• U.S. Cyber Challenge Eastern Regional Competition announces winner

    On Friday, participants of the annual U.S. Cyber Challenge (USCC) Eastern Regional Cyber Camp competed in a “Capture-the-Flag” competition to demonstrate their knowledge and skill of cybersecurity and compete to win one of a limited number of (ISC)2 scholarships. Participants of Eastern Regional Cyber Camp were selected based in part on their scores from Cyber Quests, an online competition offered through USCC in April, which drew more than 1,300 registrants from over 600 schools nationwide.

  • State Department stays away from Chinese-owned Waldorf Astoria

    The U.S. State Department said American diplomats and State Department officials, for the first time in decades, would not be staying at New York’s Waldorf-Astoria hotel during this year’s UN general assembly. Worldwide last year sold the high-end Midtown hotel for $1.95 billion to the Chinese group Anbang Insurance Group. The sales contract allowed for “a major renovation” by the Chinese, and American security experts had no doubt as to the purpose of these “renovations”: As is the practice in China, the Chinese owners, working on behalf of China’s intelligence services, were going to plant listening devices in every room and ball room, and wire every phone, Wi-Fi hot spot, and restaurant table in order to eavesdrop on hotel guests.

  • D.C.-area becoming the Silicon Valley of cybersecurity

    A recent string of multi-billion dollar cybersecurity acquisitions in the greater Washington, D.C. metro area has led to the region being seen as a major hotbed for the industry. Spending by the Department of Defense (DOD) and a number of federal agencies has led to big contracts for many in the region, fuelling much of the growth. As the DOD focuses more of its budget on cyber issues and defense, the market has grown. “The D.C./NoVA/MD area, also known as the Cyber Corridor, is becoming the Silicon Valley of security,” say the CEO of one cybersecurity firm.

  • Can the power grid survive a cyberattack?

    It is very hard to overstate how important the U.S. power grid is to American society and its economy. Every critical infrastructure, from communications to water, is built on it and every important business function from banking to milking cows is completely dependent on it. And the dependence on the grid continues to grow as more machines, including equipment on the power grid, get connected to the Internet. The grid’s vulnerability to nature and physical damage by man, including a sniper attack in a California substation in 2013, has been repeatedly demonstrated. But it is the threat of cyberattack that keeps many of the most serious people up at night, including the U.S. Department of Defense. In a 2012 report, the National Academy of Sciences called for more research to make the grid more resilient to attack and for utilities to modernize their systems to make them safer. Indeed, as society becomes increasingly reliant on the power grid and an array of devices are connected to the internet, security and protection must be a high priority.

  • Massive cyberattack by Chinese government hackers on Penn State College of Engineering

    The Penn State College of Engineering has been the target of two sophisticated cyberattacks conducted by so-called “advanced persistent threat” actors. The FireEye cybersecurity forensic unit Mandiant, which was hired by Penn State after the breach was discovered, has confirmed that at least one of the two attacks was carried out by a threat actor based in China, using advanced malware to attack systems in the college. In a coordinated response by Penn State, the College of Engineering’s computer network has been disconnected from the Internet and a large-scale operation to securely recover all systems has been launched. On 21 November 2014 Penn State was alerted by the FBI to a cyberattack of unknown origin and scope on the school’s College of Engineering.

  • States, cities vying to become U.S. “cyber hub”

    The global cybersecurity market reached $67 billion in 2011, and it is projected to grow as high as $156 billion by 2019. The need for cybersecurity solutions and experts is going to grow as more companies such as Sony Pictures, Target, Home Depot, and Chase are hacked, consumers demand better online security, and businesses become more aware of the potential cost to their sales and reputation if they do not provide cybersecurity. As private sector firms compete with government agencies for the best cyber professionals, cities and states are also competing to be the country’s “cyber hub.”

  • Israel’s navy protects more than the country’s coast

    Cyber warriors working for Israel’s navy are constantly engaged in protecting against intense cyber intrusions which targets the country’s digital infrastructure, according to a senior navy source. “The navy understands that cyber conflicts are wars in their own right, beyond conventional conflicts that we have grown accustomed to. In cyber war, one can engage without firing a single bullet. Attacks can come before a conventional war. There are no official cease-fires. It goes on all of the time,” the source said.

