• Studying Ideologically Motivated Cyberattacks

    A John Jay College of Criminal Justice project on cyberterrorism is one of 13 selected by the Department of Homeland Security as part of the National Counterterrorism Innovation, Technology, and Education (NCITE) Center, a new DHS Center of Excellence. The John Jay project will study and aggregate ideologically motivated cyberattacks and will create a new, unique dataset – the Cyber-Extremist Crime Database (Cyber-ECDB) – which will track ideologically motivated cyberattacks against U.S. targets from 1998 to present.

  • Senate Intel Releases Report on Intel Community Assessment of Russian Interference

    On Tuesday, Senate Select Committee on Intelligence released a new report, the fourth and penultimate volume in the Committee’s bipartisan Russia investigation. The latest installment examines the sources, tradecraft, and analytic work behind the 2017 Intelligence Community Assessment (ICA) that determined Russia conducted an unprecedented, multi-faceted campaign to interfere with the 2016 U.S. presidential election. “One of the ICA’s most important conclusions was that Russia’s aggressive interference efforts should be considered ‘the new normal,’” said Senator Richard Burr (R-North Carolina), the committee’s chairman.

  • Bolstering Cybersecurity for Systems Linking Solar Power to Grid

    DOE has awarded researchers $3.6 million to advance technologies that integrate solar power systems to the national power grid. “As U.S. energy policy shifts toward more diverse sources, particularly solar, the Energy Department understands the critical importance of protecting these systems and technologies,” said Alan Mantooth, U Arkansas Professor of electrical engineering and principal investigator for the project.

  • Strengthening Mobile Device Email Security and Privacy

    Large and small organizations alike now rely heavily on mobile devices like smartphones or tablets to enable their workers, customers and management to connect and collaborate, even when some or all of them are working remotely. But device users may prioritize convenience over strong security, accidently share sensitive information with unintended audiences, or use their corporate- or government-owned devices in contexts in which sensitive business information should not be shared.

  • Cybersecurity Requires International Cooperation, Trust

    Most experts agree that state-sponsored hackers in Russia are trying to use the internet to infiltrate the U.S. electrical grid and sabotage elections. And yet internet security teams in the U.S. and Europe actively seek to cooperate with their Russian counterparts, setting aside some of their differences and focusing on the issues where they can establish mutual trust.

  • Huawei and the Third Offset

    In order to effectively mitigate the security risks posed by Huawei, the U.S. Department of Defense needs to fund and integrate cutting-edge technologies from the private sector. Offset strategies are intended to counterbalance an adversary’s military advantages by developing asymmetric technological strengths.

  • Saving the IoT from Botnets

    The advent of the Internet of Thing, essentially smart devices with connectivity to the internet has wrought many benefits, but with it comes the problem of how to cope with third party users with malicious or criminal intent.

  • Not All Privacy Apps Are Created Equal

    New privacy laws like Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have spawned a new industry of companies and platforms advertising that they can anonymize your data and be compliant with the law. But MIT researcher Aloni Cohen says that he has his doubts about these claims, and his team’s latest work shows that there’s reason to be skeptical.

  • Some Mobile Phone Apps Contain Hidden Secrets Compromising Users’ Private Data

    Researchers have discovered that a large number of cell phone applications contain hardcoded secrets allowing others to access private data or block content provided by users. The study’s findings: that the apps on mobile phones might have hidden or harmful behaviors about which end users know little to nothing.

  • Cryptocurrency Laundering Is a National Security Risk

    As U.S. adversaries get more acquainted with blockchain technology, their hostile cyber operations are likely to rely increasingly on cryptocurrency activity. And rogue states are likely to become more innovative in using cryptocurrencies as they try to dampen the impact of U.S. economic sanctions.

  • Preventing Quantum Cyberattacks

    From defense and health information to social networking and banking transactions, communications increasingly rely on cryptographic security amid growing fears of cyberattacks. However, can such sensitive data be unhackable?

  • Deal with Ransomware the Way Police Deal with Hostage Situations

    When faced with a ransomware attack, a person or company or government agency finds its digital data encrypted by an unknown person, and then gets a demand for a ransom. The two major ways people have so far responded – pay the ransom of hire a specialist to recover the data — are missing another option that we have identified in our cybersecurity policy studies. Police have a long history of successful crisis and hostage negotiation – experience that offers lessons that could be useful for people and organizations facing ransomware attacks.

  • Cyber Attacks against Hospitals and the COVID-19 Pandemic: How Strong are International Law Protections?

    In a situation where most, if not all of us are potential patients, few government-provided services are more important than the efficient delivery of health care. The strain on hospitals around the world is rapidly growing, to which states have responded by mobilizing military medical units, nationalizing private medical facilities, and building emergency hospitals. All of this underlines the urgent need to understand what protections the law offers against attacks – including cyberattacks – on medical facilities.

  • Strengthening Cybersecurity in Sports Stadiums

    Someone pulled a fire alarm during the February 2018 school shooting in Parkland, Florida, which killed 17 students and teachers. The alarm caused more students to move into the hallways and into harm’s way. “Hackers no longer use cyberattacks to cause cyber damage,” says an expert. Instead, “they are using these attacks to cause physical damage or put people in locations to maximize physical damage.” Sports venues, with tens of thousands of spectators, are especially vulnerable. To combat the cyber threat in sports, scientists built an assessment tool for team and stadium owners to fix vulnerabilities.

  • Protecting U.S. Energy Grid and Nuclear Weapons Systems

    To deter attempts to disable U.S. electrical utilities and to defend U.S. nuclear weapon systems from evolving technological threats, Sandia researchers have begun two multiyear initiatives to strengthen U.S. responses.