_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 190 March 30, 2026 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Sven Dietrich's review of the book, "Securing Industrial Control Systems - Advanced Strategies and Technologies" by Mohammad Ashiqur Rahman, Syed Bahauddin Alam, Kishor Datta Gupta, Roy George, Sunzida Siddique, and Kazuma Kobayashi o News from the Media - AI Creates Teams of Hacking Agents - OpenClaw Bites the Hand that Serves It - The Citizen Hacker - Medical Tech Company Victim of Iranian Cyberattack - Department of State Protects the Homeland - AppArmor Hands Over Unauthenticated Policy Data - America First in Routers o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * Conference and Workshop Announcements * List of Computer Security Academic Positions, by Cynthia Irvine * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: Many of the papers accepted for the 2026 Security and Privacy Symposium are listed with title and authors at the event's web page: https://sp2026.ieee-security.org. They cover a broad range of topics, from "Fast Deterministically Safe Proof-of-Work Consensus" to "Transient Architectural Execution: From Weird Gates to Weird Programs", and "Searching for a Farang: Collective Security among Women in Pattaya, Thailand", and "MusicShield: Protection for Musicians in the Era of Generative AI". The conference runs from May 18-21 in San Francisco. A few of the papers address topics in use of AI, but we suspect that agentic AI is moving faster than even the most agile peer review systems. Unlike quantum computing, AI agents are moving at breakneck speed. These marvelous code generation systems will soon dominate the battle of good and evil on the computer security front. We predict that most research papers about security from here on will be about autonomous AI agents. Let's hope that the defensive side can move faster than the offensive side. One of the dangers of these systems is the immense amount of computing power being put in place to support them. An evil collection of AI agents can rip through widespread password guessing, zero day probing, exfiltration, and other malicious tasks with unprecedented speed. It is not necessary to for an individual to acquire resources for these tasks, the resources are part of the AI systems. Of course, vendors and governments will try to prevent use of the systems for evil purposes, but that will simply be part of a game in which AI is used to design evasions of AI policing. New Wars, Time to Dust Off Old Songs Over there, over there, Send the prompt, send the prompt over there -- The the AIs are coming, The AIs are coming, Agents intel summing, Ev'rywhere. So prepare, kill malware, Send the prompt, send the prompt to beware. AIs will be over, AIs are coming over, And they're staying even if it's over, Over there. (with apologies to George M. Cohan and everyone affected by wars, then, now, and future) Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Reviewer Mar 30, 2026 ____________________________________________________________________ "Securing Industrial Control Systems - Advanced Strategies and Technologies" by Mohammad Ashiqur Rahman, Syed Bahauddin Alam, Kishor Datta Gupta, Roy George, Sunzida Siddique, and Kazuma Kobayashi Springer Verlag, 2026 ISBN ISBN-13: 978-3-032-03017-7 (softcover), ISBN-13: 978-3-032-03018-4 (ebook) xx + 544 pages, 1st edition, January 2026 Besides the big world of the Internet that we surf in every day, there is also a set of industrial networks connecting power plants, electrical power grids, pipelines, water supply systems, manufacturing plants, transportation systems, and more. Some of them are indeed connected to the open Internet, while others are air-gapped. Generally called industrial control systems (ICS) and covering multiple industries, there is a subset called supervisory control and data acquisition (SCADA) systems, for example, for dealing with programmable logic controllers (PLCs). Industrial Control Systems are still a playground for hackers of all kinds, the systems are by no means shielded from the mischief that happens on the open Internet (or even the Dark Web). The ICS systems have been the target of many attacks over the years, including the Stuxnet attack on the Natanz uranium enrichment plants in the late 2000s, the attack on the Colonial pipeline in the US in 2021, the German steel mill blast furnace attack in 2014, and the Brazil power grid attack in 2005. Some of these network-based attacks resulted in severe physical damage of the target infrastructure, while other were held at ransom while services were being denied to legitimate customers or clients. We live in