• Drone security questions raised years ago

    Questions about the security of drone communications were raised years ago; in 2004, U.S. officials raised concerns about Russia and China intercepting and manipulating video from drone aircraft, but the military believed it was facing more pressing issues; officers at the time were not concerned about communications being intercepted in Iraq or Afghanistan because they believed militants were technically unsophisticated.

  • U.S. Army working to encrypt UAV video feeds

    The Army is scrambling to secure the live video feeds from its UAVs from being intercepted by insurgents in Iraq and Afghanistan; Raven drones will be retrofitted with encryption technology as early as this month; the U.S. Air Force has known for more than a decade that the live video feeds from its unmanned aerial vehicles can be intercepted by the enemy but opted not to do anything about it until this year.

  • Pentagon says U.S. fixed drones hacked by Iraqi insurgents

    Iraqi insurgents, using a $25.95 off-the-shelf commercial application, were able to intercept communication between U.S. surveillance UAVs and the UAVs’ command center; the hacking was discovered when the U.S. military found files of intercepted drone video feeds on laptops of captured militants; U.S. soldiers discovered “days and days and hours and hours of proof,” one U.S. officer said; the same hacking technique is known to have been employed in Afghanistan; the U.S. government has known about the UAV communication flaw since the 1990s, but assumed its adversaries would not be able to take advantage of it.

  • Adobe to patch zero-day Reader, Acrobat hole

    On 12 January Adobe will release patches to fix zero-day vulnerabilities in Reader and Acrobat; malicious Adobe Acrobat PDF files are distributed via an e-mail attachment that, when opened, executes a Trojan that targets Windows systems, according to Symantec; the rate of infection is extremely limited and the risk assessment level is very low, the company said.

  • Prediction for 2010: The coming cloud crash

    Technology maven Mark Anderson predicts a big remote-computing service disaster; “My hunch is that there will never really be a secure cloud,” he says; businesses will view cloud services more suspiciously and consumers will refuse to use them for anything important, he says

  • Michigan in cyber-security partnership with DHS

    Michigan will deploy EINSTEIN 1, the DHS-run cyber security system which all federal agencies are required to use; EINSTEIN 1 automates the collection and analysis of computer network security information from participating agency and government networks to help analysts identify and combat malicious cyber-activity

  • DHS launches virtual cyber job fair

    In October DHS announced it was given the authority to hire 1,000 cyber security professionals during the next three years; late last week the department launched a virtual job fair to begin and recruit these cyber specialists; DHS is looking for applicants with experience in cyber risk and strategic analysis, malware/vulnerability analysis, incident response, exercise and facilitation management, vulnerability detection and assessment, intelligence analysis, and cyber-related infrastructure inderdependency analysis

  • US, Russia begin talks on cyberspace security

    U.S. officials say the Obama administration realized that more nations were developing cyberweapons and that a new approach was needed to blunt an international arms race; the United States also hope to enlist the Russians in the war against cybercrime

  • Cybercriminals begin to exploit the cloud for hacking

    Cloud password cracker is a sign of things to come: cloud computing offers advantages of scale and cost, but its reliance on the Internet makes it vulnerable to hacking; “The cloud is going to offer the serious criminal huge computing resources on tap, which has lots of interesting applications,” says one security expert; “If nothing else, it should change a few threat models”

  • House of Lords hears evidence on risk of cyberterattacks

    The House of Lords hears evidence that the U.K. communication system is vulnerable to cyberattacks; experts advised the Lords that since up to 90 percent of the critical infrastructure on which Europe depends is privately owned and crosses international boundaries, then only co-operative planning between public and private sectors, as well as EU member states, can hope to deal with the risks.

  • Cisco annual information security report highlights risks of social media

    Cisco has released its annual information security report for 2009 and the year-end analysis; the report highlights the impact of social media on network security and the critical role that people — not technology — play in creating opportunities for cybercriminals.

  • New NIST director says U.S. faces "critical time in cybersecurity"

    Patrick Gallagher, the new director of the U.S. National Institute of Standards and Technology, sees NIST’s role as a catalyst for the application of technology to pressing environmental, economic, and social concerns

  • Cyberattacks on U.S. military systems rise

    In 2000, there were 1,415 cyber attacks on U.S. military networks; in all of 2008 there were 54,640 malicious cyber incidents targeting DoD systems; in the first six months of 2009 tThere were 43,785 such incidents.

  • How vulnerable is the smart grid?

    The smart grid is a theoretically closed network, but one with an access point at every home, business, and other electrical power user where a smart-grid device is installed; those devices, which essentially put the smarts into the grid, are computers with access to the network; in the same way attackers have found vulnerabilities in every other computer and software system, they will find vulnerabilities in smart-grid devices

  • Cyber security certification is not a panacea for cybersecurity woes

    The U.S. Congress is deliberating proposals to require cybersecurity certification for cyber security professionals; although a good certification standard might be a measure of a baseline level of competence, it is not an indicator of job performance; having certified employees does not mean firewalls will be configured securely, computers will have up-to-date patches, and employees won’t write passwords on the backs of keyboards