• Panic at the Pump and the Real Threat to Energy Security

    On Friday, May 7, the Colonial Pipeline was taken offline by a cyber attack. A major piece of the national energy infrastructure, the 5,500-mile-long line carries 45% of all the fuel — including gasoline, aviation fuel, and home heating oil — consumed on the East Coast. Gregory Brew writes that “almost immediately, commentators compared the situation to the Arab oil embargo of 1973 to 1974. “Such thinking reflects years of scholarship and public discourse focusing on energy security: the ability of consumers and governments to maintain access to energy flows, at reasonable prices, and handle potential disruptions,” he writes. Such analogies, while tempting, focus attention on mythical dangers at the expense of real ones.

  • Tips and Tactics for Dealing with Ransomware

    Used in cyberattacks that can paralyze organizations, ransomware is malicious software that encrypts a computer system’s data and demands payment to restore access. To help organizations protect against ransomware attacks and recover from them if they happen, NIST has published an infographic offering a series of simple tips and tactics.

  • Enhancing Defenders’ Predictive Power in Cyberspace

    How can organizations proactively protect themselves against cyber threats? What are the current frameworks in use to protect organizations against cyber threats? Researchers have developed a new model which focuses on cyber threats from state-sponsored actors but without the assumption of access to classified information or assets.

  • Just 12 People Are Behind Most Vaccine Hoaxes on Social Media

    Researchers have found that just twelve individuals are responsible for the bulk of the misleading claims and outright lies about COVID-19 vaccines that proliferate on Facebook, Instagram and Twitter. Many of the messages about the COVID-19 vaccines being widely spread online echo the lies peddlers of health misinformation have been spreading in the past about other vaccines, for example, the vaccines against measles, mumps, and rubella.

  • How Truth Decay Is Fueling Vaccine Hesitancy

    A recent poll found that more than a quarter of Americans will not try to get vaccinated. Why are so many people opting out? Why are so many people opting out? The reasons vary, but some simply don’t trust the public health and government officials who are urging them to get the vaccine. The spread of misinformation and disinformation, which is rampant over social media, is one of the factors fueling vaccine hesitancy. And in turn, it’s threatening our ability to end the pandemic for good.

  • Cyberspace Is Neither Just an Intelligence Contest, nor a Domain of Military Conflict; SolarWinds Shows Us Why It’s Both

    Operations in cyberspace—at least those perpetrated by nation-state actors and their proxies—reflect the geopolitical calculations of the actors who carry them out. Erica D. Borghard writes that cyberspace is sometimes an intelligence contest, and other times a domain of conflict, depending on the strategic approaches and priorities of particular actors at a given moment in time. The SolarWinds campaign shows that “Future conversation needs to move beyond the military versus intelligence contest binary construct to more meaningfully explore how states may seek to use cyberspace for multiple objectives, either in sequence or in parallel,” she writes.

  • The TSA Should Regulate Pipeline Cybersecurity

    Fuel deliveries to the east coast of the United States have been brought to a standstill by cybercriminals that have gained access to Colonial Pipelines’ networks and forced the company to shut down its distribution system. After two decades of trying to make a voluntary partnership with industry work, this incident demonstrates that neither thoughts, prayers, nor information sharing is sufficient. It is time for the federal government to exercise its existing authority to regulate the cybersecurity of pipelines.

  • Cybercrime a Booming Business — Thanks to COVID

    The coronavirus pandemic has given a huge boost to internet crime. The number of offenses is on the rise while the number of successfully solved cases is stagnating in Germany. Germany’s Federal Criminal Police Office (BKA) registered 108,474 cybercrimes in its latest annual report. That is an increase of nearly 8% on the previous year.

  • Detecting Conspiracy Theories on Social Media

    Conspiracy theories circulated online via social media contribute to a shift in public discourse away from facts and analysis and can contribute to direct public harm. Social media platforms face a difficult technical and policy challenge in trying to mitigate harm from online conspiracy theory language. Researchers are working to improvemachine learning to detect and understand online conspiracy theories.

  • Protecting Critical Energy Infrastructure

    Increasingly, both Israel and the U.S. face costly cyberattacks that can cause severe damage to critical energy infrastructure. A new consortium will develop, integrate, and test technologies, and demonstrate high value cyberattack mitigation technologies on the energy infrastructure, using data analytics, artificial intelligence, and machine learning.

  • Huawei’s Ability to Eavesdrop on Dutch Mobile Users Is a Wake-up Call for the Telecoms Industry

    Chinese technology provider Huawei was recently accused of being able to monitor all calls made using Dutch mobile operator KPN. While the full report on the issue has not been made public, journalists reporting on the story have outlined specific concerns that Huawei personnel in the Netherlands and China had access to security-essential parts of KPN’s network – including the call data of millions of Dutch citizens – and that a lack of records meant KPN couldn’t establish how often this happened.

  • Complex Passwords Aren't Always Best

    Research shows increasingly complex website password restrictions often leave users frustrated and lead to poor password security. “Our results confirm that the tougher the constraints of creating the passwords the safer users feel with their information,” said one expert. “However, the results show that a large number of restrictions can frustrate users.”

  • An Uncrackable Combination of Invisible Ink and Artificial Intelligence

    Coded messages in invisible ink sound like something only found in espionage books, but in real life, they can have important security purposes. Yet, they can be cracked if their encryption is predictable. Now, researchers have printed complexly encoded data with normal ink and a carbon nanoparticle-based invisible ink, requiring both UV light and a computer that has been taught the code to reveal the correct messages.

  • New AI tool Tracks Evolution of COVID-19 Conspiracy Theories on Social Media

    A new machine-learning program accurately identifies COVID-19-related conspiracy theories on social media and models how they evolved over time—a tool that could someday help public health officials combat misinformation online.

  • Zero-Knowledge Proofs in Vulnerability Disclosure

    Today, the disclosure process for software vulnerabilities is fraught with challenges. Cybersecurity researchers and software security analysts are faced with an ethics versus efficacy dilemma when it comes to reporting or sharing discovered bugs. Revealing a vulnerability publicly may get the attention of the program’s developers and motivate a timely response, but it could also result in a lawsuit against the researcher. Researchers develop capability to mathematically prove exploitability of vulnerable software without revealing critical information.