• Stuxnet shows how nuclear plants may be attacked

    Security experts say that critical infrastructure firms need to respond quickly in order to protect their systems from Stuxnet, and warn that its spread may mark the beginning of increased cyber espionage and sabotage; what is especially worrisome about Stuxnet is that a pattern in its code — designed to match that of a specific application — suggests that the worm’s authors had a specific facility in mind

  • October's National Cyber Security Awareness Month launched

    Dozens of cybersecurity initiatives to reach consumers, students, and businesses; the National Cyber Security Alliance (NCSA), DHS, and the Multi-State Information Sharing and Analysis Center, have sponsored National Cyber Security Awareness Month every October since its founding in 2003

  • Faster cybersecurity with merging of two protocols

    Combination of unrelated protocols — a suite of automated network access control standards from the Trusted Computing Group and the government’s Security Content Automation Protocols (SCAP) — now being tested in South Carolina to enable automated policy enforcement on networks; the two standards offer a complementary set of capabilities, each valuable in its own right but much more powerful when combined

  • Ethical hacking conference coming to Charleston, WVA

    A major ethical hacking event will take place in Charleston, West Virginia, 23-24 October; the event will focus on “white hat hacking” — meaning learning how to think like the “black hat hackers” or bad actors and how they operate; a Hacker Village will be set up at the Charleston Civic Center featuring a network of systems designed with vulnerabilities so attendees can try their stuff with mentors on hand

  • Cyber innovation center launches in Maryland

    SAIC opens a new Cyber Innovation Center in Columbia, Maryland; SAIC employees in Columbia and throughout the United States will have remote access to the Center’s technical-solutions lab

  • U.S. battling simulated cyber attack in Cyber Storm III exercise

    A 3-day cyber exercise simulates a “large-scale cyberattack on critical infrastructure,” involving thousands of participants at computer work stations across the globe and is one of the largest such exercises ever conducted; the biennial exercise is being staged by DHS and is the first test of the new National Cybersecurity and Communications Integration Center (NCCIC); the NCCIC booted up in October 2009 to serve as the coordinating center for U.S. cybersecurity operations and houses U.S. government computer experts and their private sector counterparts under one roof

  • U.S. to make Internet wiretaps easier

    The Obama administration plans to submit a bill next year that would require all online services that enable communications to be technically equipped to comply with a wiretap order; this would include providers of encrypted e-mail, such as BlackBerry, networking sites like Facebook, and direct communication services like Skype; federal law enforcement and national security officials say new the regulations are needed because terrorists and criminals are increasingly giving up their phones to communicate online

  • Iran admits its nuclear facilities are under massive cyberattack

    Iran has confirmed that 30,000 computers in the country’s power stations, including the nuclear reactor in Bushehr, have been attacked by the Stuxnet worm; the Stuxnet worm is described by experts as the most complex piece of malware ever designed; once Stuxnet gains access to a plant’s computers, it hunts out specific software that controls operations such as the opening and closing of valves or temperature regulation; by halting those processes it can cause extensive damage to nuclear power stations, power grids or other industrial facilities; the high number of infections in Iran have led experts to conclude that the worm may have been designed in the United States or Israel to disable Iran’s controversial nuclear facilities

  • Secure network for critical infrastructure idea draws fire

    The Obama administration wants to develop a secure computer network to defend civilian government agencies and critical civilian infrastructure and industries; the restricted network would allow the government to provide greater protection to vital online operations and critical infrastructure — such as financial networks, commercial aviation systems, and the national power grid — from Internet-based attacks; critics say this ambitious idea is impractical

  • Experts: Israel used cyber weapon to disrupt Iran's nuclear reactor

    The Stuxnet malware has infiltrated industrial computer systems worldwide in July and August; now, cyber security experts say that the worm was, in fact, is a search-and-destroy cyber weapon meant to hit a single target — Iran’s Bushehr reactor; Stuxnet amazed — and stunned — computer security experts: too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick; in Stuxnet, the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide — Internet link not required

  • Students think hacking is "cool"

    A third of students surveyed thought that hacking was “cool,” and a similar number thought it was “easy”; the survey found that 37 percent had hacked Facebook accounts, 26 percent e-mail accounts, with 10 percent breaching online shopping accounts; an entrepreneurial 15 percent revealed that they hacked to make money

  • Google Apps more secure with two-step verification

    More and more companies are migrating their e-mail and other cloud services over to Google Apps — but the doubts about whether making such a transition would put company security at risk linger; now the company is doing something about it: Google announced early Monday the availability of two-step verification, a more secure way for Google Apps users to sign into their accounts

  • MI5: Cyber espionage on the rise, but can be easily beaten

    MI5 says the Internet has made the threat of espionage by foreign countries higher than ever before, but insisted it is “relatively straightforward” to block attempts to steal data; MI5 has previously written to the bosses of big British companies to warn them of the threat online, particularly from hackers with links to the Chinese intelligence services

  • Pentagon lacks effective doctrine to guide cyberwarfare operations

    There has been much talk recently about cyber warfare, and the Pentagon has even created a new U.S. Cyber Command — but the GAO says the U.S. Defense Department lacks the doctrine needed effectively to guide cyberwarfare strategies