• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact Us
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
/ CS Digests / 09 Jan 2018

CS Digest: 09 Jan 2018

Posted: 01/09/2018 | Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Data Privacy Day – January 28 - CSIAC

CSIAC proudly joins the NCSA and numerous of other organizations in celebrating Data Privacy Day. CSIAC acknowledges the Internet touches all aspects of everyone's daily life and we understand there are many unknown variables on how to stay safe and secure online. Which is why we're so excited to announce we are launching a series of resources during January to help raise privacy awareness. During the entire month of January, you will have the chance to participate in and receive a variety of resources to help you better understand data privacy and the simple steps you can take to protect yourself, your family and your organization. Our goal is to enable you to make the most of today's technology in a safer and more secure environment.

RECENT HEADLINES:

Cloud Computing:

GDPR and Data Localization: The Significant (and Often Unforeseen) Impact on the Cloud - SC Magazine

The EU's General Data Protection Regulations (GDPR) – enforceable on May 18 next year – are proving to be a huge challenge with many twists and turns. One of the most significant parts in the law is data localization. Data localization refers to laws requiring certain customer data to remain within the borders of a particular region or country.
Tags: Cloud Infrastructure, Data Localization, General Data Protection Regulation (GDPR)

Critical Infrastructure:

AF Installation Cyberattack Plans Tested During National Grid Exercise - Air Force

Recently, 32 Air Force installations and representatives from Headquarters Air Force took part in the two-day national Grid Security Exercise IV, or GridEx IV, to simulate a coordinated response to cyber and physical security threats to North America's electricity grid and other critical infrastructure.

Hackers Halt Plant Operations in Watershed Cyber Attack - Reuters

Hackers likely working for a nation-state recently invaded the safety system of a critical infrastructure facility in a watershed attack that halted plant operations, according to cyber investigators and the firm whose software was targeted.

Cyberwarfare:

Naval Dome Exposes Vessel Vulnerabilities to Cyber Attack - Sea Trade-Maritime

More onboard cyber vulnerability has been revealed, with maritime cyber defence firm Naval Dome demonstrating yet more ways hackers can compromise ship safety.

Data Security:

Security Researcher Says DirecTV Hardware Can Be Easily Hacked - Zdnet

An easily-exploitable security flaw was found in the wireless video bridge that ships with DirecTV, which lets laptops, tablets, and phones connect with the main Genie digital video recorder. Because the wireless video bridge, manufactured by Linksys, isn't protected by a login page, anyone with access to the device could obtain sensitive information about the device.

Meltdown and Spectre: Vulnerabilities in Modern Computers Leak Passwords and Sensitive Data. - Meltdown Attack

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. A malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.

Meltdown, Spectre: The password Theft Bugs at the Heart of Intel CPUs - The Register

The severe design flaw in Intel microprocessors that allows sensitive data, such as passwords and crypto-keys, to be stolen from memory is real – and its details have been revealed.

Three More WordPress Plugins Found Hiding a Backdoor - Bleeping Computer

The massive size of the WordPress plugins ecosystem is starting to show signs of rot, as yet another incident has been reported involving the sale of old abandoned plugins to new authors who immediately proceed to add a backdoor to the original code.
Tags: Cyber Supply Chain

Home Economics: How Life in 123 Million American Households Was Exposed Online - UpGaurd

An Amazon Web Services (AWS) S3 cloud storage bucket containing information from data analytics firm Alteryx has been found publicly exposed, comprising the personal information of 123 million US households.

Internet-of-Things:

Romanian hackers took over D.C. surveillance cameras just before presidential inauguration, federal prosecutors say - The Washington Post

Romanian hackers took over two-thirds of the District’s outdoor surveillance cameras just before President Trump’s inauguration, according to a federal criminal complaint unsealed Thursday.

Legislation and Regulation:

5 Key Updates to Version 1.1 Draft 2 of NIST’s Cybersecurity Framework - Tripwire

Now NIST has incorporated these viewpoints into a second draft for Version 1.1 of its Framework. It's done so in the interest of meeting the demands of those that use the document to stay on top of the latest digital threats. The updates NIST made in Version 1.1 of its Framework (PDF) boil down to five major revisions.

Pentagon Delays Deadline For Military Suppliers to Meet Cybersecurity Rules - Defense One

The Pentagon will delay a Jan. 1 deadline for all of its suppliers to meet a set of new regulations largely designed to better protect sensitive military data and weapon blueprints.

