• House's homeland security bill doubles cybersecurity R&D budget

    The 2010 Homeland Security Science and Technology Authorization Act would double the cybersecurity research and development budget to $75 million for each of the next two years and authorize another $500 million for a study to find ways to promote industry best practices through, for example, liability requirements that hold hardware and software vendors responsible for damages caused by a security breach

  • Dell warns of hardware trojan

    Computer maker Dell is warning that some of its server motherboards have been delivered to customers carrying an unwanted extra: computer malware; it could be confirmation that the “hardware trojans” long posited by some security experts are indeed a real threat; the Pentagon is spending millions on research designed to ensure it can trust the microchips in critical systems, especially those made outside the United States

  • Digital retaliation: Turkish hackers steal personal information of 122,000 Israelis

    A month ago Israel stopped several ships, sponsored by a Turkish fundamentalist Islamic organization, which tried to breach the Israeli blockade of the Gaza Strip; nine Turkish militants were killed after they had attacked Israeli soldiers; Turkish hackers launched a retaliatory attack on Israeli digital databases, stealing the e-mail addresses and credit card and PayPal account information of 122,000 Israelis; the hackers also attacked 2,100 Israeli Web sites; security expert advises affected Israelis to change passwords, and credit cards.

  • Malicious virus targets SCADA systems

    Supervisory Control and Data Acquisition, or SCADA, stands for large-scale distributed remote processing systems that gather data in real time to control critical industrial, infrastructure, or facility processes and equipment; SCADA is used to control U.S. critical infrastructure — power plants, oil and gas refining, telecommunications, transportation, dams, water, waste control, and more; Siemens is warning customers of a new and highly sophisticated virus that targets SCADA systems; these systems are typically not connected to the Internet for security reasons, but this virus spreads when an infected USB stick is inserted into a computer

  • A first: 15 nations agree to start working together on cyber arms control

    A group of nations — including the United States, China, and Russia — have for the first time showed a willingness to engage in reducing the threat of attacks on each others’ computer networks; when the group last met in 2005, they failed to find common ground. This time, by crafting a short text that left out controversial elements, they were able to reach a consensus; the Russians proposed a treaty in 1998 that would have banned the use of cyberspace for military purposes. The United States has not been willing to agree to that proposal, given that the difficulty in attributing attacks makes it hard to monitor compliance

  • UTSA's cyber security center moves into new home

    The Institute for Cyber Security Center for Infrastructure Assurance and Security at the University of Texas at San Antonio is moving to a new home on campus; Congress, DHS, and the Defense departments have thrown their money behind UTSA, which the New York Times has named one of the best places to get training as a “cyber sleuth”

  • Experts: securing U.S. critical infrastructure against cyberattack not feasible

    Experts say securing the U.S. power grid and other computer systems that operate the nation’s critical infrastructure against cyberattack is unrealistic, because companies cannot afford to check if suppliers have provided trustworthy products

  • U.S. nuclear safety agency unveils new data, physical security controls

    NNSA the rollout of new information and physical security controls aimed at balancing efficiency and safety; officials said, though, that the implementation of cybersecurity improvements is about a year behind the progress the agency has made on physical protection

  • Algorithm could improve hospital records security

    An algorithm secures patients’ records by ensuring that access to information is available to those who need it, but only when necessary; for example, once a patient has been admitted to hospital, the admissions staff do not necessarily need access to the patient’s records anymore; in many hospitals, those staff members nonetheless continue to have access to every record on file; using the algorithm, those staffers would only be able to access the patient’s record during admission processing; after that, they would find your information unavailable

  • NSA: Perfect Citizen program is purely "research and engineering effort"

    Perfect Citizen, a new National Security Agency (NSA) project, would deploy sensors in networks running critical infrastructure such as the electricity grid and nuclear-power plants; the sensors would detect intrusion and other unusual activity indicating a cyberattack on U.S. critical infrastructure; NSA spokeswoman says the program is “purely a vulnerabilities-assessment and capabilities-development contract—- This is a research and engineering effort” and “There is no monitoring activity involved, and no sensors are employed in this endeavor”

  • U.S. quietly launches protection program against cyber attacks on critical infrastructure

    The administration has quietly launched Perfect Citizen, a digital surveillance project to be run by the NSA; the project’s goal is to detect and detect cyber attacks on private companies and government agencies running critical infrastructure such as the electricity grid, nuclear-power plants, dams, and more; the program would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack — although it would not persistently monitor the whole system

  • GAO: U.S. lacks cybersecurity R&D master plan, leadership, coordination

    GAO says United States does not have prioritized national cybersecurity research and development agenda; “Without a current national cybersecurity R&D agenda, the nation is at risk that agencies and private sector companies may focus on their individual priorities, which may not be the most important national research priorities,” auditors wrote

  • Security tensions at the core of the cloud concept hobble cloud growth

    The cloud model and the notion of data having a specific location are somewhat antithetical: some cloud-service providers attempt to maintain security and availability by locating the data in multiple servers or data centers, or by locating it in an undisclosed data center; cloud-service providers are thus in a tight situation with regard to secrecy about their data centers and security procedures: many of these providers believe that this information must remain secret, but many customers — including giant potential customers such as the U.S. federal government — want to be made aware of such information before signing on with a provider

  • Secureworks World Cup of cyber security finds India the safest nation, U.S. the least safe

    Digitally speaking, the United States is the least cyber-secure country in the world: with 265,700,000 active PCs, there were 441,003,516 attempted cyber attacks, or 1,660 attacks per 1,000 computers; India is the safest digital country in the world, with a mere 52 attacks per 1,000 PCs