• U.S. financial industry pushes Congress to pass cybersecurity bill

    Three financial-industry trade groups have issued a letter to senior members of the Senate Select Committee on Intelligenceto re-energize a campaign for moving forward with cybersecurity legislation. The trade groups, representing the U.S. largest financial institutions, said their ability to prevent cyberattacks will be hindered unless Congress acts.

  • Cyberdeviance, cybercrime start and peak in the teen years

    A snapshot survey indicates that cyberdeviance and cybercrime start among teens at about age 15 and peak at about age 18. This is in line with the traditional onset and peak ages for other types of misdemeanor and criminal offenses.

  • Inkblots bolster security of online passwords

    Computer scientists have developed a new password system that incorporates inkblots to provide an extra measure of protection when, as so often occurs, lists of passwords get stolen from websites. This new type of password, dubbed a GOTCHA (Generating panOptic Turing Tests to Tell Computers and Humans Apart), could foil growing problem of automated brute force attacks, and would be suitable for protecting high-value accounts, such as bank accounts, medical records, and other sensitive information.

  • Coordinating responses to cloud, infrastructure vulnerabilities

    Cybercrime presents a significant threat to individual privacy, commerce, and national security. In order to tackle this cross-border threat properly, agents involved in managing and monitoring cyber-risk-critical assets need to be able to cooperate and co-ordinate their prevention strategies. Platforms enabling coordinated cross-border responses already work well for handling malicious activity on the traditional Internet. The advent of cloud computing, however, has created a new set of challenges for security professionals in securing the platforms that deliver the cloud.

    • view counter

  • National grid in mock power emergency drill today and tomorrow

    North American power companies will participate in a mock power emergency scenario today and tomorrow (13-14 November) to test their ability to respond to physical or cyberattacks that may lead to widespread power outages and long term blackouts. The exercise, known as GridEx II, is the second emergency response exercise conducted by North American Electric Reliability Corporation (NERC) intended to task North American electric utility companies with reviewing their security and crisis response strategies.

  • DHS struggling to respond to cybersecurity threats: IG

    A recent reportby DHS inspector general (IG) has documented the agency’s struggle to respond to cybersecurity threats and its inability to disseminate information about threats because of technical, funding, and staffing challenges.

    • view counter

  • Making cybersecurity a political issue

    U.S. federal agencies have reported a dramatic rise in the number of cyberattacks over the past few years, with reported cyber incidents rising from 5,503 in 2006 to 48,562 in 2012. Since cyber incidents pose such a threat to national security and infrastructure, could cybersecurity become a political campaign issue? Experts say that if politicians were to focus their attention, and their constituents’ attention, on cybersecurity, the United States could be made safer from cyberattacks before a “cyber Pearl Harbor” – or a “cyber 9/11” – occurs.

  • IID raises $8 million to scale shared cyberintelligence offering

    Despite the growing danger posed by cybercrime, information vital to stemming the tide is fragmented across the Internet today. Pockets of data about threat activity are siloed within the repositories of individual enterprises, government organizations, vendor networks, and research institutions. IID’s ActiveTrust enables enterprises and government agencies to combat the rising frequency and sophistication of cyberattacks by sharing cyber incident data in real time. IID has raised $8 million in Series A funding from Bessemer Venture Partners (BVP), and said it will use the investment to accommodate growing demand for ActiveTrust.

  • Many Android vulnerabilities result from manufacturer modifications

    Computer security researchers have found that Android smartphone manufacturers are inadvertently incorporating new vulnerabilities into their products when they customize the phones before sale, according to a recent study. On average, the researchers found that 60 percent of the vulnerabilities found in the smartphone models they evaluated were due to such “vendor customizations.”

  • Bill bolsters DHS’s cybersecurity workforce

    A House panel recently approved HR 3107, a bill aiming to bolster DHS’s cybersecurity workforce. The House Homeland Security Committeeamended the Homeland Security Cybersecurity Boots-on-the-Ground Actto expand DHS’ outreach to candidates for IT security jobs by creating a tuition-for-work fellowship and a program to recruit military veterans and unemployed IT specialists for DHS employment.

  • Preventing a “cyber Pearl Harbor”

    By Paul Goldenberg

    Cyber-security has become the new homeland security of the decade. Last year, then- Defense Secretary Leon Panetta issued a call to arms against cyberattacks, warning that sophisticated attacks against the United States could be America’s next “cyber Pearl Harbor.” It is imperative that we apply the same level of awareness and action as we have to the physical security of our facilities to ensure our security against this ever-evolving threat.

  • Mobile phone use a significant security risks for companies

    New research suggests that companies are leaving themselves open to potentially serious security and legal risks by employees’ improper use of corporate mobile devices. Experts looked at a sample of mobile phones returned by the employees from one Fortune 500 company and found that they were able to retrieve large amounts of sensitive corporate and personal information. The loss of data such as this has potential security risks, inviting breaches on both an individual and corporate level.

  • NIST seeks public comments on updated smart-grid cybersecurity guidelines

    The National Institute of Standards and Technology (NIST) is requesting public comments on the first revision to its guidelines for secure implementation of “smart grid” technology. The draft document, NIST Interagency Report (IR) 7628 Revision 1: Guidelines for Smart Grid Cybersecurity, is the first update to NISTIR 7628 since its initial publication in September 2010.

  • DDoS protection specialist Black Lotus raises $3.5 million

    San Francisco-based Black Lotus, a DDoS protection specialist, last week announced the completion of its first institutional financing in the amount of $3.5 million. The round was led by San Francisco-based Industry Capital. The strategic investment will fund entry into new markets, where Black Lotus will deploy additional capacity and improve quality of service through peering and closer proximity to global partner networks.

  • Terrorism insurance should cover cyberterrorism: industry

    The Terrorism Risk Insurance Act(TRIA) is a federal backstop designed to protect insurers in the event an act of terrorism results in losses above $100 million. Industry officials question whether cyber terrorism is covered by the program, which is administered by the Treasury Department. Industry insiders note that terrorism risks have evolved since TRIA was enacted and cyberterrorism is now a real threat. TRIA should thus not simply be reauthorized with a blanket stamp of approval; instead there should be a discussion about whether acts of cyberterrorism should be explicitly included in TRIA.