-
DHS to double cybersecurity staff
DHS recently announced that it plans to increase its cybersecurity workforce by more than 50 percent so that it can lead government-wide efforts to secure federal networks against cyber attacks as outlined in President Obama’s recently proposed cybersecurity plan; DHS plans to hire 140 additional cybersecurity experts by October 2012 bringing the agency’s total to 400; under the president’s proposed legislation, DHS would act as the lead agency in coordinating cybersecurity measures across the government and would also be responsible for ensuring that private operators of critical infrastructure have adequate security measures in place
-
-
Hackers crack Nikon's image verification system
A cyber security firm recently announced that it had successfully hacked Nikon’s image verification system that protects digital photos; ElcomSoft, a cyber security firm, says that its hackers have successfully replicated the electronic signature code from Nikon images allowing it to manipulate photos that still pass authentication tests; Nikon’s Image Authentication System is aimed at verifying digital images to ensure that they have not been tampered with especially when used in forensics, accident reports, or construction documentation; ElcomSoft says that its goal was to raise awareness about the security vulnerability and the company has alerted Nikon to the weaknesses of its system
-
-
Google joins Apple in privacy furor
iPhones transmit locations back to Apple, and Apple is not alone in this activity; Google has disclosed that its Android cell phones have been transmitting location data for some time; members of the Congress and Senate have begun to demand answers and explanations
-
-
Weak passwords get robust protection
The combination of simple codes and Captchas, which are even more encrypted using a chaotic process, produces effective password protection; the passwords of the future could become more secure and, at the same time, simpler to use; researchers have been inspired by the physics of critical phenomena in their effort significantly to improve password protection; the researchers split a password into two sections; with the first, easy to memorize section they encrypt a Captcha — an image that computer programs per se have difficulty in deciphering; the researchers also make it more difficult for computers, the task of which it is automatically to crack passwords, to read the passwords without authorization; they use images of a simulated physical system, which they additionally make unrecognizable with a chaotic process; these p-Captchas allowed the researchers to achieve a high level of password protection, even though the user need only remember a weak password
-
-
Firm pushes for open wireless sensor data
As wireless sensors are becoming increasingly ubiquitous in electrical grids, homes, and businesses, electronic enthusiasts and programmers believe that this data could be used to create a host of new devices with practical uses; making sensor data freely available allows engineers to build software and apps that monitor data in real time for things like local radiation levels, water quality, or even your home’s energy consumption; leading the push for open sensor data is U.K. based Pachube (pronounced “patchbay”) which has developed a network of sensors that collect six million points of data per day; the majority of sensor information is currently encrypted and therefore inaccessible
-
-
Feds forced to get creative to bypass encryption
As increasingly sophisticated encryption technology becomes widely available, federal authorities have been forced to find new ways to conduct surveillance against suspected criminals or terrorists; when federal authorities try to gather evidence on suspects, they frequently encounter PGP encrypted documents that they cannot hack into; authorities are experimenting with several methods to bypass encryption including keystroke logging spyware, seizing the computer while it is still on, and forcing an individual to turn over their passwords to federal authorities; the FBI recently floated a proposal that would force Web-based e-mail servers and social networks to build backdoors so that federal authorities could conduct surveillance, but quickly backed down
-
-
U.K. rethinking cyber security
U.K. cyber crime could cost more than 27 billion Pounds a year; the estimate of 21 billion Pounds to businesses, 2.2 billion Pounds to government, and 3.1 billion Pounds to citizens may be an under-estimation due to a possible lack of reporting for fear of reputational damage; the hardest-hit sectors being pharmaceuticals, biotech, electronics, IT, and chemicals
-
-
FBI says it does not demand encryption back doors
The FBI says that it is not calling for restrictions on encryption without back doors for law enforcement; only last fall the agency said discussions should focus on requiring that communication providers and Web sites have legally mandated procedures to divulge unencrypted data in their possession; the FBI says that because of the rise of Web-based e-mail and social networks, it’s “increasingly unable” to conduct certain types of surveillance that would be possible on cellular and traditional telephones
-
-
DARPA working on major cyber security break through
The DOD’s advanced research arm, DARPA, is currently working on two programs that could radically change cyber security; one program, CRASH, is based on the human immune system and will make it less likely that computers will spread cyber infections to other networks; DAPRA is also working on another program, PROCEED, which will allow programmers to work directly with encrypted data without having to decrypt it first; both are highly experimental and may not succeed, but researchers have high hopes
-
-
Australia unprepared for cyber attacks
The head of cyber security at BAE Systems Australia is calling for expanded training for cyber security experts in Australia; he believes that there is a lack of proper training and there must be greater cooperation between the government and the private sector; a government report finds that the Australian government is underprepared for cyber security threats; in February 2010 hackers brought down the government’s main site and the parliament’s homepage for two days
-
-
U.S. federal investment in cybersecurity to reach $13.3 billion by 2015
U.S. federal investment in information security will rise from $8.6 billion in 2010 to $13.3 billion by 2015 at a compound annual growth rate of 9.1 percent, nearly twice the rate of overall federal IT spending
-
-
Pentagon revamps security in wake of Wikileaks
There are 2.2 million people in the United States with access to one or more levels (confidential, secret, and top secret) of classified information; there are 854,000 people with top secret clearances — of which 265,000 are contractors; the 9/11 Commission recommended more sharing of information among agencies — but critics say that too much sharing is as risky as too little sharing
-
-
DHS slowly moving government's Internet traffic to secure networks
It will take several more years for the U.S. government fully to install high-tech systems to block computer intrusions, a drawn-out timeline that enables criminals to become more adept at stealing sensitive data, experts say; DHS is responsible for securing government systems other than military sites, and the department is slowly moving all the government’s Internet and e-mail traffic into secure networks — known as Einstein 2 and Einstein 3 — which eventually will be guarded by intrusion detection and prevention programs
-
-
WikiLeaks episode demonstrates insider security threat
Even the toughest security systems sometimes have a soft center that can be exploited by someone who has passed rigorous screening; the U.S. Defense Department’s Secret Internet Protocol Router Network (SIPRNet), a system of dedicated and encrypted lines and servers set up by the Pentagon in the 1990s globally to transmit material up to and including “secret,” the government’s second-highest level of classified information; in 1993, GAO report estimated more than three million U.S. military and civilian personnel had the clearance to access SIPRNet
-
-
Defeating detector blinding attacks on quantum cryptography
Quantum cryptography is a method to distribute digital encryption keys across an optical fiber; the protocol has been proven to be perfectly secure from eavesdropping; any differences between the theoretical protocol and its real-world implementation, however, can be exploited to compromise the security of specific systems; one form of attack on quantum cryptography is called a detector blinding attack — but Toshiba researchers show how such attacks can be rendered ineffective
-