Ideas, Learning, and Resources for Cybersecurity Awareness Month 2021

IEEE Computer Society Team

Published 10/01/2021

Share this on:

Cybersecurity Month If there is one thing we all have learned from the pandemic is how accessible and scalable the internet has become for us to pursue all aspects of our lives. This monumental shift in the way we live our lives has increased the importance of privacy and security. With increased connectivity brings the need for greater awareness.

October is Cybersecurity Awareness Month. The IEEE Computer Society encourages everyone to take some time to reflect on the many new and persistent threats that challenge the computing industry and our everyday lives. Make sure your company and personal practices stay cyber secure. Bookmark this page as it will be updated daily with a countdown of new ideas, learning, and resources to keep you informed!

IEEE Computer Society’s Resources for Cybersecurity Awareness Month 2021

31. Exploiting Security Dependence for Conditional Speculation Against Spectre Attacks

Speculative and out-of-order execution are fundamental techniques to exploit instruction-level parallelism (ILP) in modern high-performance processors. In typical handling of mis-speculation, the pipeline states, such as integer and floating registers, are rolled back to the fault instructions. However, some microarchitecture states, such as cache contents, are usually not reverted, since such negligence does not violate the architectural semantics. Unfortunately, recently exposed Spectre and Meltdown, which are of speculative execution side-channel vulnerabilities, have revealed the security hazards of neglecting those unrecovered micro-architectural states.

Continue reading to learn how these attacks exploit speculative execution and induce a victim to speculatively perform operations that would not occur during correct program execution.

Abstract
Speculative execution side-channel vulnerabilities such as Spectre reveal that conventional architecture designs lack security consideration. This article proposes a software transparent defense framework, named as Conditional Speculation, against Spectre vulnerabilities found on traditional out-of-order microprocessors. It introduces the concept of security dependence to mark speculative memory instructions which could leak information with potential security risks. More specifically, security-dependent instructions are detected and marked with suspect speculation flags in the Issue Queue. All the instructions can be speculatively issued for execution in accordance with the classic out-of-order pipeline. For those instructions with suspect speculation flags, they are considered as safe instructions if their speculative execution dose not refill new cache lines with unauthorized privilege data. Otherwise, they are considered as unsafe instructions and thus not allowed to execute speculatively. To pursue a balance of performance and security, we investigate two filtering mechanisms, Cache-hit-based Hazard Filter and Trusted Page Buffer-based Hazard Filter to filter out false security hazards. As for true security hazards, we have two approaches to prevent them from changing cache states. One is to block all unsafe access, the other is to fetch them from lower-level caches or memory to a speculative buffer temporarily, and refill them after confirming that they are on the correct execution path. Our design philosophy is to speculatively execute safe instructions to maintain the performance benefits of out-of-order execution while delaying the cache updates for speculative execution of unsafe instructions for security consideration. We evaluate Conditional Speculation in terms of performance, security, and area. The experimental results show that the hardware overhead is marginal and the performance overhead is minimal.

“Exploiting Security Dependence for Conditional Speculation Against Spectre Attacks” in IEEE Transactions on Computers, vol. 70, pp. 963-978, July 2021.

doi: 10.1109/TC.2020.2997555

Authors: Lutan Zhao, Peinan Li, Rui Hou, Michael C. Huang, Peng Liu, Lixin Zhang, Dan Meng

30. SE Radio Ep 467 Dynamic Application Security Testing

Listen to host Justin Beyer and guest Kim Carter discuss dynamic application security testing (DAST) and how the OWSAP purpleteam project can improve early defect detection. As you join in, they will dive into how DAST provides meaningful feedback loops for developers to improve code, push generation testing, and detect higher-level vulnerabilities.

29. Do Data Almost Always Eventually Leak?

The father of digital communications and information theory, Claude Shannon, proposed that digital information can be transmitted without error. Shannon published his Information Theory in 1948 and proved communications channels have a maximum capacity for reliably transmitting information. Once the transmission rate threshold is surpassed, there will always be a percentage of loss. This suggests there is an inevitable loss, or leak, of information.

