• DARPA working on major cyber security break through

    The DOD’s advanced research arm, DARPA, is currently working on two programs that could radically change cyber security; one program, CRASH, is based on the human immune system and will make it less likely that computers will spread cyber infections to other networks; DAPRA is also working on another program, PROCEED, which will allow programmers to work directly with encrypted data without having to decrypt it first; both are highly experimental and may not succeed, but researchers have high hopes

  • Critical cyber vulnerabilities found in financial system

    A recent report found critical weaknesses in automated high-frequency trading systems that hackers could exploit to make money or simply wreak havoc on the financial system; cPacket Networks fears that hackers could use what it calls a “side channel attack” stealthily to manipulate financial data as it is received by these high-frequency trading program; many analysts believe that the “flash crash” in May 2010, when the Dow dropped nearly a thousand points in several minutes, was unintentionally caused by high-frequency trading systems; cPacket is working with financial institutions to optimize their high-frequency trading systems to detect these manipulations

  • Stuxnet may turn Bushehr into a new Chernobyl

    The destructive Stuxnet virus infected some 45,000 industrial control computers and servers in Iran; it destroyed more than 20 percent of Iran’s centrifuges, and, on 16 November, forced Iran to shut down uranium enrichment operations; it also infected the control system of the Bushehr reactor; Stuxnet is a sophisticated virus: while doing its destructive work, it makes sure that control computers continue to display “normal” operational information; one Russian expert described how engineers at Bushehr “saw on their screens that the systems were functioning normally, when in fact they were running out of control”; a new intelligence report says that with control systems disabled by the virus, an accident in the reactor is likely — an accident which would have the force of a “small nuclear bomb”

  • Western analysts, Israel: Egyptian regime will weather the storm

    Israeli and western analysts agree Egyptian regime will remain as popular uprising gains strength while government clamps down on protesters; little to no concern of Muslim Brotherhood takeover: government shuts down Internet access, cellular service, and other personal communications in an effort to contain the rebellion as turmoil spreads across Egypt; journalists under assault; former IAEA chief El-Barradai under house arrest; ruling party headquarters set ablaze

  • Enabling PC operating systems to survive attacks

    In certain computer security attacks, an outside party compromises one computer application (such as a Web browser) and then uses that application to submit a “system call” to the operating system, effectively asking the operating system to perform a specific function; instead of a routine function, however, the attacker uses the system call to attempt to gain control of the operating system; North Carolina State University researchers offer a solution

  • Stuxnet heralds age of cyber weapons, virtual arms race

    Mounting evidence indicates that Stuxnet was created by the United States and Israel to target Iran’s nuclear program; analysts call this the first use of a specially designed cyber weapon and fear the beginning of a cyber weapons arms race; one analyst hopes that a doctrine of mutually assured destruction will limit the use of these devastating weapons in the future; current trends and other analysts indicate that cyber space will continue to be militarized

  • NATO networks vulnerable to cyber threat: U.S.

    U.S. says NATO’s military networks are not fully protected against cyber threats and the alliance must make good on a pledge to erect a virtual wall by 2012; U.S. Deputy Defence Secretary William Lynn warned at the end of a two-day visit to Brussels that the cyber threat was “maturing” from an espionage and disruption tool to a destructive force against vital infrastructure

  • Bill giving president power over Internet in cyber emergency to return

    A controversial bill handing President Obama power over privately owned computer systems during a “national cyberemergency,” and prohibiting any review by the court system, will return this year; the bill which emerged from a Senate committee on 15 December 2010, is more restrictive in three respects than the original bill, made public June 2010: The revised version sayis that the federal government’s designation of vital Internet or other computer systems “shall not be subject to judicial review”; another addition expanded the definition of critical infrastructure to include “provider of information technology”; a third authorized the submission of “classified” reports on security vulnerabilities

  • Australia unprepared for cyber attacks

    The head of cyber security at BAE Systems Australia is calling for expanded training for cyber security experts in Australia; he believes that there is a lack of proper training and there must be greater cooperation between the government and the private sector; a government report finds that the Australian government is underprepared for cyber security threats; in February 2010 hackers brought down the government’s main site and the parliament’s homepage for two days

  • Brivo: using the Internet to control, secure devices

    Cloud computing offers efficiency and economy — but the Achilles Heel of the technology is security; Brivo uses software as a service (SaaS)-based physical access control systems (PACS) to leverage the power and versatility of the Internet to provide real-time device control for organizations that need to protect buildings and facilities

  • GAO finds critical shortfalls in cyber security guidelines for smart grid

    The GAO issued a report that found critical shortfalls in the proposed guidelines for modernizing the smart grid; the proposed guidelines, released by NIST and the FERC, contained several shortcomings that would leave the nation’s security grid vulnerable to cyber attack; “missing pieces” in the guideline include a lack of metrics to evaluate cyber security, no enforcement mechanisms, and no coordination of disjointed oversight bodies; NIST and FERC agreed with the findings and is moving to address them in their next set of guidelines

  • Cyber Security Challenge finalists shortlisted

    The nation-wide U.K. Cyber Security Challenge held the first round of competition over the weekend, with two teams making it through to the finals; the industry-sponsored Challenge aims to entice young people into choosing cyber security as a career and to find great IT talent that could be put to use for defending U.K.’s cyber infrastructure

  • Fears of cyberwar exaggerated: report

    New report says that analysis of cyber-security issues has been weakened by the lack of agreement on terminology and the use of exaggerated language; the report says online attacks are unlikely ever to have global significance on the scale of, say, a disease pandemic or a run on the banks; the authors say, though, that “localized misery and loss” could be caused by a successful attack on the Internet’s routing structure, which governments must ensure are defended with investment in cyber-security training

  • Israel, with U.S. help, tested Stuxnet at Dimona before attacking Iran

    The New York Times quoted intelligence and military experts to say that U.S. and Israeli intelligence services collaborated to develop a destructive computer worm to sabotage Iran’s efforts to make a nuclear bomb; the Stuxnet computer worm shut down a fifth of Iran’s nuclear centrifuges in November and helped delay its ability to make its first nuclear weapons; before using Stuxnet to attack Iran’s nuclear program, Israel has tested the effectiveness of the malware at the heavily guarded Dimona complex in the Negev desert which houses Israel’s undeclared — and the Middle East’s sole — nuclear weapons program

  • Estonia considers draft for newly created cyber army in emergency

    Estonia just announced the creation of an all-volunteer cyber army; the Cyber Defense League unites computer experts from the private sector and the government; the League conducts regular drills and operates under a unified military command; Estonian defense officials are contemplating instituting a cyber expert draft in the event of a serious national crisis; Estonia is the first country to experience a cyber war — in 2007 Russian hackers, suspected of having been directed by the Russian military, systematically shut down major government, financial, political and news Web sites