• Hoover Dam is safe from hackers

    In response to the debate over the controversial Senate Internet “kill switch” bill, the U.S. Bureau of Reclamation refuted a central argument that the law’s proponents have been using; proponents of the bill have often stated the need for the bill because terrorists could hack into the system and open the Hoover Dam’s floodgates; the dam is not connected to the Internet and has several physical and technological safeguards that prevent the floodgates from opening; the proposed bill would authorize the president to sever critical infrastructure from the Internet in the event of a cyber attack; critics say the bill could violate First Amendment rights

  • Cybersecurity named one of top five global threats

    World leaders at the World Economic Forum in Davos named cyber security as one of the top five global risks in its 2011 report; the report identifies four key areas that pose global risks: cyber theft, cyber espionage, cyber war, and cyber terrorism; observers worry that the Stuxnet virus, which damaged Iran’s nuclear centrifuges, may have sparked a cyber arms race and are particularly concerned about the lack of established international norms surrounding these weapons; the report fears that cyber attacks on nations could lead to conventional attacks

  • Internet IPv4 addresses completely exhausted

    Last week the final blocks of IPv4 addresses were allocated, officially signaling the end of Web space on IPv4 networks; the moment is significant as all new Internet ready devices must now be deployed using IPv6 networks, the upgrade to IPv4; IPv6 offers greater security, higher performance, and can support nearly an infinite number of devices; China is rapidly pushing ahead with IPv6 in the hopes that it can wield more clout over the new Internet space as the United States currently enjoys with IPv4; China has deployed IPv6 capabilities at more than double the rate of the United States

  • DARPA working on major cyber security break through

    The DOD’s advanced research arm, DARPA, is currently working on two programs that could radically change cyber security; one program, CRASH, is based on the human immune system and will make it less likely that computers will spread cyber infections to other networks; DAPRA is also working on another program, PROCEED, which will allow programmers to work directly with encrypted data without having to decrypt it first; both are highly experimental and may not succeed, but researchers have high hopes

  • Critical cyber vulnerabilities found in financial system

    A recent report found critical weaknesses in automated high-frequency trading systems that hackers could exploit to make money or simply wreak havoc on the financial system; cPacket Networks fears that hackers could use what it calls a “side channel attack” stealthily to manipulate financial data as it is received by these high-frequency trading program; many analysts believe that the “flash crash” in May 2010, when the Dow dropped nearly a thousand points in several minutes, was unintentionally caused by high-frequency trading systems; cPacket is working with financial institutions to optimize their high-frequency trading systems to detect these manipulations

  • Enabling PC operating systems to survive attacks

    In certain computer security attacks, an outside party compromises one computer application (such as a Web browser) and then uses that application to submit a “system call” to the operating system, effectively asking the operating system to perform a specific function; instead of a routine function, however, the attacker uses the system call to attempt to gain control of the operating system; North Carolina State University researchers offer a solution

  • Stuxnet heralds age of cyber weapons, virtual arms race

    Mounting evidence indicates that Stuxnet was created by the United States and Israel to target Iran’s nuclear program; analysts call this the first use of a specially designed cyber weapon and fear the beginning of a cyber weapons arms race; one analyst hopes that a doctrine of mutually assured destruction will limit the use of these devastating weapons in the future; current trends and other analysts indicate that cyber space will continue to be militarized

  • Bill giving president power over Internet in cyber emergency to return

    A controversial bill handing President Obama power over privately owned computer systems during a “national cyberemergency,” and prohibiting any review by the court system, will return this year; the bill which emerged from a Senate committee on 15 December 2010, is more restrictive in three respects than the original bill, made public June 2010: The revised version sayis that the federal government’s designation of vital Internet or other computer systems “shall not be subject to judicial review”; another addition expanded the definition of critical infrastructure to include “provider of information technology”; a third authorized the submission of “classified” reports on security vulnerabilities

  • Australia unprepared for cyber attacks

    The head of cyber security at BAE Systems Australia is calling for expanded training for cyber security experts in Australia; he believes that there is a lack of proper training and there must be greater cooperation between the government and the private sector; a government report finds that the Australian government is underprepared for cyber security threats; in February 2010 hackers brought down the government’s main site and the parliament’s homepage for two days

  • GAO finds critical shortfalls in cyber security guidelines for smart grid

    The GAO issued a report that found critical shortfalls in the proposed guidelines for modernizing the smart grid; the proposed guidelines, released by NIST and the FERC, contained several shortcomings that would leave the nation’s security grid vulnerable to cyber attack; “missing pieces” in the guideline include a lack of metrics to evaluate cyber security, no enforcement mechanisms, and no coordination of disjointed oversight bodies; NIST and FERC agreed with the findings and is moving to address them in their next set of guidelines

  • Cyber Security Challenge finalists shortlisted

    The nation-wide U.K. Cyber Security Challenge held the first round of competition over the weekend, with two teams making it through to the finals; the industry-sponsored Challenge aims to entice young people into choosing cyber security as a career and to find great IT talent that could be put to use for defending U.K.’s cyber infrastructure

  • Fears of cyberwar exaggerated: report

    New report says that analysis of cyber-security issues has been weakened by the lack of agreement on terminology and the use of exaggerated language; the report says online attacks are unlikely ever to have global significance on the scale of, say, a disease pandemic or a run on the banks; the authors say, though, that “localized misery and loss” could be caused by a successful attack on the Internet’s routing structure, which governments must ensure are defended with investment in cyber-security training

  • Estonia considers draft for newly created cyber army in emergency

    Estonia just announced the creation of an all-volunteer cyber army; the Cyber Defense League unites computer experts from the private sector and the government; the League conducts regular drills and operates under a unified military command; Estonian defense officials are contemplating instituting a cyber expert draft in the event of a serious national crisis; Estonia is the first country to experience a cyber war — in 2007 Russian hackers, suspected of having been directed by the Russian military, systematically shut down major government, financial, political and news Web sites

  • Government IT contractors remain optimistic about future

    Government services and information technology (IT) contractors remain optimistic about future growth; the defense industry still remains as “an $800 billion marketplace,” despite budget cuts and an increasing move by the federal government to insource contracts; IT firms are particularly positive about growth in key areas like cyber security, intelligence, and simulation; federal spending on cyber security is projected to reach $13.3 billion annually by 2015

  • Sourcefire expands westward

    Maryland-based Sourcefire acquires Palo Alto-based Immunet for $21 million, expanding the company’s cybersecurity services; the acquisition will allow Sourcefire to accelerate its cloud-based initiative and provide a platform to expand its security services