-
DHS releases the wrong FOIA-requested documents, exposing infrastructure vulnerabilities
On 3 July 2014, DHS, responding to a Freedom of Information Act(FOIA) request on Operation Aurora, a malware attack on Google, instead released more than 800 pages of documents related to the Aurora Project, a 2007 research effort led by Idaho National Laboratoryto show the cyber vulnerabilities of U.S. power and water systems, including electrical generators and water pumps. The research project found that once these infrastructure systems are infiltrated, a cyberattack can remotely control key circuit breakers, thereby throwing a machine’s rotating parts out of synchronization and causing parts of the system to break down.
-
-
Bolstering cybersecurity by taking a step back in time to analog security systems
Richard Danzig, the vice chairman for the RAND Corporation and a former secretary of the navy, is saying it is timeto take a step back in time and incorporate analog security systems into cyber infrastructure. “Merge your system with something that is analog, physical, or human so that if the system is subverted digitally it has a second barrier to go through,” he said. “If I really care about something then I want something that is not just a digital input but a human or secondary consideration,” he says.
-
-
FIDO 1.0 specifications published aiming to promote stronger authentication
The FIDO (Fast IDentity Online) Alliance, an open industry consortium promoting standards for simpler, stronger authentication, the other day published final 1.0 drafts of its two specifications — Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).
-
-
Improving defense of the U.S. cyber infrastructure
Florida Institute of Technology Associate Professor Marco Carvalho has been awarded a $730,000, two-year contract by DHS Science and Technology Directorate (S&T) to design a cyberdefense framework that will allow multiple organizations in both civilian and government sectors unprecedented levels of coordination in their efforts to protect the nation’s cyber infrastructure.
-
-
Internet security market to reach $42.8 billion globally by 2020
According to a new report by Allied Market Research, the global Internet security market is expected to reach $42.8 billion by 2020, registering a CAGR of 8.1 percent during 2014-2020. The market, driven by demand for software solutions, would experience a shift toward the adoption of cloud-based systems. About 80 percent of the top companies today identify with cloud-based security services which have become a prominent market trend.
-
-
New study shows people ignore online warnings
You are your own worst enemy when it comes to online security. Say you ignored one of those “this Web site is not trusted” warnings and it led to your computer being hacked. How would you react? Would you: (A) Quickly shut down your computer? (B) Yank out the cables? (C) Scream in cyber terror? Researchers report that that for a group of college students participating in a research experiment, all of the above were true. These gut reactions (and more) happened when a trio of researchers simulated hacking into study participants’ personal laptops.
-
-
Software detects, eradicates viruses, other malware – and repairs the damage they caused
University of Utah computer scientists have developed software that not only detects and eradicates never-before-seen viruses and other malware, but also automatically repairs damage caused by them. The software then prevents the invader from ever infecting the computer again. A3, for Advanced Adaptive Applications, is a software suite that works with a virtual machine — a virtual computer which emulates the operations of a computer without dedicated hardware. The A3 software is designed to watch over the virtual machine’s operating system and applications.
-
-
U.S. government networks vulnerable despite billons spent on protecting them
Experts say that cybersecurity has leaped over terrorism as the top threat to U.S. security, and with the awareness of the threat comes funding better to secure government systems. There are currently 90,000 information technology security professionals working for the government, 33 percent of them are contractors. The federal government is projected to hire more cyber professionals and spend $65 billion on cybersecurity contracts between 2015 and 2020, but today, federal cybersecurity officials are still struggling to keep sensitive data from hackers and cyber criminals. Some have warned of a “Cyber Pearl Harbor” — but Pearl Harbor was a surprise. No one in business or government today can continue to plead surprise when it comes to the possibility of cyberattack.
-
-
Mission Secure closes round of seed financing to commercialize cybersecurity technology
Charlottesville, Virginia-based Mission Secure Inc. (MSi), a cyberdefense technology and solutions provider focusing on protecting physical systems and autonomous vehicles, last week announced it had recently closed its seed financing round led by Ballast Fund investors, a private equity firm and several high net worth angel investors.
-
-
Government tries better to define cybersecurity needs
In a science advisory board meeting on 23 October at the White House Office of Science and Technology Policy (OSTP), officials attempted to glean just where the government cybersecurity workforce stood in terms of talent and hiring necessity. There is currently no government-wide federal job description in the cybersecurity field, and that has led to meetings similar to the October summit.
-
-
U.S. should emulate allies in pushing for public-private cybersecurity collaboration
Israeli Prime Minister Benjamin Netanyahu announced last month the formation of a national cyber defense authority to defend civilian networks under the leadership of the Israel National Cyber Bureau.The “U.S. government has a lot to learn from successful examples in allied nations. With more compromise and reform, there is plenty of reason for hope,” says a cybersecurity expert, adding that “a cybersecurity partnership between government, business, and individuals built on trust is possible, and would promote more resilient networks as well as creative thinking on cybersecurity.”
-
-
Federally funded cybersecurity center launched
The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence(NCCoE) initiative has awarded the first federally funded research and development center (FFRDC) contract for cybersecurity to MITRE Corp., a nonprofit established to operate FFRDCs. Cybersecurity professionals will work with stakeholders in government, the private sector, and academia to develop low cost and scalable cybersecurity solutions.
-
-
$3 million in grants for three pilot projects to improve online security, privacy
The National Institute of Standards and Technology (NIST) the other day announced nearly $3 million in grants that will support projects for online identity protection to improve privacy, security and convenience. The three recipients of the National Strategy for Trusted Identities in Cyberspace (NSTIC) grants will pilot solutions that make it easier to use mobile devices instead of passwords for online authentication, minimize loss from fraud and improve access to state services.
-
-
$5 million for new cybersecurity building at Ben-Gurion University of the Negev
Ben-Gurion University of the Negev (BGU) is a central component of the new “CyberSpark” initiative, a multi-component cyber eco-system. It is the only complex of its type in the world which is a government-academic-industry partnership and includes Fortune 500 companies and cyber-incubators, academic researchers and educational facilities, as well as national government and security agencies. A $5 million contribution will underwrite construction of the building that will house the Cyber Security Institute.
-
-
Moving cybersecurity technologies from the lab to the real world more expeditiously
Through the Department of Homeland Security’s Transition to Practice (TTP) program, cybersecurity technologies developed at Sandia National Laboratories — and at other federal labs — now stand a better chance of finding their way into the real world. The TTP program, spearheaded by DHS Science and Technology Directorate (S&T), helps move federally funded cybersecurity technologies into broader use. Getting research discoveries and new technologies over the so-called “valley of death” — the gap between early, promising research on one side and technology that’s in use on the other — is a pressing need in the national lab community.
-