a world where those attacks can and will affect our daily lives. This 500-page book provides insights into this world of ICS with the perspective of securing the infrastructure and suggesting strategies for doing so. The book is divided into 17 chapters that address various foundational aspects as well as practical approaches for strengthening, analyzing, and understanding ICS, plus an appendix and a set of comprehensive references. The chapters are mostly self-contained essays with color diagrams, tables, and (pseudo-)code snippets, but the references are shared at the end of the book across all chapters, rather than at the end of the chapters. The first chapter on "Comprehensive Overview of Industrial Control Systems ICS: Evolution, Components, and Security Challenges" gives an overview of the field of ICS, with its terminology, architectures, requirements, impact, and various components that make it distinct from other setups. The second chapter "SCADA Systems in Industrial Control: Cloud Connectivity, Security Protocols, and Architectural Design" focuses on the SCADA world mentioned earlier. Here the reader will find the specific scenarios for SCADA, learn about (Programmable Logic Controllers) PLCs, RTUs (Remote Terminal Units), and HMIs (Human-Machine Interfaces), and related security contexts. The third chapter "Understanding Communication and Protocols in ICS: Securing Network Infrastructure and Data Exchange" shifts the interest towards the network communication in ICS and the protocols in use across various industries. Here the reader will learn about ModBus, Distributed Network Protocol (DNP3), EtherCAT, and ProfiNet among others. The fourth chapter "Exploring Industrial Automation Systems: Security Strategies, Optimization of Control Mechanisms, and AI Integration" looks at automation systems, with the context of sensory setups, various hardware components, and mechanical setups for automation in industry. The automation details are augmented with some angles on integrating Artificial Intelligence into those processes. The fifth chapter "Mitigating the ICS Attack Surface: Identifying Attack Vectors, Reducing Vulnerabilities, and Security Mapping Techniques" delves deeper into the security aspect, namely the attack surface of ICS. The reader gains insights into what the attack methods are and how they can be mitigated. The sixth chapter "Network Segmentation in Industrial Operations: Enhancing ICS Security Through Threat Mitigation and DNS Leak Prevention" goes deeper into techniques for mitigation the attack surface by using architectural changes, namely network segmentation. The seventh chapter "Comprehensive Overview of Field Devices in ICS: Protocol Management, Security Challenges, and Lifecycle Optimization" looks at field devices, such as those using ModBus, explores LabView for analyzing protocols, and considers strategies for protecting ICS. The eighth chapter "Exploring Supervisory Systems Security Threats: Legacy SCADA Vulnerabilities, Communication Protocols, and System Security Strategies" provides a taxonomy of threats for legacy SCADA systems and their protocols. The ninth chapter "Assessing Supervisory Systems Security Threats: Mitigating Sectoral Risks, Addressing Insider Threats, and Designing Human-Centric Security Solutions" explores insider threats and well as Advanced Persistent Threats (APTs), one of the more sophisticated threats on the Internet that also impacts ICS. APTs tend to be originated by nation-state actors and are often aimed at critical infrastructures, such as those manages by ICS. The tenth chapter "Controller Security Threats: Mitigating Advanced Persistent Threats (APTs), Enhancing Authentication, and Securing Control Architectures" goes further in evaluating advanced threat techniques like zero days, such as those used by APTs and mitigating them. Here the reader will learn about filtering techniques and more advanced authentication mechanisms such as MFA. The eleventh chapter "Building ICS Cyber Resilience: AI and Machine Learning Strategies, System Hygiene Practices, and Secure Smart Grid Frameworks" covers practical solutions for making ICS more resilient. The reader will find out about SIEM, Active Directory, and AI-related defenses. The twelfth chapter "Strengthening ICS Attack Resiliency: Advanced Incident Response, Threat Intelligence, and Cyber-Physical Systems Monitoring" moves the reader into considering evaluation techniques for the resilient ICS environment that they have, adhering to the NIST cybersecurity frameworks. The thirteenth chapter "ICS Security Requirements: Cybersecurity Frameworks, Incident Response Strategies, and IoT Device