• System predicts 85 percent of cyber-attacks using input from human experts

    Today’s security systems usually fall into one of two categories: human or machine. So-called “analyst-driven solutions” rely on rules created by living experts and therefore miss any attacks that do not match the rules. Meanwhile, today’s machine-learning approaches rely on “anomaly detection,” which tends to trigger false positives that both create distrust of the system and end up having to be investigated by humans, anyway. But what if there were a solution that could merge those two worlds? What would it look like? Virtual artificial intelligence analyst developed by the MIT’s Computer Science and Artificial Intelligence Lab and machine-learning startup PatternEx reduces false positives by factor of 5.

  • Hyperion cyber security technology receives commercialization award

    The commercial licensing of a cybersecurity technology developed at the Department of Energy’s Oak Ridge National Laboratory has been recognized by the Federal Laboratory Consortium for Technology Transfer (FLC) as a good example of moving technology to the marketplace. Hyperion, which has the capability automatically to analyze executable programs and recognize behaviors that signal malicious intent and vulnerabilities, was licensed to Virginia-based R&K Cyber Solutions, LLC, in late 2014.

  • Using unpredictability to defend computers from cyberattacks

    We want our computers to perform the way we expect. But what if the key to defeating malware is introducing a bit of chaos? Researchers think a bit of unpredictability could help outsmart malware. This is the logic behind Chameleon, the operating system they are developing. In Chameleon, which is still in the conceptual phase, unknown programs that could be malware run in a special “unpredictable” environment, where the OS intentionally introduces some unpredictability to the way they operate.

  • U Wyoming could become cybersecurity hub

    Wyoming Governor Matt Mead has requested state funding to develop a program at the University of Wyoming to become a center of excellence in cyber defense. According to the Wyoming Cybersecurity Education Initiative, proposed curriculum in the College of Engineering and Applied Science’s Department of Computer Science would educate students to defend against such attacks and “provide meaningful and sustainable impact to Wyoming’s technology sector through cybersecurity and information assurance higher-education programs.”

  • Optical illusions which fool computer vision raise security concerns

    Computers are learning to recognize objects with near-human ability. But researchers have found that computers, like humans, can be fooled by optical illusions, which raises security concerns and opens new avenues for research in computer vision

  • Kaplan launches cybersecurity education company

    Education provider Kaplan announced Wednesday that it has created a 12-person spin-off, split from a separate sister company called Cybervista, to offer Web-based cybersecurity courses. The creation of this new cybersecurity unit is an indication that the private sector is aware of, and trying to benefit from, the shortage of qualified security employees.

  • Tool improves government computer network security

    Government agencies, along with state and local governments, could receive a helping hand from a computer network security tool developed by computer scientists and engineers at DOE’s Lawrence Livermore National Laboratory. The LLNL software-based technology, known as the Network Mapping System (NeMS), does not allow a rogue computer which has gained access to a computer network to use a company’s virus protection systemd. The goal is to uncover any unauthorized devices to ensure a company is not at risk.

  • In our Wi-Fi world, the internet still depends on undersea cables

    Not many people realize that undersea cables transport nearly 100 percent of transoceanic data traffic. These lines are laid on the very bottom of the ocean floor. They’re about as thick as a garden hose and carry the world’s Internet, phone calls and even TV transmissions between continents at the speed of light. A single cable can carry tens of terabits of information per second. The cables we all rely on to send everything from e-mail to banking information across the seas remain largely unregulated and undefended. Any single cable line has been and will continue to be susceptible to disruption. And the only way around this is to build a more diverse system, because the thing that protects global information traffic is the fact that there’s some redundancy built into the system. But as things are, even though individual companies each look out for their own network, there is no economic incentive or supervisory body to ensure the global system as a whole is resilient. If there’s a vulnerability to worry about, this is it.

  • PNNL to help DHS address critical infrastructure vulnerabilities

    The Department of Energy’s Pacific Northwest National Laboratory (PNNL) has been named a supporting laboratory to the National Infrastructure Simulation and Analysis Center (NISAC). NISAC is a Department of Homeland Security (DHS) program which addresses the potential vulnerabilities and consequences of disruption of U.S. critical infrastructure. PNNL says it will contribute advanced computer modeling and simulation capabilities to look at the dependencies, interdependencies, vulnerabilities, and complexities of important critical infrastructure sectors such as dams, water, transportation, energy, and information technology.

  • NSF awards $74.5 million to 257 interdisciplinary cybersecurity research projects

    The NSF the other day announced the awarding $74.5 million in research grants through the NSF Secure and Trustworthy Cyberspace (SaTC) program. In total, the SaTC investments include a portfolio of 257 new projects to researchers in thirty-seven states. The largest, multi-institutional awards include research better to understand and offer reliability to new forms of digital currency known as cryptocurrencies, which use encryption for security; invent new technology to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the “science of censorship resistance” by developing accurate models of the capabilities of censors.

  • Two new projects tackle e-mail security

    In the early, halcyon days of the Internet, researchers were more interested in sharing information rather than securing it. Now, decades later, securing the world’s most widely used medium for business communication is a full-time job for researchers and IT specialists around the globe. The modern working world cannot exist without e-mail, but hackers exploit this vital service to steal money and valuable information. The National Institute of Standards and Technology (NIST) is tackling this threat with two new projects.

  • Strengthening U.S. cybersecurity capabilities by bolstering cyber defense, deterrence

    Top officials from the Defense Department and the intelligence community told a Senate panel that defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities. Director of National Intelligence James R. Clapper said that for the third year in a row, cyberthreats headed the list of threats reported in the annual National Intelligence Worldwide Threat Assessment. “Although we must be prepared for a large Armageddon-scale strike that would debilitate the entire U.S. infrastructure, that is not … the most likely scenario,” Clapper said. Rather, the primary concern is low- to moderate-level cyberattacks from a growing range of sources that will continue and probably expand, adding that in the future he expects to see more cyber operations that manipulate electronic information to compromise its integrity, as opposed to deleting or disrupting access to it.

  • DHS S&T awards $10.4 million in mobile security research contracts

    The mobile technology industry has continuously expanded with new devices and apps, allowing people to simplify how and where business is conducted. While increasing the use of mobile technology can enhance productivity, improved security is needed to ensure that sensitive information is not at risk to current and emerging cyber threats. DHS S&T the other day announced $10.4 million in cybersecurity Mobile Technology Security (MTS) research and development (R&D) awards to enhance the security of mobile devices for the federal government.

  • Federally funded network anomaly-detection technology licensed to Ernst & Young

    The Transition to Practice (TTP) program, established in 2012 as part of S&T’s Cybersecurity Division, looks to transition federally funded cybersecurity technologies from the laboratory to enterprise consumers. S&T the other day announced that the PathScan technology, a network anomaly-detection tool developed by Los Alamos National Laboratory, has been licensed to Ernst & Young LLP (EY).

  • U.S. should promote international cybersecurity standardization: Interagency report

    A new draft report by an interagency working group lays out objectives and recommendations for enhancing the U.S. government’s coordination and participation in the development and use of international standards for cybersecurity. The report recommends the government make greater effort to coordinate the participation of its employees in international cybersecurity standards development to promote the cybersecurity and resiliency of U.S. information and communications systems and supporting infrastructures. These efforts should include increased training, collaborating with private industry and working to minimize risks to privacy.