-
Skullduggery on a massive scale
Stuxnet, the malware which attacked more than 30,000 computers used in industrial control systems in Iran, including that country’s nuclear weapons facilities, represents a new class and dimension of malware; it can reach into the physical world, allowing attackers to run motors so fast they burn out, to turn off alarms and safety cut-offs, open effluent valves and activate pumps — in the words of Paul Marks, it allows attackers to “carry out industrial sabotage and skullduggery on a massive scale”
-
-
Iran: Stuxnet infected industrial computers cleaned
Iran claims that Stuxnet, the sophisticated virus which has infected more than 30,000 computers used in industrial control systems in Iran, has been removed; Iranian officials also denied that the Bushehr nuclear reactor was among the addresses penetrated by the worm
-
-
Impact of cyberattack on U.S. could be "an order of magnitude surpassing" 9/11
Former director of national intelligence and director of the National Security Agency Mike McConnell and Bush administration Homeland Security Adviser Fran Townsend say the United States is unprepared for a cyberattack and must overhaul its defenses; they said a large-scale cyberattack against the United States could impact the global economy “an order of magnitude surpassing” the attacks of 9/11; McConnell: “The warnings are over; it could happen tomorrow”
-
-
U.S. Cyber Command will not go operational today as planned
The U.S. Cyber Command was to become operational today — but difficulties in recruiting qualified uniformed staff and lack of clarity about the Command’s mission have led the Command leaders to say that rather than fully operational, the Command, for the time being, will remain only at “initial operational capability”
-
-
Pentagon lacks effective doctrine to guide cyberwarfare operations
There has been much talk recently about cyber warfare, and the Pentagon has even created a new U.S. Cyber Command — but the GAO says the U.S. Defense Department lacks the doctrine needed effectively to guide cyberwarfare strategies
-
-
U.S. intensifies campaign to train, hire, retain cybersecurity professionals
The cyber threats to both government and public network intensify, and the U.S. federal agencies must find ways to attract qualified workers and develop new skills internally; NIST’s Dr. Ernest McDuffie: “We’ve got a problem of where the next generation of engineers are going to come from— Awareness, education, workforce, and training all have to come together”
-
-
As demand for cybersecurity professionals grows, shortages are felt
Federal agencies, contractors, and tech companies compete with each other for cyber security work force; measuring the size of the cyber security sector is difficult, but surveys show demand for technical expertise is skyrocketing; the number of jobs posted on ClearanceJobs.com by companies and recruiters looking for professionals with active federal security clearances has jumped 11 percent to 6,100 openings this year from fewer than 5,500 in the same time period last year; Maryland wants to become U.S. cybersecurity capital
-
-
U.S. "cyber flank" exposed
Former head of the CIA and the NSA warns the U.S.“cyber flank” was exposed and it was losing clout to influence rules of war on the Internet; “Our flank is totally exposed,” Michael Hayden said at the Black Hat computer security gathering in Las Vegas, comparing the U.S. tactical position on the Internet to a battle of land troops; “If tomorrow they show up on that flank they are going to roll down.”; the retired general said he was in “absolute awe and wonderment” at the Chinese cyber espionage campaign but that they were certainly not the only nation doing it; he faulted an Internet built on the premise of quickly and freely sharing information for creating an open landscape that gives attackers an edge over defenders
-
-
Hacker built, and demonstrated, a $1,500 cell-phone tapping device
Security researcher demonstrated a device, which he built for just $1,500, which can intercept some kinds of cell phone calls and record everything that is said; the attack illustrates weaknesses in GSM, one of the world’s most widely used cellular communications technologies
-
-
Five hot topics to be discussed at Black Hat and Defcon
Among the many topics to be discussed at Black Hat, which opens today, and DefCon, which opens Friday, is SCADA networks vulnerability; many of these networks have developed a no man’s land between IT and industrial systems, and these networks’ computers are often at risk because nobody seems to take complete ownership of them; there will be a talk about where bugs show up in the infrastructure; the speaker is Jonathan Pollet, whose company, Red Tiger Security, has collected data on 38,000 vulnerabilities — and the types of exploits that have been written for them
-
-
A first: 15 nations agree to start working together on cyber arms control
A group of nations — including the United States, China, and Russia — have for the first time showed a willingness to engage in reducing the threat of attacks on each others’ computer networks; when the group last met in 2005, they failed to find common ground. This time, by crafting a short text that left out controversial elements, they were able to reach a consensus; the Russians proposed a treaty in 1998 that would have banned the use of cyberspace for military purposes. The United States has not been willing to agree to that proposal, given that the difficulty in attributing attacks makes it hard to monitor compliance
-
-
NSA: Perfect Citizen program is purely "research and engineering effort"
Perfect Citizen, a new National Security Agency (NSA) project, would deploy sensors in networks running critical infrastructure such as the electricity grid and nuclear-power plants; the sensors would detect intrusion and other unusual activity indicating a cyberattack on U.S. critical infrastructure; NSA spokeswoman says the program is “purely a vulnerabilities-assessment and capabilities-development contract—- This is a research and engineering effort” and “There is no monitoring activity involved, and no sensors are employed in this endeavor”
-
-
U.S. Naval Academy to launch cyber security center
The building and labs would cost $100 million, with work beginning in 2014; a Baltimore lawmaker who also is chairman of a House subcommittee that deals with technical and tactical intelligence says: “The future of war fighting is cyber security… We [the United States] have been cyber-attacked on a regular basis; our future leaders need to understand cyber security”
-
-
Bill would give the president emergency power to critical networks under attack
New bill would give the president emergency powers to protect critical private networks under attack; the president could order a patch or tell a cyber network to stop receiving incoming data from a particular country when critical infrastructure in the private sector such as the electrical grid or financial grid is threatened or attacked; the bill’s sponsors insisted it does not allow the government to take control of any private cyber-network
-
-
Obama's 29 May 2009 cybersecurity speech: a year on
On 29 May 2009 president Obama said “America’s economic prosperity in the 21st century will depend on cybersecurity”; since then the United States has moved systematically toward enhancing cybersecurity through the following initiatives, but much remains to be done
-
More headlines
The long view
Social Media Platforms Aren’t Doing Enough to Stop Harmful AI Bots, Research Finds
While artificial intelligence (AI) bots can serve a legitimate purpose on social media — such as marketing or customer service — some are designed to manipulate public discussion, incite hate speech, spread misinformation or enact fraud and scams.