The Cyber Security Research Alliance released a report that lays out a logical road map for designing security into cyber-physical systems (CPS), which are IP-based systems that support the nation’s critical infrastructure and increasingly the target of cyberattackers.
CPS manipulate critical infrastructure operations such as power and water, industrial systems, transportation systems, medical devices, security systems, building automation and emergency management.
The report summarizes findings from an April 2013 workshop where industry, government and academic researchers explored how to address vulnerabilities in the global IT supply chain, government-industry information sharing on cyberattacks and CPS vulnerabilities, and approaches to CPS product assurance and trustworthy operational readiness.
CSRA is working on specific research topics associated with the report. Institutions and individual researchers interested in learning more about research opportunities may contact the CSRA via the CSRA website.
Posted on Nov 22, 2013 at 10:50 AM0 comments
The Federal Communications Commission recently released its eagerly anticipated Speed Test phone app, which will measure mobile broadband performance for Android users. Developed in cooperation with SamKnows Ltd., the app performs periodic tests when the phone is not in use, and it also allows for manual tests by the user. If the app gets enough users, the FCC will be able to gather speed data on cellular carriers nationwide.
With this information, the FCC intends to release an online interactive map that will detail how well each data provider does in different locations, including network performance, upload and download speed, latency, packet loss and other performance factors. All four major wireless carriers have agreed to participate in the app, and the FCC has stated that no personally identifiable information will be collected.
While this is a first for the FCC, the broadband speed test is not a new concept. Speedtest.net, launched in 2006, is a popular website and app from Ookla. It allows users to test data connection speeds and publishes all available data on its website. The FCC is following suit with this crowdsourced mobile performance testing, which is in line with FCC Chairman Tom Wheeler’s goals to ensure adequate competition in the wireless and broadband markets.
"Knowledge about how various mobile broadband providers compare, at specific locations in a geographic market, will aid [mobile users] in choosing the provider that best suits their needs," FCC Commissioner Mignon Clyburn said in a statement. "Transparent information about service performance does not just enable consumers to select among service offerings in a meaningful way. It also creates incentives for providers to improve those services."
The app works by collecting user location, device type including operating system, time of data collection and cellular and broadband performance characteristics, such as signal strength and speed, FCW reported. An iPhone version of the app is expected to be released in January 2014.
Posted on Nov 22, 2013 at 9:09 AM0 comments
Cybersecurity was a hot topic in 2013 with agencies increasingly focusing on insider threats, attacks from nation states, and compliance. Last week Websense Security Labs released its cybersecurity predictions for 2014, suggesting areas IT managers should monitor:
Advanced malware volume will decrease. Research has shown that the quantity of new malware is beginning to decline. However, this means cybercriminals will rely less on high-volume advanced malware because over time it runs a higher risk of detection. They will instead use lower volume, more targeted attacks to hack into networks.
Attackers will be more interested in cloud data than networks. Because critical business data is increasingly stored in cloud-based systems, criminals will focus their attacks more on data stored in the cloud than data stored on the network.
Java will remain highly exploitable and highly exploited. Organizations that continue to use older versions of Java will remain extremely exposed to exploitation. In 2014 criminals will devote more time to finding new uses for tried-and-true attacks and crafting other aspects of advanced, multistage attacks.
Attackers will compromise organizations via professional social networks. As the business community continues to increase its social media use, attackers will increasingly use professional websites, such as LinkedIn, to get in touch with executives to gather intelligence and compromise networks.
Criminals will target the weakest links in the “data-exchange chain.” Attackers will target the consultants outside the network who have the most information. This includes contractors, vendors and others who typically share sensitive information with the large corporate and government entities.
Read the full report.
Posted on Nov 21, 2013 at 9:15 AM0 comments
Last week, the U.S Department of Transportation’s Federal Aviation Administration released its first road map outlining safety measures for unmanned aircraft systems (UAS), also known as “drones.” The 66-page document addresses policies, regulations, technologies and procedures that will be required for use of commercial drones in national airspace.
Drones are typically used by federal, state and local government agencies, as well as universities conducting research. The Department of Homeland Security uses drones for border monitoring; NASA and the National Oceanic and Atmospheric Administration use them for atmospheric research; while Virginia Tech uses drones for mapping agricultural diseases.
The road map explains that developing minimum standards for sense and avoid technology, monitoring control and communications and finding ways to ensure that UAVs can comply with air traffic control visual clearances and instructions are among the challenges yet to be overcome.
Posted on Nov 14, 2013 at 8:11 AM1 comments
The convenience USB drives offer for portable storage is well known. But so is the potential security threat.
Devices can easily be lost or stolen, putting agency data at risk, or used to deliberately take data from an agency, as Edward Snowden did. They can even be used to introduce malware to a network: A 2011 penetration test by the Homeland Security Department found that 60 percent of USB drives deliberately left in agency and contractor parking lots were picked up and inserted into network computers.
In a recent blog post, Chris LaPoint, vice president of product management at SolarWinds, offered three basic steps agencies can take to ensure USB drive security:
Monitor and track network activity. Unusual activity can indicate breaches or USB-introduced malware.
Use a secure managed file transfer system. These Web-based systems control access through virtual folders, eliminating the need for physical media and allowing for active monitoring.
Use a USB defender tool. These provide real-time alerts whenever a USB drive is in use, and block usage if a malicious attack is detected.
Government agencies have struggled with how to balance the convenience of portable storage devices with the security risks they create. In fact, the Defense Department instituted a ban on these devices for two years, which was eventually lifted in favor of regulated use. Sound precautionary measures, and use of products such as encrypted USB drives, can help agencies store and share their data efficiently.
Posted on Nov 12, 2013 at 7:43 AM0 comments