• Power grid test bed helps national grid resilience

    Essential services like hospitals and water treatment depend on energy distribution to ensure reliable and continuous operations. As the power grid evolves, becoming more connected and responsive, those new, smart devices can introduce greater cyber vulnerabilities. To address this challenge, the power grid test bed at the U.S. Department of Energy’s 890-square-mile Idaho National Laboratory has been transitioned to a more adaptive architecture.

  • NIST offers help for contractors secure unclassified government information

    It is crunch time for government contractors. They only have until 31 December 2017 to demonstrate they are providing appropriate cybersecurity for a class of sensitive data called Controlled Unclassified Information (CUI). Otherwise, they risk losing their contracts. For organizations that may be struggling to meet the deadline, the National Institute of Standards and Technology (NIST) has a new publication intended to help.

  • U.K. government agencies told to remove Kaspersky software from their systems

    In another example of a Western government taking decisive action to limit the ability of Russian government hackers to steal sensitive information, The U.K. cyber security agency on Friday has advised U.K. government agencies to remove Kaspersky Lab’s products from their systems.

  • Improving critical sectors’ cybersecurity by bolstering sharing, acting on information

    New initiative aims to operationalize the Integrated Adaptive Cyber Defense (IACD) framework for cybersecurity automation, orchestration and information sharing. This initiative will enable companies, including those in the financial services sector, to improve the ability to quickly and broadly share information and prevent and respond to cyberattacks.

     

  • Federal agencies complete second phase of Kaspersky product removal

    The U.S. federal government has completed the first two phases of a three-part plan to remove all Kaspersky Lab’s products from government computer systems. The U.S. intelligence community said that the Russian cybersecurity company’s anti-virus software was used to collect sensitive information from the systems on which it was installed, and deliver that information to Russia’s intelligence agencies.

  • Russia increasingly uses hacker mercenaries for cyberattacks: FBI

    FBI director Christopher Wray told lawmakers Thursday that state-actors such as Russia are increasingly relying on hacker mercenaries, blurring the lines between government-backed hackers and cyber criminals. Wray told lawmakers that increasingly, such hybrid government-criminal breaches are becoming a reality. “You have the blend of a nation-state actor, in that case, the Russian intelligence service, using the assistance of criminal hackers, which you think of almost like mercenaries, being used to commit cyberattacks,” the FBI director said.

  • Harnessing game theory for cybersecurity of large-scale nets

    Researchers have laid the groundwork for a method to improve cybersecurity for large-scale systems like the power grid and autonomous military defense networks by harnessing game theory and creating new intelligent algorithms. The project harnesses the Nash equilibrium, developed by Nobel laureate John Nash, whose life was chronicled in the film “A Beautiful Mind.” The work also applies “prospect theory,” which describes how people make decisions when there is uncertainty and risk, decisions that are often “only partly rational.”

  • Nanomaterials’ cryptographic potential may be ultimate defense against hackers

    The next generation of electronic hardware security may be at hand as researchers introduce a new class of unclonable cybersecurity security primitives made of a low-cost nanomaterial with the highest possible level of structural randomness. Randomness is highly desirable for constructing the security primitives that encrypt and thereby secure computer hardware and data physically, rather than by programming.

  • HADES misleads hackers by creating an alternate reality

    The Russian novelist Fyodor Dostoevsky once postulated that the devil no longer uses fire and brimstone but instead simply tells you what you want to hear. Sandia National Laboratories cyber researchers go with that second option when it comes to foiling a hacker. Rather than simply blocking a discovered intruder, the researchers deploy a recently patented alternative reality, dubbed HADES for High-fidelity Adaptive Deception & Emulation System, which feeds a hacker not what he needs to know but what he wants to believe.

  • Antivirus but not anti-spy

    The late senator William Proxmire of Wisconsin (he died in 1989) made a name for himself for his Golden Fleece Awards — awards given each year to the most wasteful U.S. government programs. Senator James Lankford (R-Oklahoma), continuing in Proxmire’s tradition, has just released the third volume of his annual of his Federal Fumbles: 100 Ways the Government Dropped the Ball. One of the U.S. federal government’s major fumbles has been the way it has dealt with Russian cybersecurity firm Kaspersky Lab. The U.S. intelligence community has long suspected that Kaspersky Lab was using its popular antivirus software – used not only by individuals and corporations, but also by U.S. government agencies – to collect sensitive information from the computer systems on which the software was installed, and deliver that information to the GRU and the FSB, the KGB’s successor agency.

  • “We know” Russia hacked election, and such cyberattacks can happen again: Sen. Angus King

    Though President Trump says he is not convinced that Russia interfered in the 2016 presidential election, U.S. Sen. Angus King of Maine said that he and his colleagues on the Senate Select Committee on Intelligence, which is probing the matter, have “no doubt whatsoever” of Moscow’s involvement. “We know they did it, we know it was sophisticated, we know it was serious, and we know they’re coming back!” said King during a discussion at the Harvard Kennedy School.

  • The time to hack-proof the 2018 election is expiring — and Congress is way behind

    Lawmakers are scrambling to push something — anything — through Congress which would help secure the U.S. voting systems ahead of the 2018 elections. It might, however, already be too late for some critical targets. By this point during the 2016 election cycle, Russian government hackers had already breached the Democratic National Committee’s networks for at least three months.

  • Shining more light every day on Russia’s political interference

    “Despite this clear threat to American democracy, and the unanimous assessment of the intelligence community that Russia interfered in the election in an operation ordered by Vladimir Putin, real discussion of how to halt these activities and prevent them in the future is only beginning now. This is partly driven by a continued partisan divide on the issue — which is being fueled by the Kremlin’s ongoing influence efforts and Putin’s own denials to President Donald Trump. Trump’s repeated statements casting doubt on his own intelligence community’s assessment and the unwillingness of many Republican leaders to defend the truth continue to fan these partisan flames.  Allowing Russian interference to become a partisan issue plays right into Russia’s hands and achieves Putin’s goals,” Laura Rosenberger and Jamie Fly write. “This is not about relitigating who won the election. Trump is the president. This is about defending American democracy from attacks by foreign enemies.”

  • Uber admitted to covering up massive data breach

    Uber chief executive posted a message on the company’s blog, admitting that an October 2016 cyberattack allowed the hackers to collect personal information like names, driver license numbers, email addresses, phone numbers and more on 57 million Uber users and drivers around the world, including 600,000 Uber drivers in the U.S. The company paid the ransom the hackers demanded; asked them to sign a nondisclosure agreement and keep quiet about the breach; and then dressed up the breach as a “bug bounty,” the practice of paying hackers to test the strength of software security.

  • Russia sees U.S.-led international order as a threat to its security, interests: Report

    Russia seeks to undermine elements of the current international order because its leaders and analysts see the current international order as dominated by the United States and a threat to their country’s security and interests, according to a new RAND report. U.S. officials have repeatedly described the development of a U.S.-led “rules-based international order,” composed of international economic institutions, bilateral and regional security organizations and liberal political norms, as a core U.S. national interest.