• Nations ranked on vulnerability to cyberattacks

    Damaging cyberattacks on a global scale continue to surface every day. Some nations are better prepared than others to deal with online threats from criminals, terrorists, and rogue nations. Data-mining experts ranked the vulnerability of forty-four nations to cyberattacks. The United States ranked 11th safest, while several Scandinavian countries (Denmark, Norway, and Finland) ranked the safest.

  • Russian govt. behind attack on Ukraine power grid: U.S. officials

    Obama officials said that Russian hackers were behind a December 2015 cyberattack on Ukraine’s power grid. The attack caused power outages and blackouts in 103 cities and towns across Ukraine. Elizabeth Sherwood-Randall, deputy Energy Secretary, made the comments to a gathering of electric power grid industry executives.

  • Administration tries to harness Silicon Valley’s talent for fight against ISIS

    Senior administration intelligence officials are meeting today (Friday) with Silicon Valley’s major technology firms — companies including Facebook, Twitter, Apple, Microsoft, YouTube , LinkedIn, Dropbox, and others — in an effort to recruit them and their technological know-how in the fight against radicalization and terrorism.

  • Iranian hackers attacked New York dam

    In 2013, Iranian government hackers infiltrated the control system of Bowman Avenue Dam in Rye, New York, located twenty-five miles from New York City. Using a cellular modem, the hackers could have released larger volumes of upstream water without warning. As dams go, the Rye dam is small at about 20ft tall. There was some confusion initially, as DHS and DOE thought a similarly named dam in Oregon — the Arthur R. Bowman Dam – was the one hacked. The Oregon dam, at 245 feet, is much bigger, and hacking its control systems could have had much more serious consequences.

  • Safer cyberspace through experimental cybersecurity research

    How do cybersecurity experts discover how properly to defend a system or build a network which is secure? As in other domains of science, this process involves hypothesis, experimentation, and analysis — or at least it should. In reality, cybersecurity research can happen in an ad hoc fashion, often in crisis mode in the wake of an attack. A group of researchers has imagined a different approach, one in which experts can test their theories and peers can review their work in realistic but contained environments — not unlike the laboratories found in other fields of science. The researchers issued a report calling for a new generation of experimental cybersecurity research.

  • Following indictments, China’s military reduces its commercial cybeespionage against American companies

    The People’s Liberation Army (PLA) has reduced its cyberespionage activity targeting American companies since five PLA officers were indicted by the Department of Justice in May 2014. “The indictments had an amazing effect in China, more than we could have hoped for,” said one expert. In April, Obama signed an executive order calling for impose economic sanctions on individuals and entities that take part in or benefit from illicit cyber-activities such as commercial espionage. “If the indictments had the effect of getting the PLA to scale down, then sanctions likely will have a wider effect on other Chinese state-sponsored groups,” says another expert.

  • DHS runs many unsecured databases: IG

    DHS Inspector General found that DHS is running dozens of unpatched databases, some of which are rated “secret” and even “top secret.” An audit of the department’s IT infrastructure has found large security gaps, including the fact that 136 systems had expired “authorities to operate” – that is, no one was in charge of keeping them updated. Of the 136, 17 were classified as “secret” or “top secret.”

  • NSF highlights more than forty years of supporting cybersecurity research and education

    New report highlights NSF-funded cybersecurity research and education. Today, NSF invests nearly $160 million each year in interdisciplinary research, education, and workforce development help protect national and personal security. This support helps scientists develop the tools, training, and people that will keep the nation safe and maintain online privacy.

  • U.S. fears a Russian attack on undersea internet cables that could plunge world into chaos

    It may sound far-fetched at first, but there’s a growing fear of the damage a newly aggressive Russia might inflict in a time of tension or conflict simply by damaging or cutting the undersea cables that carry almost all of the West’s Internet traffic. The perfect global cyberattack could involve severing the fiber-optic cables at some of their hardest-to-access locations in order to halt the instant communications on which the West’s governments, military, economies and citizens have grown dependent. Effectively this would cripple world commerce and communications, destabilize government business and introduce uncertainty into military operations. A significant volume of military data is routed via this Internet backbone. If Russia’s investment in information warfare is any measure we should be concerned — this investment in information warfare is not being matched by the United States and Europe combined.

  • Cyberthreats, cyberattattacks will only increase over time: Experts

    The increasing dependency of a growing number of organizations on the Internet has served to increase the number of targets for hackers, particularly those organizations that have not given adequate attention to securing their network as they should. Even those networks not connected to the Internet are not immune from penetration by hackers. This is a threat that shows no sign of ever slowing down. More likely it will only increase over time, as cyber-capabilities are developed by more and more entities.

  • U.S. should promote international cybersecurity standardization: Interagency report

    A new draft report by an interagency working group lays out objectives and recommendations for enhancing the U.S. government’s coordination and participation in the development and use of international standards for cybersecurity. The report recommends the government make greater effort to coordinate the participation of its employees in international cybersecurity standards development to promote the cybersecurity and resiliency of U.S. information and communications systems and supporting infrastructures. These efforts should include increased training, collaborating with private industry and working to minimize risks to privacy.

  • Russia offers safe haven for a major botnet operator

    Recently the FBI offered a reward of $3 million for any useful information which will lead to the apprehension of Evgeniy Mikhailovich Bogachev. Bogachev is notorious for creating the Gameover Zeus botnet, which the FBI had successfully shut down in mid-2014, but the agency failed to capture Bogachev himself. In early 2015 Bogachev managed to restore Zeus.The hackers behind Zeus are believed to have stolen more than $100 million since3 2011. Experts worry that botnet may be used for more than stealing money, and may become a weapon of cyber warfare.

  • Teams chosen for the 2016 DARPA Cyber Grand Challenge final competition

    Seven teams from around the country have earned the right to play in the final competition of DARPA’s Cyber Grand Challenge (CGC), a first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched. The CGC winners will be handsomely rewarded, but DARPA says that more important than the prize money is the fact that it ignites the cybersecurity community’s belief that automated cybersecurity analysis and remediation are finally within reach.

  • Duqu 2.0: New, menacing programming concept

    In 2011, the security world was rocked by the announcement of a newly discovered virus named Stuxnet. This malware, unlike previous viruses, was targeted at one particular victim. That target was Iran’s nuclear program.Following on the heels of Stuxnet was a variant named Duqu.Duqu is different from Stuxnet, however, in that it was designed to gather information for future attacks, rather than perform the attack itself.There is evidence that the malware was used to gather information on the U.S. talks with Iran over the Iranian nuclear program.Since this worm is able to move laterally, and runs only in system memory, a given computer can be easily re-infected from elsewhere in the home network, without using any mechanisms that would provide persistence. Duqu 2.0 represents programming concepts never used before that make it extremely dangerous.

  • Abu Dhabi’s power system to be used for critical infrastructure cybersecurity study

    Abu Dhabi, UAE-based Masdar Institute of Science and Technology and MIT will use Abu Dhabi’s power system as a case study for developing a knowledge map of the power system and its cybersecurity shortcomings. The project is due to run for two years. At the end of this two year period, the collaborating institutions hope that data from the analysis of Abu Dhabi’s power system could be compared against data from the projects running concurrently in New York and Singapore to develop a comprehensive knowledge map, capable of being applied to critical infrastructure worldwide.