• When Should U.S. Cyber Command Take Down Criminal Botnets?

    Trickbot is back. U.S. Cyber Command targeted this malware in autumn 2020 in an unprecedented use of military offensive cyber operations to disrupt a purely criminal operation. Jason Healey writes that “Such military operations are a good idea only in cases that meet a five-part test of imminence, severity, overseas focus, nation-state adversary, and military as a last-ish resort.”

  • How the Military Might Expand Its Cyber Skills

    As software has become an ever more integral part of life, national security experts have come to recognize that the U.S. military will need to improve its software fluency if it wants to remain dominant on the battlefields of the future.

  • U.S. Response to SolarWinds Cyber Penetrations: A Good Defense Is the Best Offense

    We are in a new “Long War,” an ambient cyber conflict that will play out over decades against multiple adversaries. This is a conflict where the best offense may be a good defense. Limiting the potential harm adversaries can impose on us, while retaining the ability to inflict asymmetric damage, offers the best hope of bolstering U.S. national security and creating a world of cyber deterrence and restraint. Hopefully, SolarWinds marks the inflection point of a pivot to a more effective defense-based national cyber strategy.

  • Punitive Response to SolarWinds Would Be Misplaced, But Cyber Deterrence Still Matters

    Some analysts argue that the United States should respond to the SolarWinds breach by focusing on improving defenses, rather than on conducting a retaliatory response such as some government officials have been advocating. Apunitive response to SolarWinds may be unwise because the available evidence indicates that the objective of the operation was national security espionage. However, this does not mean that the pursuit of deterrence strategies to address other types of malicious behavior in cyberspace, beyond espionage, is a fool’s errand. Deterrence is not a one-size-fits-all concept in cyberspace—or in any other domain.

  • Help Wanted: The Cybersecurity Workforce of the Future Starts with Students Today

    Today’s critical infrastructure systems from farm fields planted with digital sensors that track soil moisture and nutrient levels to electric power grids equipped to instantly respond to digital signals about shifts in supply and demand are increasingly vulnerable to attacks that could cripple civil society, according to cybersecurity experts. Today, there are nearly 2 million U.S. job openings in the field of cybersecurity, studies indicate.

  • In the Wake of SolarWinds: Making and Breaking a Rules-Based Global Cyber Order

    We should recognize that the need to make careful distinctions between different categories of cyber operations, and shun the use of emotive and misleading language about “attacks,” should also be extended to the field of political influence via the internet. Using cyberspace to spread propaganda, influence political outcomes and reveal or invent damaging information is an extension of tactics that have been used in different ways for millennia—including by the U.S. Actually trying to rig U.S. elections by tampering with the count online would be completely different and vastly more serious.

  • Georgia State’s Designated National Center of Academic Excellence in Cyber Defense Research, Education

    The National Security Agency (NSA) and the Department of Homeland Security (DHS) have designated Georgia State University as a National Center of Academic Excellence in Cyber Defense Research and a National Center of Academic Excellence in Cyber Defense Education through 2025.

  • K-12 Schools Need to Take Cyberattacks More Seriously

    There has been an uptick of ransomware attacks in which cybercriminals have targeted public schools throughout the United States – from Hartford, Connecticut, to Huntsville, Alabama – since the 2020-21 school year began. Federal cybersecurity officials say the attacks – which involve things that range from the theft of sensitive student data to the disruption of online classes – are expected to continue. As a researcher who specializes in cybercrime and cybersecurity, I know that public schools represent easy and attractive targets for cybercriminals.

  • New Cybersecurity Degree Offered at UH West O’ahu

    The University of Hawaiʻi–West O’ahu has unveiled a new slate of academic offerings—including another STEM (science, technology, engineering and math) degree—to address the state’s workforce needs, in time for the start of the fall 2020 semester.

  • Utah State University’s Seth Manesse Wins First Individual CyberForce Competition

    After a tough, day-long contest, Seth Manesse from Utah State University won the sixth CyberForce Competition. Each CyberForce Competition presents a real-world scenario in which participants must defend cyber-physical infrastructure against threats modeled on those faced by the energy sector today. The 2020 scenario involved a wind energy company in charge of over 20,000 megawatts of electricity generation that has been experiencing abnormal network activity.

  • QAnon Hasn’t Gone Away – It’s Alive and Kicking in States Across the Country

    By this point, almost everyone has heard of QAnon, the conspiracy spawned by an anonymous online poster of enigmatic prophecies. Perhaps the greatest success of the conspiracy is its ability to create a shared alternate reality, a reality that can dismiss everything from a decisive election to a deadly pandemic. The QAnon universe lives on – now largely through involvement in local, not national, politics. Moving on from contesting the election, the movement’s new focus is vaccines and pandemic denialism.

  • New Tool Helps Spot False Information on Social Media

    University of Nebraska students have developed a tool — Info Window – which aims to help audiences look at their social feeds more critically, learn how to spot false information online, and understand how these tools can be used for malicious purposes.

  • The FBI Is Breaking into Corporate Computers to Remove Malicious Code – Smart Cyber Defense or Government Overreach?

    The FBI has the authority right now to access privately owned computers without their owners’ knowledge or consent, and to delete software. It’s part of a government effort to contain the continuing attacks on corporate networks running Microsoft Exchange software, and it’s an unprecedented intrusion that’s raising legal questions about just how far the government can go.

  • Specific Cybersecurity Guidelines to Help Protect Our Elections

    Making elections secure means protecting against ever-evolving threats to information technology — which scans in-person and mail-in ballots, supports voter registration databases and communicates vote tallies. To reduce the risk of cyberattacks on election systems, NIST has released draft guidelines that provide a road map to help local election officials prepare for and respond to cyber threats that could affect elections. The plain-language guide provides strategies to guard election-related technology against cyberattack.

  • UWF Re-Designated as Cybersecurity Regional Hub for the Southeast U.S., with Expanded Mission

    The University of West Florida has been re-designated by the National Security Agency and Department of Homeland Security as the Southeast Centers of Academic Excellence in Cybersecurity (CAE-C) Regional Hub. The UWF Center for Cybersecurity has served as the Southeast regional hub since 2017, providing leadership in cybersecurity education among colleges and universities in five states and Puerto Rico.