Compliance" continues to address the defense mechanisms for ICS, including perspectives on Internet of Things. The fourteenth chapter "Static Defense Strategies for ICS: Prioritizing Patch Management, Defense-in-Depth Approaches, and Regulatory Compliance" covers static defense strategies, regulatory compliance (e.g. NERC CIP or HIPAA), and layered security measures for ICS. The fifthteenth chapter "Intrusion Detection Systems (IDS) in ICS: Supervisory Frameworks, Signature Versus Anomaly-Based Detection, and Architectural Design" covers the classical intrusion detection systems (IDSs), both host and network-based including hybrid variants, plus the intrusion prevention systems that enhance the IDSs into proactive mode rather than pure detection. The sixteenth chapter "Common Cyberattacks, Cryptographic Key Management, and Host-Based Mitigation Strategies" explores recovery techniques from known attacks and helps the reader to understand the impact of such attacks. There is also information about how Public Key Infrastructure helps in defending against these attacks. The seventeenth and last chapter "Some Case Studies of Industry Control System" talks about the attacks mentioned earlier in this review, helping the reader understand the impact and outcomes of the various attacks (to the extent that is disclosed publicly) and the lessons learned. The appendix covers terminology and definitions for ICS and the security context. Rahman et al. have created this book as a series of chapters or self-contained essays of many aspects of ICS security, covering strategies for defending against increasingly challenging attacks. The book is aimed at security professionals working in the field of ICS, but it is also beneficial to those security researchers and analysts who want to learn how different the ICS and SCADA world is compared the the "regular Internet." While some of the chapters seem to be repetitive at times, it helps the reader focus on the material without having the flip pages too much. I enjoyed reading this book for new insights into a different yet fascinating world. ------------------------------------------------------------- Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org. ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ----------------------------------------------------------------------- AI Creates Teams of Hacking Agents Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign Publisher: The Hacker News https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html Date: November 14, 2026 By: Ravie Lakshmanan Summary: Anthropic may have disagreements with the US Government, but last September it helped to reveal the urgency of protecting computer systems against agentic AI systems. The company discovered that its AI system, Claude, acting as several different "agents", carried out a sophisticated cyberattack against multiple targets last September. The human attackers benefited from the ability of the software agents to act quickly and cooperatively in carrying out an attack. Human intervention occurred only at strategic junctures. "Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right set up, analyzing target systems, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human operator. Less experienced and less resourced groups can now potentially perform large-scale attacks of this nature." Anthropic has taken steps to detect and prevent similar exploits, but it does appear that the genie has escaped the bottle. ----------------------------------------------------------------------- OpenClaw Bites the Hand that Serves it ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Publisher: The Hacker News https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html Date: Feb 28, 2026 By: Ravie Lakshmanan Summary: The OpenClaw AI Agent included a vulnerability that could be used by an attacker running a website that might be visited by someone running an OpenClaw system. Because OpenClaw uses a local websocket server protected only by a password, the remote system can use high-speed password guessing to gain a trusted connection back to OpenClaw user's local machine. The problem was patched within a day of notification to OpenClaw. Protecting something as mundane as a network connection might have been far below the radar of OpenClaw engineers because they have put effort into protecting against attacks that might be enabled by their core capability: user provided instructions for AI agents trained on the user's personal, local, activities. Those instructions might contain malicious code, and OpenClaw has tried to assure that they detect such code through tools such as VirusTotal (see