With the United Nations’ International Girls in ICT day fast approaching on April 23rd, this is a great opportunity to discuss how we can get young women involved in careers in technology. Cybersecurity is an ever-present issue with companies and individuals suffering attacks daily. At Cisco, we believe that protection from threats does not rely on a single technology or solution, it incorporates both the processes and of course, the people. It is predicted that by 2017, an additional two million security professionals will be needed, but what many young people – particularly women – underestimate, is how rewarding and far-reaching a career in cybersecurity can be.
Taking, the UK as one example, cybersecurity employs 40,000 people and is worth £6 billion to the economy. Yet according to the Cisco 2014 Annual Security Report, more than one million positions for information security professionals remain unfilled around the world. What’s more, is that female cybersecurity staff only account for 11 percent of the global workforce. In Europe, the figures are even worse, coming in at only 7 percent .
Today there still remains a notion that IT is a “man’s job”. Women thinking of applying are often dissuaded as they may lack the confidence needed at the very start to pursue this career path. Yet, not only is this job market growing, but these jobs pay higher than other industries. We must do what we can to encourage young women to be fearless and pursue these fields of study, because they add new perspectives in the workplace that benefit business outcomes.
Read More »
Tags: cybersecurity, education, Girls in ICT, girls in ict day, IoE, stem
One of the great scientific challenges of our time is the construction of a practical quantum computer. Operating using the counterintuitive principles of quantum physics, such a device could rapidly explore an vast number of possible states. It could perform computational tasks that are far beyond our current capabilities, such as modeling molecules and designing new types of drugs—and breaking most of the cryptographic systems that are currently in use. Fortunately, no one has yet built a practical quantum computer, though many countries and companies are striving do just that. It has been claimed that the U.S. National Security Agency has a secret US$80M project with that aim, for example. Quantum computing is still an unproven technology, and it may not be practical for decades, but since it poses an existential threat to cryptography, we need to start preparing now for the possibility that one day the news will announce a breakthrough in quantum computing, and we will be living in a post-quantum world.
Read More »
Tags: Cisco Research, crypto, cryptosystems, cybersecurity, post-quantum, security
Hello and welcome to Part One of my new blog series discussing cyber intelligence and security around the critical infrastructure sectors in the U.S. Cyber-attacks are becoming increasingly prevalent and threatening to utilities, refineries, military defense systems, water treatment plants and other sectors of our critical infrastructure. Part One of this series details the dangers of cyber-attacks by state and non-state actors and how cyber intelligence can help organizations combat future cyber-attacks. Part Two will detail the role of data in cyber security and ways cyber intelligence can be gathered to further prevent attacks.
The New State of Cyber-Attacks
As technology advances so will the amount of cyber-attacks. Many companies play a vital role in their nation’s critical infrastructure and these companies are adopting digital systems to replace older, analog controls. This digitization of technology is helping operators obtain remote visibility and control over operations, including processes in refineries, the generation and transmission of power in the electrical grid, and the temperatures in nuclear cooling towers. In doing so, industrial facilities have become more efficient and productive.
However, the same digital hyper-connectivity that facility managers use to collect data and control machines and processes, also can serve as entry points for cyber attackers to get into system networks and steal or alter classified information, disrupt processes and cause damage to equipment. Many early control system breaches were random or accidental infections, but we’ve now entered a stage where kinetic attacks are becoming more prevalent, with industrial control systems becoming the object of targeted attacks.
Threats to a company’s information systems and assets could come from anywhere. State and non-state actors from around the globe are almost certainly targeting and possibly even penetrating the networks of energy providers and other critical infrastructures in the U.S. Effectively cyber criminals have loose alignment (affiliation) with state actors and now these criminals are beginning to use different methodologies, creating a huge challenge. Traditionally, we see malicious actions like zero-day attacks, Denial of Service attacks, (DoS) i.e. vulnerability attacks, bandwidth or connection flooding, stopping or delaying workflows and SQL Injections that help hackers exploit or steal data from organizations.
Read More »
Tags: Cisco, Cisco Secure Ops, cybersecurity, electric grid, Energy/Utilities
This blog post was authored by Troy Fridley and Omar Santos of Cisco PSIRT.
On Mar 9 2015, the Project Zero team at Google revealed findings from new research related to the known issue in the DDR3 Memory specification referred to as “Row Hammer”. Row Hammer is an industry-wide issue that has been discussed publicly since (at least) 2012.
The new research by Google shows that these types of errors can be introduced in a predictable manner. A proof-of-concept (POC) exploit that runs on the Linux operating system has been released. Successful exploitation leverages the predictability of these Row Hammer errors to modify memory of an affected device. An authenticated, local attacker with the ability to execute code on the affected system could elevate their privileges to that of a super user or “root” account. This is also known as Ring 0. Programs that run in Ring 0 can modify anything on the affected system. Read More »
Tags: cybersecurity, DRAM, Exploit, psirt, row hammer, rowhammer, security
Recognizing the critical need for state and local law enforcement agencies to have state-of-the art technologies to effectively fight digital crime, Cisco is creating the AMP Threat Grid for Law Enforcement Program. The program is designed to empower those working to protect our communities from cybercriminals with its dynamic malware analysis and threat intelligence platform.
Computers are central to modern criminal investigations, whether as instruments to commit the crime, as is the case for phishing, hacking, fraud or child exploitation; or as a storage repository for evidence of the crime, which is the case for virtually any crime. In addition, those using computers for criminal activity continue to become more sophisticated, and state and local law enforcement agencies struggle to keep up with their internal computer forensics / digital investigation capabilities. Malware analysis is also a critical part of digital investigations: to prove or disprove a “Trojan Defense” for suspects, wherein the accused rightly or falsely claims a malicious software program conducted the criminal activity and not the user; and to investigate unknown software and suspicious files on the computers of the victims of cybercriminal activity for evidence of the crime.
Read More »
Tags: AMP, cybersecurity, digital crime, forensics, hacking, investigations, law enforcement, Malware Analysis, Threat Grid