• Replacing vulnerable password with secure keystroke biometrics

    Lapses in computer security can be seen as downright negligent, in a time when major data breaches and leaks dominate international headlines on a regular basis. But it also draws attention to a more compelling question: just how secure are text-based passwords, really? Experts believe that there should be alternatives to the ubiquitous, text-based user authentication method – and that one such alternative is a new method of user authentication using keystroke biometrics.

  • The risk of cyber 9/11 or cyber Pearl Harbor exaggerated: Expert

    Addressing the implications of cybersecurity threats for the stability of international world order, an expert acknowledged that states will find it difficult to maintain cybersecurity in an increasingly porous and congested cyberspace, but said that cyber-experts exaggerate the threat to essential state infrastructures.

  • What CSPs can learn from the latest DDoS attacks

    Around the world, communications service providers (CSPs) and subscribers were affected by the 21 October 2016 DDoS attack, making it virtually impossible to reach many popular Web sites for several hours. Although CSPs weren’t targeted directly, they were still affected since the outages drove additional caching DNS traffic caused by the errors from failed DNS requests. This spike in traffic slowed overall network performance, likely driving up customer support call volumes from unhappy subscribers. The attacks highlighted the easily overlooked — yet vital — role that DNS plays on the Internet. An expert offers a few key steps CSPs can take to prepare for similar attacks in the future.

  • DHS S&T awards UCSD $1.4 million to measure Internet vulnerabilities

    DHS S&T has awarded $1,356,071 to UCSD to develop new capabilities better to enable cyber security researchers to measure the Internet’s vulnerabilities to cyberattacks. The award is part of S&T’s Cyber Security Division’s (CSD) larger Internet Measurement and Attack Modeling (IMAM) project.

  • Should NSA and cyber command have separate leadership?

    The National Security Agency is the nation’s digital spying organization. U.S. Cyber Command is a military unit focused on cyberwarfare. Does it make sense for one person to lead them both at the same time? I believe that the NSA and Cyber Command should be under separate leadership, so each can pursue its mission with undivided focus and complete intensity. The NSA can gather intelligence. Cyber Command can defend our military networks and be ready to attack the systems of our enemies.

  • DHS awards U Texas San Antonio $3 million to develop, deliver cybersecurity training

    The Department of Homeland Security (DHS) has selected a team led by the University of Texas at San Antonio (UTSA) to develop and deliver cybersecurity training through the Continuing Training Grants (CTG) Program. The 2016 CTG is a $3 million grant to develop and deliver cybersecurity training to support the national preparedness goal to make the United States more secure and resilient.

  • NIST’s regional approach to addressing U.S. cybersecurity challenge

    NIST has awarded grants totaling nearly $1 million for five projects that are taking a community approach to addressing the U.S. shortage of skilled cybersecurity employees. The NIST-led National Initiative for Cybersecurity Education (NICE), a partnership among government, academia, and the private sector, will oversee the grants as part of its mission to support cybersecurity education, training, and workforce development.

  • North Korea has only has 28 Web sites, mistakenly leaked official data reveals

    Launching an effective cyberwar against North Korea would be difficult because the secretive country has only twenty-eight registered domains. The information about the surprisingly small number of North Korean registered domains was the result of incorrect configuration of one of North Korea’s top-level name servers. The incorrect configuration made the server reveal a list of all the domain names under the domain .kp.

  • Setting up a decoy network to help deflect a hacker's hits

    Computer networks may never float like a butterfly, but information scientists suggest that creating nimble networks that can sense jabs from hackers could help deflect the stinging blows of those attacks. The researchers created a computer defense system that senses possible malicious probes of the network and then redirects that attack to a virtual network that offers little information about the real network.

  • A chip that checks for sabotage, flags defects

    With the outsourcing of microchip design and fabrication a worldwide, $350 billion business, bad actors along the supply chain have many opportunities to install malicious circuitry in chips. These Trojan horses look harmless but can allow attackers to sabotage healthcare devices; public infrastructure; and financial, military, or government electronics. Researchers are developing a unique solution: a chip with both an embedded module that proves that its calculations are correct and an external module that validates the first module’s proofs.

  • DHS S&T awards $1.3 million to small businesses for cybersecurity R&D

    DHS S&T has awarded $1.3 million to thirteen small businesses for the development of new cyber security technology. Each business was awarded approximately $100,000 in preliminary funding through the DHS S&T Small Business Innovation Research (SBIR) program. The SBIR proposal solicitation, released in December 2015, included four topics developed by Cyber Security Division program managers.

  • “Our president should be chosen by American citizens, not by foreign adversaries or interests”

    Thirty-one members of the Aspen Institute Homeland Security Group, a bipartisan group of homeland security and counterterrorism experts, last week have issued a statement on the recent Democratic National Committee (DNC) hack. “[T]his is an attack not on one party but on the integrity of American democracy. And it may not be the end of such attacks. It is not unthinkable that those responsible will steal and release more files, and even salt the files they release with plausible forgeries,” members of the group write. “This is unacceptable. Our president should be chosen by American citizens, not by foreign adversaries or interests.”

  • U.S. to issue new policy directive for coordinated government response to cyberattacks

    The administration is set to release a new directive on how the government should respond to significant cyberattacks. The release of the directives aims to clarify the responsibilities of agencies involved in security breaches. The presidential directive comes against the backdrop of an increasing number of cyberattacks by criminals and foreign governments.

  • Automated cybersecurity systems get set for final face-off at DARPA’s Cyber Grand Challenge

    The Heartbleed security bug existed in many of the world’s computer systems for nearly two-and-a-half years before it was discovered and a fix circulated in the spring of 2014. The reason for this time lag? In contrast to the sophistication and automation that characterize so much of today’s computer systems, the process of finding and countering bugs, hacks, and other cyber infection vectors is still effectively artisanal. But what if that system of finding and fixing flaws were just as fast and automated as the computer systems they are trying to protect? What if cyber defense were as seamless, sophisticated, and scalable as the Internet itself? These are questions at the heart of DARPA’s Cyber Grand Challenge.

  • How to stay anonymous online

    Anonymity networks protect people living under repressive regimes from surveillance of their Internet use. But the recent discovery of vulnerabilities in the most popular of these networks — Tor — has prompted computer scientists to try to come up with more secure anonymity schemes. These scientists have developed a new anonymity scheme that provides strong security guarantees but uses bandwidth much more efficiently than its predecessors, making it possible for network to protect users’ anonymity if all but one of its servers are compromised.