• Amendment to CISA: U.S. courts could pursue foreigners for crimes abroad against other foreigners

    A controversial amendment to an already-controversial cybersecurity bill will allow U.S. courts to pursue, convict, and jail foreign nationals in cases in which these foreigners committed crimes against other foreigners on foreign soil. The amendment to the Cybersecurity Information Sharing Act (CISA) cleared a key Senate hurdle on Thursday. It aims to lower the barrier for prosecuting crimes committed abroad.

  • EFF leads privacy advocates in opposing CISA

    Privacy advocates have intensified their campaign against the Cybersecurity Information Sharing Act (CISA), which the Senate will vote on sometime next week. The Electronic Frontier Foundation (EFF) says it vehemently opposes the bill, as well as amendments which would expand the Computer Fraud and Abuse Act. EFF says that CISA is fundamentally flawed. The bill’s broad immunity clauses, vague definitions, and what EFF describes as “aggressive spying powers” combine to “make the bill a surveillance bill in disguise.”

  • New tool allows users to see how their personal information is used on the Web

    Navigating the Web gets easier by the day as corporate monitoring of our e-mails and browsing habits fine-tune the algorithms that serve us personalized ads and recommendations. But convenience comes at a cost. In the wrong hands, our personal information can be used against us, to discriminate on housing and health insurance, and overcharge on goods and services, among other risks. “The Web is like the Wild West,” says one researcher. “There’s no oversight of how our data are being collected, exchanged and used.”

  • Identifying stealth attacks on complicated computer systems

    Imagine millions of lines of instructions. Then try and picture how one extremely tiny anomaly could be found in almost real-time and prevent a cyber security attack. A trio of Virginia Tech computer scientists has tested their “program anomaly detection approach” against many real-world attacks.

  • Cyberthreats, cyberattattacks will only increase over time: Experts

    The increasing dependency of a growing number of organizations on the Internet has served to increase the number of targets for hackers, particularly those organizations that have not given adequate attention to securing their network as they should. Even those networks not connected to the Internet are not immune from penetration by hackers. This is a threat that shows no sign of ever slowing down. More likely it will only increase over time, as cyber-capabilities are developed by more and more entities.

  • Guarding networks from “insider threats”

    Even the best-protected, most sensitive computer networks resemble castles: They have walls to ward off outside threats, but their interiors are full of weak points. This is why the “insider threat” — someone within a system who, out of malice or naiveté puts a system at risk - -is considered one of the most serious risks in the cybersecurity world. “The insider threat is clearly a challenge for organizations, because most countermeasures were developed for external attacks,” says one researcher.

  • Grid Security Conference focuses on information sharing among stakeholders

    More than 300 industry and federal partners are participating in the North American Electric Reliability Corporation’s (NERC) annual grid security conference, or GridSecCon, in Philadelphia, which opened on Wednesday and ends today. The conference is focusing on key cyber and physical security issues and training for enhancing the security and resiliency of the North American bulk power system. Topics of panel discussions include upgrades to NERC’s E-ISAC, cyber and physical security technology options, the transition to Version 5 of NERC’s critical infrastructure protection standards; and expectations for NERC’s third grid security exercise, GridEx III, which takes place 18-19 November.

  • Improve cybersecurity in energy delivery

    Cyber networks support many important functions within energy delivery systems, from sending data between a smart meter and utility to controlling oil or gas flow in a pipeline. However, they are vulnerable to disturbances. According to the ICS-CERT Monitor, a publication of the U.S. Department of Homeland Security, a third of the 245 reported cyber incidents in industrial control systems that happened in 2014 occurred in the energy sector. The U.S. Department of Energy (DoE) initiative awards $28.1million to a consortium of eleven universities and research organizations, with the goal of improving computer/communication networks for energy delivery systems like power grids and pipelines.

  • Protecting the U.S. power grid from cyberattacks

    In the first half of Fiscal Year 2015, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), part of the Department of Homeland Security, responded to 108 cyber incidents impacting critical infrastructure in the United States. As in previous years, the energy sector led all others with the most reported incidents. Researchers from Florida International University’s (FIU) College of Engineering and Computing have teamed up with four other universities and a utility company to help safeguard the nation’s power utilities from cyberattacks.

  • U Warwick, U.K. National Grid expand £1.5 million partnership

    Last week the University of Warwick and the U.K. National Grid have signed a Memorandum of Understanding (MoU) to extend the strategic alliance they have operated for last two years. To date that alliance has engaged in over £1.5 million worth of research and student scholarships in areas such as electricity transmission asset management, gas transmission, micro-tunneling, and cyber security.

  • Listening in on hackers talking

    Online conversations help fill critical gap in cybersecurity knowledge about attackers’ motivations, possible targets. Researchers have generated findings that shed light on how hacker communities interact and share information — and even created actionable intelligence for criminal investigations by federal agencies.

  • NSF awards $74.5 million to 257 interdisciplinary cybersecurity research projects

    The NSF the other day announced the awarding $74.5 million in research grants through the NSF Secure and Trustworthy Cyberspace (SaTC) program. In total, the SaTC investments include a portfolio of 257 new projects to researchers in thirty-seven states. The largest, multi-institutional awards include research better to understand and offer reliability to new forms of digital currency known as cryptocurrencies, which use encryption for security; invent new technology to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the “science of censorship resistance” by developing accurate models of the capabilities of censors.

  • Two new projects tackle e-mail security

    In the early, halcyon days of the Internet, researchers were more interested in sharing information rather than securing it. Now, decades later, securing the world’s most widely used medium for business communication is a full-time job for researchers and IT specialists around the globe. The modern working world cannot exist without e-mail, but hackers exploit this vital service to steal money and valuable information. The National Institute of Standards and Technology (NIST) is tackling this threat with two new projects.

  • Cyber vulnerability of civil nuclear facilities underestimated

    The risk of a serious cyberattack on civil nuclear infrastructure is growing, as facilities become ever more reliant on digital systems and make increasing use of commercial off-the-shelf software, according to a new report. The report finds that the trend to digitization, when combined with a lack of executive-level awareness of the risks involved, means that nuclear plant personnel may not realize the full extent of their cyber vulnerability and are thus inadequately prepared to deal with potential attacks.

  • Strengthening U.S. cybersecurity capabilities by bolstering cyber defense, deterrence

    Top officials from the Defense Department and the intelligence community told a Senate panel that defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities. Director of National Intelligence James R. Clapper said that for the third year in a row, cyberthreats headed the list of threats reported in the annual National Intelligence Worldwide Threat Assessment. “Although we must be prepared for a large Armageddon-scale strike that would debilitate the entire U.S. infrastructure, that is not … the most likely scenario,” Clapper said. Rather, the primary concern is low- to moderate-level cyberattacks from a growing range of sources that will continue and probably expand, adding that in the future he expects to see more cyber operations that manipulate electronic information to compromise its integrity, as opposed to deleting or disrupting access to it.