• GAO: U.S. slow to implement president's cyber security strategy

    In May 2009 President Obama outlined his cyber policy strategy; a year and a half later, much of that strategy is yet to be implemented; a GAO report reveals that officials are making slow progress on all but two of the twenty-four specific goals highlighted in the president’s strategy

  • Chinese hackers steal South Korean defense secrets

    Chinese hackers have stolen secrets on South Korea’s defense and foreign affairs by using bogus e-mails claiming to come from Seoul officials and diplomats; similar attacks originating in China-based servers briefly crippled U.S. and South Korean government and commercial Web sites in July 2009

  • U.S. considering Aussie Internet security program

    The Obama administration is considering adoption of parts of an Internet security scheme which will go into effect in Australia in December; the plan will allow Internet service providers to alert customers if their computers are taken over by hackers — and could limit these customers’ online access if they do not fix the problem

  • U.K. security firms say GCHQ's cyberattack warning overwrought

    U.K. cybersecurity industry insiders say last week’s warnings by Britain’s cybersecurity chief about the cyber threat the U.K. was facing may have over-hyped threats — and may have been related more to the run-up to the U.K. government’s comprehensive spending review announcement than to new threat information

  • DHS, Pentagon enhance cybersecurity cooperation

    The Pentagon and DHS unveiled an agreement on Wednesday designed to boost cooperation in defending military and private computer networks from growing cyber threats; cybersecurity was the scene of fierce turf battles under the previous administration between DHS and the Pentagon’s super-secret electronic surveillance National Security Agency (NSA)

  • Microsoft releases barrage of fixes at Stuxnet and more

    Microsoft on Tuesday released a record high number of software patches aimed at countering computer threats including a Stuxnet “worm” attacking industrial networks; the 49 fixes released by Microsoft were ranked in importance from “critical” to “moderate” and addressed vulnerabilities in an array of Microsoft programs used in personal computers

  • Britain faces "real and credible" cyber threat: intelligence chief

    In a rare public speech, Iain Lobban, director of the Government Communications Headquarters (GCHQ), said that there is a “real and credible” cyber threat to U.K. infrastructure, and that Britain’s economy could be at risk if effective protection against cyber attacks was not developed

  • U.S. implements president's cybersecurity recommendations

    GAO reports that of the 24 recommendations included in the president’s May 2009 cyber policy review report, 2 have been fully implemented and 22 have been partially implemented; the two fully implemented recommendations involve appointing within the National Security Council (NSC) a cybersecurity policy official (Special Assistant to the President and Cybersecurity Coordinator) responsible for coordinating the U.S. cybersecurity policies and activities, and a privacy and civil liberties official. Examples of partially implemented recommendations include

  • Stuxnet shows how nuclear plants may be attacked

    Security experts say that critical infrastructure firms need to respond quickly in order to protect their systems from Stuxnet, and warn that its spread may mark the beginning of increased cyber espionage and sabotage; what is especially worrisome about Stuxnet is that a pattern in its code — designed to match that of a specific application — suggests that the worm’s authors had a specific facility in mind

  • October's National Cyber Security Awareness Month launched

    Dozens of cybersecurity initiatives to reach consumers, students, and businesses; the National Cyber Security Alliance (NCSA), DHS, and the Multi-State Information Sharing and Analysis Center, have sponsored National Cyber Security Awareness Month every October since its founding in 2003

  • Faster cybersecurity with merging of two protocols

    Combination of unrelated protocols — a suite of automated network access control standards from the Trusted Computing Group and the government’s Security Content Automation Protocols (SCAP) — now being tested in South Carolina to enable automated policy enforcement on networks; the two standards offer a complementary set of capabilities, each valuable in its own right but much more powerful when combined

  • Cyber innovation center launches in Maryland

    SAIC opens a new Cyber Innovation Center in Columbia, Maryland; SAIC employees in Columbia and throughout the United States will have remote access to the Center’s technical-solutions lab

  • U.S. battling simulated cyber attack in Cyber Storm III exercise

    A 3-day cyber exercise simulates a “large-scale cyberattack on critical infrastructure,” involving thousands of participants at computer work stations across the globe and is one of the largest such exercises ever conducted; the biennial exercise is being staged by DHS and is the first test of the new National Cybersecurity and Communications Integration Center (NCCIC); the NCCIC booted up in October 2009 to serve as the coordinating center for U.S. cybersecurity operations and houses U.S. government computer experts and their private sector counterparts under one roof

  • U.S. to make Internet wiretaps easier

    The Obama administration plans to submit a bill next year that would require all online services that enable communications to be technically equipped to comply with a wiretap order; this would include providers of encrypted e-mail, such as BlackBerry, networking sites like Facebook, and direct communication services like Skype; federal law enforcement and national security officials say new the regulations are needed because terrorists and criminals are increasingly giving up their phones to communicate online

  • Iran admits its nuclear facilities are under massive cyberattack

    Iran has confirmed that 30,000 computers in the country’s power stations, including the nuclear reactor in Bushehr, have been attacked by the Stuxnet worm; the Stuxnet worm is described by experts as the most complex piece of malware ever designed; once Stuxnet gains access to a plant’s computers, it hunts out specific software that controls operations such as the opening and closing of valves or temperature regulation; by halting those processes it can cause extensive damage to nuclear power stations, power grids or other industrial facilities; the high number of infections in Iran have led experts to conclude that the worm may have been designed in the United States or Israel to disable Iran’s controversial nuclear facilities