• Harmonization of Cyber Incident Reporting for Critical Infrastructure Entities

    DHS outlined a series of actionable recommendations on how the federal government can streamline and harmonize the reporting of cyber incidents to better protect the nation’s critical infrastructure.

  • Increase in Chinese-Language Malware Could “Challenge” Russian Dominance of Cybercrime: Report

    For decades, Russian and eastern European hackers have dominated the cybercrime underworld. These days they may face a challenge from a new contender: China. Researchers have detected an increase in the spread of Chinese language malware through email campaigns since early 2023, signaling a surge in Chinese cybercrime activity and a new trend in the global threat landscape.

  • Walking the Artificial Intelligence and National Security Tightrope

    Artificial intelligence (AI) presents nations’ security as many challenges as it does opportunities. While it could create mass-produced malware, lethal autonomous weapons systems, or engineered pathogens, AI solutions could also prove the counter to these threats. Regulating AI to maximize national security capabilities and minimize the risks presented to them will require focus, caution and intent.

  • A Review of NIST’s Draft Cybersecurity Framework 2.0

    Cybersecurity professionals, and anyone interested in cybersecurity, have noted that the gold standard of cybersecurity is getting a needed polish. “But all that glitters is not gold,” Melanie Teplinsky writes. NIST’s voluntary cybersecurity framework leaves organizations vulnerable to the nation’s most capable cyber adversaries. NIST’s proposed overhaul won’t change that.

  • In Pentagon's Overhauled Cyber Strategy, Offense is the New Defense

    The Defense Department Tuesday unveiled an unclassified version of its updated cybersecurity strategy, calling for the nation’s cyber forces to persistently seek out and engage adversaries including China and Russia, as well as terrorist organizations and transnational criminal groups, to minimize threats to the U.S.

  • Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?

    Cell-site simulators (CSS)—also known as IMSI Catchers and Stingrays—are a tool that law enforcement and governments use to track the location of phones, intercept or disrupt communications, spy on foreign governments, or even install malware.

  • Future-Proof Security Architecture for Healthcare Communications

    Electronic patient records, digital medication plans, e-prescriptions: These applications are all key elements of the telematics infrastructure (TI). Germany’s telematics infrastructure (TI) aims to allow healthcare professionals to exchange patient data securely, rapidly and from anywhere. The platform for healthcare applications will soon see a new, flexible and therefore future-proof security architecture.

  • New Quantum Device Generates Single Photons and Encodes Information

    Innovative approach is a step toward using single photons in quantum communication and information processing. Further coupling of the photon stream into waveguides — microscopic conduits of light — would provide the photonic circuits that allow the propagation of photons in one direction. Such circuits would be the fundamental building blocks of an ultra-secure quantum internet.

  • The Scourge of Commercial Spyware—and How to Stop It

    Years of public revelations have spotlighted a shadowy set of spyware companies selling and servicing deeply intrusive surveillance technologies that are used against journalists, activists, lawyers, politicians, diplomats, and others. Democratic nations (thus far) lag behind the United States in executing spyware-related policy commitments.

  • International Ransomware Gangs Are Evolving Their Techniques. The Next Generation of Hackers Will Target Weaknesses in Cryptocurrencies

    In reality, not a week goes by without attacks affecting governments, schools, hospitals, businesses and charities, all over the world. These attacks have significant financial and societal costs. Ransomware is now widely acknowledged as a major threat and challenge to modern society, and there is every expectation that criminals will continue to adapt their strategies and cause widespread damage for many years to come.

  • Detecting Malware Through Hardware-Integrated Protection

    What if malicious software and viruses – or malware – detection could simply be built into the hardware of future computers? With a grant from NSF, a Texas A&M lab will work to move malware detection from software to hardware, expanding on existing technology.

  • How Trustworthy Are Large Language Models Like GPT?

    More people feel comfortable outsourcing important projects to AI. New research shows why we shouldn’t, as generative AI may be riddled with hallucinations, misinformation, and bias.

  • Standardizing Encryption Algorithms That Can Resist Attack by Quantum Computers

    Last year, the National Institute of Standards and Technology (NIST) selected four algorithms designed to withstand attack by quantum computers. Now the agency has begun the process of standardizing these algorithms — the final step before making these mathematical tools available so that organizations around the world can integrate them into their encryption infrastructure. Three new algorithms are expected to be ready for use in 2024. Others will follow.

  • Malicious AI Arrives on the Dark Web

    Nefarious non-state actors are already harnessing AI to scale up their malicious activities. Just as legitimate users have moved on from exploring ChatGPT to building similar tools, the same has happened in the shadowy world of cybercrime.

  • AI Cyber Challenge Aims to Secure Nation’s Most Critical Software

    In an increasingly interconnected world, software undergirds everything from financial systems to public utilities. As software enables modern life and drives productivity, it also creates an expanding attack surface for malicious actors. This surface includes critical infrastructure, which is especially vulnerable to cyberattacks given the lack of tools capable of securing systems at scale. New competition challenges the nation’s top AI and cybersecurity talent to automatically find and fix software vulnerabilities, defend critical infrastructure from cyberattacks.