From the Winter 2024 Issue

,

Avoiding Phantom Risk – Chasing Exploitability, Not Vulnerability

Author(s):

Alex Haynes, CISO , IBS Software

exploitability

The gravest warning a pen test report could contain are the words “The host may be vulnerable to remote code execution”.  It is hard to know what that immediately means. Did they get system access on a host? Nope. Was there a public exploit available for that version of software that enabled remote code execution? … Read more

From the Winter 2024 Issue

,

QKD versus PQC: A Quantum Showdown? Part 2

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

QKD versus RQC

This is part two of a two-part article on secure key distribution in a post-quantum world.  Part one focused on Quantum Key Distribution (QKD) as a method to securely distribute encryption keys.  This article will focus on Post-Quantum Cryptography (PQC), which seeks new quantum-resistant (i.e., hypothesized, but can’t be proven, to be secure against) cryptographic … Read more

From the Winter 2024 Issue

,

QKD versus PQC: A Quantum Showdown? Part 1

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

HilaryMacMilan-feature-wn19

The need for communications confidentiality has existed since humans developed language. Accounts of the Greco-Persian wars in fifth century B.C. described steganography, (hiding the existence of a message). Cryptography, on the other hand, hides a message’s meaning. The cryptographic task of encryption enables a sender to “scramble” a message’s content, rendering it unreadable to anyone … Read more

From the Winter 2024 Issue

,

Information Integrity and National Identity

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

History defines who we are and informs how Americans chart the nation’s future. It underpins representative government. Increasingly, historical records and documents are being converted to digital formats. This promises to make essential information available to more Americans than before. There are also troubling implications. It takes only a cursory examination of recent events to … Read more

From the Winter 2024 Issue

Navigating the Cybersecurity Landscape: College Students and the Role of Professors in Preparation

Author(s):

Rafael Hocker, Graduate Student, Oklahoma State University

Cybersecurity has become a critical facet of our lives in the digital age and is often described as the fifth dimension of warfare (Land, Sea, Air, Space, and now, Cyberspace). A recent Forbes article, published on December 5, 2023, delves into the multifaceted world of cybersecurity, urging college students to recognize its significance and advocating … Read more

From the Winter 2024 Issue

Exploring the Dark Web: Understanding its Role in Cybersecurity Threats

Author(s):

Justin Petitt, Director, Cybersecurity Center of Excellence, Edgewater Federal Solutions

Exploring the Dark Web

What in the Dark Web is happening here? “What in the Dark Web is happening here?” was the first thing said to me over a recent holiday trip, with a friend walking in and seeing me checking in on work and life with three separate laptops set up in front of me, my attention and … Read more

From the Winter 2024 Issue

How to Separate the Good SOCs from the Bad

Author(s):

Julia Girardi, Senior Consultant, CyberCX

How to Separate the Good SOCs from the Bad

Security Operations Centers (SOCs) typically provided by Managed Security Services Providers (MSSP) can be a valuable asset to help protect a company against cyber threats and to help them to operate securely. With so many providers in the marketplace and many organizations having adopted an outsourced SOC arrangement, how can your organization tell if its … Read more

From the Winter 2024 Issue

How is Generative AI a Bigger Security Concern Than a Benefit?

Author(s):

Shigraf Aijaz, Cybersecurity Writer and Journalist,

Generative AI Security Concern

The rapid rise and development of generative AI, such as ChatGPT, Google Bard, or even Microsoft Bing, has revolutionized how we interact and view AI. These LLM chatbots have significantly made lives more manageable, providing every individual and business with a fast and improved method to execute repetitive tasks. However, despite all their benefits, these … Read more

From the Winter 2024 Issue

Flashing Red Lights: Cybersecurity for Intelligent Transportation Systems

Author(s):

Christopher J. Brown, Author ,

Henry J. Sienkiewicz, Faculty, Georgetown University

Red lights, yellow lights, green lights. A flashing light?  A traffic warning sign?  Recognized as a critical infrastructure by the Department of Homeland Security (DHS), the transportation system is essential to modern life. From the skies to the seas to the railways to the roadways, and to bike lanes and pedestrian crossing, this highly complex … Read more

From the Winter 2024 Issue

UNISQUATTING IDN HOMOGRAPH ATTACKS

Author(s):

Danny Gershman, Founder and CEO, Radius Method

Unisquatting (a portmanteau for Unicode cybersquatting) or the Internationalized Domain Name (IDN) homograph attack is a fairly new type of mechanism that builds on several other types of Domain Name System (DNS) address attacks. The typosquat (Uniform Resource Locator (URL) hijacking) attack relies on being able to register a domain name very closely resembling another … Read more