• Poor decision-making may lead to cybersecurity breaches

    Recent high-profile security breaches, such as those at Target, Anthem Inc., and Sony Pictures, have attracted scrutiny to how the seemingly minor decisions of individuals can have major cybersecurity consequences. One expert says that social interactions affect the processes behind personal cybersecurity decision-making. “We all have small supercomputers in our pockets now,” he notes. “Regular people like you and me make a lot of important security decisions on a daily basis.”

  • Obama signs cybersecurity executive order, promotes information-sharing hubs

    President Barack Obama, at last week’s White House Summit on Cybersecurity and Consumer Protection, reiterated the need for more companies to collaborate with each other as well as with the federal government to develop cybersecurity solutions that protect consumer privacy while keeping hackers out of network systems.One strategy Obama encouraged in his speech was the creation of information-sharing groups, called hubs, built around vertical industry sectors.

  • DHS to rely on big data to protect critical infrastructure, networks

    DHS officials responsible for protecting federal civilian networks and critical industries from cyberattacks are going to rely more on big data analytics to predict, detect, and respond to future hacks, according to a White House progress reportreleased on 5 February. The report details how cybersecurity officials are “working across government and the private sector to identify and leverage the opportunities big data analytics presents to strengthen cybersecurity.”

  • Spotting, neutralizing hackers when they are already inside your systems

    Since the Internet gained popularity in the 1990s, the traditional model of cybersecurity has been to build systems and software which could keep hackers out of computers. As hackers continue to tap into complex security systems, however, some cybersecurity experts are advising companies to focus on tricking or neutralizing hackers once they have infiltrated networks, rather than spending money only on trying to keep them out.

  • Cybersecurity sector welcomes Obama’s $14 billion cybersecurity initiatives in 2016 budget

    Massachusetts cybersecurity firms applauded President Barack Obama proposed$14 billion toward cybersecurity initiatives in his 2016 budget. If approved, the federal government would spend more money on intrusion detection and prevention capabilities, as well as cyber offensive measures. Waltham-based defense contractor Raytheon, whose government clients already use the firm for its cybersecurity capabilities and expertise, believes the cybersecurity industry is expected to grow even faster in the coming years.

  • Growing demand for cyber insurance, especially by small and mid-size businesses

    Technology startup firms are leading the way in ensuring not only the security of their customers, but their own security as well. American businesses are expected to pay $2 billion for cyber insurance premiums in 2014, a 67 percent increase from just one year earlier. More than fifty U.S. insurance carriers are now offering cyber insurance policies. Even more impressively, many of these are focusing on small and mid-size businesses.

  • Protecting the security for networks of the future

    Today’s company networks comprise hundreds of devices: routers for directing data packets to the right receiver, firewall components for protecting internal networks from the outside world, and network switches. Such networks are extremely inflexible because every component, every router and every switch can carry out only the task it was manufactured for. If the network has to be expanded, the company has to integrate new routers, firewalls or switches and then program them by hand. This is why experts worldwide have been working on flexible networks of the future for the last five years or so, developing what is known as software-defined networking (SDN). It presents one disadvantage, however; it is susceptible to hacker attacks. Researchers have now developed a way to protect these future networks.

  • U.S. yet to develop a strategy to secure nation’s critical infrastructure

    For years, the U.S. government has warned federal and state agencies about the threat posed by hackers who may target computer systems responsible for operating nuclear plants, electric substations, oil and gas pipelines, transit systems, chemical facilities, and drinking water facilities. In February 2013, President Barack Obama issued a directive stating, “It is the policy of the United States to strengthen the security and resilience of its critical infrastructure against both physical and cyber threats.” Two years later the federal government has yet to develop or adopt a consensus on how to secure America’s critical infrastructure from cyber criminals.

  • Information assurance specialist licenses ORNL malware detection technology

    Washington, D.C.-based R&K Cyber Solutions LLC (R&K) has licensed Hyperion, a cybersecurity technology from the Department of Energy’s Oak Ridge National Laboratory that can quickly recognize malicious software even if the specific program has not been previously identified as a threat. By computing and analyzing program behaviors associated with harmful intent, Hyperion technology can look inside an executable program to determine the software’s behavior without using its source code or running the program.

  • Proposed changes to CFAA, RICO would criminalize cybersecurity research: Critics

    Cybersecurity professionals are concerned that the White House’s proposed changes to the Computer Fraud and Abuse Act (CFAA) and the Racketeering Influenced and Corrupt Organizations (RICO) Act, could criminalize cybersecurity research. The legislative proposals would make accessing public documents illegal if the documents’ owner would not have approved; create stricter punishments for anyone convicted of a cybercrime; and would allow the government to seize assets connected to cybercrimes. The White House also proposes upgrading hacking to a “racketeering” offense.

  • U Wisconsin, shedding 1960s anti-classified research image, launches cybersecurity center

    A new cybersecurity research center being built in partnership with private firms and the University of Wisconsin(UW) system aims to attract high-tech research dollars to the state, but administrators must balance the secrecy required for classified research with the openness which is the foundation of academic science. The state legislature passed a 2014 law allowing UW to accept contract for classified work partly in hopes that the school system will lose the perception of being an anti-classified-research environment, a perception dating back to campus protests against military research in the 1960s.

  • Universities adding cybersecurity programs to their curricula to meet growing demand

    The cyberattacks of recent years have not only increased the demand for employees who understand the field of information assurance and cybersecurity, they have also created a demand in cybersecurity education. Universities across the country are adding cybersecurity concentrations to their curricula to train students who will later help secure network systems.

  • DHS releases the wrong FOIA-requested documents, exposing infrastructure vulnerabilities

    On 3 July 2014, DHS, responding to a Freedom of Information Act(FOIA) request on Operation Aurora, a malware attack on Google, instead released more than 800 pages of documents related to the Aurora Project, a 2007 research effort led by Idaho National Laboratoryto show the cyber vulnerabilities of U.S. power and water systems, including electrical generators and water pumps. The research project found that once these infrastructure systems are infiltrated, a cyberattack can remotely control key circuit breakers, thereby throwing a machine’s rotating parts out of synchronization and causing parts of the system to break down.

  • Bolstering cybersecurity by taking a step back in time to analog security systems

    Richard Danzig, the vice chairman for the RAND Corporation and a former secretary of the navy, is saying it is timeto take a step back in time and incorporate analog security systems into cyber infrastructure. “Merge your system with something that is analog, physical, or human so that if the system is subverted digitally it has a second barrier to go through,” he said. “If I really care about something then I want something that is not just a digital input but a human or secondary consideration,” he says.

  • FIDO 1.0 specifications published aiming to promote stronger authentication

    The FIDO (Fast IDentity Online) Alliance, an open industry consortium promoting standards for simpler, stronger authentication, the other day published final 1.0 drafts of its two specifications — Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).