Continue reading Norita Ahmad’s Do Data Almost Always Eventually Leak? to learn more about the differences between information and data, and the impact of data leaks on data security.

Abstract
Shannon’s information theory states that there is a maximum rate for transmitting data reliably, implying that data almost always inevitably leak. Although there has been advancement in data protection technologies, a lack of understanding about data leaks and human error persists.

“Do Data Almost Always Eventually Leak” in Computer, vol. 54, pp. 70-74, Feb 2021.

doi: 10.1109/MC.2020.3041880

Author: Norita Ahmad

28. Chipless RFID Circumvents the Limitations of Barcode Scanning

The chipless RFID technology is a major breakthrough in overpowering the margins and limitations of conventional RFID systems as it excludes the expenses associated with the silicon IC spall in the circuit. Additionally, chipless RFID can be printed and this way, it is resilient even to adverse climatic conditions.

It can also be embossed on metal carafes and flagons containing liquids. In a nutshell, chipless RFID can now be extensively used in applications that couldn’t be carried off before with its traditional counterparts.

Continue reading to learn more how advances in RFID technology is circumventing traditional barcode scanning.

27. Biometrics and Privacy-Preservation: How Do They Evolve?

Biometrics are the traits of human body characteristics and behavior. From a cryptographic perspective, biometrics possess properties that make them suitable as an authentication factor; they cannot be forgotten like a password or pin, and they can’t be lost or stolen like a token. Biometrics can help address the inherent security weakness of cryptography in identifying a genuine user. However, biometrics themselves are limited and will be a permanent loss if compromised. Also, the privacy of biometrics are subject to the protection of legal regulations. Therefore, there is a paradigm shift towards privacy-preserving biometrics authentication technology, which has the potential to address these concerns. Continue reading.

Abstract
The emerging field of privacy-preserving biometrics is attracting significant attention, as a paradigm that can address several of the key concerns in cryptographic authentication processes, whilst simultaneously addressing the issues of privacy. This paper contributes to the understanding of the field from following perspectives: (1) It proposes a novel and comprehensive taxonomy of privacy-preserving biometrics for the classification of the knowledge/existing literature in the field. (2) It provides a taxonomy-guided literature survey. (3) Open research problems/future works are discussed. (4) As the techniques used in privacy-preserving biometric authentication systems rely upon, or integrate with, general biometric matching techniques, a taxonomy and summary of the state-of-art biometrics matching techniques has also been developed. Such system-level knowledge organization will help produce excellent self-contained contents of reference materials for researchers in both the biometrics community and cryptography community who would otherwise have difficulty in understanding the relevant materials from the other community.

“Biometrics and Privacy-Preservation: How Do They Evolve” in IEEE Open Journal of the Computer Society, vol. 2, pp. 179-191, 2021.

doi: 10.1109/OJCS.2021.3068385

Authors: Quang Nhat Tran, Benjamin P. Turnbull, Jiankun Hu

26. Are We Preparing Students to Build Security In? A Survey of European Cybersecurity in Higher Education Programs [Education]

Industry and government agencies have been using encryption to protect data and other sensitive information in communications and technology networks for several decades. Only in the last 10 to 20 years have people started discussing the concept of “security built in.” This article looks to answer questions around the preparedness of Master’s students to “build security in” and further the field of security. Continue reading.

Abstract
We present a review of European master of science programs in cybersecurity and reflect on the presence (and lack) of knowledge and skills needed to build security in.

“Are We Preparing Students to Build Security In? A Survey of European Cybersecurity in Higher Education Programs” in IEEE Security & Privacy, vol. 19, pp. 81-88, Jan-Feb 2021.

doi: 10.1109/MSEC.2020.3037446

Authors: Nicola Dragoni, Alberto Lluch Lafuente, Fabio Massacci, Anders Schlichtkrull

25. Are Your Company Software Tools Secure? 5 Reasons to Make Security a Priority

The pandemic has seen a major shift in the workforce. More employees are accessing business-related emails and completing their work from their homes. This is increasing the opportunity for hackers and malware to take advantage of employees as they work from less secure home locations.

