Author Archives: cyber_admin

Why AI could help in the industrial security space

Posted on by

Sometimes cybersecurity companies develop cutting edge technology that helps users better protect themselves in ways they never thought possible. Other times, the need for new technology is so great that the clients build their own solutions. That looks to be the case with Norsk Hydro, an aluminum company that is reportedly developing its own AI tools after it was hit by a ransomware attack. It is aiming to use those tools to look for unusual activity on its industrial equipment, which could potentially avert a cyberattack. Companies are hungry for this type of technology in order to protect their critical infrastructure devices. I get questions about it nearly every day when I meet with CISOs and other security leaders. Critical infrastructure networks are increasingly under attack. There are a growing number of attacks on power utilities and manufacturing plants that shows that to be true, and many more that are […]

The post Why AI could help in the industrial security space appeared first on CyberScoop.

Continue reading Why AI could help in the industrial security space

Why is DJI getting the Huawei treatment?

Posted on by

While a big portion of the current trade war is focused on tech giant Huawei, another company based in China has been battling U.S. government claims that its products present national security concerns. SZ DJI Technology, the world’s largest commercial drone maker, is facing a ban from all U.S. military purchases over cybersecurity concerns and allegations of links to the Chinese government. But while the company has long been accused of security issues — a threat level nudged up to a “national security threat,” as one Senate staffer told CyberScoop — few supporting details have emerged. There is no public evidence showing a link between mass swaths of U.S. user data falling into the hands of Chinese intelligence services, as has been suggested in Congressional testimony and a public intelligence report from Immigrations and Customs Enforcement. But concerns over government use of commercial drones continues as the company moves to […]

The post Why is DJI getting the Huawei treatment? appeared first on CyberScoop.

Continue reading Why is DJI getting the Huawei treatment?

Hey, industry: Cybersecurity needs to be a safety essential in your products

Posted on by

As technology advances and the world becomes more connected, the risk of cyberattacks on vehicles, personal electronic devices and even airborne drones increases. That is why, regardless of industry, the goal must be the same: to use machine learning to create efficiencies and improve operations that produce safer, more effective products for consumers. To do so, however, it is critical cybersecurity be at the center of the conversation. Connected Tech Can Pose Risks Artificial intelligence has developed rapidly in recent years and is helping improve nearly every industry. From assisting clinical decision making in healthcare, to driverless shuttles that aim to improve mobility in business districts and congested neighborhoods, AI technology is rapidly transforming business models across the globe. We are already seeing how artificial intelligence is being integrated into our personal lives. Take, for instance, the Google Home. Not only is it able to respond to our commands, it […]

The post Hey, industry: Cybersecurity needs to be a safety essential in your products appeared first on CyberScoop.

Continue reading Hey, industry: Cybersecurity needs to be a safety essential in your products

When it comes to cybersecurity, the federal government is nowhere to be found

Posted on by

To no one’s surprise, lots of big challenges chronically plague the cybersecurity world. But the biggest headache of all may be the relative inaction of the federal government, which unlike some other advanced nations simply isn’t doing its part. For years, the U.S. has been periodically promulgating feckless mandates, including some issues from the White House, that accomplish virtually nothing. The half-hearted attempts at actionable measures contribute to weaknesses and help open the door to breaches. Consider, for example, just a few instances: Last month, tens of thousands of images of travelers and license plates stored by the Customs and Border Protection agency were stolen in a digital breach. A federal contractor had transferred copies of the images to its network in violation of the contract. Then the subcontractor’s network was hacked – likely by a foreign government interested in tracking Americans or in the agency’s procedures. Tensions between the […]

The post When it comes to cybersecurity, the federal government is nowhere to be found appeared first on CyberScoop.

Continue reading When it comes to cybersecurity, the federal government is nowhere to be found

Why the revised NIST mobile security framework looks better from a distance

Posted on by

Mobile security vulnerabilities have been no stranger to national headlines lately. With examples ranging from WhatsApp reportedly allowing hackers to gain access to your smartphone’s sensors, to malicious apps making their way into the Google Play store, it’s no surprise the National Institute of Standards and Technology (NIST) saw the need for an update to its guidelines for vetting mobile applications. A Theoretical Approach From an academic perspective, the update to the NIST framework offers a solid theoretical approach to vetting applications for your enterprise; a process for managing risk and assuring compliance with security requirements. But, what sounds good theoretically can be near impractical to implement. While the guidelines laid out by NIST highlight an ideal, very few organizations have the resources to implement them across the board. This isn’t to say that these new guidelines don’t make sense. In fact, presenting the state of applications and offering suggestions […]

The post Why the revised NIST mobile security framework looks better from a distance appeared first on CyberScoop.

Continue reading Why the revised NIST mobile security framework looks better from a distance

Is offense really your best defense?

