• An armed robber’s Supreme Court case could affect all Americans’ digital privacy for decades to come

    A man named Timothy Carpenter planned and participated in several armed robberies at Radio Shack and T-Mobile stores in Michigan and Ohio between 2010 and 2012. He was caught, convicted and sentenced to 116 years in federal prison. His appeal, which was heard by the U.S. Supreme Court on 29 November, will shape the life of every American for years to come – no matter which way it’s decided. The FBI found Timothy Carpenter because one of his accomplices told them about him. I believe the FBI could have obtained a search warrant to track Carpenter, if agents had applied for one. Instead, federal agents got cellphone location data not just for Carpenter, but for fifteen other people, most of whom were not charged with any crime. One of them could be you, and you’d likely never know it. The more people rely on external devices whose basic functions record and transmit important data about their lives, the more critical it becomes for everyone to have real protection for their private data stored on and communicated by these devices.

  • The challenge of authenticating real humans in a digital world

    There are three main ways of proving an identity. One involves something you know – like a password or your mother’s maiden name. A second method of authentication is with something you have – such as a key to your home’s front door or a smart card to swipe at work. A third way is by digitally authenticating the individual human being – who you are – with some aspect of your biology. This increasing dependence on digital authentication may actually result in less security. While cameras, sensors and other devices can make authentication easier for people to accomplish, they carry their own weaknesses. It may be more convenient, and even more secure, than a magnetic strip on a plastic card in your wallet. But the potential dangers will require much higher security for private information, particularly biometric data. A real identity still comes down to flesh and blood.

  • “Instant replay” quickly pinpoints cyberattack details

    Until now, assessing the extent and impact of network or computer system attacks has been largely a time-consuming manual process. A new software system being developed by cybersecurity researchers will largely automate that process, allowing investigators to quickly and accurately pinpoint how intruders entered the network, what data they took, and which computer systems were compromised.

  • Software “containers” increase computer security

    ONR has awarded the University of Wisconsin–Madison $6.1 million to research what are known as containers. While not a household word for average computer users, containers are increasingly popular in the tech world. Containers help software run reliably when moved from one computing environment to another, such as from an individual’s laptop to the cloud. These complex programs pull together everything an application needs to work so those elements stay together when the application migrates.

  • ONR awards GrammaTech $9 million for cyber-hardening security research

    Ithaca-based GrammaTech has been awarded a $9 million, three-year contract from the Office of Naval Research (ONR), a division of the United States Department of the Navy, to perform research and development into cutting-edge techniques for protecting software from cyber-attacks. The goal is for end users to be able to transform their critical applications to shrink the attack surface, improve performance, lower memory consumption, and reduce complexity—all without breaking the application or disrupting operations.

  • “Cardiac password” project uses the wave of the heart motion for authentication

    One of the unique features for the upcoming iPhone X is facial recognition security, where users can simply unlock their phones by holding it up to their face and allowing the phone’s security measures to identify the correct user. However, it seems just as soon as new means of authentication are developed and put into use, hackers find a way around them, from hacking passwords to faking fingerprints to fool biometric security systems. But there may be one authentication method that cannot be hacked: Cardiac password.

  • Stanford Cyber Initiative addresses cybersecurity, governance, and the future of work

    Daily headlines emphasize the down side of technology: cyberattacks, election hacking and the threat of fake news. In response, government organizations are scrambling to understand how policy should shape technology’s role in governance, security and jobs. The Stanford Cyber Initiative is bringing together scholars from all over campus to confront the challenges technology presents.

  • Bolstering web security without compromising performance

    Chances are, you are reading this article on a web browser that uses HTTPS, the protocol over which data is sent between a web browser and the website users are connected to. In fact, nearly half of all web traffic passes through HTTPS. Despite the “S” for security in “HTTPS,” this protocol is far from perfectly secure.

  • S&T awards $8.6 million for enhancing security of mobile apps for the government

    DHS S&T has awarded funding to five R&D projects that will enhance the secure use of mobile applications for the federal government. These Mobile Application Security (MAS) R&D projects focus on continuous validation and threat protection for mobile apps and integrating security throughout the mobile app lifecycle.

  • U.S. government’s cybersecurity readiness lagging compared to almost every other industry

    SecurityScorecard the other day released its annual U.S. State and Federal Government Cybersecurity Report. The study paints a grim picture of the overall cyber health of the U.S. government entities. In the midst of investigations into a potential 2016 election hacking, regular major malware events, and an overall increase in the number of sophisticated cyberattacks, the report highlights that the government sector is lagging compared to almost every other industry. The state of U.S. government cyber health places mission-critical services and infrastructure at risk.

  • MSU cybersecurity scholarship program receives $3.11 million grant

    Mississippi State University will receive $3.11 million through a National Science Foundation grant to continue the university’s role in the CyberCorps Scholarship for Service program, which prepares qualified cybersecurity professionals for entry into the government workforce. As part of the grant, which will support the program for four years, East Mississippi Community College students planning to attend MSU are eligible to receive scholarships and support.

  • New app detects cyberattacks quickly

    If you are awaiting exciting news from your friend, what is the better way to read your email? Has it comes in, or after a batch collects? Well, if you read it as it comes in, you will surely get the news faster. Researchers have developed a software app that can do the same for computer networks. Monitoring the activity within a network in real-time can allow cybersecurity analysts to detect cyberattacks quickly, before thieves steal data or crash your system.

  • George Mason’s new Center of Excellence for Criminal Investigations and Network Analysis

    DHS S&T has selected George Mason University in Fairfax, Virginia to lead a consortium of U.S. academic institutions and other partners for a new Center of Excellence (COE) in Criminal Investigations and Network Analysis (CINA). The Center’s research will focus on criminal network analysis, dynamic patterns of criminal activity, forensics, and criminal investigative processes.

  • Cybercrime fighting tool moves from government to private sector

    Some Department of Energy facilities experience thousands of attempted cyberattacks every day. But the FLOWER software app, developed and patented by DOE’s Pacific Northwest National Laboratory, has been used by other tools and cyber analysts to detect, deter, and mitigate coordinated attacks.

  • NSA funds cybersecurity project to bolster security of cloud-based computing

    A University of Arkansas at Little Rock researcher has received funding from the U.S. National Security Agency (NSA) to improve cybersecurity skills for students and the general population. The cybersecurity lab project, “Networking and Network Security in the Cloud (NetSiC),” will address issues related to cloud-based computing environments and help students practice networking and cyber defense skills.