From the Spring 2018 Issue

Dark Web Investigations

Author(s):

Paul Kubler, Cyber Security and Digital Forensics Examiner, Independent Consultant

PaulKubler-feature-image

The dark web has been sensationalized in the news, movies, and on television dramas. The dark web, and the less commonly discussed deep web, make up a part of the internet that is not accessible via search engines, like Google or Bing. This part of the internet dates to the 1990s when lists of sites … Read more

From the Spring 2018 Issue

NotPetya Holds Up a Stop Sign for FedEx

Author(s):

Barbara Bouldin, Director of Technologies Research, SJ Technologies

notpetya-feature-image

What Happened On June 27, 2017 the NotPetya malware hit the Ukraine, targeting Kyivenergo, an electric power supplier to Kiev. NotPetya went on to hit a shipping company, Maersk, a pharmaceutical company, Merck, and a delivery and distribution company, TNT Express, a subsidiary of FedEx. Employees in the TNT Express offices faced displays of a … Read more

From the Spring 2018 Issue

Shifting Left: Secure Systems Engineering

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

macmillan-feature-image

The Shift Left principle1 is well known in software and systems development, particularly in relation to testing. It’s the idea of performing test activities earlier in the system development life cycle – developing test cases and procedures and performing incremental testing as code is being written. Ideally, test activities start even earlier than this, designing … Read more

From the Spring 2018 Issue

Crowdsourced Security – An Alternative to Pentesting?

Author(s):

Alex Haynes, Information Security Manager, Cheshire Data Systems Ltd.

cheshire-feature-image

Crowdsourced security programs have grown in popularity to the point where some enterprises have dispensed with traditional pentesting, using the crowdsourced model exclusively for auditing the security of their applications and infrastructure. What is Crowdsourced Security? Crowdsourced security methodologies invite a group of people (a crowd) to test an asset for vulnerabilities. The number of … Read more

From the Spring 2018 Issue

Architectural Security, the Ardennes, and Alfred the Great

Author(s):

Dr. David Archer, PhD, Principal Research Scientist, Galois, Inc.

archer-feature-image

Much of cyber defense today relies on the same approach used in kinetic defense over the last few thousand years. We use hard perimeters (firewalls) to repel attacks, sentries (IDSs) to trigger incident response, and carefully guarded entry points (VPNs, websites) to meet functional requirements (wait…security is still a non-functional requirement?). It is both a … Read more

From the Spring 2018 Issue

A (Very) Brief History of Pre-Computer Cryptography, Part 2

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

firestone feature image part 2

This is the second part of a two-part article exploring the history of pre-computer cryptography. Part 1 focused on the period from the birth of cryptography some 4,000 years ago to the development of early transposition and substitution ciphers. Part 2 looks at the emergence of cryptanalysis under the Abbasid Caliphate and goes through the … Read more

From the Spring 2018 Issue

,

Aberdeen Proving Ground Speaks on Cybersecurity

Author(s):

Caleb Townsend, Staff Writer, United States Cybersecurity Magazine

Feature image APG

  The trust put into any network is reliant on three main components: reliable hardware, strong software, and capable, aware people. Network trust, whether implicit or direct, is important for holding the fabric of any infrastructure together, especially during periods of distress or danger. The significant need for network trust especially applies to the cyber-realm, … Read more

From the Spring 2018 Issue

Cybersecurity Workforce Development: A Regional Model for the Nation

Author(s):

Kevin Nolten, Director of Academic Outreach, Cyber Innovation Center

Nolten feature image

To build the cyber-educated workforce capable of supporting the needs of government, industry and academia, communities across the country are adapting to the evolving economic and technological landscape. Louisiana, for example, has seen its economic base transform from one that was historically focused on oil and gas, agriculture and gaming, to a diversified 21st century … Read more

From the Spring 2018 Issue

Better than (Project) Zero: A Cybersecurity ROI Roadmap

Author(s):

Chris Castaldo, Senior Director of Information Security, 2U

castaldo feature image

Since 2014 the mission of Google’s Project Zero has been to make the Internet a more secure place through the discovery and responsible publishing of vulnerabilities. While Google works with vendors to ensure a patch is available before details of a vulnerability are released, nothing is actually made more secure until that patch is applied … Read more