-
Bio-inspired analysis helps in recognizing, characterizing evolving cyberthreats
Our reliance on cyber systems permeates virtually every aspect of national infrastructure. The volume of network traffic data generated has outpaced our ability effectively analyze it fast enough to prevent many forms of network-based attacks. In most cases new forms of attacks cannot be detected with current methods. The MLSTONES methodology leverages technologies and methods from biology and DNA research — LINEBACkER applies the MLSTONES methodology to the problem of discovering malicious sequences of traffic in computer networks. LINEBACkER allows cyber security analysts quickly to discover and analyze behaviors of interest in network traffic to enhance situational awareness, enable timely responses, and facilitate rapid forensic and attribution analysis.
-
-
FAA should address weaknesses in air traffic control systems: GAO
The Federal Aviation Administration (FAA) has taken steps to protect its air traffic control systems from cyber-based and other threats, but significant security control weaknesses remain, threatening the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system (NAS), the GAO says in a new report. The GAO report says that FAA also did not fully implement its agency-wide information security program.
-
-
Aviation industry under-prepared to deal with cyber risk: Expert
The aviation industry is behind the curve in terms of its response and readiness to the insidious threat posed by cyber criminality whether from criminals, terrorists, nation states, or hackers, according to Peter Armstrong, head of Cyber Strategy for Willis Group Holdings, the global risk adviser, insurance and reinsurance broker. Armstrong explained that the aviation industry’s under-preparedness is noteworthy in a sector that abhors uncertainty and works tirelessly to eradicate it.
-
-
North Korea’s cyber warriors target Western critical infrastructure
North Korea has a team of roughly 3,000 cyber soldiers dedicated to launching attacks at Western interests in the private and government sector, according to Kim Heung-gwang, a former professor at North Korea’s Hamhung University of Computer Technology, a key military training facility. Heung-gwang, urging Western governments to do more to counter North Korean hacking, said the country’s hackers are targeting Western nuclear power plants, transportation networks, and electrical utilities.
-
-
Army seeks public collaboration in developing security software
Researchers working on a new cybersecurity project at the Army Research Lab (ARL) in Adelphi, Maryland have made available their project to anyone on the Internet in order to prompt professional collaboration and help. This atypical development tactic is intended to kick-start public collaboration on a software tool intended to aid soldiers in understanding where hackers might be targeting military systems.
-
-
Texas lawmakers on the Hill lead drive for cybersecurity legislation
After recent high-profile cyberattacks on the U.S. private sector, Congress has been tasked with passing legislation that will address cybersecurity concerns including how the private sector should report data breaches to regulators and how the U.S. government should respond to state-sponsored cyberattacks. Three Texas Republican lawmakers, through leadership roles in committees and subcommittees, have been charged with exploring solutions to those concerns.
-
-
Government’s authority to protect consumer privacy questioned
A case in the U.S. Court of Appeals for the Third Circuitin Philadelphia could determine what authority the federal government has in protecting consumer privacy on the Internet. Hotel giant Wyndham Worldwide Corp. argued in court that the Federal Trade Commission(FTC) unlawfully tried to enforce cybersecurity standards when the agency brought a case against Wyndham after hackers allegedly stole data from hundreds of thousands of customer accounts in a series of attacks between April 2008 and January 2010.
-
-
DHS to lead anti-cybercrime campaign
DHS is gearing up to be the leader in the White House’s campaign to stop cybercrime. President Barack Obama has called cyberspace the “wild west” and that citizens as well as the private sector are looking to the government to be the sheriff. Obama has signed an executive order to promote information sharing between the private and public sector, but many tech companies are hesitant to provide the government cyberthreat information.Under DHS’s proposal, both private companies and government agencies will submit details of previous or current cyberattacks into a shared database hosted by DHS’s National Cybersecurity and Communications Integration Center. Participating entities will then be able to tap into that database to learn about potential attacks targeted at their respective industries.
-
-
Obama’s cybersecurity initiative: a start but businesses – and individuals – need to do more
The linchpin of President Obama’s recently launched cybersecurity initiative is to encourage the private sector to share information to better defend against cyberattacks. Yet U.S. companies have historically been wary of openly talking about their cybersecurity efforts with competitors and with government — for good reason. Many businesses fear that sharing threat-related information could expose them to liability and litigation, undermine shareholder or consumer confidence, or introduce the potential for leaks of proprietary information. For some companies, Edward Snowden’s revelations of sweeping government surveillance programs have reinforced the impulse to hold corporate cards close to the vest. Yet on the heels of a deluge of high-profile cyberattacks and breaches against numerous U.S. companies, we may finally have reached a tipping point, where potential harm to reputation and revenue now outweighs the downside of disclosure from a corporate perspective. Obama’s executive order is thus a spur to get the ball rolling but, frankly, there is a limit to what government alone can (and should) do in this area. Changes in attitudes and behaviors are needed across the board, right down to families and individuals.
