-
FBI denies hackers’ claim that they had stolen Apple ID data
The FBI on Tuesday disputed the claim of a computer hacker group that said it had stolen the personal identification data on millions of Apple device owners from an FBI agent’s laptop
-
-
Cloud OS for the U.S. intelligence community
Cloud management specialist Adaptive Computingis partnering with the investment arm of the CIA, In-Q-Tel, to develop a cloud operating system for use by U.S. intelligence agency
-
-
NSF awards Norwich University a grant for computer security scholarships
Norwich University in Vermont was awarded a $975,000 grant from the National Science Foundation’s (NSF) Scholarship for Service program; the funds will be used to support Information Assurance students; the students will fulfill the “service” obligation through employment by a government agency in their area of information assurance expertise for two years
-
-
U.S. always ends up regulating new technologies for public safety; the Internet is no exception
Homeland Security News Wire’s executive editor Derek Major talked with CSIS’s James Lewis about the cybersecurity challenges the United States faces, Stuxnet, China’s hacking campaign, cyber arms control efforts, and more; on the stalled cybersecurity bill, opposed by critical infrastructure operators as being too burdensome, Lewis says: “It takes America about 20-40 years to come to terms with a new technology, but we always end up regulating it for public safety. This will be no different. We are in year 17.”
-
-
Most cybersecurity incidents in Europe remain undetected or not reported
In a new report, the EU cyber security agency takes a snapshot of existing and future EU legislation on security measures and incident reporting; the analysis underlines important steps forward, but also identifies gaps in national implementation, as most incidents are not reported
-
-
Siemens software which controls power plants vulnerable to hackers
RuggedCom is a Canadian subsidiary of Siemenswhich sells networking equipment for use in harsh environments with extreme and inclement weather; many critical infrastructure operators of power plants, water systems, dams, and more; a security specialist discovered a flaw in the software, a flaw which allows hackers to spy on communication of infrastructure operators and gain credentials to access computer systems which control power plants as well as other critical systems
-
-
U.S. may already have authority to issue infrastructure protection regulations
While the president and Congress continue to debate the cybersecurity bill, the White House Office of Management and Budget may already have sufficient statutory authority to enact new regulations through the normal notice-and-comment rulemaking process; the basis for such regulations would be the Data Quality Act (DQA) which sets the standards for the integrity of data used by federal agencies in public disseminations
-
-
Obama considering executive order for infrastructure protection
President Barack Obama is exploring whether to issue an executive order to protect the U.S. critical computer infrastructure from cyber attacks; White House sources say an executive order is being considered after a 2 August procedural vote in the Senate that all but doomed a scyberecurity bill endorsed by Obama as well as current and former national security officials from both Republican and Democratic administrations
-
-
The five biggest stories at Black Hat
The annual Black Hat Briefings conference, held last week in Las Vegas, is the world’s biggest, and arguably the most important, gathering of security researchers; here are the five biggest stories to take away from last week’s Black Hat meeting in Las Vegas
-
-
Global air control system largely defenseless against hacking
The ADS-b system, the multi-billion dollar communication system deployed at airports around the world over the last few years, has two major flaws: first, it has no means of verifying who is actually sending a message, which means that a hacker can impersonate an aircraft and send malicious and misleading information to control towers and to other aircraft; second, the position, velocity, and other information broadcast by aircraft is not encrypted and can be grabbed from the air; a presenter at the Black Hat cybersecurity event showed how it is possible to use the information to plot the route of Air Force Phone on an iPad; these two vulnerabilities can be easily exploited by anyone with modest technical skills and about $2,000 worth of electronics
-
-
Winners of the California Cyber Summer Camp Capture the Flag competition announced
Cal Poly Pomona, in partnership with Booz Allen Hamilton and the U.S. Cyber Challenge, hosted the U.S. Cyber Challenge California Cyber Summer Camp in Pomona, California; the camp curriculum included in-depth workshops on a range of topics, including penetration testing, reverse engineering, and forensics; the week was capped off by a virtual “capture the flag” competition and awards ceremony on the last day
-
-
Researchers say spoofed GPS signals can be countered
From cars to commercial airplanes to military drones, global positioning system (GPS) technology is everywhere — and researchers have known for years that it can be hacked, or as they call it, “spoofed”; the best defense, they say, is to create countermeasures that unscrupulous GPS spoofers can not deceive
-
-
Game lets players try their hand at computer security
A new game — Control-Alt-Hack — gives teenage and young-adult players a taste of what it means to be a computer-security professional defending against an ever-expanding range of digital threats; the game’s creators will present it this week in Las Vegas at Black Hat 2012; educators in the continental United States can apply to get a free copy of the game while supplies last; it is scheduled to go on sale in the fall for a retail price of about $30
-
-
Mobile device necessitate “stateless” IT security architecture
I n a new report, Forrester analysts say that to stay ahead of evolving mobile business requirements, security and risk (S&R) and infrastructure and operations (I&O) executives cannot rely on the old approach of end-to-end control over the data path, device, and applications; instead, they must embrace a “stateless” architecture in which IT decouples security controls from the devices and the infrastructure, derives trust dynamically, and avoids costly new investment of in-house applications and infrastructure
-
-
Sharp increase in cyberattacks on U.S. critical infrastructure
The number of reported cyberattacks on U.S. critical infrastructure increased sharply – from 9 incidents in 2009 to 198 in 2011; water sector-specific incidents, when added to the incidents which affected several sectors, accounted for more than half of the incidents; in more than half of the most serious cases, implementing best practices such as login limitation or properly configured firewall, would have deterred the attack, reduced the time it would have taken to detect an attack, and minimize its impact
-
More headlines
Who's online
The long view
U.S. contemplates responses to a cyber-Pearl Harbor attack on critical infrastructure
Cybersecurity experts often contemplate how U.S. security agencies would react to a cyber-9/11 or a digital Pearl Harbor, in which a computer attack would unplug the power grid, disable communications lines, empty bank accounts, and result in loss of life. “Ultimately, it absolutely could happen,” says one expert. “Yeah, that thought keeps me up at night, in terms of what portion of our critical infrastructure could be really brought to its knees.”
U.S. adopts a more assertive cyber defense posture
Recent cyberattacks and intrusions by hackers, operating alone or backed by nation-states, have prompted the Pentagon and DHS to reaffirm their commitment to upholding the reliability and integrity of America’s cyber network and the systems connected to it. Americans rely on the connected Web to deliver critical services such as water and electricity, and should the Web be breached by bad actors, the consequences could threaten national security. “If we look at cyberspace as a hostile environment and there are bad people out there who want to do bad things to us, it may cause a wholesale re-examination of the way we build our systems in the first place,” noted one expert.