• Downtime of a top cloud service provider could cost U.S. economy $15 billion

    Businesses in the United States could lose $15 billion if a leading cloud service provider would experience a downtime of at least three days. A new study finds that if a top cloud provider went down, manufacturing would see direct economic losses of $8.6 billion; wholesale and retail trade sectors would see economic losses of $3.6 billion; information sectors would see economic losses of $847 million; finance and insurance sectors would see economic losses of $447 million; and transportation and warehousing sectors would see economic losses of $439 million.

  • Making network-connected systems less vulnerable

    The rise of network-connected systems that are becoming embedded seemingly everywhere–from industrial control systems to aircraft avionics–is opening up a host of rich technical capabilities in deployed systems. Even so, as the collective technology project underlying this massive deployment of connectivity unfolds, more consumer, industrial, and military players are turning to inexpensive, commodity off-the-shelf (COTS) devices with general-purpose designs applicable for a range of functionalities and deployment options. While less costly and more flexible, commodity components are inherently less secure than the single-purpose, custom devices they are replacing. DARPA says it trains its sights on the expansive attack surface of commodity off-the-shelf devices.

  • Interconnected technological risks: Responding to disruptions of cyber-physical systems

    When infectious diseases strike, the World Health Organization acts swiftly, coordinating with the U.S. Centers for Disease Control and Prevention and its foreign counterparts to contain the threat. But there is no equivalent international organization similarly dedicated to identifying and mitigating a cyberattack. The World Economic Forum (WEF), however, is bringing together infrastructure and technology developers, insurers and government officials from across the globe to develop strategies for responding to interconnected technological risks, including those that can cascade when hackers disrupt cyber-physical systems.

  • Multi-channel, nonlinear-optical processing devices to reduce cost of high-speed internet connections

    Breakthrough research could lead to a dramatic reduction in the cost and energy consumption of high-speed internet connections. Nonlinear-optical effects, such as intensity-dependent refractive index, can be used to process data thousands of times faster than what can be achieved electronically. Such processing has, until now, worked only for one optical beam at a time because the nonlinear-optical effects also cause unwanted inter-beam interaction, or crosstalk, when multiple light beams are present.

  • Innovative technologies for preventing cyberattacks

    The Department of Energy’s Pacific Northwest National Laboratory has licensed three of its most unusual technologies for preventing cyberattacks to Cynash Inc., a startup company funded by IP Group, an intellectual property commercialization company. Cynash was formed specifically to bring these three cyber protection technologies to market to provide a powerful new approach to the detection and prevention of cyberattacks. Two of the technologies, DigitalAnts and MLSTONES, are inspired by nature and biology. The third, SerialTap, addresses vulnerabilities inherent in remotely controlled physical systems common in infrastructure and manufacturing.

  • NSF awards nearly $5.7 million to protect U.S. cyberspace

    The National Science Foundation (NSF) recently gave the nation’s cybersecurity professionals a boost with the inclusion of four new universities into its CyberCorps: Scholarship for Service (SFS) program. NSF awarded nearly $5.7 million, with an expected total of almost $16.6 million over the next five years, to universities in Illinois, Maryland, Louisiana, and Texas. The schools will use the money to provide scholarships consisting of full tuition and a stipend up to $34,000 to individuals willing to work after graduation in a cybersecurity position for federal, state, local or tribal governments.

  • Proof of randomness for stronger future digital security

    Nearly all secure online traffic — from shopping to banking to communications — relies on a technique of randomly generating a number that serves as a key to unlock encrypted communication. The problem is that small programming errors can make these systems vulnerable, and those vulnerabilities can often be very difficult to detect. In an effort to block emerging threats to online security, researchers have developed a method to verify the strength of random number generators that form the basis of most encryption systems.

