• Future cyberattacks to cause more trouble than Heartbleed

    Many of the future cyberattacks could take advantage of vulnerabilities similar to Heartbleed, a major Internet security flaw which allows attackers to gain access to encrypted passwords, credit card details, and other data on trusted Web sites including Facebook, Gmail, Instagram, and Pinterest. A new report said that hackers could soon use similar holes in computer security to shut down energy grids, disrupt public services, and steal vast amounts of private data worth billions of dollars, unless institutions take measures today to ready themselves against future Heartbleed-like threats.

  • U.S. military communication satellites vulnerable to cyberattacks

    A new report warns that satellite communication terminals used by U.S. military aircrafts, ships, and land vehicles to share location data, are vulnerable to cyberattacks through digital backdoors. A forensic security review of codes embedded inside the circuit boards and chips of the most widely used SATCOM terminals identified multiple hacker entry points.

  • West Point wins Cyber Defense Exercise, launches Army Cyber Institute

    The U.S. Military Academy at West Point has won the annual Cyber Defense Exercise (CDX) which brought together senior cadets from the five service academies for a 4-day battle to test their cybersecurity skills against the National Security Agency’s (NSA) top information assurance professionals. West Point’s win comes just as the academy announced plans for its Army Cyber Institute(ACI), intended to develop elite cyber troops for the Pentagon.

  • Hacked U.S. surveillance drone over Crimea shows new face of warfare

    A recent report of a U.S. surveillance drone flying over the Crimea region of Ukraine being hacked by Russian forces, is just one of many indication that the twenty-first-century global battlefield will take place in cyberspace. Radio and other frequencies which cover the electromagnetic spectrum are the new contested domain.

  • British intelligence agency promotes cybersecurity education

    As part of its national cybersecurity strategy to “derive huge economic and social value from a vibrant, resilient, and secure cyberspace,” the United Kingdom will issue certifications to colleges and universities offering advanced degrees in cybersecurity. The British intelligence agency, Government Communications Headquarters(GCHQ), has notified various institutions to apply for certification by 20 June 2014. Students who complete the approved courses will carry a “GCHQ-certified degree.”

  • Iran becoming serious cyber-warfare threat

    Both government and private cybersecurity experts are increasingly considering Iran as a “top ten” cyberthreat. Iran’s recent activities and its motives have led analysts to rank the country among other cyberspace heavy hitters such as Russia and China.

  • Howard County, Md. attracts cybersecurity firms

    Howard County, Maryland boasts a growing presence of cybersecurity firms and specialists at a time when the industry is gaining attention. The proximity of the county to government agencies has helped cybersecurity firms gain federal contracts, and the proximity of large cybersecurity consumers like the NSA offers cybersecurity firms in Howard County a large pool of cybersecurity specialists to select from when NSA employees decide to shift to the private sector.

  • NERC drill finds U.S. grid preparedness insufficient

    The North American Electric Reliability Corporation (NERC) reported that its recent GridEx II exercise has highlighted the fact that nearly all the utilities which took part in the two-day drill last November – a drill aiming to test the preparedness of the U.S. power grid to withstand cyber and physical attacks – admitted that their planning for such attacks was insufficient. NERC’s president, Gerry Cauley, said that protecting utilities against cyber and physical attacks should be considered in the context of measures taken to protect the grid from other threats. He noted that utilities are already hardening their systems against storms like Hurricane Sandy, while working to determine their vulnerability to solar activity that changes the earth’s magnetic field.

  • Cyber war in Ukraine – business as usual for the Russian bear

    In a war — declared or otherwise — bravery and perseverance are not enough. Communications are important. Effectiveness means being able to command your troops and gather information. It also means being able to trust your communications. Disrupting and distorting communications is a dark art, the “new black” in overt and covert conflict. This is what we are seeing in Ukraine. Russia appears to be having a fine time covertly sabotaging Ukrainian networks.

  • Iona College to Launch BS, BA, MS concentrations in cybersecurity

    Iona College announced the launch in fall 2014 of undergraduate and graduate programs in computer science with a concentration in cyber security. The concentration will be offered for the Bachelor of Science, Bachelor of Arts, and the Master of Science degrees. The programs will provide students with fundamental cyber security skills, theoretical as well as hands-on experience. Students are exposed to new research ideas across many cyber security areas including software security, Web application security, mobile security, networking security, database security, and cryptography.

  • Ukrainian computer systems attacked by sophisticated malware with "Russian roots"

    Ukrainian computer systems and networks have been targeted by at least twenty-two attacks launched by “committed and well-funded professionals” since January 2013, defense contractor BAE Systems found. BAE declined to identify the source of the attacks, but a German company said the espionage software has “Russian roots.” The malware design “suggests that attackers possess an arsenal of infiltration tools and bears all the hallmarks of a highly sophisticated cyber operation,” the BAE report said.

  • U.S. Army releases first field manual for war in the electromagnetic spectrum

    Sergei Gorshkov, former Admiral of the Fleet of the Soviet Union, once remarked that “the next war will be won by the side that best exploits the electromagnetic spectrum.” The U.S. Army agrees, releasing its first field manualfor Cyber Electromagnetic Activities (CEMA). The Pentagon defines cyber electromagnetic activities as activities leveraged to seize, retain, and exploit an advantage over adversaries and enemies in both cyberspace and the electromagnetic spectrum, while simultaneously denying and degrading adversary and enemy the use of such capabilities, and protecting the mission command system.

  • Pro-regime Syrian hackers threaten cyberattacks on CENTCOM

    Last Friday, the Syrian Electronic Army (SEA) threatened to launch a cyberattack on U.S. Central Command (CENTCOM) if the United States would conducts cyberwarfare operations against Syria.

    The SEA is a group of Syrian computer hackers who support Syrian President Bashar al-Assad. Cyber experts say the group’s threat should not be dismissed. “This is a very capable group that has done some very significant things against well-defended targets,” says Bob Gourley, a former Chief Technology Officer for the Defense Intelligence Agency (DIA).

  • Israeli defense company launches cybersecurity solutions section

    In recent months the Israel Aerospace Industries (IAI) has increased its cyberdefense-related activities. Esti Peshin, director of the company’s cyber section and a veteran of the IDF’s hush-hush sigint Unit 8200, says IAI is now developing solutions for clients in Israel and abroad. “We’re a start-up, but with the backing of a company that earns $3.5 billion a year,” she said. Ultimately, she implied, these defensive measures can be turned into offensive capabilities. “Intelligence is a subset of attack,” Peshin said. “This is, first of all, a national mission.”

  • New cyber-attack model helps hackers time the next Stuxnet

    Taking the enemy by surprise is usually a good idea. Surprise can only be achieved if you get the timing right — timing which, researchers argue, can be calculated using a mathematical model, at least in the case of cyber-wars. The researchers say that based on the stakes of the outcome, a cyberweapon must be used soon (if stakes are constant) or later (if the stakes are uneven). In other words, when the gain from a cyberattack is fixed and ramifications are low, it is best to attack as quickly as possible. When the gain is high or low and ramifications are high, it is best to be patient before attacking.