padlock on server cable (Andrey_Popov/

Why state and local government still struggle with cybersecurity

In addition to mitigating malware and phishing attacks, agencies must build domain name system resilience into their risk management programs.

biometric fingerprint (whiteMocca/

Big-time biometrics: India's Aadhaar project

By enrolling its 1.3 billion residents in a biometric ID program, India can transform how citizens, governments and businesses interact.

unlocked padlock on circuit board (wk1003mike/

DefCon hackers made short work of voting machines. Now what?

Even machines not connected to the internet can be hacked, so election officials must ensure they’re using secure technology and locking down the entire voting process.

illuminated box (balein/

Announcing the dig IT Award finalists

From mobile security to smarter transit to swarming drones, these 25 projects represent the best of discovery and innovation in government IT.

malware detection (Alexander Yakimov/

Inside the fight against malware attacks

Created by researchers at University of Texas Arlington, the SEMU malware analysis system provides a comprehensive log of malware operations, making it easier for security analysts to understand what the malicious program was supposed to do.

computer workers (REDPIXEL.PL/

Fighting cyberattacks with volunteers

Michigan's volunteer corps of cybersecurity experts from government, education and private industry is one way states can beef up their cybersecurity expertise.

Get ready for IoT-enabled threats

IoT poses security risks for DOD

A new GAO report called for the Pentagon to strengthen its policies and guidance for connected devices.

Flagged email

Why everyone still falls for fake emails

Exercises in social engineering focused on why social engineering works, how to prevent such attacks and how to gather digital evidence after an incident.

broken wineglass (Yuriy Seleznev/

Software brittleness may harden embedded systems

Brittleness causes programs to fail fast when under attack, which allows systems to quickly detect and disrupt cyberattacks and revert to known-good states.

network (DmitriyRazinkov/

Containment can protect IoT and cloud infrastructure from malware

Since it's impossible to provide total protection for all devices, application-layer trusted-access control can secure resources before disaster strikes.

PII (jijomathaidesigners/

Finding PII in a haystack of data

Veritas' Classification Engine makes it easier for agencies to identify and protect sensitive data.

cybersecurity and fraud

The shifting threat landscape

The number of zero-day and web attacks both decreased in the last year, but attackers found other effective delivery methods, Symantec says.