A line in the sand
It was only a matter of time.
It was only a matter of time.
The U.S. government had a busy day yesterday.
Fifty-four days until the election.
Mike Rogers wishes summer 2016 would have gone differently.
North Korea is up to its old tricks again.
It may sound like a Monty Python costume, but "spamouflage" refers to a real network of political spam messages that appears to be gaining steam ahead of the 2020 U.S. presidential election, according to a report by media analysts at the research firm Graphika.
There are fewer than 90 days left until the 2020 presidential election, and the cybersecurity threats are bound to heat up in the home stretch.
Runners, cyclists and athletes around the world were unable to sync their data last Thursday after hackers shut down the GPS technology company and fitness tracker Garmin.
The Department of Energy is a favorite target for hackers: Not only does the agency house the nation's nuclear stockpile, but it also oversees the U.S. network of national labs with their caches of cutting-edge research and intellectual property.
What do Joe Biden, Kanye West and Elon Musk have in common?
Anyone buying power grid parts from Iran? No? How about Venezuela?
President Trump declared this week he was getting "more and more angry at China" over the coronavirus pandemic, as the U.S. fails to rein in rising COVID-19 cases.
The diffuse and combative hacktivist collective known as "Anonymous" is back in the news again. Yes, the one that makes you think of Guy Fawkes masks.
The "biggest CIA leak in history" took another surprising turn this week.
Every so often, news of a hacking campaign makes me look over my own shoulder.
George Floyd's death at the hands of Minneapolis police officers has set off nationwide protests and a severe response from law enforcement. This is only the latest example of the U.S. painfully grappling with its legacy of racial injustice.
Berserk Bear is at it again. The Russia-linked hacking group with the ursine nickname has been rummaging through German critical infrastructure and causing trouble, according to a confidential warning first reported by CyberScoop on Tuesday.
"It is cheaper and simpler to steal something than to design it yourself."
On Friday, something unthinkable happened: The DEF CON hacking conference was actually canceled.
"Why are the Russians, as we speak, managing 200,000 implants in U.S. critical infrastructure: malware, which has no purpose to be there for any legitimate intelligence reason?"
A strange thing happened over the weekend. The hackers behind the prolific Shade ransomware called it quits and offered up tools to undo the damage their malware has inflicted since 2014.
The coronavirus pandemic spreading across the United States has all the disastrous ingredients for opportunistic hackers.
"The word is out," said James Beardsley, chief of the cybersecurity branch of the Nuclear Regulatory Commission, in a June 6, 2017, email to colleagues.
Zoom Video Communications has taken flak from cybersecurity experts concerned about misleading encryption claims and vulnerabilities in the teleconferencing software that's seen a surge in users during the COVID-19 era.
An online meeting of New Mexico utility regulators yesterday was interrupted by "Zoom bombers" spouting racist comments.
In early February, analysts at a major U.S. cybersecurity firm detected a sudden drop-off in hacking activity from a cyberespionage group linked to China.
American security officials in recent years have warned that hackers could seize on the chaos after a hurricane to strike critical networks.
A congressional commission issued dire warnings about the state of U.S. cyber readiness in a widely anticipated report yesterday.
A Chinese anti-virus company is accusing American hackers of attacking Chinese industry, turning the tables on U.S. security firms that have built small fortunes by exposing the latest "advanced persistent threat" from China.
A well-dressed comic book figure with a pineapple for a head is the election security mascot for the Cybersecurity and Infrastructure Security Agency. "Cybersecurity has a posse," reads the motto.
A cyberattack recently forced a natural gas pipeline offline for two days, an extraordinary impact for what the Department of Homeland Security described as "commodity ransomware."
U.S. Attorney General William Barr called the Chinese government America's "top geopolitical adversary" last Thursday, days before the Justice Department accused four members of Chinese military hackers of carrying out the infamous Equifax breach in 2017.
"Any sufficiently advanced technology is indistinguishable from magic."
This week, I visited San Antonio, where a grid security advocacy group shopped around a list of nearly 80 "best practices" for electric utilities to consider as they defend against hackers.
In May 2018, Saudi billionaire Mohammed bin Salman may have used a malicious WhatsApp message to break into the phone of U.S. billionaire Jeff Bezos.
A U.S. cybersecurity firm issued a report this week claiming that a Russian military intelligence agency hacked Burisma Holdings Ltd., a Ukrainian natural gas company that has featured heavily in President Trump's impeachment.
When the U.S. killed top Iranian general Qassem Soleimani in a drone strike in Baghdad early Friday, the world held its breath. How would Iran respond? Would there be war?
Happy New Year!
From "ransomware" attacks sowing chaos in city governments to the frenzied U.S. response to the "BlueKeep" vulnerability, 2019 has been another hectic year for cybersecurity. What's in store for 2020?
A group of presidential advisers is deliberating on a report today calling for the creation of a new, independent cybersecurity agency.
A group of U.S. senators is urging the nation's top power grid regulator to defend against threats from China-based telecommunications company Huawei Technologies Co.
A team of Iranian hackers is menacing industrial control systems, adding to the thin ranks of hacking groups eyeing such targets, according to a Microsoft Corp. researcher who spoke to Wired about his findings.
Picture this: a coordinated cyber and physical attack strikes New York, cutting out the lights to Wall Street, crippling natural gas pipelines in the Northeast and prompting federal authorities at the Department of Energy to invoke emergency powers — never previously used — to direct the way utilities restore electricity.
The Ukrainian power company director showed his American visitors a brief video clip, taken from within his utility's control room with a beat-up iPhone 5.
How can a single grid cyber event span Wyoming, Utah and California?
