• Experts call for a new organization to oversee grid’s cybersecurity

    In 2013, U.S. critical infrastructure companies reported about 260 cyberattacks on their facilities to the federal government. Of these attacks, 59 percent occurred in the energy sector. A new report proposes that energy companies should create an industry-led organization to deflect cyber threats to the electric grid. Modeled after the nuclear industry’s Institute of Nuclear Power Operations, the proposed organization, to be called the Institute for Electric Grid Cybersecurity, would oversee all the energy industry players that could compromise the electric grid if they came under a cyberattack.

  • Collegiate cyber defense competition advances to regional finals

    Seven members of the University of Maine Cyber Defense Team will compete at the annual Northeast Collegiate Cyber Defense Competition at the University of New Hampshire in March. The team was one of nine out of a pool of fourteen schools that qualified for the regional competition. The competition simulates security operations for a small company. Teams must quickly familiarize themselves with network systems and software before beginning to defend against attacks while also providing customer service to users.

  • Latest cybersecurity threat: WiFi virus

    Researchers have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans. The team designed and simulated an attack by a virus and found that not only could it spread quickly between homes and businesses, but it was able to avoid detection and identify the points at which WiFi access is least protected by encryption and passwords.

  • Skeptics doubt voluntary Cybersecurity Framework will achieve its goal

    The Framework for Improving Critical Infrastructure Cybersecurity, developedby NIST following Executive Order 13636to promote cybersecurity, has been received with both support and skepticism from critical infrastructure industries. The 41-page document, put together by industry and government experts, offers guidelines on cybersecurity standards and best practices to critical infrastructure firms. It says its role is to be a complement to industries’ existing risk management practices.Skepticssay that without incentives, legislation, or enforcement, the guidelines will not be adopted.”The marketplace will punish any company that implements anything that could be considered excessive security, because it will increase their costs,” says an industry insider.

  • Israeli defense company launches cybersecurity solutions section

    In recent months the Israel Aerospace Industries (IAI) has increased its cyberdefense-related activities. Esti Peshin, director of the company’s cyber section and a veteran of the IDF’s hush-hush sigint Unit 8200, says IAI is now developing solutions for clients in Israel and abroad. “We’re a start-up, but with the backing of a company that earns $3.5 billion a year,” she said. Ultimately, she implied, these defensive measures can be turned into offensive capabilities. “Intelligence is a subset of attack,” Peshin said. “This is, first of all, a national mission.”

  • Snowden’ leaks derailed important cybersecurity initiatives

    Edward Snowden’s leaks created such a climate of distrust around the NSA that many important cybersecurity initiatives died, stalled, or became non-starters. Security experts say that this is a case of throwing the baby out with the bathwater, and that the result of these stalled cybersecurity initiatives is that the United States is now more vulnerable to cyberattacks on its infrastructure, and government agencies and American corporations more exposed to sensitive information being compromised and stolen. U.S. officials have found it more difficult to respond to cyberattacks from Russia, China, and elsewhere. “All the things [the NSA] wanted to do are now radioactive, even though they were good ideas,” says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies(CSIS).

  • Pace of acquisitions of cybersecurity startups quickens

    With the number and scope of cybersecurity breaches on the rise, cybersecurity startups offering innovative security solutions have become a sought-after target in the merger and acquisition market. These innovative companies are eagerly sought not only for their technologies, but also as an investment vehicle, with the average valuation acquiring companies willing to pay approaching ten times revenue. “To pay ten times on services in the normal world is crazy, in the security world it’s normal,” says an industry insider.

  • DARPA makes agency-sponsored software, publications available to R&D community

    DARPA has invested in many programs that sponsor fundamental and applied research in areas of computer science, programs which have led to new advances in theory as well as practical software. The R&D community has asked about the availability of results, and now DARPA has responded by creating the DARPA Open Catalog, a place for organizing and sharing those results in the form of software, publications, data, and experimental details. The Web site aims to encourage communities interested in DARPA research to build off the agency’s work, starting with big data.

