A team of researchers from Georgia Institute of Technology recently developed a new form of ransomware that could take over control of water treatment plants. The simulated hacking exercise was able to command programmable logic controls (PLCs) to shut down water valves, increase or decrease the amount of chemicals used to treat water, and churn out false readings.

According to the researchers, simulations were conducted to highlight the vulnerabilities in critical infrastructure. This research comes at a time when cyber security concerns have reached a high point in light of recent cyber attacking and hacking attempts across the globe.

Cyber attacks go far beyond the acquisition of emails and corruption of websites. Any establishment with PLCs is, in theory, vulnerable to hacking. This could range from water infrastructure, as demonstrated here, to electrical dependency.

(more…)

Image: CSAW, CC BY-ND

Each morning seems to bring new reports of hacks, privacy breaches, threats to national defense or our critical infrastructure and even shutdowns of hospitals. As the attacks become more sophisticated and more frequently perpetrated by nation-states and criminal syndicates, the shortage of defenders only grows more serious: By 2020, the cyber security industry will need 1.5 million more workers than will be qualified for jobs.

In 2003, I founded Cyber Security Awareness Week (CSAW) with a group of students, with the simple goal of attracting more engineering students to our cyber security lab. We designed competitions allowing students to participate in real-world situations that tested both their knowledge and their ability to improvise and design new solutions for security problems. In the past decade-plus, our effort has enjoyed growing interest from educators, students, companies and governments, and shows a way to closing the coming cyber security workforce shortage.

Today, with as many as 20,000 students from around the globe participating, CSAW is the largest student-run cyber security event in the world. Recruiters from the U.S. Department of Homeland Security and many large corporations observe and judge each competition. (Registration for this year’s competition is still open for a little while.)

(more…)

Discussing the importance of cyber security

While cyberwar may sound like the plot of the latest sci-fi blockbuster, the realities of the phenomena are much more palpable. Few understand that better than Yaw Obeng, ECS member and senior scientist at the U.S. Department of Commerce’s National Institute of Standards and Technology.

In light of the 2014 hack on Sony Pictures, the suspected Russian hacking of U.S. Democratic National Committee emails, and the data breach of the U.S. government, in which the personal information of 21.5 million government employees was leaked, the scientists at NIST – specifically researchers like Obeng – have been shifting their attention to cyber security.

“Right now, everything that can be attached to the internet has been attached to the internet – right down to toothbrushes,” says Obeng, ECS Dielectric Science and Technology Division chair. “The question then becomes: How do we make sure that these devices are secure so they cannot be hijacked or compromised?”

(MORE: Read Obeng’s paper on this topic published in ECS Transactions.)

The answer to that question, however, may not be as simple as some would hope.

(more…)