• NSF awards $74.5 million to 257 interdisciplinary cybersecurity research projects

    The NSF the other day announced the awarding $74.5 million in research grants through the NSF Secure and Trustworthy Cyberspace (SaTC) program. In total, the SaTC investments include a portfolio of 257 new projects to researchers in thirty-seven states. The largest, multi-institutional awards include research better to understand and offer reliability to new forms of digital currency known as cryptocurrencies, which use encryption for security; invent new technology to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the “science of censorship resistance” by developing accurate models of the capabilities of censors.

  • Two new projects tackle e-mail security

    In the early, halcyon days of the Internet, researchers were more interested in sharing information rather than securing it. Now, decades later, securing the world’s most widely used medium for business communication is a full-time job for researchers and IT specialists around the globe. The modern working world cannot exist without e-mail, but hackers exploit this vital service to steal money and valuable information. The National Institute of Standards and Technology (NIST) is tackling this threat with two new projects.

  • Strengthening U.S. cybersecurity capabilities by bolstering cyber defense, deterrence

    Top officials from the Defense Department and the intelligence community told a Senate panel that defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities. Director of National Intelligence James R. Clapper said that for the third year in a row, cyberthreats headed the list of threats reported in the annual National Intelligence Worldwide Threat Assessment. “Although we must be prepared for a large Armageddon-scale strike that would debilitate the entire U.S. infrastructure, that is not … the most likely scenario,” Clapper said. Rather, the primary concern is low- to moderate-level cyberattacks from a growing range of sources that will continue and probably expand, adding that in the future he expects to see more cyber operations that manipulate electronic information to compromise its integrity, as opposed to deleting or disrupting access to it.

  • DHS S&T awards $10.4 million in mobile security research contracts

    The mobile technology industry has continuously expanded with new devices and apps, allowing people to simplify how and where business is conducted. While increasing the use of mobile technology can enhance productivity, improved security is needed to ensure that sensitive information is not at risk to current and emerging cyber threats. DHS S&T the other day announced $10.4 million in cybersecurity Mobile Technology Security (MTS) research and development (R&D) awards to enhance the security of mobile devices for the federal government.

  • Federally funded network anomaly-detection technology licensed to Ernst & Young

    The Transition to Practice (TTP) program, established in 2012 as part of S&T’s Cybersecurity Division, looks to transition federally funded cybersecurity technologies from the laboratory to enterprise consumers. S&T the other day announced that the PathScan technology, a network anomaly-detection tool developed by Los Alamos National Laboratory, has been licensed to Ernst & Young LLP (EY).

  • U.S. should promote international cybersecurity standardization: Interagency report

    A new draft report by an interagency working group lays out objectives and recommendations for enhancing the U.S. government’s coordination and participation in the development and use of international standards for cybersecurity. The report recommends the government make greater effort to coordinate the participation of its employees in international cybersecurity standards development to promote the cybersecurity and resiliency of U.S. information and communications systems and supporting infrastructures. These efforts should include increased training, collaborating with private industry and working to minimize risks to privacy.

  • New tool to improve government computer network security

    Researchers have developed a computer network security tool to help government agencies, along with state and local governments. The software-based technology, known as the Network Mapping System (NeMS), discovers and characterizes computer networks. “It is important to know what you have on your networks, so that you can decide what best practices to apply,” says one of the researchers.

  • D.C.-area becoming the Silicon Valley of cybersecurity

    A recent string of multi-billion dollar cybersecurity acquisitions in the greater Washington, D.C. metro area has led to the region being seen as a major hotbed for the industry. Spending by the Department of Defense (DOD) and a number of federal agencies has led to big contracts for many in the region, fuelling much of the growth. As the DOD focuses more of its budget on cyber issues and defense, the market has grown. “The D.C./NoVA/MD area, also known as the Cyber Corridor, is becoming the Silicon Valley of security,” say the CEO of one cybersecurity firm.

  • Pentagon to invest in Silicon Valley tech startups to help develop advanced cyber solutions

    The Pentagon will begin to invest in Silicon Valley tech startups as part of the department’s plan to develop and acquire more advanced cyber solutions to secure the country and military’s digital infrastructure. The investments will be made through In-Q-Tel, a nonprofit strategic investing firm the Central Intelligence Agency launched sixteen years ago. In-Q-Tel does not invest in companies alone, but rather relies on traditional venture firms to partner and contribute the lion’s share of the funding, so having them on board is critical for the program’s success.

  • Computer engineers battle malicious bots

    Defending Web sites from malicious intruder bots is not unlike fighting viruses: neutralize them and they reinvent themselves, finding new ways to penetrate. IT security designers, however, still hold an advantage over some automated programs masquerading as people. To date, there are human abilities too complex to imitate. Exploiting that weakness is central to an Internet security technology developed by researchers who have come up with a new method for distinguishing humans from computers. Their next-gen CAPTCHA — a brief test that computer users must pass in order to access a Web site — requires viewers to identify text, but presents it in video animation rather than in the distorted, static letters users now identify and reproduce to gain admittance.

  • NSA’s recruitment effort challenged by Snowden leaks, private sector competition

    The NSA employs roughly 35,000 people nationwide and anticipates on recruiting at least 1,000 workers each year. For 2015, the agency needs to find 1,600 recruits, hundreds of whom must come from highly specialized fields like computer science and mathematics. The agency has been successful so far, but still faces recruitment challenges in the aftermath of the Edward Snowden revelations and competition from private sector firms who offer recruits much higher salaries.

  • Air-gapped computer systems can be hacked by using heat: Researchers

    Computers and networks are air-gapped – that is, kept approximately fifteen inches (40 cm) apart — when they need to be kept highly secure and isolated from unsecured networks, such as the public Internet or an unsecured local area network. Typically, air-gapped computers are used in financial transactions, mission critical tasks, or military applications. Israeli researchers have discovered a new method, called BitWhisper, to breach air-gapped computer systems. The new method enables covert, two-way communications between adjacent, unconnected PC computers using heat – meaning that hackers to hack information from inside an air-gapped network, as well as transmit commands to it.

  • IT security spending grows, but confidence in cyber protection measures does not

    A new report looking at how organizations view the future of cyberthreats and these organizations’ current defenses, found that while IT spending is increasing, confidence in the efficacy of cyber protection is declining. In a survey of more than 800 IT security leaders and professionals, the report found that more than 70 percent of respondents’ networks had been breached in 2014 — a 62 percent increase from 2013. Security concerns are only going to increase as the number of Internet connected devices increase from fourteen billion today to fifty billion by 2020.

  • Guaranteeing online anonymity

    Anonymity on the Internet is possible only up to a certain degree. Therefore, it is possible that others may see who is visiting an online advice site on sexual abuse, or who frequently looks up information about a certain disease, for example. Seeing that this kind of private information can be linked to their identity, users will often resort to special online anonymization services. One of the most popular tools is Tor. “The Tor network isn’t perfect, however,” says a researcher at the Research Center for IT Security (CISPA). CISPA researchers have developed a program that can provide an accurate assessment of the level of anonymity an individual user achieves, even while basing the estimate on the fluctuations of the Tor network.

  • FAA should address weaknesses in air traffic control systems: GAO

    The Federal Aviation Administration (FAA) has taken steps to protect its air traffic control systems from cyber-based and other threats, but significant security control weaknesses remain, threatening the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system (NAS), the GAO says in a new report. The GAO report says that FAA also did not fully implement its agency-wide information security program.