• New tool to improve government computer network security

    Researchers have developed a computer network security tool to help government agencies, along with state and local governments. The software-based technology, known as the Network Mapping System (NeMS), discovers and characterizes computer networks. “It is important to know what you have on your networks, so that you can decide what best practices to apply,” says one of the researchers.

  • D.C.-area becoming the Silicon Valley of cybersecurity

    A recent string of multi-billion dollar cybersecurity acquisitions in the greater Washington, D.C. metro area has led to the region being seen as a major hotbed for the industry. Spending by the Department of Defense (DOD) and a number of federal agencies has led to big contracts for many in the region, fuelling much of the growth. As the DOD focuses more of its budget on cyber issues and defense, the market has grown. “The D.C./NoVA/MD area, also known as the Cyber Corridor, is becoming the Silicon Valley of security,” say the CEO of one cybersecurity firm.

  • Pentagon to invest in Silicon Valley tech startups to help develop advanced cyber solutions

    The Pentagon will begin to invest in Silicon Valley tech startups as part of the department’s plan to develop and acquire more advanced cyber solutions to secure the country and military’s digital infrastructure. The investments will be made through In-Q-Tel, a nonprofit strategic investing firm the Central Intelligence Agency launched sixteen years ago. In-Q-Tel does not invest in companies alone, but rather relies on traditional venture firms to partner and contribute the lion’s share of the funding, so having them on board is critical for the program’s success.

  • Computer engineers battle malicious bots

    Defending Web sites from malicious intruder bots is not unlike fighting viruses: neutralize them and they reinvent themselves, finding new ways to penetrate. IT security designers, however, still hold an advantage over some automated programs masquerading as people. To date, there are human abilities too complex to imitate. Exploiting that weakness is central to an Internet security technology developed by researchers who have come up with a new method for distinguishing humans from computers. Their next-gen CAPTCHA — a brief test that computer users must pass in order to access a Web site — requires viewers to identify text, but presents it in video animation rather than in the distorted, static letters users now identify and reproduce to gain admittance.

  • NSA’s recruitment effort challenged by Snowden leaks, private sector competition

    The NSA employs roughly 35,000 people nationwide and anticipates on recruiting at least 1,000 workers each year. For 2015, the agency needs to find 1,600 recruits, hundreds of whom must come from highly specialized fields like computer science and mathematics. The agency has been successful so far, but still faces recruitment challenges in the aftermath of the Edward Snowden revelations and competition from private sector firms who offer recruits much higher salaries.

  • Air-gapped computer systems can be hacked by using heat: Researchers

    Computers and networks are air-gapped – that is, kept approximately fifteen inches (40 cm) apart — when they need to be kept highly secure and isolated from unsecured networks, such as the public Internet or an unsecured local area network. Typically, air-gapped computers are used in financial transactions, mission critical tasks, or military applications. Israeli researchers have discovered a new method, called BitWhisper, to breach air-gapped computer systems. The new method enables covert, two-way communications between adjacent, unconnected PC computers using heat – meaning that hackers to hack information from inside an air-gapped network, as well as transmit commands to it.

  • IT security spending grows, but confidence in cyber protection measures does not

    A new report looking at how organizations view the future of cyberthreats and these organizations’ current defenses, found that while IT spending is increasing, confidence in the efficacy of cyber protection is declining. In a survey of more than 800 IT security leaders and professionals, the report found that more than 70 percent of respondents’ networks had been breached in 2014 — a 62 percent increase from 2013. Security concerns are only going to increase as the number of Internet connected devices increase from fourteen billion today to fifty billion by 2020.

  • Guaranteeing online anonymity

    Anonymity on the Internet is possible only up to a certain degree. Therefore, it is possible that others may see who is visiting an online advice site on sexual abuse, or who frequently looks up information about a certain disease, for example. Seeing that this kind of private information can be linked to their identity, users will often resort to special online anonymization services. One of the most popular tools is Tor. “The Tor network isn’t perfect, however,” says a researcher at the Research Center for IT Security (CISPA). CISPA researchers have developed a program that can provide an accurate assessment of the level of anonymity an individual user achieves, even while basing the estimate on the fluctuations of the Tor network.

  • FAA should address weaknesses in air traffic control systems: GAO

    The Federal Aviation Administration (FAA) has taken steps to protect its air traffic control systems from cyber-based and other threats, but significant security control weaknesses remain, threatening the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system (NAS), the GAO says in a new report. The GAO report says that FAA also did not fully implement its agency-wide information security program.

  • Army seeks public collaboration in developing security software

    Researchers working on a new cybersecurity project at the Army Research Lab (ARL) in Adelphi, Maryland have made available their project to anyone on the Internet in order to prompt professional collaboration and help. This atypical development tactic is intended to kick-start public collaboration on a software tool intended to aid soldiers in understanding where hackers might be targeting military systems.

  • Texas lawmakers on the Hill lead drive for cybersecurity legislation

    After recent high-profile cyberattacks on the U.S. private sector, Congress has been tasked with passing legislation that will address cybersecurity concerns including how the private sector should report data breaches to regulators and how the U.S. government should respond to state-sponsored cyberattacks. Three Texas Republican lawmakers, through leadership roles in committees and subcommittees, have been charged with exploring solutions to those concerns.

  • Poor decision-making may lead to cybersecurity breaches

    Recent high-profile security breaches, such as those at Target, Anthem Inc., and Sony Pictures, have attracted scrutiny to how the seemingly minor decisions of individuals can have major cybersecurity consequences. One expert says that social interactions affect the processes behind personal cybersecurity decision-making. “We all have small supercomputers in our pockets now,” he notes. “Regular people like you and me make a lot of important security decisions on a daily basis.”

  • Obama signs cybersecurity executive order, promotes information-sharing hubs

    President Barack Obama, at last week’s White House Summit on Cybersecurity and Consumer Protection, reiterated the need for more companies to collaborate with each other as well as with the federal government to develop cybersecurity solutions that protect consumer privacy while keeping hackers out of network systems.One strategy Obama encouraged in his speech was the creation of information-sharing groups, called hubs, built around vertical industry sectors.

  • DHS to rely on big data to protect critical infrastructure, networks

    DHS officials responsible for protecting federal civilian networks and critical industries from cyberattacks are going to rely more on big data analytics to predict, detect, and respond to future hacks, according to a White House progress reportreleased on 5 February. The report details how cybersecurity officials are “working across government and the private sector to identify and leverage the opportunities big data analytics presents to strengthen cybersecurity.”

  • Spotting, neutralizing hackers when they are already inside your systems

    Since the Internet gained popularity in the 1990s, the traditional model of cybersecurity has been to build systems and software which could keep hackers out of computers. As hackers continue to tap into complex security systems, however, some cybersecurity experts are advising companies to focus on tricking or neutralizing hackers once they have infiltrated networks, rather than spending money only on trying to keep them out.