Posted on by

In June, the House Appropriations Committee approved a spending bill that, among other things, included a reintroduction of Rep. Tom Graves Active Cyber Defense Certainty Act (ACDC). According to Rep. Graves’ website, the ACDC “makes targeted changes to the Computer Fraud and Abuse Act (CFAA) to allow use of limited defensive measures that exceed the boundaries of one’s network in order to monitor, identify and stop attackers.” Specifically, the bill gives authorized individuals and companies the legal authority to leave their network to: establish attribution of an attack disrupt cyberattacks without damaging other computers retrieve and destroy stolen files monitor the behavior of an attacker and utilize beaconing technology Cybersecurity is a challenging issue for those who don’t have the luxury of spending every waking minute keeping up with the latest exploits, vulnerabilities and innovations. It is not a partisan issue, but an opportunity for us to show a united […]

The post Is offense really your best defense? appeared first on CyberScoop.

Continue reading Is offense really your best defense?

Commercial drones can give China critical intelligence on the U.S., witnesses tell Senate

Posted on by

Commercial drones are giving Chinese intelligence services another avenue to information gathering on the United States, experts told a Senate Commerce subcommittee on Tuesday. The commercial drone market is predominately made up of Chinese manufacturers, with companies like DJI, Zero Tech and Yuneec leading the market. Experts told the committee that as these drones hover in U.S. skies, detailed land images are being transmitted back to China where citizens are required to support “national intelligence activities.” Those images could be used to create a time-stamped map of critical infrastructure and even national security sites. “That is a cyber and information risk that is at the national level,” Harry Wingo, chair of the cybersecurity department at the National Defense University, told CyberScoop after the hearing. The U.S. government has taken steps to guard against the perceived threat. The U.S. Army banned the use of DJI products in 2017. However, there is […]

The post Commercial drones can give China critical intelligence on the U.S., witnesses tell Senate appeared first on CyberScoop.

Continue reading Commercial drones can give China critical intelligence on the U.S., witnesses tell Senate

Stop demonizing encryption

Posted on by

The security industry has more than its fair share of buzzwords and gimmicks. End-to-end encryption is not one of them. The recent discovery of a vulnerability in WhatsApp has instigated discussions and spawned hot takes surrounding spyware and export controls, with some declaring that end-to-end encryption is ineffective. With this particular vulnerability, spyware created by the NSO Group could be uploaded onto a phone through a series of malicious data packets sent via VoIP calls. This enabled access to the content and data on a targeted phone. While this particular vulnerability may prompt concerns over WhatsApp’s overall security (a patch has since been released), it does not negate the value of end-to-end encryption. Furthermore, the current negativity toward encryption perpetuates misinformation and provides fodder for governments seeking to undermine security and privacy across the globe. Yes, end-to-end encryption alone is not sufficient for complete security and privacy across every attack […]

The post Stop demonizing encryption appeared first on CyberScoop.

Continue reading Stop demonizing encryption

It’s time for Congress to act on Facebook’s privacy policies. Here’s how.

Posted on by

It seemed as though, after years of privacy scandals, Facebook had finally gotten the message. After its founder hinted at a shift to a privacy-oriented model in a blog post earlier this year, the company elaborated at F8 this week by unveiling its new look, FB5, that includes features such as encryption, reduced permanence and secure data storage. This might sound promising — but it’s not yet time to let Facebook off the hook. If the recent announcement that Facebook stored hundreds of millions of users’ passwords in plaintext for years is any indication, Facebook’s external reorientation has a lot of work to do to make up for its ongoing internal privacy failures. Facebook already has a wealth of personal data on you, far beyond phone numbers, message content or photographs. New ID Experts research is showing that the platform’s users – as many as 68% of them – aren’t happy with that fact. Additionally, The Wall Street Journal revealed that the social media giant may […]

The post It’s time for Congress to act on Facebook’s privacy policies. Here’s how. appeared first on CyberScoop.

Continue reading It’s time for Congress to act on Facebook’s privacy policies. Here’s how.

Why you shouldn’t be afraid of nation-state hackers

Posted on by

When talking about information security, nation-state backed hackers are set up as the ultimate threat. The countries have brilliant hackers, unlimited resources, endless exploits, and they are all after you! Fortunately for us, there are also many more nation state hackers who are not that skilled, on a tight budget, and forced to use off-the-shelf tools. Just because your organization might be of interest to foreign services does not mean that you should just give up. Before we go much further, it’s important to acknowledge that some nation-state adversaries are, in fact, your worst nightmare. However, there is ample evidence of hacker “B-teams” amongst even the most sophisticated nation-state groups. Looking at the Russian attacks against the DNC, many simple mistakes are immediately apparent, including how easy it was to discover their origin. The group forgot to deploy anonymity tools, reused email and IP addresses for different parts of the […]

The post Why you shouldn’t be afraid of nation-state hackers appeared first on Cyberscoop.

Continue reading Why you shouldn’t be afraid of nation-state hackers