A new cybersecurity report is warning of "broken Windows" in some of the most sensitive computer systems worldwide.
Hours after a major power outage in Manhattan this July, New York Mayor Bill de Blasio stepped in to declare "this was not a cyberattack" or an act of terrorism.
Making sense of some FOIA responses is like telling fortunes from coffee grounds — almost everything is black, and you're bound to fool yourself.
Sleuths at the National Security Agency are ringing in an annual cyber holiday by launching a new defensive branch.
On Aug. 24, a utility in Washington state reported a "cyber event" with the potential to harm the power grid.
In December 2016, suspected Russian hackers brought down a transmission substation outside Kiev in an unprecedented cyberattack. The digital marauders used a sophisticated malware framework — later dubbed "CrashOverride" — that could communicate with, and compromise, an array of specialized power grid components at Ukrainian utility NPC Ukrenergo.
What rises to the level of an electric utility "cyber event"? What must a cyberattack actually accomplish to "disrupt" the power grid? What makes a cybersecurity incident count as an "attack" in the first place?
If I had a nickel for every time I heard a ho-hum cyberattack billed as "the next Stuxnet," I'd have earned at least a dollar over six years covering control system security.
Disaster response experts are inviting government officials and energy infrastructure managers to make imagined life-or-death decisions in a simulated scenario that involves both a natural disaster and a cyberattack.
Nearly two dozen towns in Texas are quite literally locked in a battle against hackers, as a "ransomware" infection has encrypted their critical computer files and held the key hostage.
Big U.S. power utilities are busy combing through their networks for signs of gear from China-based telecommunications providers Huawei Technologies Co. and ZTE Corp.
"Hacker Summer Camp" is underway. The Black Hat and DEF CON cybersecurity conferences draw tens of thousands of hackers, researchers and IT professionals to Las Vegas each August, prompting at least a few breathless news reports and an occasional arrest by the FBI.
Former President Kennedy, aided by his controversial father, announced himself to the world with a precocious 1940 book, "Why England Slept," about that country's failure to confront Hitler in time.
The technologists' reviews are in. They're calling Attorney General William Barr's remarks on encryption Tuesday wrong, "stupid," "deeply misguided" and even "remarkable." (But not "remarkable" in a good way.)
An hourslong power outage Saturday in Manhattan was triggered by an overzealous relay protection system, based on preliminary reports from Consolidated Edison.
Michael Assante issued a prescient warning to utilities after hackers blacked out part of Ukraine's grid in December 2015.
Electricity moves near the speed of light, while natural gas flows through pipelines at a comparatively creeping 15 mph.
The New York Times reported Saturday that U.S. cyber sleuths have planted malicious "implants" in the Russian power grid.
One question permeates all the policy squabbling and hand-wringing over Chinese telecom giant Huawei Technologies Co. Ltd.: What is the risk of using the Shenzhen-based company's products?
The hacking tool dubbed "EternalBlue" is an old exploit. "BlueKeep" is a new vulnerability. Both are very bad — so bad, in fact, that they've each drawn rare public comment from spooks at the National Security Agency.
Self-driving cars are still on training wheels, but the cybersecurity issues they raise are accelerating for regulators.
It's been nearly five years since I visited Shanghai, but the words of an academic I met there still resonate.
"It's OK that we fool others, but we should never fool ourselves."
I've been squinting at a grid "cyber event" for over a week now, and the picture that's emerged is comforting and alarming at the same time.
This week we investigate the U.S. grid's cyber risks from large electric transformers built in China, talk with DHS's assistant director for cybersecurity on the Worldwide Threat Assessment, and compare Russian tactics on hacking U.S. elections and energy infrastructure in the Mueller report.
This week, we spotlight a list of foreign technology suppliers that federal regulators say pose a security risk to the U.S. grid, interview Commissioner Cheryl LaFleur on FERC's cyber work and take a look at the fuzzy numbers surrounding privately owned critical infrastructure.
This week, we go on the road looking at cybervulnerabilities of self-driving and electric vehicles; chat with Eitan Goldstein, senior director at Tenable Inc. and former head of cybersecurity efforts at Siemens AG; and examine if the nation is more cybersecure as Homeland Security Secretary Kirstjen Nielsen departs.
This week we look back at hacking's unsolved mysteries and what has been learned; interview Bill Evanina, acting director of the National Counterintelligence and Security Center; and take a look at the open secret of the $10M fine.
This week we take a deep dive into water utilities' unprecedented cyberthreats. We also talk with professor Andrew Odlyzko on why he thinks "cybersecurity is not very important" and take a look at the Mueller investigation from a critical infrastructure perspective.
This week we have the tug of war between the nation's mobile and internet titans and a group of electric utilities over access to the radio spectrum used for securing the grid. We also talk with Michael Daniel, President Obama's White House cybersecurity coordinator, and ponder the Palmetto Fusion confusion.
This week we're entering the top-secret realm of the military's U.S. Cyber Command as it brings energy companies into the fold to battle would-be hackers. We also talked with Kaspersky Lab about cyber espionage and tech nationalism, and turned our viewfinder toward Venezuela's struggle to keep the lights on.
Welcome to cybersecurity update! Over the next two months, I'll be your guide through the world of cybersecurity — where zeroes and ones meet rotors and gears. We'll visit power plants, chemical plants and water treatment facilities. We'll review the cybersecurity threats, vulnerabilities and policies leading the news.
Digestible and insightful cybersecurity news and analysis. Once a week. Receive a brief analysis and highlights of the week’s cyber news every Thursday in your inbox. It provides coverage of the critical infrastructure and the energy industry ecosystem that’s accessible for cyber enthusiasts and novices alike. Sign up here.