• China: Determined to dominate cyberspace and AI

    China is chasing dominance in emerging artificial intelligence (AI) technologies in both the private and military sectors, as a central part of its effort to be the leading global cyber power, Chris C. Demchak writes in the Bulletin of the Atomic Scientists. The rise of AI – a subset of cyber as are machine learning, quantum computing, and other new technologies – does not herald a new arms race equivalent to that of the Cold War. Rather, the concern should be on the profound disruption to the existing Westernized global order. In the 1990s, Western nations, led by the United States, created what Demchak calls a “Westernized national creation”: cyberspace. Cyberspace, however, has created a multitude of ubiquitous, embedded vulnerabilities whose easy exploitation directly accelerated the rise of an otherwise impoverished authoritarian and aggressive China. Today, no single democracy has the scale and sufficient resources alone to match the foreknowledge and strategic coherence of the newly confident and assertive China. There is thus a need to create a Cyber Operational Resilience Alliance (CORA) to provide the scale and collective strategic coherence required to ensure the future wellbeing and security of democracy in an overwhelmingly authoritarian, post-Western, cybered world.

  • Enabling more comprehensive tests on high-risk software

    We entrust our lives to software every time we step aboard a high-tech aircraft or modern car. A long-term research effort has developed new tools to make this type of safety-critical software even safer.

  • Can WiFi networks be completely secure?

    There are many ways in which hackers and crackers can break into a Wi-Fi network. It is trivial if the network uses out of date security protocols or weak passwords. But even if the system is set up with the latest security measures, strong passwords, and firewall and malware protection, there are still ways and means that a malicious third party might access such a network.

  • Identifying new way to improve cybersecurity

    With cybersecurity one of the nation’s top security concerns and billions of people affected by breaches last year, government and businesses are spending more time and money defending against it. Researchers have identified a new way to improve network security.

  • Biologically inspired network protection software

    Electrical engineers look to the human immune system for clues on how to best protect digital networks. It’s a concept that’s beginning to be explored more and more by researchers in a variety of fields: What does the human body do well and how can we adapt those mechanisms to improve technology or engineering systems?

  • British oversight body: Security flaws in Huawei 5G networks

    A British oversight board has slammed the Chinese telecom giant Huawei for software security flaws. The report, however, stopped short of blaming Chinese intelligence agencies for the engineering defects. The United States is concerned that Huawei is a front for the Chinese intelligence services, and that rolling out Huawei’s 5G system in Europe would open the door for Chinese spying or sabotage.

  • Mega European project on cybersecurity and data protection

    A new European Commission cyber project aims to set international standards in cybersecurity and boost the effectiveness of Europe’s security capacities.

  • Expanding cybersecurity education to fill job market shortfall

    Experts say that the U.S. cyber workforce shortfall is growing. By the 2022, the shortage of cybersecurity professionals is predicted to be 1.8 million. Colleges and universities expand their cybersecurity education offerings.

  • Developing a system to identify, patch software security holes

    DARPA is funding research of security vulnerabilities in web software. A new system called GAMEPLAY (for Graph Analysis for Mechanized Exploit-generation and vulnerability Patching Leveraging human Assistance for improved Yield) will spot security weaknesses in the millions – sometimes billions – of lines of code that run websites including banking and online shopping which are attractive to hackers.

  • Is your VPN secure?

    About a quarter of internet users use a virtual private network, a software setup that creates a secure, encrypted data connection between their own computer and another one elsewhere on the internet. Many people use them to protect their privacy when using Wi-Fi hotspots, or to connect securely to workplace networks while traveling. Other users are concerned about surveillance from governments and internet providers. However, most people – including VPN customers – don’t have the skills to double-check that they’re getting what they paid for. A group of researchers I was part of do have those skills, and our examination of the services provided by 200 VPN companies found that many of them mislead customers about key aspects of their user protections.

  • Problems using mobile technologies in public health care

    Many health care providers in remote locations around the world are actively using newer mobile technologies like text messaging and fingerprint identification to deliver important services and timely information to their patients. While the efforts are well-intended, two new studies find that such approaches need to be closely monitored to make sure they are meeting targeted goals. The two recently published studies identified multiple problems integrating mobile technologies into public health care.

  • Significance vulnerabilities discovered in high-performance computer chips

    Researchers have uncovered significant and previously unknown vulnerabilities in high-performance computer chips that could lead to failures in modern electronics. The researchers found they could damage the on-chip communications system and shorten the lifetime of the whole computer chip significantly by deliberately adding malicious workload.

  • Answering the pressing cyber-risk economics questions

    When it comes to improving the cybersecurity posture of the U.S. critical infrastructure and vital data assets, there are a host of questions that need to be answered before actionable cybersecurity risk-management strategies can be developed and resources deployed.

  • Strict password policies help prevent fraud

    The all-too-common practice of using the same email address/password combination to log into multiple websites can be damaging, especially for employers with many users and valuable assets protected by passwords, like universities. Researchers show that longer minimum passwords are the most effective way to prevent password reuse and reduce potential exposure in a third-party data breach.

  • S&T awards $11.6 million to defend against network, internet disruptions

    Five research organizations were awarded separate contracts totaling $11,511,565 to develop new methods to identify and attribute Network/Internet-scale Disruptive Events (NIDEs), the DHS S&T announced last week.