• Path Forward for FAA’s Cybersecurity Workforce

    A new report offers path forward for creating and maintaining a cybersecurity workforce at FAA that can meet the challenges of a highly competitive cybersecurity labor market and a wave of future retirements.

  • How Will We Protect American Infrastructure from Cyberattacks

    As the Colonial Pipeline hack and subsequent shutdown reminded us so recently, our infrastructure’s digital connectedness — while bringing benefits like convenience, better monitoring and remote problem-solving — leaves it vulnerable to cyberattacks.

  • Defending against Smudge Attacks

    Many modern devices that hold our personal and business information are touchscreen and hackers and thieves are always resourceful. The smudges left by your fingertips remain on the screen, marking out the likely numbers from the virtual keypad on your phone that you used to tap in your PIN. Soon after, the phone is lost or stolen and that malicious third party carries out a “smudge attack” – they look at the screen and can have a good guess at the digits in your PIN.

  • Cyber Regulation Could Be Coming Following Spate of Hacks, Ransomware Attacks

    The United States may soon look to regulate private companies, mandating higher standards for cybersecurity following a series of damaging hacks and ransomware attacks against key firms and critical infrastructure. Cybersecurity experts say that malign actors are currently operating with impunity and that too many private sector organizations have, so far, failed to take the necessary precautions. “Enlightened self-interest, that’s apparently not working,” Chris Inglis, tapped to be the country’s first national cyber director, told members of the Senate Homeland Security and Governmental Affairs Committee. “Market forces, that’s apparently not working.”

  • U.S. Attorney General Warns Ransomware “Getting Worse and Worse”

    U.S. Attorney General Merrick Garland warned Wednesday that ransom-motivated cyberattacks are “getting worse and worse,” echoing other top Biden administration officials who have sounded the alarm about the problem in recent weeks.  “We have to do everything we possibly can here,” Garland told lawmakers. “This is a very, very serious threat.” 

  • Fastly’s Global Internet Meltdown Could Be a Sign of Things to Come

    For an hour on the morning of June, dozens of the world’s most-visited websites went offline. Together, these websites handle hundreds of millions of users. This case illustrates the fragility of an internet that’s being routed through fewer and fewer channels. When one of those major channels fails, in what is called a “single point of failure”, the results are dramatic, disruptive and incredibly costly. It’s urgent we address this significant vulnerability if we’re to avoid another global internet meltdown – but this time caused by criminals, not code.

  • Study Shows AI-Generated Fake Reports Fool Experts

    AIs can generate fake reports that are convincing enough to trick cybersecurity experts. If widely used, these AIs could hinder efforts to defend against cyberattacks. These systems could set off an AI arms race between misinformation generators and detectors.

  • Researchers Discover Novel Class of Vehicle Cyberattacks

    Vehicles are becoming more and more connected to the Internet, and malicious hackers are licking their lips. A team led by Carnegie Mellon University CyLab researchers have discovered a new class of cybersecurity vulnerabilities in modern day vehicles. If exploited, an attacker could sneak past a vehicle’s intrusion detection system (IDS) and shut down various components, including the engine, by executing some crafty computer code from a remote location. No hardware manipulations nor physical access to the vehicle are necessary.

  • White House Urges US Companies to Protect Against Ransomware

    The White House on Thursday urged American businesses to take new precautions to combat disruptive ransomware attacks that have increasingly hobbled companies throughout Western economies. Anne Neuberger, a White House cybersecurity official, said in a statement that the “most important takeaway” from the recent attacks, including those affecting a key gasoline pipeline and a meat production company in the U.S., is that “companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively.”

  • Shadow Figment Technology Foils Cyberattacks

    Scientists have created a cybersecurity technology called Shadow Figment that is designed to lure hackers into an artificial world, then stop them from doing damage by feeding them illusory tidbits of success.

  • The Weaponized Web: The National Security Implications of Data

    Open societies have encouraged and promoted rapid technological advancement and market innovation —but both have outpaced democratic governance. Authoritarian powers have noticed the underlying opportunity to exploit the open standards of the democratically regulated digital information environment and undermine democratic values and institutions while shoring up their own regimes. This poses a novel challenge for democracies, which must adapt to compete in this conflict over the data, architecture, and governance framework of the information space without compromising their democratic principles.

  • Cyber Attacks Can Shut Down Critical Infrastructure. It’s Time to Make Cyber Security Compulsory

    The 7 May attack on the Colonial Pipeline highlights how vulnerable critical infrastructure such as fuel pipelines are in an era of growing cyber security threats. In Australia, we believe the time has come to make it compulsory for critical infrastructure companies to implement serious cyber security measures.

  • It’s Time to Surge Resources into Prosecuting Ransomware Gangs

    In the popular imagination, hacking is committed by lone wolves with exceptional computer skills. But in reality, the vast majority of hackers do not have the technical sophistication to create the malicious tools that are essential to their trade. Kellen Dwyer writes that hacking has exploded in recent years because criminals have specialized and subspecialized so that each one can concentrate on facilitating just a single phase of a successful data breach. This is known as cybercrime-as-a-service and it is a massive business. This intricate cybercrime ecosystem offers the key to fighting it: “While organization and specialization are strengths of cybercriminals, they are also weaknesses. That means there are organizations that can be infiltrated and exploited.”

  • Shape-Shifting Computer Chip Thwarts an Army of Hackers

    A processor is the piece of computer hardware that runs software programs. Since a processor underlies all software systems, a secure processor has the potential to protect any software running on it from attack. We have developed and tested a secure new computer processor that thwarts hackers by randomly changing its underlying structure, thus making it virtually impossible to hack.

  • Cybersecurity as Counterterrorism: Seeking a Better Debate

    Earlier this month, a senior Justice Department official referred to ransomware as a potential “cyber weapon of mass destruction.” When hackers subsequently disabled the Colonial Pipeline, causing fuel shortages and disruptions along the East Coast, it seemed to validate this warning. Simon Handler, Emma Schroeder, and Trey Herr, however, write that it would be a mistake for the policy establishment to double down on an outdated view of cyber conflict rooted in Cold War analogies. To improve U.S. cybersecurity, policymakers should draw instead on more relevant strategic lessons from the study of terrorism and counterterrorism.