• Healthcare industry to conduct cyberattack drill in March

    The American health care industry, in partnership with the federal government, will in March conduct simulated cyberattacks targeting industry networks and resources in an effort to test the industry’s vulnerability to cyberattacks. This will be the first time insurers, hospitals, pharmaceutical manufacturers, and HHS will run coordinated drills. Healthcare is one of seventeen critical infrastructure sectors which, if attacked, could have damaging consequences for the country.

  • Estimating the best time to launch a cyberattack

    Of the many tricks used by the world’s greatest military strategists, one usually works well — taking the enemy by surprise. It is an approach that goes back to the horse that brought down Troy. But surprise can only be achieved if you get the timing right. Timing which, researchers at the University of Michigan argue, can be calculated using a mathematical model — at least in the case of cyber-wars. “The question of timing is analogous to the question of when to use a double agent to mislead the enemy, where it may be worth waiting for an important event but waiting too long may mean the double agent has been discovered,” the researchers say.

  • Palo Alto Networks acquires Morta Security

    Palo Alto Networks has acquired Morta Security, a Silicon Valley-based cybersecurity company operating in stealth mode since 2012. Financial terms of the acquisition were not disclosed. Palo Alto Networks says that the acquisition of Morta Security further strengthens its position as a provider of next-generation enterprise security.Palo Alto Network says that most organizations still rely on legacy point technologies that address only specific types of attacks, or phases of the attack. Because of the singular nature of these technologies, they are ill-equipped to detect and prevent today’s advanced cyberattacks.The company says that to address these challenges, a new approach is required.

  • Bringing anthropological insights to bear on cybersecurity

    Michael Polanyi (1891-1976), in his book Personal Knowledge, rejected the British Empiricists’ notion that experience can be reduced to sense data, and Alan Turing’s assertion that human minds are reducible to collections of rules. Rather, Polanyi said, it is tacit awareness — he later called it the “structure of tacit knowing”— which connects us, albeit fallibly, with reality. It provides us with the context within which our words and actions have meaning. Princeton’s anthropologist Clifford Geertz (1926-2006), in his The Interpretation of Cultures, built on Polanyi’s argument to say that the task of ethnography is thus to discover and interpret the secondary, or underlying (Polnayi would say “tacit”) meanings of social behavior — the “deep structure” of culture and social life. Cybersecurity experts at Kansas State University, in a 3-year, $700,000 project, take an anthropological approach to cybersecurity: they are examining the unspoken knowledge shared by cybersecurity analysts as a way to develop new automated tools that help analysts strengthen their cyberdefenses.

  • FireEye acquires Mandiant in a deal worth about $1 billion

    The combination of the two companies creates one of the cybersecurity industry leading vendor. The combined competencies of the two companies would allow them to find and stop attacks at every stage of the attack life cycle. “The reason for this deal is that we now live in a world of constant compromise. When you know you will be compromised, you can’t just continue trying to keep the bad guys out; you also need to investigate every compromise, figure out what happened, prevent it from ever happening again and clean up the mess,” says one analyst.

  • NIST invites comment on RFP to support cybersecurity center of excellence

    The National Cybersecurity Center of Excellence (NCCoE) is inviting comments on a Partial Draft Request for Proposals (RFP) for a contractor to operate a Federally Funded Research and Development Center (FFRDC) to support the mission of the NCCoE. The FFRDC will be the first solely dedicated to enhancing the security of the nation’s information systems.

  • BGU researchers identify critical vulnerability Samsung's Galaxy S4

    Security researchers at Ben Gurion University of the Negev’s (BGU) Cyber Security Labs have identified a critical vulnerability in highly secure Samsung mobile devices which are based on the Knox architecture. Samsung Knox, which is currently undergoing the U.S. Department of Defense approval review process, features the most advanced security-driven infrastructure for mobile phones. The breach, researchers believe, enables easy interception of data communications between the secure container and the external world including file transfers, emails and browser activity.

  • U.S. Air Force plans to add 1,000 new cybersecurity personnel

    Budget cuts notwithstanding, the U.S. Air Force plans to add 1,000 new personnel between 2014 and 2016 as part of its cybersecurity units. The 24th Air Force at Joint Base San Antonio-Lackland, Texas is home to the U.S. Air Force cyber command. With a budget of about $1 billion and a staff of roughly 400 military and civilian personnel, the command oversees about 6,000 cyber defense personnel throughout the Air Force.

  • NERC’s critical infrastructure protection standards ambiguous, unclear: analysts

    In January 2008, to counter cybersecurity threats to critical infrastructure assets such as bulk electricity supply (BES), North American Electric Reliability Corp.’s (NERC) launched its Critical Infrastructure Protection (CIP) standards for BES cybersecurity. The NERC-CIP is marked by uncertainties and ambiguous language, raising concerns in the industry and among industry observers as companies try to enforce the standards. “Industry now screams for a defined control set with very specific requirements that don’t permit subjective and ambiguous interpretations,” comments one analyst.

  • 2014 Cybersecurity Forum to focus on Trusted Computing

    The 2014 Cybersecurity Innovation Forum, to be held 28-30 January 2014, at the Baltimore Convention Center in Baltimore, Maryland, will focus on the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards to protect the nation’s infrastructure, citizens and economic interests from cyberattack.

  • Lawmaker wants to know how cyber-safe vehicles are

    Senator Ed Markey (D-Massachusetts) has asked twenty automobile manufacturers to submit details of their plans to prevent vehicles from wireless hacking attempts, as well as plans to prevent violations of driver privacy. Markey wants automobile manufacturers to apply computer-industry security processes and technology — including anti-virus software, incident logging, incident-response planning, software vulnerability patching, and third-party penetrating testing — to mass produced vehicles.

  • Cybersecurity giants adapt to changing cyberthreat landscape

    McAfee and Symantec, the two technology giants of traditional firewall and antivirus protection software, are shifting their attention to focus more on cybersecurity challenges. A rapidly changing landscape for computer networks, in which data is transmitted and stored via mobile devices and cloud computing, has created demand for products and services that can secure information against state-sponsored or organized cyber terrorism.

  • DHS announces expansion of cyber student volunteer initiative

    DHS the other day announced the launch of the 2014 Secretary’s Honors Program (SHP) Cyber Student Volunteer Initiative for college students. Through the program, more than 100 unpaid student volunteer assignments will be available to support DHS’ cyber mission at local DHS field offices in over sixty locations across the country.

  • Cold War to cyber war, here’s how weapon exports are controlled

    It was reported last week that the U.K. government is pushing for new restrictions on software — in particular, on tools that would prevent surveillance by the state. This was the focus of negotiations to incorporate cyber security technologies into the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. Wassenaar was born of the Cold War in 1996. The idea was to inhibit the Soviets (and Chinese) by preventing the export of military equipment and the technology that could be used to make, maintain or defeat that equipment. The push to include cybersecurity in Wassenaar negotiations is unlikely to be effective but will reassure nervous politicians and officials.

  • Cybersecurity isn’t all about doom and gloom

    Much is made in the press of the devastating effects that weak cybersecurity is having on the economy in the United Kingdom and globally. The threat is compounded by a significant skills shortage. The U.K. government thinks the problem is so severe that it has identified cybersecurity as a Tier 1 national security threat and invested 860 million pounds to defend the country’s digital shores. What all this means is that there is money to be made from cybersecurity and small businesses should not fear it but embrace it. The business opportunities are boundless in cybersecurity. One area that is promising in this sense is the move towards smart cities. As the infrastructure around us, such as traffic lights and utilities becomes more regularly controlled via computers, market opportunities emerge