Machine Learning and Artificial Intelligence:

AI cyberattacks will be almost impossible for humans to stop - Wired

As cyberattacks become more refined, they will start mimicking our online traits. This will lead to a battle of the machines.
Tags: Artificial Intelligence (AI)

The Pentagon’s New Artificial Intelligence Is Already Hunting Terrorists - Nextgov

After less than eight months of development, the algorithms are helping intel analysts exploit drone video over the battlefield.
Tags: Artificial Intelligence (AI)

Japanese Scientists Just Used AI to Read Minds and it’s Amazing - CNBC

Scientists from Kyoto developed new techniques of "decoding" thoughts using deep neural networks (artificial intelligence). The new technique allows the scientists to decode more sophisticated "hierarchical" images, which have multiple layers of color and structure, like a picture of a bird or a man wearing a cowboy hat, for example.

Quantum Computing:

Quantum Computers Barely Exist – Here’s Why We’re Writing Languages for Them Anyway - Technology Review

The most recent one comes from Microsoft, which has unveiled Q# (pronounced Q sharp) and some associated tools to help developers use it to create software. It joins a growing list of other high-level quantum programming languages such as QCL and Quipper. But given that practically nobody has a quantum computer, what's the point?

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.


The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

« 26 Dec 2017
23 Jan 2018 »

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

Featured Subject Matter Expert (SME): Cully Patch

An internal CSIAC SME with a passion for learning, teaching, and supporting the warfighter, Mr. Cully Patch has been a member of the CSIAC staff for 5 years. Cully was instrumental in leading the development and instruction of an extensive course on DoD Cybersecurity Analysis and Reporting (DoDCAR) - a threat-based approach to addressing system cybersecurity. As a senior program manager for cybersecurity and intelligence, Mr. Patch has extensive experience in providing cybersecurity training and education to both university students and military operators. Cully is a retired US Air Force military officer with career accomplishments in the fields of research, Intelligence, cybersecurity operations, planning, and technical course instruction. CSIAC is honored to have Mr. Patch as a subject matter expert, where he leads teams of technologists through problem solving, training program development, scientific and technical information generation, and analysis of complex system requirements.

View SME's Contributed Content

CSIAC Report - Smart Cities, Smart Bases and Secure Cloud Architecture for Resiliency by Design

Integration of Smart City Technologies to create Smart Bases for DoD will require due diligence with respect to the security of the data produced by Internet of Things (IOT) and Industrial Internet of Things (IIOT). This will increase more so with the rollout of 5G and increased automation "at the edge". Commercially, data will be moving to the cloud first, and then stored for process improvement analysis by end-users. As such, implementation of Secure Cloud Architectures is a must. This report provides some use cases and a description of a risk based approach to cloud data security. Clear understanding, adaptation, and implementation of a secure cloud framework will provide the military the means to make progress in becoming a smart military.

Read the Report

CSIAC Journal - Data-Centric Environment: Rise of Internet-Based Modern Warfare “iWar”

CSIAC Journal Cover Volume 7 Number 4

This journal addresses a collection of modern security concerns that range from social media attacks and internet-connected devices to a hypothetical defense strategy for private sector entities.

Read the Journal

CSIAC Journal M&S Special Edition - M&S Applied Across Broad Spectrum Defense and Federal Endeavors

CSIAC Journal Cover Volume 7 Number 3

This Special Edition of the CSIAC Journal highlights a broad array of modeling and simulation contributions – whether in training, testing, experimentation, research, engineering, or other endeavors.

Read the Journal

CSIAC Journal - Resilient Industrial Control Systems (ICS) & Cyber Physical Systems (CPS)

CSIAC Journal Cover Volume 7 Number 2

This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).

Read the Journal

Recent Video Podcasts

  • Explore the Innovare Advancement Center-Part 1 Series: Innovare Advancement Center & The CSIAC Podcast
  • Cybersecurity Maturity Model Certification (CMMC): The Road to Compliance Series: The CSIAC Podcast
  • Deep Learning for Radio Frequency Target Classification Series: CSIAC Webinars
  • A Brief Side-by-Side Comparison Between C++ and Rust – Part 3 Series: Programming Language Comparisons
  • A Brief Side-by-Side Comparison Between C++ and Rust – Part 2 Series: Programming Language Comparisons
View all Podcasts

Upcoming Events

Thu 29

Data Connectors Phoenix Virtual Cybersecurity Summit

April 29
Organizer: Data Connectors
636-778-9495
May 17

SANS Purple Team Summit & Training 2021

May 17 - May 28
Organizer: SANS Institute
May 27

DockerCon LIVE 2021

May 27 @ 06:00 - 14:00 EDT
May 28

LayerOne 2021

May 28 - May 30
Oct 18

IEEE Secure Development Conference

October 18 - October 21
Organizer: Institute of Electrical and Electronics Engineers (IEEE)
View all Events

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
US Department of Defense Logo USD(R&E) Logo DTIC Logo DoD IACs Logo

Copyright 2012-2021, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information
Accessibility / Section 508 | FOIA | Link Disclaimer | No Fear Act | Policy Memoranda | Privacy, Security & Copyright | Recovery Act | USA.Gov

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT