• Cyber protection of DHS’s and other federal facilities is weak: GAO

    While most cybersecurity threats against government agencies tend to focus on network and computer systems, a growing number of access control systems, responsible for regulating electricity use, heating, ventilation, and air-conditioning (HVAC), and the operation of secured doors and elevators are also vulnerable to hacking. .” GAO warns that despite the seriousness of the vulnerabilities, agencies tasked with securing federal facilities have not been proactive.

  • U Wisconsin, shedding 1960s anti-classified research image, launches cybersecurity center

    A new cybersecurity research center being built in partnership with private firms and the University of Wisconsin(UW) system aims to attract high-tech research dollars to the state, but administrators must balance the secrecy required for classified research with the openness which is the foundation of academic science. The state legislature passed a 2014 law allowing UW to accept contract for classified work partly in hopes that the school system will lose the perception of being an anti-classified-research environment, a perception dating back to campus protests against military research in the 1960s.

  • Universities adding cybersecurity programs to their curricula to meet growing demand

    The cyberattacks of recent years have not only increased the demand for employees who understand the field of information assurance and cybersecurity, they have also created a demand in cybersecurity education. Universities across the country are adding cybersecurity concentrations to their curricula to train students who will later help secure network systems.

  • DHS releases the wrong FOIA-requested documents, exposing infrastructure vulnerabilities

    On 3 July 2014, DHS, responding to a Freedom of Information Act(FOIA) request on Operation Aurora, a malware attack on Google, instead released more than 800 pages of documents related to the Aurora Project, a 2007 research effort led by Idaho National Laboratoryto show the cyber vulnerabilities of U.S. power and water systems, including electrical generators and water pumps. The research project found that once these infrastructure systems are infiltrated, a cyberattack can remotely control key circuit breakers, thereby throwing a machine’s rotating parts out of synchronization and causing parts of the system to break down.

  • Bolstering cybersecurity by taking a step back in time to analog security systems

    Richard Danzig, the vice chairman for the RAND Corporation and a former secretary of the navy, is saying it is timeto take a step back in time and incorporate analog security systems into cyber infrastructure. “Merge your system with something that is analog, physical, or human so that if the system is subverted digitally it has a second barrier to go through,” he said. “If I really care about something then I want something that is not just a digital input but a human or secondary consideration,” he says.

  • If South Korea’s nuclear plant staff are vulnerable, then so are the reactors

    Does it matter that a South Korean nuclear plant was hacked and plans of the complex stolen? As it is South Korea that’s the subject of this latest attack, everyone tends to assume it must have had something to do with North Korea. With a target as sensitive as a nuclear power plant, not unreasonably people are asking if safety could be compromised by a cyberattack. Could hackers cause the next Chernobyl or Three Mile Island? This points to an important and infrequently discussed problem, the vulnerability of critical national infrastructure. Cyber-attacks like these are a great way of levelling the playing field: why invest in massively expensive nuclear weapons program if you can simply shut down your enemies’ power, gas, water, and transportation systems? Increasingly more and more infrastructure is connected to the Internet, with all the security risks that entails.

  • Obama signs five cybersecurity measures into law

    Last week President Barack Obama signed five cybersecurity-related pieces of legislation, including an update to the Federal Information Security Management Act(FISMA) — now called the Federal Information Security Modernization Act — the law which governs federal government IT security. Other cyber legislation the president signed includes the Homeland Security Workforce Assessment Act, the Cybersecurity Workforce Assessment Act, the National Cybersecurity Protection Act (NCPA), and the Cybersecurity Enhancement Act.

  • Sony cancels Christmas release of “The Interview”

    Sony Pictures announced it has cancelled the Christmas release of “The Interview,” the a film at the center of a hacking campaign, after dire threats to moviegoers and a decision by major movie theater groups to cancel screenings in the United States. “Those who attacked us stole our intellectual property, private e-mails, and sensitive and proprietary material, and sought to destroy our spirit and our morale — all apparently to thwart the release of a movie they did not like,” the company said in a statement.

  • New cyber test range trains soldiers for simultaneous cyber and combat operations

    A unique mix of training technologies sponsored by the Office of Naval Research (ONR) is preparing front-line soldiers to conduct cyber and combat operations simultaneously, as Marines demonstrated during a recent amphibious exercise off the coast of Virginia. During last month’s Bold Alligator exercise, Marines used ONR’s Tactical Cyber Range to emulate adversary communications hidden in a noisy, dense electromagnetic spectrum —as much a battleground in today’s digital world as any piece of land.

  • Sony hackers threaten attacks against movie goers who plan to see “The Interview”

    The hackers who attacked Sony networks are now threatening an attack on people who plan to go to see the movie “The Interview.” The hackers write in their message that they “recommend you to keep yourself distant” from movie theaters showing the movie. The hackers earlier promised to deliver a “Christmas gift.” It was not clear what they had in mind – some suggested they would release another batch of embarrassing data from Sony’s files — but it now looks as if the “gift” might well be a cyberattack on movie theaters.

  • 2008 Turkish oil pipeline explosion may have been Stuxnet precursor

    The August 2008 Baku-Tbilisi-Ceyhan (BTC) oil pipeline explosion in Refahiye, eastern Turkey, was ruled at the time to be an accident resulting from a mechanical failure, which itself was a result of an oversight by Turkish government’s supervisors. Western intelligence services concluded that the explosion was the result of a cyberattack. According to people familiar with an investigation of the incident, hackers had infiltrate the pipeline’s surveillance systems and valve stations, and super-pressurized the crude oil in the pipeline, causing the explosion.

  • Improving defense of the U.S. cyber infrastructure

    Florida Institute of Technology Associate Professor Marco Carvalho has been awarded a $730,000, two-year contract by DHS Science and Technology Directorate (S&T) to design a cyberdefense framework that will allow multiple organizations in both civilian and government sectors unprecedented levels of coordination in their efforts to protect the nation’s cyber infrastructure.

  • Coordinated cyberattacks by Iran-based hackers on global critical infrastructure

    Irvine, California-based cybersecurity firm Cylance last week released a report detailing coordinated attacks by hackers with ties to Iran on more than fifty targets in sixteen countries around the globe. Victim organizations were found in a variety of critical industries, with most attacks on airlines and airports, energy, oil and gas, telecommunications companies, government agencies and universities.

  • China says U.S. does not appreciate China’s own vulnerability to cyberattacks

    At the seventh annual China-U.S. Internet Industry Forum held on 2-3 December, Lu Wei, minister of China’s Cyberspace Affairs Administration, which manages Internet information in China, urged U.S. officials and the private sector to stop claiming Chinese cyberespionage against U.S. systems and instead understand China’s Internet information policies. China has become the world’s largest Internet market with over four million websites, 600 million Web users, and four of the world’s top ten Internet firms.

  • U.S. Army creates a Cyber branch

    Soldiers who want to defend the nation in cyberspace, as part of the U.S. Army’s newest and most technologically advanced career field, now have an Army branch to join that will take its place alongside infantry, artillery, and the other Army combat arms branches. Army Secretary John McHugh and Chief of Staff Gen. Raymond Odierno approved the creation of the Cyber branch in September. “The establishment of a Cyber Branch shows how important and critical the cyber mission is to our Army, and allows us to focus innovative recruiting, retention, leader development, and talent management needed to produce world-class cyberspace professionals,” said Lt. Gen. Edward Cardon, the commanding general of Army Cyber Command.