IEEE Computer Society Cipher --- Items from security-related news (E143)

  • CERIAS Celebrates a Score
    CERIAS Marks 20 Years
    By Gene Spafford

    CERIAS at Purdue University is celebrating its 20th anniversary this year, as a leading center of innovation in education and research. We'd like to invite friends and colleagues - old and new - to attend our annual symposium and celebration, April 3 & 4. There will be a no-cost workshop on cyberphysical research held the day before for symposium attendees who wish to attend.

    Registration and other details about the symposium are available at Note that anyone with a ".edu" can register at no charge.

  • Blame it on Russia (The US and UK do!)
    US joins UK in blaming Russia for NotPetya cyber-attack
    The Guardian
    By Sarah Marsh
    Feb 15, 2018

    The White House and Downing Street announced that they believe that Russia was responsible for a ransomware attack that cost the world more than a billion dollars by rendering computers useless due to loss of access to their files. The attack may have been meant to target the Ukraine, but it spread far and wide after its inception in June of 2017. The British defence secretary called it "a new era of warfare" (perhaps showing that he hadn't been paying attention until recently).

  • Mid-term elections cause a rash of fretting
    State elections officials fret over cybersecurity threats
    The Washington Post
    By Michelle Ye Hee Lee
    Feb 17, 2018

    The Department of Homeland Security is taking steps to assure that state election officials can know about the software threats facing them during midterm elections this year. Nonetheless, at a recent conference of state secretaries of state, there were complaints that the federal government was too reticent in its information sharing efforts. While it is known that Russians tried to access voter information in 21 states, some state officials feel that they do not have a clear picture of the threats and how to counteract them. In other states, even simple steps to add safeguards to voter information systems are stymied by the fact that not all election precincts have smartphones and Internet access.

  • Secure Voting Machines, My Foot
    The Myth of the Hacker-Proof Voting Machine
    By Kim Zetter
    The New York Times
    Feb 21, 2018

    When an election board in a rural Pennsylvania county hired a computer science expert to analyze a problem with the touchscreens on voting machines, they did not expect to find that the machines had remote access software installed. In fact, the software was present, and it had been installed by contractor for the county who worked from home. His convenience was a security nightmare because it was a way for hackers to gain access and control the machine. Fortunately, there was no evidence of that happening, but it underscored the severe difficulties that plague the thousands of precincts that have no way to properly safeguard the voting machines, if indeed there is anyway to completely safeguard them.

  • Russia, turn off the lights!
    US accuses Russia of cyber-attack on energy sector and imposes new sanctions
    By Julian Borger
    The Guardian
    Mar 15, 2018

    According to US officials, in March of 2016 Russia began a concerted cyber-attack to conduct surveillance on the management of US energy grid. The campaign used spear phishing attacks to learn passwords and other access methods, followed by installation of remote monitoring software. The FBI and Homeland Security feel certain that the actions were conducted by the Russian government. The US industrial control systems have been the subject of years of security analysis and recommendations, and this recent hacking shows the importance of moving to secure all critical systems immediately.