• Germany creates cybersecurity R&D agency

    The German government today (Wednesday) announced the creation of a new federal agency to develop cutting-edge cyber defense technology. The agency would resemble the U.S. Defense Advanced Research Projects Agency (DARPA), which is credited with developing the early internet and GPS. The German agency, unlike DARPA, will focus on cyber defense ad cyber protection. DARPA’s range of defense-related research and development is much broader.

  • Making electronic documents more trustworthy

    Today, the expeditious delivery of electronic documents, messages, and other data is relied on for everything from communications to navigation. As the near instantaneous exchange of information has increased in volume, so has the variety of electronic data formats–from images and videos to text and maps. Verifying the trustworthiness and provenance of this mountain of electronic information is an exceedingly difficult task – especially since the software used to process electronic data is error-prone and vulnerable to exploitation through maliciously crafted data inputs, opening the technology and its underlying systems to compromise.

  • Security gaps identified in internet protocol IPsec

    Researchers have demonstrated that the Internet protocol “IPsec” is vulnerable to attacks. The Internet Key Exchange protocol “IKEv1,” which is part of the protocol family, has vulnerabilities that enable potential attackers to interfere with the communication process and intercept specific information.

  • Microprocessor designers realize security must be a primary concern

    Fifty years after the founding of Intel, engineers have begun to second-guess many of the chip-making industry’s design techniques. Recently, security researchers have found that some innovations have let secrets flow freely out of computer hardware the same way software vulnerabilities have led to cyberattacks and data breaches. This realization has led to calls from microchip industry leaders, including icons John Hennessy and David Patterson, for a complete rethinking of computer architecture to put security first. Identifying and securing these newly identified hardware vulnerabilities and side-channels will be challenging, but the work is important – and a reminder that designers and architects must always think about other ways attackers might try to compromise computer systems.

  • Buried internet infrastructure at risk as sea levels rise

    Thousands of miles of buried fiber optic cable in densely populated coastal regions of the United States may soon be inundated by rising seas, according to a new study. The study, presented at a meeting of internet network researchers, portrays critical communications infrastructure that could be submerged by rising seas in as soon as fifteen years. “Most of the damage that’s going to be done in the next 100 years will be done sooner than later,” says Ban authority on the “physical internet.” “That surprised us. The expectation was that we’d have 50 years to plan for it. We don’t have 50 years.”

  • Better detection, analysis of malicious attacks

    DHS S&T has selected Cyber 20/20, Inc. of Newark, Delaware to develop security capabilities for financial services as part of S&T’s Silicon Valley Innovation Program (SVIP). Cyber 20/20’s project—Trained Using Runtime Analysis from Cuckoo Outputs (TURACO)—expands the capabilities of Cuckoo, an open-source sandbox, to better detect and analyze malicious attacks.

  • More secure blockchain applications

    Health IT interoperability has been an elusive goal, with data silos between hospitals, clinics, pharmacies, and payers making exchange of information difficult. Vanderbilt engineers have successfully developed and validated the feasibility of blockchain-based technologies for secure, confidential sharing of patient medical records in a case study that demonstrates how blockchain could solve a huge healthcare challenge.

  • Mapping DHS’s new cybersecurity strategy, highlighting S&T’s R&D support

    Last month at a cybersecurity conference, Homeland Security Secretary Kirstjen Nielsen previewed the May unveiling of DHS’s new cybersecurity strategy and issued a stern warning to cybercriminals. The new DHS Cybersecurity Strategy was released 15 May. Nielsen said: “I have a news flash for America’s adversaries: Complacency is being replaced by consequences. We will not stand on the sidelines while our networks are compromised. We will not abide the theft of our data, our innovation and our resources. And we will not tolerate cyber meddling aimed at the heart of our democracy.”

  • Mobile security messages 20 percent more effective if warnings vary in appearance

    Using brain data, eye-tracking data and field-study data, researchers have confirmed something about our interaction with security warnings on computers and phones: the more we see them, the more we tune them out. But the major study also finds that slight changes to the appearance of warnings help users pay attention to and adhere to warnings 20 percent more of the time.

  • Cyber and international law in the 21st century

    “Cyber space is not – and must never be – a lawless world. It is the U.K.’s view that when states and individuals engage in hostile cyber operations, they are governed by law just like activities in any other domain,” said the U.K. Attorney General Jeremy Wright, QC MP, on 23 May 2018, setting out, for the first time, the U.K.’s position on applying international law to cyberspace. “What this means is that hostile actors cannot take action by cyber means without consequence, both in peacetime and in times of conflict. States that are targeted by hostile cyber operations have the right to respond to those operations in accordance with the options lawfully available to them and that in this as in all things, all states are equal before the law.”

  • Failing to keep pace: The cyber threat and its implications for our privacy laws

    “The time has come — indeed, if it has not already passed — to think seriously about some fundamental questions with respect to our reliance on cyber technologies: How much connected technology do we really want in our daily lives? Do we want the adoption of new connected technologies to be driven purely by innovation and market forces, or should we impose some regulatory constraints?” asked NSA General Counsel Glenn Gerstell in a Wednesday presentation at Georgetown University. “Although we continue to forge ahead in the development of new connected technologies, it is clear that the legal framework underpinning those technologies has not kept pace. Despite our reliance on the internet and connected technologies, we simply haven’t confronted, as a U.S. society, what it means to have privacy in a digital age.”

  • DHS S&T awards first Phase 4 award for IOT security

    Atlanta-based Ionic Security is the first company to successfully complete prototype testing and move to the pilot deployment phase as part of DHS S&T’s Silicon Valley Innovation Program (SVIP). SVIP offers up to $800,000 in non-dilutive funding to eligible companies.

  • Cybersecurity teams which do not interact much perform best

    Scientists recently found that the best, high-performing cybersecurity teams have relatively few interactions with their team-members and team captain. While this result may seem counterintuitive, it is actually consistent with major theoretical perspectives on professional team development.

  • Tool measures individuals’ likelihood to fall for internet scams

    Researchers have developed an online questionnaire which measures a range of personality traits to identify individuals who are more likely to fall victim to internet scams and other forms of cybercrime. The psychometric tool asks participants to answer a range of questions in order to measure how likely they are to respond to persuasive techniques.

  • Developing secure mobile apps

    Mobile devices such as smartphones and tablets and the applications (apps) we load onto them have become indispensable to our daily lives—both personal and professional. However, mobile apps are susceptible to malware, ransomware, spyware, coding flaws and other attacks that could compromise personal data stored on the device. Apps also can be used to gain access to sensitive enterprise resources.