• Improving cybersecurity top priority: Federal CIOs, CISOs

    Federal chief information officers (CIOs) and chief information security officers (CISOs) cite improving cybersecurity as their top priority. Annual survey reports that 63 percent of participants said cybersecurity issues were one of their top three priorities; with 66 percent noting that cyber threats to their organizations rose by at least 10 percent in 2013. Eighty-seven percent of respondents pointed out that their organizations have increased spending on cybersecurity, but noted that the fiscal 2015 budget proposal which calls for $13 billion toward cybersecurity improvements at civilian and defense agencies, will need to be increased in the future.

  • IT security at U.S. ports weak: GAO

    The Government Accountability Office (GAO) reports that maritime security policies and plans at three high-risk U.S. ports do not effectively address how to assess, manage, and respond to cybersecurity threats. While all three ports have strategies to deal with physical security, there were few policies that specifically addressed cybersecurity.

  • Six more bugs found in popular OpenSSL security tool

    OpenSSL is a security tool that provides facilities to other computer programs to communicate securely over the public Internet. OpenSSL is also used in some common consumer applications, such as software in Google’s Android smartphones. So when the Heartbleed vulnerability in OpenSSL was discovered and widely publicized in April this year, system administrators had to rush to update their systems to protect against it. Computer system administrators around the world are groaning again as six new security problems have been found in the OpenSSL security library.

  • Squiggly lines may be the future of password security

    As more people use smart phones or tablets to pay bills, make purchases, store personal information, and even control access to their houses, the need for robust password security has become more critical than ever. A new study shows that free-form gestures — sweeping fingers in shapes across the screen of a smart phone or tablet — can be used to unlock phones and grant access to apps. These gestures are less likely than traditional typed passwords or newer “connect-the-dots” grid exercises to be observed and reproduced by “shoulder surfers” who spy on users to gain unauthorized access.

    • view counter

  • Adm. Michael Rogers: Businesses must “own” cybersecurity threats

    Cybersecurity threats are a vital issue for the nation, and like the Defense Department, businesses must own the problem to successfully carry out their missions, DOD’s top cybersecurity expert told a forum of businesspeople.

  • DARPA’s Cyber Grand Challenge aims to see fully automated network security systems developed

    There is an increasingly serious cybersecurity problem: the inadequacy of current network security systems, which require expert programmers to identify and repair system weaknesses — typically after attackers have taken advantage of those weaknesses to steal data or disrupt processes. Such disruptions pose greater risks than ever as more and more devices, including vehicles and homes, get networked in what has become known as “the Internet of things.” DARPA is addressing this problem, with teams from around the world starting a two-year track toward the world’s first tournament of fully automated network security systems. Computer security experts from academia, industry, and the larger security community have organized themselves into more than thirty teams to compete in DARPA’s Cyber Grand Challenge — first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched.

    • view counter

  • Roots of Trust research focuses on protecting cyber physical systems

    “Roots of Trust” refers to a set of security functions in a device or system, which are implicitly trusted by the device’s operating system and applications, and which constitute the foundation for security. The Cyber Security Research Alliance (CSRA) the other day said it will prioritize research in Roots of Trust for cyber physical systems (CPS), to help address growing cyber security threats to public and private critical infrastructure.

  • Develop tool to make the Internet of Things safer

    There is a big push to create the so-called Internet of Things, where all devices are connected and communicate with one another. As a result, embedded systems — small computer systems built around microcontrollers — are becoming more common. They remain vulnerable, however, to security breaches. Some examples of devices that may be hackable: medical devices, cars, cell phones and smart grid technology. Computer scientists have developed a tool that allows hardware designers and system builders to test security- a first for the field.

  • Is your iPhone at risk after the Oleg Pliss hack?

    iPhone users in Australia were greeted with an alarming message this week when they tried to use their devices. They were told that a hacker or group of hackers going by the name Oleg Pliss had taken control of their phone and will lock it permanently unless a $100 ransom is paid. It’s not yet clear whether the attack is likely to affect iPhone users outside Australia but even if it doesn’t, the attack has raised questions about the security of the iPhone. Apple products have a reputation for being more secure than others and this is the first major attack of its kind. iPhone is one of the most secure smartphones and that is still true. This attack is a very clever compromise but it does not actually hack into your phone. Instead, Oleg Pliss seems to have found a way of attacking the remote server that supports an iPhone user’s iCloud account.

  • Future cyberattacks to cause more trouble than Heartbleed

    Many of the future cyberattacks could take advantage of vulnerabilities similar to Heartbleed, a major Internet security flaw which allows attackers to gain access to encrypted passwords, credit card details, and other data on trusted Web sites including Facebook, Gmail, Instagram, and Pinterest. A new report said that hackers could soon use similar holes in computer security to shut down energy grids, disrupt public services, and steal vast amounts of private data worth billions of dollars, unless institutions take measures today to ready themselves against future Heartbleed-like threats.

  • Testing distributed computing to protect against cyberattacks on power grids

    The power grid is complicated, divided up into sections that cover everything from a single municipal area (like New York City) to large regions (like the entire state of California). Each of these sections is controlled by a single control center. If that control center stops functioning, because of a cyberattack or for any other reason, it is no longer capable of monitoring and maintaining the grid, resulting in severe instabilities in the system. The SmartAmerica Challenge, which kicked off in late 2013 to highlight U.S. research in the field of cyberphysical systems, aims to address power grid security concerns.

  • Snowden revelations spur a surge in encrypted e-mail services

    The Edward Snowden revelations about National Security Agency(N.S.A) surveillance programs have fueled a surge of new e-mail encryption services. “A lot of people were upset with those revelations, and that coalesced into this effort,” said the co-developer of a new encrypted e-mail service which launched last Friday. The company notes that its servers are based in Switzerland, making it more difficult for U.S. law enforcement to reach them.

  • Researchers crack supposedly impregnable encryption algorithm in two hours

    Without cryptography, no one would dare to type their credit card number on the Internet. Security systems developed to protect the communication privacy between the seller and the buyer are the prime targets for hackers of all kinds, hence making it necessary for encryption algorithms to be regularly strengthened. A protocol based on “discrete logarithms,” deemed as one of the candidates for the Internet’s future security systems, was decrypted by École polytechnique fédérale de Lausann (EPFL) researchers. Allegedly tamper-proof, it could only stand up to the school machines’ decryption attempts for two hours.

  • NIST seeking comments on revisions to ICS security guide

    The National Institute of Standards and Technology (NIST) has issued for public review and comment a proposed major update to its Guide to Industrial Control Systems (ICS) Security. The NIST guide, downloaded more than 2.5 million times since its initial release in 2006, advises on how to reduce the vulnerability of computer-controlled industrial systems used by industrial plants, public utilities and other major infrastructure operations to malicious attacks, equipment failures, errors, inadequate malware protection and other software-related threats.

  • Cybersecurity bill not likely before a crisis proves its necessity

    A recent simulation, with 350 participants from congressional staffs, the cybersecurity sector, and the U.S. military, examined whether or not Congress was capable of passing a comprehensive cybersecurity legislation to protect the country’s critical infrastructure from debilitating cyberattacks. The simulation participants concluded that Congress is not likely to act unless there is a major cyber crisis, and that until such crisis occurs, smaller measures, such as the president’s voluntary cybersecurity framework, are the best that can be hoped for.