Continue reading to learn the five reasons to make cybersecurity a priority in your organization.

24. Over the Rainbow – Episode 1

Susan Landau is Bridge Professor in Cyber Security and Policy at The Fletcher School and the School of Engineering, Department of Computer Science, Tufts University as well as Visiting Professor, Department of Computer Science, University College London. She works at the intersection of cybersecurity, national security, law, and policy.Our conversation with Prof. Landau ranges from the importance of technical communication on matters of risk to interactions and trade-offs among safety, privacy, and other public goods, as well as what it’s like to build a career in public policy, security, privacy, and technology.

Listen to episode 1 of Over the Rainbow podcast

23. How to Protect Your Online Store From Cyber Attacks

Cyberattacks are on the rise. Last year Amazon Web Service was hit with a distributed denial of service (DDoS) attack with large amounts of data being stolen. We continue to see the number of cyberattacks increase as our post-covid world relies heavily on the internet to execute personal and professional aspects of our lives. Continue reading to learn how you can protect your private information.

22. HOST 2021 Accepted Papers available

The rapid proliferation of computing and communication systems with increasing computational power and connectivity into every sphere of modern life has brought security to the forefront of system design, test, and validation processes. The emergence of new application spaces for these systems in the internet-of-things (IoT) regime is creating new attack surfaces as well as new requirements for secure and trusted system operation. Additionally, the design, manufacturing, and distribution of microchips, PCB, as well as other electronic components are becoming more sophisticated and globally distributed with a number of potential security vulnerabilities. Therefore, hardware plays an increasingly important and integral role in system security with many emerging system and application vulnerabilities and defense mechanisms relating to hardware.

HOST aims to facilitate the rapid growth of hardware-based security research and development. HOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware.

The 2021 HOST accepted papers have been announced. View here.

21. SE Radio Ep. 438 Lessons Learned from a Major Cyber Attack

This episode is all about the lessons learned from a major cyberattack. Andy Powell of AP Moller Maersk discusses the 2017 Not Petya cyberattack and the company’s efforts to recover from it. Listen in to hear how digital forensics helped them to find the root causes and the introduction of “secure by design” as a result.

Listen to SE Radio Episode 438

20. A Survey on Privacy-Preserving Blockchain Systems (PPBS) and a Novel PPBS-Based Framework for Smart Agriculture

Could it be that both tv and digital ads are not as effective as we were led to believe by large empires like Facebook? This study explores the validity of such a question and the power blockchain systems have in tracing and transparency. Continue reading to learn more about Privacy-preserving blockchain systems.

Abstract

Blockchain and smart contracts have seen significant application over the last decade, revolutionizing many industries, including cryptocurrency, finance and banking, and supply chain management. In many cases, however, the transparency provided potentially comes at the cost of privacy. Blockchain does have potential uses to increase privacy-preservation. This paper outlines the current state of privacy preservation utilising Blockchain and Smart Contracts, as applied to a number of fields and problem domains. It provides a background of blockchain, outlines the challenges in blockchain as they relate to privacy, and then classifies into areas in which this paradigm can be applied to increase or protect privacy. These areas are cryptocurrency, data management and storage, e-voting, the Internet of Things, and smart agriculture. This work then proposes PPSAF, a new privacy-preserving framework designed explicitly for the issues that are present in smart agriculture. Finally, this work outlines future directions of research in areas combining future technologies, privacy-preservation and blockchain.

“A Survey on Privacy-Preserving Blockchain Systems (PPBS) and a Novel PPBS-Based Framework for Smart Agriculture” in IEEE Open Journal of the Computer Society, vol. 2, pp. 72-84, 2021.

doi:10.1109/OJCS.2021.3053032

Authors: Quang Nhat Tran, Benjamin P. Turnbull, Hao-Tian Wu, A.J.S. De Silva, Katherine Kormusheva, Jiankun Hu

19. DSEOM: A Framework for Dynamic Security Evaluation and Optimization of MTD in Container-Based Cloud

Because of its proven benefits, container technology is widely becoming adopted by companies like Uber and Netflix for the rapid development of microservice architecture. As a lightweight alternative to the virtual machine (VM) in conventional cloud infrastructures, containers have shorter startup time and lower virtualization overhead. Moreover, containers also provide a consistent and portable software environment, which can make cloud services ignore the difference between platforms to easily run and scale anywhere. Continue reading to learn more about this framework for Dynamic Security Evaluation Systems.