https://thehackernews.com/2026/02/openclaw-integrates-virustotal-scanning.html). ----------------------------------------------------------------------- The Citizen Hacker Trump Calls On Private Companies to Take On a Bigger Role in Cyber In his National Cybersecurity Strategy, President Trump sought an expanded role for private firms in cyberwarfare. He did not take on China or Russia in the document. Publisher: The New York Times https://www.nytimes.com/2026/03/06/us/politics/trump-cybersecurity-strategy.html Date: March 6, 2026 By: Adam Sella Summary: The White House issued a brief statement with the National Cybersecurity Strategy. The seven page document seems to encourage private companies to conduct cyberattacks against American enemies, something that is not currently allowed. "We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities." Other notable excerpts: "We will promote the adoption of post-quantum cryptography ..." This is an expensive undertaking and worthwhile only if quantum computing succeeds. Another part of the report emphasizes commitment to quantum computing development. "We will work to adopt AI-powered cybersecurity solutions ..." Cyber criminals are working now to adopt AI-powered cyberattack capabilities. Presumably the call for acting against our cybersecurity enemies will include similar US activities. The National Cybersecurity Strategy document is at https://www.whitehouse.gov/wp-content/uploads/2026/03/President-Trumps-Cyber-Strategy-for-America.pdf ----------------------------------------------------------------------- Medical Tech Company Victim of Iranian Cyberattack Iran appears to have conducted a significant cyberattack against a U.S. company, a first since the war started The company, Stryker, said a cyberattack disrupted its "Microsoft environment." https://www.nbcnews.com/world/iran/iran-appears-conducted-significant-cyberattack-us-company-first-war-st-rcna263084 Publisher: NBC News Date: March 11, 2026 By: Kevin Collier Summary: An Iranian hacker group, Handala, claimed responsibility for a cyberattack on a medical tech company, Stryker. The company suffered disruption of its employee phones and loss of data. This was the first report of a cyberattack during the US-Iran war. Other cyber activity by Iranian groups had been for intel gathering. ----------------------------------------------------------------------- Department of State Protects the Homeland State Department launches effort to counter cyberattacks, AI risks from Iran, others Officials detailed the Bureau of Emerging Threats exclusively to ABC News. Publisher: ABC News https://abcnews.com/Politics/state-department-launches-effort-counter-cyberattacks-ai-risks/story?id=131265350 Date: March 23, 2026 By: Shannon K. Kingston Summary: A year ago Secretary of State Marco Rubio announced an overhaul to the department that would include the Bureau of Emerging Threats. Recently, the structure of new Bureau was described as having five offices: the Office of Cybersecurity, the Office of Critical Infrastructure Security, the Office of Disruptive Technology, the Office of Space Security and the Office of Threat Assessment. A spokesman for the Department said that the Bureau would address both current and future challenges posed by disruptive technology. ----------------------------------------------------------------------- AppArmor Hands Over Unauthenticated Policy Data Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation Publisher: The Hacker News https://thehackernews.com/2026/03/nine-crackarmor-flaws-in-linux-apparmor.html Date: Mar 13, 2026 By: Ravie Lakshmanan /n Summary: The Qualys Threat Research Unit (TRU) said that they identified flaws in the Linux security module AppArmor. The module helps isolate applications from each other by enforcing a mandatory access control (MAC) policy. The flaws allow privilege escalation by unauthorized parties. /n "The problem affects all Linux kernels since version 4.11 on any distribution that integrates AppArmor. With more than 12.6 million enterprise Linux instances operating with AppArmor enabled by default in several major distributions, such as Ubuntu, Debian, and SUSE, immediate kernel patching is advised to mitigate these vulnerabilities." /n The flaws are instances of "... the 'Confused deputy' problem, in which an attacker misuses the authority of one victim (the 'confused deputy') to use that victim's legitimate (restricted) capabilities to target another victim." In this case, the AppArmor module is the Confused Deputy, forwarding attacker-crafted data that cause security profiles to be bypassed. ----------------------------------------------------------------------- Everything