• Possible Russian Cyberattacks Could Reverberate Globally: U.S., Allies

    The United States and its Western allies are bracing for the possibility that a Russian invasion of Ukraine would have a ripple effect in cyberspace, even if Western entities are not initially the intended target.

  • New Cybersecurity Advisory: Protecting Cleared Defense Contractor Networks Against Russian Hackers

    Over the last two years, CISA, FBI and NSA continue observing regular targeting of both large and small Cleared Defense Contractors and subcontractors. Agencies strongly encourage organizations to apply recommended mitigation steps to reduce risk of compromise.

  • China Suspected of Targeting U.S. Organizations with Cyberattacks

    Media giant News Corp is investigating a cyberattack that has accessed the email and documents of some of its employees and journalists. “Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” Dave Wong, Mandiant vice president and incident responder, said.

  • CISA Supports Inaugural U.S. Cyber Games

    CISA last week announces its founding sponsorship of the first-ever US Cyber Team, which will compete, as part of the US Cyber Games, in the International Cybersecurity Challenge (ICC) June 14-17, 2022 in Athens, Greece. “Cyber competitions are a fundamental element of developing the next generation of cybersecurity talent. Games help motivate the future workforce, and keep the current workforce sharp, maintaining a thriving community of cybersecurity professionals,” noted CISA Director Jen Easterly.

  • Blocking Microgrid Cyberattacks to Keep Power Flowing

    Detection methods that identify the weaknesses in smart power grids will prevent cyberattacks from disrupting supply to critical infrastructure.

  • Broad, and Likely Unauthorized, Use of Pegasus Spyware by Israel's Police Shocks Israel

    Since 2015, Israel’s police has employed the intrusive Pegasus spyware to spy on businesspeople, journalists and editors, senior managers of government ministries and agencies, leaders of protest movements, and more – and it appears that in many, if not most, of these cases, the spying was done without judicial approval or after judges were misled by the police about the nature of the monitoring technology. The Pegasus software has been used by authoritarian governments around the world to spy on political opponents, human rights activist, journalists – and in at least one case, to spy on U.S. diplomats. The U.S. has blacklisted the Israeli company NSO, Pegasus maker, and American companies are not allowed to sell their technology to NSO or do business with it

  • DHS Launches Cyber Safety Review Board

    On Thursday, 3 February 2022, the U.S. Department of Homeland Security (DHS) announced the establishment of the Cyber Safety Review Board (CSRB). DHS says that the CSRB is an unprecedented public-private initiative that will bring together government and industry leaders to elevate our nation’s cybersecurity.

  • Cyberattacks on Belgian Energy Companies

    Oil facilities at Belgian ports have been hit with a cyberattack. The news comes a day after Germany launched an investigation into a similar incident.

  • Strengthening Cybersecurity Scholarship and Education

    The National Science Foundation (NSF) has awarded $3.9 million to Georgia State University as part of its CyberCorps Scholarship for Service (SFS) program. The grant will fund a project that aims to address the growing need for a highly skilled national cybersecurity workforce.

  • Russia Could Unleash Disruptive Cyberattacks Against the U.S. – but Efforts to Sow Confusion and Division Are More Likely

    As tensions mount between Russia and the West over Ukraine, the threat of Russian cyberattacks against the U.S. increases. Cybersecurity experts are concerned that in the wake of recent cyberattacks by hackers affiliated with Russia, the Russian government has the capability to carry out disruptive and destructive attacks against targets in the U.S. the Russian government is likely to think twice before unleashing highly disruptive attacks against the U.S., because the U.S. government could interpret such attacks, particularly those targeting critical infrastructure, as acts of war.

  • Moving the U.S. Government Toward a Zero-Trust Architecture

    The Office of Management and Budget (OMB) released a Federal strategy aiming to move the U.S. government toward a “zero trust” approach to cybersecurity. The new strategy is an important in in implementing the administration’s Executive Order on Improving the Nation’s Cybersecurity, which focuses on advancing security measures which significantly reduce the risk of successful cyberattacks against the digital infrastructure of the federal government.

  • Israeli Police: From Warrantless Cellphone Searches to Controversial Misuse of Spyware

    Israel’s rules governing privacy and related laws have experienced a dramatic past few weeks, capped by an explosive journalistic expose revealing that Israeli police have been using NSO Group spyware allegedly without warrants or explicit statutory authorization.

  • How the U.S. Is Making Gains in an Uphill Battle Against Russian Hackers

    U.S. policy and actions in response to cyberattacks connected to Russia have changed distinctly since the Biden administration took office. The Biden administration has taken unprecedented steps to impose costs on Russian cyber criminals and frustrate their efforts, but we should be realistic about what national cyber defense can and can’t do.

  • Security Flaws in China’s Mandatory Olympics App for Athletes

    Athletes arriving at the Winter Olympics in China will have to install a Chinese-made app, called MY2022, on their smartphones, and fill in detailed information about themselves. China says that app, which the athletes will have to carry with them and periodically update, will be used to report health and travel data when they are in China. Athletes who fail to install the app, or who fail to fill in and update the information, will be sent home. Cyber analysts have found serious security and privacy flaws in the app.

  • Home for the Holidays? The Global Implications of a State-Level Cyberattack

    The 4 December 2021 cyberattack on the Maryland Department of Health (MDH) appeared, at first blush to be a local-to-Maryland problem. Maggie Smith writes, however, that “the MDH hack points to a concerning development at the nexus of cybercrime and data supply chains,” as it “shows how fragile data supply chains can be and signals how easy it is to disrupt even the most critical data flows by stopping the upstream flow of data that provides the insights and statistics on which the nations’ decision-makers rely.”