-
-
DHS S&T announces licensing of cyber security technology
The other day, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced that technology from its Cyber Security Division Transition to Practice (TTP) program has been licensed for market commercialization. This is S&T’s second technology that has successfully gone through the program to the commercial market. The technology, Hyperion, developed by Oak Ridge National Laboratory, is a malware forensics detection and software assurance technology which has been licensed to R&K Cyber Solutions LLC, a Manassas, Virginia-based application development and cyber solution company.
-
-
Data breaches notwithstanding, many companies still blasé about cybersecurity
Cybersecurity industry analysts predicted that the 2014 data breaches which plagued Target, Home Depot, and JPMorgan – to name but a few — would elevate information security to “top priority concern” among corporate executives. This has not been the case, as recent surveys of chief information security officers (CISOs) and technology executives at the world’s largest companies show mixed attitudes at best.
-
-
U.S. contemplates responses to a cyber-Pearl Harbor attack on critical infrastructure
Cybersecurity experts often contemplate how U.S. security agencies would react to a cyber-9/11 or a digital Pearl Harbor, in which a computer attack would unplug the power grid, disable communications lines, empty bank accounts, and result in loss of life. “Ultimately, it absolutely could happen,” says one expert. “Yeah, that thought keeps me up at night, in terms of what portion of our critical infrastructure could be really brought to its knees.”
-
-
U.S. farming sector increasingly vulnerable to cyberattacks
America’s farms and agricultural giants are not exempt from cyberattacks, according to officials who spoke at Thursday’s farm-outlook forum hosted by the U.S. Department of Agriculture (USDA). The farming sector is increasingly vulnerable to cyberattacks as farmers and agribusinesses rely more on data, with satellite-guided tractors and algorithm-driven planting services expanding across the U.S. Farm Belt. For industrial farmers, data breaches and manipulation are especially worrisome, considering that many rely on new farm-management services that collect information on soil content and past crop yields to generate planting recommendations.
-
-
First known Arabic cyber-espionage group attacking thousands globally: Kaspersky Lab
The Kaspersky Lab Global Research and Analysis Team the other day announced the discovery of Desert Falcons, a cyber-espionage group targeting multiple high profile organizations and individuals from Middle Eastern countries. Kaspersky Lab said its experts consider this actor to be the first known Arabic group of cyber mercenaries to develop and run full-scale cyber-espionage operations. In total Kaspersky Lab experts were able to find signs of more than 3,000 victims in 50+ countries, with more than one million files stolen.
-
-
Poor decision-making may lead to cybersecurity breaches
Recent high-profile security breaches, such as those at Target, Anthem Inc., and Sony Pictures, have attracted scrutiny to how the seemingly minor decisions of individuals can have major cybersecurity consequences. One expert says that social interactions affect the processes behind personal cybersecurity decision-making. “We all have small supercomputers in our pockets now,” he notes. “Regular people like you and me make a lot of important security decisions on a daily basis.”
-
More headlines
Who's online
The long view
U.S. contemplates responses to a cyber-Pearl Harbor attack on critical infrastructure
Cybersecurity experts often contemplate how U.S. security agencies would react to a cyber-9/11 or a digital Pearl Harbor, in which a computer attack would unplug the power grid, disable communications lines, empty bank accounts, and result in loss of life. “Ultimately, it absolutely could happen,” says one expert. “Yeah, that thought keeps me up at night, in terms of what portion of our critical infrastructure could be really brought to its knees.”
U.S. adopts a more assertive cyber defense posture
Recent cyberattacks and intrusions by hackers, operating alone or backed by nation-states, have prompted the Pentagon and DHS to reaffirm their commitment to upholding the reliability and integrity of America’s cyber network and the systems connected to it. Americans rely on the connected Web to deliver critical services such as water and electricity, and should the Web be breached by bad actors, the consequences could threaten national security. “If we look at cyberspace as a hostile environment and there are bad people out there who want to do bad things to us, it may cause a wholesale re-examination of the way we build our systems in the first place,” noted one expert.