You Need to Know About the Foreign-Made Router Ban in the US The FCC just banned the sale of new consumer-grade Wi-Fi routers manufactured outside the US. Here’s what it means for you. Publisher: Wired https://www.wired.com/story/us-government-foreign-made-router-ban-explained Date: Mar 24, 2026 By: Simon Hill Summary: Sales of Internet routers, the kind that ordinary consumers have in their homes, will be restricted by new rules announced by the Federal Communications Commission (FCC). Routers made outside the US will only be sold to US consumers if the manufacturers applies for and receivers a waiver to the "no foreign routers" policy. This does not affect routers that have already been purchased. The policy has a FAQ page, see (https://www.fcc.gov/faqs-recent-updates-fcc-covered-list-regarding-routers-produced-foreign-countries) Most routers are manufactured outside the US or have foreign parts, so the policy might result in a shortage of consumer routers, at least until manufacturers can adapt to it. Concern about security and routers is not new, but the reasons for imposing the ban at this time are not known. There has been talk of banning TP-Link routers because of the company's link to China. They have been accused of allowing Chinese government access to their routers and of flooding the market with underpriced devices. Their manufacturing is in Viet Nam. ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Date (Month/Day/Year), Event, Locations, web page for more info. IEEE Transactions on Privacy, https://www.computer.org/csdl/journals/pr Submission date: On-going SciSec 2026 8th International Conference on Science of Cyber Security, Beijing, China, May 29 - 31, 2026. https://scisec.org/ Submission date: 31 March 2026 SSS 2026 28th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Gothenburg, Sweden, October 9-11, 2026. https://sss2026-submission.limos.fr/ Submission date: 31 March 2026, 15 May 2026, and 15 July 2026 APF 2026 Annual Privacy Forum 2026, Salzburg, Austria, September 9-10, 2026. https://privacyforum.eu/ Submission date: 1 April 2026 AI-SS 2026 1st International Workshop on AI Safety and Security, Co-located with the 21st European Dependable Computing Conference (EDCC 2026), Canterbury, UK, April 7, 2026. https://cyber.kent.ac.uk/events/AI-SS2026/ DCS-CI 2026 International Conference on Design of Cyber-Secure Critical Infrastructure, Buford, Georgia, USA, September 2 - 3, 2026. ttps://icsc-conference.org/2026/ Submission date: 13 April 2026 ICSC 2026 Intelligent Cybersecurity Conference, Abu Dhabi, UAE, September 15 - 18, 2026. https://icsc-conference.org/2026/ Submission date: 15 April 2026 SECRYPT 2026 23rd International Conference on Security and Cryptography, Porto, Portugal, July 16 - 18, 2026. https://secrypt.scitevents.org/ Submission date: 16 April 2026 ESORICS 2026 31st European Symposium on Research in Computer Security, Rome, Italy, September 21 - 25, 2026. https://sites.google.com/di.uniroma1.it/esorics2026/home Submission dates: 9 January 2026 and 21 April 2026 ACM CCS 2026 33rd ACM Conference on Computer and Communications Security, Hague, The Netherlands, November 15-19, 2026. https://www.sigsac.org/ccs/CCS2026/call-for/call-for-papers.html Submission date: 7 January 2026 and 22 April 2026 HOST 2026 19th IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC, USA, May 4-7, 2026. https://host.conferences.computer.org/2026/ SSS 2026 28th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Gothenburg, Sweden, October 9-11, 2026. https://sss2026-submission.limos.fr/ Submission date: 31 March 2026, 15 May 2026, and 15 July 2026 EDId 2026 3rd International Workshop on Emerging Digital Identities, Co-located with the 21st International Conference on Availability, Reliability and Security (ARES 2026), Linkšping, Sweden, August 24-27, 2026. https://www.ares-conference.eu/edid Submission date: 18 May 2026 SP 2026 47th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 18-21, 2026. https://sp2026.ieee-security.org/cfpapers.html SciSec 2026 8th International Conference on Science of Cyber Security, Beijing, China, May 29 - 31, 2026. https://scisec.org/ APWG eCrime 2026 21st Symposium on Electronic Crime Research, Lisbon, Portugal, November 2 - 6, 2026. https://apwg.org/events/ecrime2026 Submission date: 30 May 2026 ACM ASIACCS 2026 21st ACM ASIA Conference on Computer and Communications Security, Bangalore, India, June 1-5, 2026. https://asiaccs2026.cse.iitkgp.ac.in/call-for-papers/ ICBC 2026 8th IEEE International Conference on Blockchain and Cryptocurrency, Brisbane, Australia, June 1-5, 2026. https://icbc2026.ieee-icbc.org/ AMASS 2026 Workshop on Advances in Malware