• Russian government hackers insert malware in U.S. critical infrastructure control software

    Investigators have uncovered a Trojan Horse named BlackEnergy in the software that runs much of the U.S. critical infrastructure. In a worst case scenario, the malware could shut down oil and gas pipelines, power transmission grids, water distribution and filtration systems, and wind turbines, causing an economic catastrophe. Some industry insiders learned of the intrusion last week via a DHS alert bulletin issued by the agency’s Industrial Control Systems Cyber Emergency Response Team(ICS-CERT). The BlackEnergy penetration had recently been detected by several companies. Experts say Russia has placed the malware in key U.S. systems as a threat or a deterrent to a U.S. cyberattack on Russian systems – mutual assured destruction from a cold war-era playbook.

  • New report urges policy overhaul, transparency in offensive cyber operations

    A newly released report, titled Joint Publication 3-12(R) and authored by the Joint Chiefs of Staff, has revealed that some top commanders are calling for a policy overhaul and more public transparency in offensive cyber operations, given the growing need for such operations. Some previous documents have been published on the topic, but there is no official U.S. military policy book for cyber operations.

  • A major cyberattack causing widespread harm to national security is imminent: Experts

    A new report found that more than 60 percent of the roughly 1,600 computer and Internet experts surveyed on the future of cyberattacks believe a nationwide cyberattack is imminent. They did so in response to the question: “By 2025, will a major cyberattack have caused widespread harm to a nation’s security and capacity to defend itself and its people?” The experts also warn about the risks to privacy which will accompany a growing focus on cybersecurity.

  • U.S. should emulate allies in pushing for public-private cybersecurity collaboration

    Israeli Prime Minister Benjamin Netanyahu announced last month the formation of a national cyber defense authority to defend civilian networks under the leadership of the Israel National Cyber Bureau.The “U.S. government has a lot to learn from successful examples in allied nations. With more compromise and reform, there is plenty of reason for hope,” says a cybersecurity expert, adding that “a cybersecurity partnership between government, business, and individuals built on trust is possible, and would promote more resilient networks as well as creative thinking on cybersecurity.”

    • view counter

  • Federally funded cybersecurity center launched

    The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence(NCCoE) initiative has awarded the first federally funded research and development center (FFRDC) contract for cybersecurity to MITRE Corp., a nonprofit established to operate FFRDCs. Cybersecurity professionals will work with stakeholders in government, the private sector, and academia to develop low cost and scalable cybersecurity solutions.

  • U.S. Cyber Command plans to recruit 6,000 cyber professionals, as U.S. mulls offensive cyber strategy

    Last Wednesday, House Intelligence Committee Chairman Mike Rogers (R- Michigan) told reporters that he would like to see the United States adopt a more offensive strategy in cyberspace, but added that the Pentagon, intelligence agencies, and law enforcement must first develop protocols for offensive cyber measures.The following day, U.S. Cyber Command (USCYBERCOM) announced plans to recruit 6,000 cyber professionals and create 133 teams across the country to support the Pentagon in defending the nation’s cyber infrastructure.

    • view counter

  • Training cyber security specialists for U.S. critical cyber infrastructure

    Lawrence Livermore National Laboratory is joining Bechtel BNI and Los Alamos National Laboratory to train a new class of cyber defense professionals to protect the U.S. critical digital infrastructure. The Bechtel-Lawrence Livermore-Los Alamos Cyber Career Development Program is designed to allow the national labs to recruit and rapidly develop cyber security specialists who can guide research at their respective institutions and create solutions that meet the cyber defense needs of private industry. About 80 percent of the nation’s critical digital infrastructure and assets are owned and operated by private industry.

  • Shortage of cybersecurity professionals a risk to U.S. national security

    The nationwide shortage of cybersecurity professionals — particularly for positions within the federal government — creates risks for national and homeland security, according to a new RAND study. Demand for trained cybersecurity professionals who work to protect organizations from cybercrime is high nationwide, but the shortage is particularly severe in the federal government, which does not offer salaries as high as the private sector.

  • Debating disclosures of cyber vulnerabilities

    Cybersecurity experts are debating whether the NSAand U.S. Cyber Commandshould keep cyber vulnerabilities secret, or disclose and fix them. Not disclosing and fixing cyber vulnerabilities means that, when necessary, such vulnerabilities may be used as weapons in offensive information warfare. Disclosing and fixing such vulnerabilities would diminish the effective of U.S. offensive cyber operations, but the effectiveness of an adversary’s offensive cyber operations would be similarly diminished.

  • Future cyberattacks to cause more trouble than Heartbleed

    Many of the future cyberattacks could take advantage of vulnerabilities similar to Heartbleed, a major Internet security flaw which allows attackers to gain access to encrypted passwords, credit card details, and other data on trusted Web sites including Facebook, Gmail, Instagram, and Pinterest. A new report said that hackers could soon use similar holes in computer security to shut down energy grids, disrupt public services, and steal vast amounts of private data worth billions of dollars, unless institutions take measures today to ready themselves against future Heartbleed-like threats.

  • U.S. military communication satellites vulnerable to cyberattacks

    A new report warns that satellite communication terminals used by U.S. military aircrafts, ships, and land vehicles to share location data, are vulnerable to cyberattacks through digital backdoors. A forensic security review of codes embedded inside the circuit boards and chips of the most widely used SATCOM terminals identified multiple hacker entry points.

  • West Point wins Cyber Defense Exercise, launches Army Cyber Institute

    The U.S. Military Academy at West Point has won the annual Cyber Defense Exercise (CDX) which brought together senior cadets from the five service academies for a 4-day battle to test their cybersecurity skills against the National Security Agency’s (NSA) top information assurance professionals. West Point’s win comes just as the academy announced plans for its Army Cyber Institute(ACI), intended to develop elite cyber troops for the Pentagon.

  • Hacked U.S. surveillance drone over Crimea shows new face of warfare

    A recent report of a U.S. surveillance drone flying over the Crimea region of Ukraine being hacked by Russian forces, is just one of many indication that the twenty-first-century global battlefield will take place in cyberspace. Radio and other frequencies which cover the electromagnetic spectrum are the new contested domain.

  • British intelligence agency promotes cybersecurity education

    As part of its national cybersecurity strategy to “derive huge economic and social value from a vibrant, resilient, and secure cyberspace,” the United Kingdom will issue certifications to colleges and universities offering advanced degrees in cybersecurity. The British intelligence agency, Government Communications Headquarters(GCHQ), has notified various institutions to apply for certification by 20 June 2014. Students who complete the approved courses will carry a “GCHQ-certified degree.”

  • Iran becoming serious cyber-warfare threat

    Both government and private cybersecurity experts are increasingly considering Iran as a “top ten” cyberthreat. Iran’s recent activities and its motives have led analysts to rank the country among other cyberspace heavy hitters such as Russia and China.