SM Online June 2017
For the first time in history, hackers used a cyberattack to knock out a portion of a nation’s electric grid. In Analysis of the Cyber Attack on the Ukrainian Power Grid, experts from SANS and the Electricity Information and Analysis Center explain how the hackers carried out the attack. Another report, When the Lights Went Out: A Comprehensive Review of the 2015 Attacks on Ukrainian Critical Infrastructure, this one from Booz Allen Hamilton, analyzes the same attack and suggests ways to avoid another one.
A new report from the Massachusetts Institute of Technology—Keeping America Safe: Toward More Secure Networks for Critical Sectors—identifies eight challenges with recommendations for increased infrastructure cybersecurity.
A bipartisan study group convened by the Washington Institute, a think tank dedicated to U.S. Middle East policy, recently issued a report which examines the question: Can the U.S. government build a system of intervention where individuals could be identified and redirected away from extremism before they commit an act of terror? The report, Defeating Ideologically Inspired Extremism: A Strategy to Build Strong Communities and Protect the U.S. Homeland, looks at alternatives.
In its recent report, America’s Airports: The Threat from Within, the U.S. House of Representatives’ Homeland Security Committee pulls no punches in a clear conclusion: “America’s airports and aircraft remain vulnerable to attack and exploitation by nefarious individuals.”
To effectively respond to alerts, security operators must pay attention for sustained periods of time without getting so tired that job performance decreases. But are vigilance and fatigue two sides of the same coin? That was the topic of a panel at the Human Factors and Ergonomics Society 2016 Annual Meeting, which published its findings in a paper.
Misaligned incentives between hackers and defenders are making companies more vulnerable to cyberattacks, according to Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity from Intel.
The U.K. House of Commons passed a bill that expands the U.K. government’s powers to freeze human rights violators’ assets.
Hugs in the workplace may create a sexually hostile work environment under Title VII of the Civil Rights Act, a U.S. federal court of appeals ruled.
A global oil and gas production services provider will pay $9 million for falsifying safety inspections and violating the U.S. Clean Water Act.
A survey from Nuix finds that 42 percent of self-identified hackers and penetration testers consider data hygiene and information governance the least effective places to spend a security budget.