Analysis and Software Security, Held in conjunction with ACM ASIACCS, Bangalore, India, June 2, 2026. https://sites.google.com/view/amass2026/home CODASPY 2026 16th ACM Conference on Data and Application Security and Privacy, Frankfurt am Main, Germany, June 23 - 25, 2026. https://www.codaspy.org/2026/ IWSPA 2026 12th ACM International Workshop on Security and Privacy Analytics, Held in conjunction with the 16th ACM Conference on Data and Application Security and Privacy (CODASPY 2026), Frankfurt am Main, Germany, June 24, 2026. https://sites.google.com/view/iwspa-2026/ SaT-CPS 2026 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, Held in conjunction with the 16th ACM Conference on Data and Application Security and Privacy (CODASPY 2026), Frankfurt am Main, Germany, June 25, 2026. https://sites.google.com/view/sat-cps2026/ ACM WiSec 2026 19th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Saarbrucken, Germany, June 30 - July 3, 2026. https://wisec26.events.cispa.de/ SSS 2026 28th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Gothenburg, Sweden, October 9-11, 2026. https://sss2026-submission.limos.fr/ Submission date: 31 March 2026, 15 May 2026, and 15 July 2026 SECRYPT 2026 23rd International Conference on Security and Cryptography, Porto, Portugal, July 16 - 18, 2026. https://secrypt.scitevents.org/ PETS 2026 26th Privacy Enhancing Technologies Symposium, Calgary, Canada, July 20-25, 2026. https://petsymposium.org/cfp26.php CSF 2026 39th IEEE Computer Security Foundations Symposium, Colocated with FLoC 2026, Lisbon Portugal, July 26-29, 2026. https://csf2026.ieee-security.org/ DFRWS-USA 2026 26th Digital Forensics Research USA Conference, Arlington, Virginia, USA, July 27 - 30, 2026. https://dfrws.org/call-for-papers-is-open-for-dfrws-usa-2026/ CSR 2026 IEEE International Conference on Cyber Security and Resilience, Lisbon, Portugal, August 3 - 5, 2026. https://www.ieee-csr.org/ USENIX Security 2026 35th USENIX Security Symposium, Baltimore, MD, USA, August 12-14, 2026. https://www.usenix.org/conference/usenixsecurity26 EDId 2026 3rd International Workshop on Emerging Digital Identities, Co-located with the 21st International Conference on Availability, Reliability and Security (ARES 2026), Linkšping, Sweden, August 24-27, 2026. https://www.ares-conference.eu/edid DCS-CI 2026 International Conference on Design of Cyber-Secure Critical Infrastructure, Buford, Georgia, USA, September 2 - 3, 2026. https://dcs-ci.github.io/ ICDF2C 2026 17th EAI International Conference on Digital Forensics & Cyber Crime, Reykjavik, Iceland, September 8 - 10, 2026. https://icdf2c.eai-conferences.org/2026/ APF 2026 Annual Privacy Forum 2026, Salzburg, Austria, September 9-10, 2026. https://privacyforum.eu/ SCN 2026 15th International Conference on Security and Cryptography for Networks, Amalfi (SA), Italy, September 14 - 16, 2026. https://scn.unisa.it/ ICSC 2026 Intelligent Cybersecurity Conference, Abu Dhabi, UAE, September 15 - 18, 2026. https://icsc-conference.org/2026/ ESORICS 2026 31st European Symposium on Research in Computer Security, Rome, Italy, September 21 - 25, 2026. https://sites.google.com/di.uniroma1.it/esorics2026/home SSS 2026 28th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Gothenburg, Sweden, October 9-11, 2026. https://sss2026-submission.limos.fr/ APWG eCrime 2026 21st Symposium on Electronic Crime Research, Lisbon, Portugal, November 2 - 6, 2026. https://apwg.org/events/ecrime2026 ACM CCS 2026 33rd ACM Conference on Computer and Communications Security, Hague, The Netherlands, November 15-19, 2026. https://www.sigsac.org/ccs/CCS2026/call-for/call-for-papers.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE European Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Thorsten Holz Trent Jaeger Faculty Member Associate Professor CISPA Helmholtz Center for Pennsylvania State University Information Security https://www.cse.psu.edu/~trj1 tcchair at ieee-security.org sp24-chair@ieee-security.org Vice Chair: Treasurer: Alvaro Cardenas Yong Guan Professor Professor University of California, Department of Electrical and Computer Santa Cruz Engineering tcchair at ieee-security.org Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor: Security and Privacy Symposium, 2025 Chair: Hilarie Orman Marina Blanton Purple Streak, Inc. Associate Professor 500 S. Maple Dr. University at Buffalo Woodland Hills, UT 84653 sp25-chair at ieee-security.org cipher-editor@ieee-security.org TC Awards Chair: Tegan Brennan Assistant Professor Stevens Institute of Technology tbrenna5 at stevens.edu ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year --=====================_purplestreak_932242421235479791===--