• National grid in mock power emergency drill today and tomorrow

    North American power companies will participate in a mock power emergency scenario today and tomorrow (13-14 November) to test their ability to respond to physical or cyberattacks that may lead to widespread power outages and long term blackouts. The exercise, known as GridEx II, is the second emergency response exercise conducted by North American Electric Reliability Corporation (NERC) intended to task North American electric utility companies with reviewing their security and crisis response strategies.

  • Weakening cybersecurity to facilitate NSA surveillance is dangerous: experts

    In the wake of revelations about the NSA surveillance programs, an expert on surveillance and cybersecurity recommended a re-evaluation of those surveillance practices that weaken commercial products and services. These practices include weakening standards and placing “back doors” into products that are accessible to U.S. government agencies. The expert – Jon Peha, former chief technology officer of the FCC and assistant director of the White House’s Office of Science and Technology — said deliberately weakening commercial products and services may make it easier for U.S. intelligence agencies to conduct surveillance, but “this strategy also inevitably makes it easier for criminals, terrorists and foreign powers to infiltrate these systems for their own purposes.”

  • DHS struggling to respond to cybersecurity threats: IG

    A recent reportby DHS inspector general (IG) has documented the agency’s struggle to respond to cybersecurity threats and its inability to disseminate information about threats because of technical, funding, and staffing challenges.

  • Making cybersecurity a political issue

    U.S. federal agencies have reported a dramatic rise in the number of cyberattacks over the past few years, with reported cyber incidents rising from 5,503 in 2006 to 48,562 in 2012. Since cyber incidents pose such a threat to national security and infrastructure, could cybersecurity become a political campaign issue? Experts say that if politicians were to focus their attention, and their constituents’ attention, on cybersecurity, the United States could be made safer from cyberattacks before a “cyber Pearl Harbor” – or a “cyber 9/11” – occurs.

  • U.S. tech companies could go “dark” to regain trust

    With each new revelation of the scope of the American National Security Agency’s spying, perceptions of the importance of privacy are hardening around the world. There is thus a motivation for major technology companies to provide a verifiably secure means of allowing users to communicate securely without an ability for the companies to provide access to security agencies, even if requested to. Two companies, Silent Circle and Lavabit, have come together to form the Dark Mail alliance in an attempt to do exactly this.

  • IID raises $8 million to scale shared cyberintelligence offering

    Despite the growing danger posed by cybercrime, information vital to stemming the tide is fragmented across the Internet today. Pockets of data about threat activity are siloed within the repositories of individual enterprises, government organizations, vendor networks, and research institutions. IID’s ActiveTrust enables enterprises and government agencies to combat the rising frequency and sophistication of cyberattacks by sharing cyber incident data in real time. IID has raised $8 million in Series A funding from Bessemer Venture Partners (BVP), and said it will use the investment to accommodate growing demand for ActiveTrust.

  • Many Android vulnerabilities result from manufacturer modifications

    Computer security researchers have found that Android smartphone manufacturers are inadvertently incorporating new vulnerabilities into their products when they customize the phones before sale, according to a recent study. On average, the researchers found that 60 percent of the vulnerabilities found in the smartphone models they evaluated were due to such “vendor customizations.”

  • Flickr photos reflect Hurricane Sandy's impact

    A new study has discovered a striking connection between the number of pictures of Hurricane Sandy posted on Flickr and the atmospheric pressure in New Jersey as the hurricane crashed through the U.S. state in 2012.

  • Resources on disaster preparedness, resilience

    One year after Superstorm Sandy hit the eastern United States, local, state, and federal agencies as well as community groups and businesses are working to strengthen the U.S.s resilience to future disasters. A National Research Council (NRC) has issues a series of studies and reports, and has put together workshops and study groups, which should advance the national conversation on preparedness and resilience.

  • Bill bolsters DHS’s cybersecurity workforce

    A House panel recently approved HR 3107, a bill aiming to bolster DHS’s cybersecurity workforce. The House Homeland Security Committeeamended the Homeland Security Cybersecurity Boots-on-the-Ground Actto expand DHS’ outreach to candidates for IT security jobs by creating a tuition-for-work fellowship and a program to recruit military veterans and unemployed IT specialists for DHS employment.

  • Trustev closes $3 million seed funding round

    According to research by eMarketer, global e-commerce sales are expected to reach nearly $1.3 trillion in 2013, making online fraud prevention an urgent and important requirement for every merchant. Trustev addresses this requirement by using multiple dynamic data sources to independently verify a user’s identity on e-commerce sites. The company has just closed a $3 million seed funding round to finance the further development of its e-commerce security and online fraud protection technology.

  • Preventing a “cyber Pearl Harbor”

    Cyber-security has become the new homeland security of the decade. Last year, then- Defense Secretary Leon Panetta issued a call to arms against cyberattacks, warning that sophisticated attacks against the United States could be America’s next “cyber Pearl Harbor.” It is imperative that we apply the same level of awareness and action as we have to the physical security of our facilities to ensure our security against this ever-evolving threat.

  • Mobile phone use a significant security risks for companies

    New research suggests that companies are leaving themselves open to potentially serious security and legal risks by employees’ improper use of corporate mobile devices. Experts looked at a sample of mobile phones returned by the employees from one Fortune 500 company and found that they were able to retrieve large amounts of sensitive corporate and personal information. The loss of data such as this has potential security risks, inviting breaches on both an individual and corporate level.

  • Cyphort, a threat monitoring specialist, raises $15.5 million Series B funding

    San Jose, California-based Cyphort, Inc., a company specializing in advanced threat monitoring and mitigation platform, has closed in $15.5 million Series B funding. The round was led by Menlo Park, California-based Trinity Ventures with participation from existing investors Foundation Capital and Matrix Capital. Cyphort’s platform blends multi-phase behavioral analysis, machine learning, and correlation to provide businesses with real-time detection, context, and mitigation for advanced malware attacks that bypass traditional security and first generation APT solutions.

  • NIST seeks public comments on updated smart-grid cybersecurity guidelines

    The National Institute of Standards and Technology (NIST) is requesting public comments on the first revision to its guidelines for secure implementation of “smart grid” technology. The draft document, NIST Interagency Report (IR) 7628 Revision 1: Guidelines for Smart Grid Cybersecurity, is the first update to NISTIR 7628 since its initial publication in September 2010.