• DHS Launches Cyber Safety Review Board

    On Thursday, 3 February 2022, the U.S. Department of Homeland Security (DHS) announced the establishment of the Cyber Safety Review Board (CSRB). DHS says that the CSRB is an unprecedented public-private initiative that will bring together government and industry leaders to elevate our nation’s cybersecurity.

  • Cyberattacks on Belgian Energy Companies

    Oil facilities at Belgian ports have been hit with a cyberattack. The news comes a day after Germany launched an investigation into a similar incident.

  • Strengthening Cybersecurity Scholarship and Education

    The National Science Foundation (NSF) has awarded $3.9 million to Georgia State University as part of its CyberCorps Scholarship for Service (SFS) program. The grant will fund a project that aims to address the growing need for a highly skilled national cybersecurity workforce.

  • Russia Could Unleash Disruptive Cyberattacks Against the U.S. – but Efforts to Sow Confusion and Division Are More Likely

    As tensions mount between Russia and the West over Ukraine, the threat of Russian cyberattacks against the U.S. increases. Cybersecurity experts are concerned that in the wake of recent cyberattacks by hackers affiliated with Russia, the Russian government has the capability to carry out disruptive and destructive attacks against targets in the U.S. the Russian government is likely to think twice before unleashing highly disruptive attacks against the U.S., because the U.S. government could interpret such attacks, particularly those targeting critical infrastructure, as acts of war.

  • Moving the U.S. Government Toward a Zero-Trust Architecture

    The Office of Management and Budget (OMB) released a Federal strategy aiming to move the U.S. government toward a “zero trust” approach to cybersecurity. The new strategy is an important in in implementing the administration’s Executive Order on Improving the Nation’s Cybersecurity, which focuses on advancing security measures which significantly reduce the risk of successful cyberattacks against the digital infrastructure of the federal government.

  • Israeli Police: From Warrantless Cellphone Searches to Controversial Misuse of Spyware

    Israel’s rules governing privacy and related laws have experienced a dramatic past few weeks, capped by an explosive journalistic expose revealing that Israeli police have been using NSO Group spyware allegedly without warrants or explicit statutory authorization.

  • How the U.S. Is Making Gains in an Uphill Battle Against Russian Hackers

    U.S. policy and actions in response to cyberattacks connected to Russia have changed distinctly since the Biden administration took office. The Biden administration has taken unprecedented steps to impose costs on Russian cyber criminals and frustrate their efforts, but we should be realistic about what national cyber defense can and can’t do.

  • Security Flaws in China’s Mandatory Olympics App for Athletes

    Athletes arriving at the Winter Olympics in China will have to install a Chinese-made app, called MY2022, on their smartphones, and fill in detailed information about themselves. China says that app, which the athletes will have to carry with them and periodically update, will be used to report health and travel data when they are in China. Athletes who fail to install the app, or who fail to fill in and update the information, will be sent home. Cyber analysts have found serious security and privacy flaws in the app.

  • Home for the Holidays? The Global Implications of a State-Level Cyberattack

    The 4 December 2021 cyberattack on the Maryland Department of Health (MDH) appeared, at first blush to be a local-to-Maryland problem. Maggie Smith writes, however, that “the MDH hack points to a concerning development at the nexus of cybercrime and data supply chains,” as it “shows how fragile data supply chains can be and signals how easy it is to disrupt even the most critical data flows by stopping the upstream flow of data that provides the insights and statistics on which the nations’ decision-makers rely.”  

  • Massive Cyberattack Targeting Ukraine’s Government Websites

    Several Ukrainian government websites have been targeted in a massive cyberattack amid heightened tensions between the West and Russia, which has massed troops and military equipment near the border with Ukraine.

  • U.S. Cyber Officials Bracing for Fallout from “Log4j” Vulnerability

    More than a month after the Log4j software vulnerability was first discovered, U.S. cybersecurity officials are still warning about it, saying that some criminals and nation state adversaries may be waiting to make use of their newfound access to critical systems.

  • Aiding Evaluation of Adversarial AI Defenses

    There are many inherent weaknesses that underlie existing machine learning (ML) models, opening the technology up to spoofing, corruption, and other forms of deception. Evaluation testbed, datasets, tools developed on GARD program were released to jump-start community and encourage creation of more robust defenses against attacks on ML models.

  • What Is Log4j? A Cybersecurity Expert Explains the Latest Internet Vulnerability, How Bad It Is and What’s at Stake

    Log4Shell, an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. So what is this humble piece of internet infrastructure, how can hackers exploit it and what kind of mayhem could ensue?

  • CISA Hosts Cybersecurity Navigators Forum for Election Officials

    CISA recently concluded a forum for state and local election officials to discuss cyber navigator programs. Cyber navigators are state liaisons that can help under-resourced local jurisdictions manage their cyber risks, help sort through the onslaught of risk information, advice, and available services, and help fast-track mitigation efforts. DHS is currently in the midst of its “Election Security” sprint, focused on the need to cement the resilience of the nation’s democratic infrastructures and protect the integrity of its election.

  • Computer Attacks with Laser Light

    Computer systems that are physically isolated from the outside world (air-gapped) can still be attacked. This is demonstrated by IT security experts in the LaserShark project. The researchers demonstrate hidden communication into air-gapped computer systems: Data transmitted to light-emitting diodes of regular office devices.