  • U.S. adopts a more assertive cyber defense posture

    Recent cyberattacks and intrusions by hackers, operating alone or backed by nation-states, have prompted the Pentagon and DHS to reaffirm their commitment to upholding the reliability and integrity of America’s cyber network and the systems connected to it. Americans rely on the connected Web to deliver critical services such as water and electricity, and should the Web be breached by bad actors, the consequences could threaten national security. “If we look at cyberspace as a hostile environment and there are bad people out there who want to do bad things to us, it may cause a wholesale re-examination of the way we build our systems in the first place,” noted one expert.

  • Cybersecurity firms hire former military, intelligence cyber experts

    Over the past two years, U.S. cybersecurity firms have brought in several former military and intelligence community computer experts to help combat hackers targeting the U.S. private sector. For the new private sector employees, the wages are higher and opportunities are endless. Hundreds of ex-government cybersecurity workers represent the competitive advantage of a cybersecurity services industry expected to bring in more than $48 billion in revenue next year, up 41 percent from 2012. “The people coming out of the military and the intelligence community are really, really good,” says a cyber startup founder. “They know the attackers. They know how they work.”

  • Cyber espionage campaign, likely sponsored by China, targets Asian countries: FireEye

    FireEye has released a report which provides intelligence on the operations of APT 30, an advanced persistent threat (APT) group most likely sponsored by the Chinese government. APT 30 has been conducting cyber espionage since at least 2005, making it one of the longest operating APT groups that FireEye tracks. APT 30 targets governments, journalists, and commercial entities across South East Asia and India.

  • China increasing significantly funding for cyber warfare capabilities

    U.S. intelligence officials have warned that China is increasing significantly its investment in cyber warfare programs in an attempt to compete with the U.S. military. The new spending initiative is part of a long-term, large-scale resource reallocation strategy aiming to make China one of the most capable cyber warfare nations. The increases are an effort by the Chinese to improve their cyber capabilities following the realization that they are lagging behind U.S. programs in significant ways.

  • Hackers with “Anonymous” threaten to “erase Israel from cyberspace”

    In a new video posted online, hackers operating under the “Anonymous” flag have threatened to erase Israel from cyberspace. Citing reasons which include “continuous aggression, bombing, killing, and kidnapping of the Palestinian people,” the hackers vowed to unleash cyber “squadrons” that will launch a “cyber holocaust” on 7 April, a little more than a week before Israel’s 16 April Holocaust Remembrance day, known as Yom HaShoah.

  • NSA’s recruitment effort challenged by Snowden leaks, private sector competition

    The NSA employs roughly 35,000 people nationwide and anticipates on recruiting at least 1,000 workers each year. For 2015, the agency needs to find 1,600 recruits, hundreds of whom must come from highly specialized fields like computer science and mathematics. The agency has been successful so far, but still faces recruitment challenges in the aftermath of the Edward Snowden revelations and competition from private sector firms who offer recruits much higher salaries.

  • Cyber researchers need to predict, not merely respond to, cyberattacks: U.S. intelligence

    The Office of the Director of National Intelligence wants cybersecurity researchers to predict cyberattacks rather than just respond to them, according to the agency’s Intelligence Advanced Research Projects Activity (IARPA) program. Current cyber defense methods such as signature-based detection “haven’t adequately enabled cybersecurity practitioners to get ahead of these threats,” said Robert Rahmer, who leads IARPA’s Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program. “So this has led to an industry that’s really invested heavily in analyzing the effects or symptoms of cyberattacks instead of analyzing [and] mitigating the cause.”

  • Bio-inspired analysis helps in recognizing, characterizing evolving cyberthreats

    Our reliance on cyber systems permeates virtually every aspect of national infrastructure. The volume of network traffic data generated has outpaced our ability effectively analyze it fast enough to prevent many forms of network-based attacks. In most cases new forms of attacks cannot be detected with current methods. The MLSTONES methodology leverages technologies and methods from biology and DNA research — LINEBACkER applies the MLSTONES methodology to the problem of discovering malicious sequences of traffic in computer networks. LINEBACkER allows cyber security analysts quickly to discover and analyze behaviors of interest in network traffic to enhance situational awareness, enable timely responses, and facilitate rapid forensic and attribution analysis.