  • National Guard units help states ward off cyberattacks

    Governors across the United States are mobilizing their states’ National Guard units to combat threats from cyberattacks. The state of Washington was the first state to assign the state’s National Guard cybersecurity responsibilities. The state recognized the potential of its National Guard as a cyberforce when it realized that many of its soldiers, who are full-time employees and part-time soldiers, worked for tech employers such as Google, Boeing, Cisco, Verizon, and Microsoft.

  • Quantum encryption for wiretap-proof communication a step closer

    Polarized light, in which all the light waves oscillate on the same plane, forms the foundation for technology such as LCD displays in computers and TV sets, and advanced quantum encryption. There are two ways to create polarized light, but each has its problems: filtering normal unpolarized to block unwanted light waves (but here, half of the light emitted, and thereby an equal amount of energy, are lost), or using light which is polarized at the source (but here, polarization is either too weak or hard to control). Now there is a better way: By emitting photons from a quantum dot at the top of a micropyramid, researchers are creating a polarized light source with a high degree of linear polarization, on average 84 percent. As the quantum dots can also emit one photon at a time, this is promising technology for quantum encryption, a growing technology for wiretap-proof communication.

  • Two Israeli startups with innovative cybersecurity solutions raise combined $25 million

    Two Israeli cybersecurity startups, launched by veterans of the IDF technology units, announced that, separately, they had raised a combined $25 million from investors. Adallom’s solution accumulates users’ behavioral data in order to protect databases. It monitors how software applications like the customer relationship management program Salesforce, Google apps, and Microsoft Office 360 are used, and protects data security. Aorato’s solution watches for suspicious usage of employee credentials – for example, multiple guessing attempts. “2013 showed the world the risks of advanced threats in parallel to the implications of insiders’ access to sensitive corporate data,” Aorato’s CEO Idan Plotnik noted, referring to the Edward Snowden’s leaks of secret government information.

  • National cyber complex to open next to Ben-Gurion University of the Negev campus

    A new national cyber complex called CyberSpark will open at the Advanced Technology Park (ATP) which is located next to Ben Gurion University of the Negev. Fortune 500 companies Lockheed Martin and IBM announced they would invest in CyberSpark R&D facilities, joining other cybersecurity leaders Deutsche Telekom, EMC, RSA, and many startups. The 15-building ATP is the only type of complex of its kind in the world that includes Fortune 500 companies and cyber-incubators, academic researchers, and educational facilities as well as national government and security agencies. The CyberSpark will also include a high school geared toward science and technology.

  • Cal Poly unveils ambitious cybersecurity educational initiative

    Cal Poly, with a grant from the Northrop Grumman Foundation, has established a Cybersecurity Center, opened a new cyber lab, and is developing a cybersecurity curriculum with an ambitious set of goals in mind: educating thousands of students in cybersecurity awareness and readiness; producing experts in cyber technologies and systems, including many professionals who will serve the military and defense industry; and graduating cyber innovators who are prepared for advanced study and applied research in emerging cyber issues.

  • House approves $447 for Cyber Command

    The House of Representatives approved a fiscal 2014 stop-gap budget last Monday (it approved to full spending bill on Wednesday), which allocates $447 million to the Defense Department’s Cyber Command. This is more than twice the $191 million budget for Cyber Command in 2013.

  • NERC’s critical infrastructure protection standards ambiguous, unclear: analysts

    In January 2008, to counter cybersecurity threats to critical infrastructure assets such as bulk electricity supply (BES), North American Electric Reliability Corp.’s (NERC) launched its Critical Infrastructure Protection (CIP) standards for BES cybersecurity. The NERC-CIP is marked by uncertainties and ambiguous language, raising concerns in the industry and among industry observers as companies try to enforce the standards. “Industry now screams for a defined control set with very specific requirements that don’t permit subjective and ambiguous interpretations,” comments one analyst.