  • Helping secure first responder apps from cyberattacks

    In emergency and disaster situations, mobile devices and apps enable public-safety professionals to receive and share critical information in real-time, which enhances the delivery of life-saving services. As reliance on mobile technology grows, it is important that mobile apps used by public safety are free of malware or vulnerabilities.

  • “Hacking for Defense” class an example of Stanford’s relationship with the U.S. military

    Alongside all the tech companies and consulting firms present at career fairs, Stanford students looking for employment are likely to encounter another major industry when talking to recruiters: the defense sector. Although anti-war activism in the Vietnam era severed many of the university’s ties with the U.S. military, the relationship between the two has seen a revival over the years, and national security and defense institutions are more visible on campus now than they were just a decade ago. A relatively new class, MS&E 297, adds yet another wrinkle to that ongoing narrative – and one that not everyone is happy about.

  • Simple tool tells whether websites suffered a data breach

    Computer scientists have built and successfully tested a tool designed to detect when websites are hacked by monitoring the activity of email accounts associated with them. The researchers were surprised to find that almost 1 percent of the websites they tested had suffered a data breach during their 18-month study period, regardless of how big the companies’ reach and audience are. “No one is above this—companies or nation states— it’s going to happen; it’s just a question of when,” said the senior researcher.

  • Harnessing game theory for cybersecurity of large-scale nets

    Researchers have laid the groundwork for a method to improve cybersecurity for large-scale systems like the power grid and autonomous military defense networks by harnessing game theory and creating new intelligent algorithms. The project harnesses the Nash equilibrium, developed by Nobel laureate John Nash, whose life was chronicled in the film “A Beautiful Mind.” The work also applies “prospect theory,” which describes how people make decisions when there is uncertainty and risk, decisions that are often “only partly rational.”

  • An armed robber’s Supreme Court case could affect all Americans’ digital privacy for decades to come

    A man named Timothy Carpenter planned and participated in several armed robberies at Radio Shack and T-Mobile stores in Michigan and Ohio between 2010 and 2012. He was caught, convicted and sentenced to 116 years in federal prison. His appeal, which was heard by the U.S. Supreme Court on 29 November, will shape the life of every American for years to come – no matter which way it’s decided. The FBI found Timothy Carpenter because one of his accomplices told them about him. I believe the FBI could have obtained a search warrant to track Carpenter, if agents had applied for one. Instead, federal agents got cellphone location data not just for Carpenter, but for fifteen other people, most of whom were not charged with any crime. One of them could be you, and you’d likely never know it. The more people rely on external devices whose basic functions record and transmit important data about their lives, the more critical it becomes for everyone to have real protection for their private data stored on and communicated by these devices.

  • The challenge of authenticating real humans in a digital world

    There are three main ways of proving an identity. One involves something you know – like a password or your mother’s maiden name. A second method of authentication is with something you have – such as a key to your home’s front door or a smart card to swipe at work. A third way is by digitally authenticating the individual human being – who you are – with some aspect of your biology. This increasing dependence on digital authentication may actually result in less security. While cameras, sensors and other devices can make authentication easier for people to accomplish, they carry their own weaknesses. It may be more convenient, and even more secure, than a magnetic strip on a plastic card in your wallet. But the potential dangers will require much higher security for private information, particularly biometric data. A real identity still comes down to flesh and blood.

  • “Instant replay” quickly pinpoints cyberattack details

    Until now, assessing the extent and impact of network or computer system attacks has been largely a time-consuming manual process. A new software system being developed by cybersecurity researchers will largely automate that process, allowing investigators to quickly and accurately pinpoint how intruders entered the network, what data they took, and which computer systems were compromised.

  • Software “containers” increase computer security

    ONR has awarded the University of Wisconsin–Madison $6.1 million to research what are known as containers. While not a household word for average computer users, containers are increasingly popular in the tech world. Containers help software run reliably when moved from one computing environment to another, such as from an individual’s laptop to the cloud. These complex programs pull together everything an application needs to work so those elements stay together when the application migrates.