• U.S. implements president's cybersecurity recommendations

    GAO reports that of the 24 recommendations included in the president’s May 2009 cyber policy review report, 2 have been fully implemented and 22 have been partially implemented; the two fully implemented recommendations involve appointing within the National Security Council (NSC) a cybersecurity policy official (Special Assistant to the President and Cybersecurity Coordinator) responsible for coordinating the U.S. cybersecurity policies and activities, and a privacy and civil liberties official. Examples of partially implemented recommendations include

  • Stuxnet shows how nuclear plants may be attacked

    Security experts say that critical infrastructure firms need to respond quickly in order to protect their systems from Stuxnet, and warn that its spread may mark the beginning of increased cyber espionage and sabotage; what is especially worrisome about Stuxnet is that a pattern in its code — designed to match that of a specific application — suggests that the worm’s authors had a specific facility in mind

  • October's National Cyber Security Awareness Month launched

    Dozens of cybersecurity initiatives to reach consumers, students, and businesses; the National Cyber Security Alliance (NCSA), DHS, and the Multi-State Information Sharing and Analysis Center, have sponsored National Cyber Security Awareness Month every October since its founding in 2003

  • Faster cybersecurity with merging of two protocols

    Combination of unrelated protocols — a suite of automated network access control standards from the Trusted Computing Group and the government’s Security Content Automation Protocols (SCAP) — now being tested in South Carolina to enable automated policy enforcement on networks; the two standards offer a complementary set of capabilities, each valuable in its own right but much more powerful when combined

  • Cyber innovation center launches in Maryland

    SAIC opens a new Cyber Innovation Center in Columbia, Maryland; SAIC employees in Columbia and throughout the United States will have remote access to the Center’s technical-solutions lab

  • U.S. battling simulated cyber attack in Cyber Storm III exercise

    A 3-day cyber exercise simulates a “large-scale cyberattack on critical infrastructure,” involving thousands of participants at computer work stations across the globe and is one of the largest such exercises ever conducted; the biennial exercise is being staged by DHS and is the first test of the new National Cybersecurity and Communications Integration Center (NCCIC); the NCCIC booted up in October 2009 to serve as the coordinating center for U.S. cybersecurity operations and houses U.S. government computer experts and their private sector counterparts under one roof

  • U.S. to make Internet wiretaps easier

    The Obama administration plans to submit a bill next year that would require all online services that enable communications to be technically equipped to comply with a wiretap order; this would include providers of encrypted e-mail, such as BlackBerry, networking sites like Facebook, and direct communication services like Skype; federal law enforcement and national security officials say new the regulations are needed because terrorists and criminals are increasingly giving up their phones to communicate online

  • Iran admits its nuclear facilities are under massive cyberattack

    Iran has confirmed that 30,000 computers in the country’s power stations, including the nuclear reactor in Bushehr, have been attacked by the Stuxnet worm; the Stuxnet worm is described by experts as the most complex piece of malware ever designed; once Stuxnet gains access to a plant’s computers, it hunts out specific software that controls operations such as the opening and closing of valves or temperature regulation; by halting those processes it can cause extensive damage to nuclear power stations, power grids or other industrial facilities; the high number of infections in Iran have led experts to conclude that the worm may have been designed in the United States or Israel to disable Iran’s controversial nuclear facilities

  • Secure network for critical infrastructure idea draws fire

    The Obama administration wants to develop a secure computer network to defend civilian government agencies and critical civilian infrastructure and industries; the restricted network would allow the government to provide greater protection to vital online operations and critical infrastructure — such as financial networks, commercial aviation systems, and the national power grid — from Internet-based attacks; critics say this ambitious idea is impractical

  • Experts: Israel used cyber weapon to disrupt Iran's nuclear reactor

    The Stuxnet malware has infiltrated industrial computer systems worldwide in July and August; now, cyber security experts say that the worm was, in fact, is a search-and-destroy cyber weapon meant to hit a single target — Iran’s Bushehr reactor; Stuxnet amazed — and stunned — computer security experts: too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick; in Stuxnet, the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide — Internet link not required

  • MI5: Cyber espionage on the rise, but can be easily beaten

    MI5 says the Internet has made the threat of espionage by foreign countries higher than ever before, but insisted it is “relatively straightforward” to block attempts to steal data; MI5 has previously written to the bosses of big British companies to warn them of the threat online, particularly from hackers with links to the Chinese intelligence services

  • Security standards for smart grid evolve

    Digital technology in the smart grid measures and distributes the delivery of electricity to consumers and has the potential to reduce energy use and costs for consumers as it’s deployed in more areas of the country; security experts say, however, that the new network will offer new avenues for criminals to infiltrate, corrupt and steal data

  • U.K to increase spending on cybersecurity

    U.K. defense minister that cuts in information security spending are not on the agenda for the Strategic Defense and Security Review (SDSR), which is due to report back in the autumn; on the contrary, Britain is looking to boost its capabilities in the area

  • The most pressing cybersecurity issue

    According to Red Hat’s Gunnar Hellekson the most pressing cybersecurity issue is “the threat that comes from our reactions to real and perceived threats…I see this growing ‘Fortress America’ movement around computer security and the security of the software-supply chain”

  • EMP threat to U.S. should be kept in perspective

    In 1962 the United States conducted a high-altitude nuclear test above Johnston Island, 825 miles southwest of Hawaii; detonated 400 kilometers above the island, the resulting nuclear blast knocked out street lights across Hawaii and tripped circuit breakers, triggered burglar alarms, and damaged a telecommunications relay facility on the island of Kauai; could terrorist, or a nuclear-armed rogue state, launch an EMP Pearl Harbor against the United States?