Abstract

Due to the lightweight features, the combination of container technology and microservice architecture makes a container-based cloud environment more efficient and agile than a VM-based cloud environment. However, it also greatly amplifies the dynamism and complexity of the cloud environment and increases the uncertainty of security issues in the system concurrently. In this case, the effectiveness of defense mechanisms with fixed strategies would fluctuate as the updates occur in cloud environments. We refer to this problem as the effectiveness drift problem of defense mechanisms, which is particularly acute in the proactive defense mechanisms, such as moving target defense (MTD). To tackle this problem, we present DSEOM, a framework that can automatically perceive updates of container-based cloud environments, rapidly evaluate the effectiveness of MTD and dynamically optimize MTD strategies. Specifically, we establish a multi-dimensional attack graphs model to formalize various complex attack scenarios. Combining this model, we introduce the concept of betweenness centrality to effectively evaluate and optimize the implementation strategies of MTD. In addition, we present a series of security and performance metrics to quantify the effectiveness of MTD strategies in DSEOM. And we conduct extensive experiments to illustrate the existence of the effectiveness drift problem and demonstrate the usability and scalability of DSEOM.

“DSEOM: A Framework for Dynamic Security Evaluation and Optimization of MTD in Container-Based Cloud” in IEEE Transactions on Dependable and Secure Computing, vol. 18, pp. 1125-1136, May-June 2021.

doi: 10.1109/TDSC.2019.2916666

Authors: Hai Jin, Zhi Li, Deqing Zou, Bin Yuan

18. How to Recognize and Successfully Resist Fileless Malware Threats

Few people are strangers to malware thanks in large part to anti-virus software like Norton. Cyberattacks are a threat to everyone. Hackers continue to innovate and find new ways to steal information from people and businesses.

One new method hackers are implementing is fileless malware. This new form of attack has increased by 265% in the last two years. Continue reading to learn about fileless malware and how to protect your business.

17. Privacy in a Time of COVID-19: How Concerned Are You?

The significant growth in the number of users with mobile phones as well as the adoption of key enabling technologies like cloud computing has led to the creation of an entire tracking ecosystem that could facilitate the use of pervasive surveillance methods. However, this development also brings serious privacy concerns as current governance and regulatory frameworks are lagging behind these technological advancements. Continue reading “Privacy in a Time of COVID-19: How Concerned Are You?”

Abstract

We introduce a study examining people’s privacy concerns during COVID-19 and reflect on people’s willingness to share their personal data in the interest of controlling the spread of the virus and saving lives.

“Privacy in a Time of COVID-19: How Concerned Are You?” in IEEE Security & Privacy, vol. 19, pp. 26-35, September-October 2021.

doi: <10.1109/MSEC.2021.3092607

Author: Ramona Trestian, Guodong Xie, Pintu Lohar, Edoardo Celeste, Malika Bendechache, Rob Brennan, Evgeniia Jayasekera, Irina Tal

16. The Top 10 Risks of Machine Learning Security

Building security into machine learning systems from a security engineering perspective is of interest to the Berryville Institute of Machine Learning. This means understanding how machine learning systems are designed for security and finding vulnerabilities. Continue reading “The Top 10 Risks of Machine Learning Security.”

Abstract

Our recent architectural risk analysis of machine learning systems identified 78 particular risks associated with nine specific components found in most machine learning systems. In this article, we describe and discuss the 10 most important security risks of those 78.

“The Top 10 Risks of Machine Learning Security” in Computer, vol. 53, pp. 57-61, June 2020.

doi: 10.1109/MC.2020.2984868

Author: Gary McGraw, Richie Bonett, Victor Shepardson, Harold Figueroa

15. SE Radio Ep. 453 Security Chaos Engineering

In episode 453 of SE Radio, CTO of Verica, Aaron Rinehart, joins host Justin Beyer to discuss how security chaos engineering(SCE) can be used to increase security in applications architecture. They will be covering how SCE fits into the overall chaos engineering discipline and compare it to traditional security approaches.

