From the Winter 2018 Issue

UNISQUATTING IDN HOMOGRAPH ATTACKS

Author(s):

Danny Gershman, Senior Director, Infrastructure Operations , SecurityScorecard, Inc.

Unisquatting (a portmanteau for Unicode cybersquatting) or the Internationalized Domain Name (IDN) homograph attack is a fairly new type of mechanism that builds on several other types of Domain Name System (DNS) address attacks. The typosquat (Uniform Resource Locator (URL) hijacking) attack relies on being able to register a domain name very closely resembling another … Read more

From the Winter 2018 Issue

Managing Cyber Risk for American Aviation

Author(s):

Dr. Scott Smurthwaite, PhD, Information System Security Engineer , Federal Aviation Administration

Subba Rao Pasala, System Administrator , Federal Aviation Administration

Thomas Beatty, Program Manager , Federal Aviation Administration

FAA header image

Chinese Hackers By 2010, it was clear that a persistent threat had infiltrated American public and private sector networks and was stealing sensitive data.  In January of that year, Google stopped offering its search engine in China, citing theft of proprietary code and onerous Chinese censorship.  Google also stated that it, along with more than … Read more

From the Winter 2018 Issue

Trustworthy IoT: Just Another Block in the Chain

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

Trustworthy IOT header image

Ah, the Internet.  It’s impossible to imagine life without it.  The ability to connect and interact has fundamentally changed and continues to change society.  We can exchange information and assets around the world nearly instantaneously.  We can see and examine physical objects and environments from afar.  We can exert control and monitor actions from opposite … Read more

From the Winter 2018 Issue

Blockchain: The Good, The Bad and The Ugly

Author(s):

Kris Martel, EVP of Operations, Chief Information Security Officer, Emagine IT

blockchain header

Ask an average person if they know what blockchain is and you’ll likely get a deer-in-the-headlights look. Ask the same person if they know about Bitcoin and their eyes light up. Cryptocurrencies, like Bitcoin, are the most widely recognized technologies leveraging blockchain today. Cryptocurrency markets dominate the media and many want to invest in them … Read more

From the Winter 2018 Issue

Can Your IT Systems Survive a CYBER ZOMBIE APOCALYPSE!

Author(s):

Christopher Grady, CTO, CyLogic, Inc.

CyLogic header image

Fundamental security controls you should implement this year; their widespread adoption would have prevented cybersecurity failures that made headlines over the past five years. Information System Security (INFOSEC) is a perception.  You can follow all the rules and best practices, implement the best technologies, check all of the boxes, and still get hacked.  While a … Read more

From the Winter 2018 Issue

Next Generation Security Assessment Methodology

Author(s):

Rick Mellendick, Chief Security Officer, PIAchievers

Next Generation Security

Why Organizations Need to Be More Than Just Compliant Enterprises across the industry-government-academia spectrum are struggling to balance the goals of improved security and regulatory compliance. Unfortunately, the two are not always compatible or aligned. Many organizations lack board level guidance when it comes to managing cybersecurity risk. As a result, many organizations expend resources … Read more

From the Winter 2018 Issue

Implementing Automated Cyber Defense

Author(s):

Scott Jasper, CAPT, USN (ret), Faculty, Naval Postgraduate School

Automated Cyber Defense image

Today, massive numbers of uncorrelated and unprioritized alerts overwhelm network security operations. Staff are unable to respond to breaches anywhere near real-time. Legacy architectures layer “best of breed” components for firewall, intrusion protection, web content filtering and antivirus protection, each of which generates a unique set of alerts. Additional devices only contribute to an ever … Read more

From the Winter 2018 Issue

The Cybersecurity Technical Workforce: Clarity Needed

Author(s):

Chad Carroll, Chief Strategy Officer, Chiron Technology Services, Inc.

Chiron Header Image

When the United States Government published the Comprehensive National Cybersecurity Initiative in 2008, cyber education was identified as a critical area of improvement. By 2010, the National Initiative for Cybersecurity Education (NICE) was created.  The NICE Team identified four distinct components of the cybersecurity education mission:  Awareness, Formal Education (K-20), WorkforceStructure (HR Framework), and Professional … Read more

From the Winter 2018 Issue

Closing the Gap: Supply Chain Risk Management

Author(s):

Christopher Jones, Senior IT Project Manager , CACI

Henry J. Sienkiewicz, Author,

Closing the Gap image

The growing sophistication of Information Technology (IT) and the proliferation of Internet of Things (IoT) devices continue to exacerbate vulnerabilities leading to cybersecurity risks. With the supply chain globalization and continued reliance on outsourcing, organizations depend heavily on diverse networks of partners and suppliers. Whether manufacturing sensors for industrial control systems (ICS) or developing software code, … Read more

From the Winter 2018 Issue

A (Very) Brief History of Pre-Computer Cryptography, Part 1

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

A brief History header image

This is the first part of a two-part article exploring the history of pre-computer cryptography.  Part 1 will focus on the period from the birth of cryptography some 4,000 years ago to the development of early transposition and substitution ciphers.  Part 2 looks at the emergence of cryptanalysis under the Abbasid Caliphate and goes through … Read more