal, corporate, or even national security data. Researchers suggest a more secure way to verify computer users and protect data: tracking individual typing patterns. The researchers are now working on developing ways to identify and track individual patterns of using a mobile device or a computer mouse.

  • Cyberattacks more serious domestic threat to U.S. than terrorism: FBI

    The heads of the Federal Bureau of Investigation(FBI), Department of Homeland Security(DHS), and National Counterterrorism Center(NCTC) have declared cyber attacks as the most likely form of terrorism against the United States in the coming years. “That’s where the bad guys will go,” FBI director James Comey said about cyberterrorism. “There are no safe neighborhoods. All of us are neighbors [online].”

  • Hundreds of cyber specialists to compete at NetWars Tournament of Champions

    SANS Institute’s NetWars Tournament of Champions will be held in Washington, D.C., in mid-December. Hundreds of the brightest security professionals from around the world will compete with each other in order to determine who has the best skills in tackling cyber security challenges.

  • U.S. financial industry pushes Congress to pass cybersecurity bill

    Three financial-industry trade groups have issued a letter to senior members of the Senate Select Committee on Intelligenceto re-energize a campaign for moving forward with cybersecurity legislation. The trade groups, representing the U.S. largest financial institutions, said their ability to prevent cyberattacks will be hindered unless Congress acts.

  • Cyberdeviance, cybercrime start and peak in the teen years

    A snapshot survey indicates that cyberdeviance and cybercrime start among teens at about age 15 and peak at about age 18. This is in line with the traditional onset and peak ages for other types of misdemeanor and criminal offenses.

  • Inkblots bolster security of online passwords

    Computer scientists have developed a new password system that incorporates inkblots to provide an extra measure of protection when, as so often occurs, lists of passwords get stolen from websites. This new type of password, dubbed a GOTCHA (Generating panOptic Turing Tests to Tell Computers and Humans Apart), could foil growing problem of automated brute force attacks, and would be suitable for protecting high-value accounts, such as bank accounts, medical records, and other sensitive information.

  • Coordinating responses to cloud, infrastructure vulnerabilities

    Cybercrime presents a significant threat to individual privacy, commerce, and national security. In order to tackle this cross-border threat properly, agents involved in managing and monitoring cyber-risk-critical assets need to be able to cooperate and co-ordinate their prevention strategies. Platforms enabling coordinated cross-border responses already work well for handling malicious activity on the traditional Internet. The advent of cloud computing, however, has created a new set of challenges for security professionals in securing the platforms that deliver the cloud.

  • National grid in mock power emergency drill today and tomorrow

    North American power companies will participate in a mock power emergency scenario today and tomorrow (13-14 November) to test their ability to respond to physical or cyberattacks that may lead to widespread power outages and long term blackouts. The exercise, known as GridEx II, is the second emergency response exercise conducted by North American Electric Reliability Corporation (NERC) intended to task North American electric utility companies with reviewing their security and crisis response strategies.

  • Weakening cybersecurity to facilitate NSA surveillance is dangerous: experts

    In the wake of revelations about the NSA surveillance programs, an expert on surveillance and cybersecurity recommended a re-evaluation of those surveillance practices that weaken commercial products and services. These practices include weakening standards and placing “back doors” into products that are accessible to U.S. government agencies. The expert – Jon Peha, former chief technology officer of the FCC and assistant director of the White House’s Office of Science and Technology — said deliberately weakening commercial products and services may make it easier for U.S. intelligence agencies to conduct surveillance, but “this strategy also inevitably makes it easier for criminals, terrorists and foreign powers to infiltrate these systems for their own purposes.”

  • DHS struggling to respond to cybersecurity threats: IG

    A recent reportby DHS inspector general (IG) has documented the agency’s struggle to respond to cybersecurity threats and its inability to disseminate information about threats because of technical, funding, and staffing challenges.