Listen to SE Radio episode 453

14. A Trust-Based Scheme to Protect 5G UAV Communication Networks

UAVs are currently being used in city security, an inspection of power grids, fire control in tall buildings, base stations, and ships. In addition, they are also being used in logistics, emergency response, medical transport, and scientific research. Because of the potential of its many applications, UAVs are able to connect to 5G UAV airborne communication terminals. These terminals can collect and transmit data over these 5G networks to control beyond-the-line-of-sight (BLOS)flight of UAVs.

Continue reading “Trust Based Scheme to Protect 5G UAV Communication Networks” to dive into the proposed trust scheme for 5G UAV communications system.

“A Trust Based Scheme to Protect 5G UAV Communication Networks” in IEEE Open Journal of the Computer Society, vol. 2, pp. 300-307, 2021.

doi: 10.1109/OJCS.2021.3058001

Author: Yu Su

13. SE Radio Ep. 475 Secure Docind Veracode

This episode is joined by Rey Bango, Senior Director of Developer and Security Relations at Veracode is a discussion around the topic of secure code. Highlights of the discussion include the need for secure coding, barriers to adoption, and how training can help teams adopt secure coding practices.

Listen to Episode 475 to join the conversation around documentation and verifying security early and regularly.

12. Secure Sourcing of COTS Products: A Critical Missing Element in Software Engineering Education

Presented by Nancy Mead, Fellow of the Software Engineering Institute and adjunct professor of Software Engineering at Carnegie Mellon, and Daniel Shoemaker, professor and graduate program director at the University of Detroit Mercy.

Software engineering education often does not include methods to ensure code in commercial off-the-shelf (COTS) products have not been compromised during the sourcing process. This is a free webinar discussing the challenges and solutions for the integration of secure supply chain risk management in development projects.

Watch this webinar on-demand.

11. What is a Code Signing Certificate? How does it work?

Mobile apps have revolutionized the way we interact with businesses and content in general. However, we don’t always know if what we are downloading is secure. Code signing certificates provide consumers with peace of mind by providing credentials from the software developer that the application they are downloading has not been tampered with. Learn more about code signing certificates and how they work. Continue reading.

10. PPChecker: Towards Accessessing the Trustworthiness of Android Apps’ Privacy Policies

The average app user and website peruser has come across hundreds of privacy policies. So much so that you probably select “Agree” without giving much thought to what type of information these sites are collecting. However, with the rise of malicious software and data breaches, one must stop and ask themself, “are these companies truly holding to their privacy policies?” This paper carried out a study on privacy policies using an app called PPChecker. Results show a staggering amount of mobile apps have questionable privacy policies. Continue reading to learn about the 5 identified problem areas in this study.

Recent years have witnessed a sharp increase in malicious apps that steal users’ personal information. To address users’ concerns about privacy risks and to comply with data protection laws, more and more apps are supplied with privacy policies written in natural language to help users understand an app’s privacy practices. However, little is known whether these privacy policies are trustworthy or not. Questionable privacy policies may be prepared by careless app developers or someone with malicious intentions. In this paper, we carry out a systematic study on privacy policy by proposing a novel approach to automatically identify five kinds of problems in the privacy policy. After tackling several challenging issues, we implement the approach in a system, named PPChecker, and evaluate it with real apps and their privacy policies. The experimental results show that PPChecker can effectively identify questionable privacy policies with high precision. Applying PPChecker to 2,500 popular apps, we find that 1,850 apps (i.e., 74.0 percent) have at least one kind of problem. This study sheds light on the research of improving and regulating apps’ privacy policies. Continue reading.

“PPChecker: Towards Accessessing the Trustworthiness of Android Apps’ Privacy Policies” in IEEE Transactions on Software Engineering, vol. 47, pp. 221-242, Feb 2021.

doi: 10.1109/TSE.2018.2886875

Authors: Le Yu, Xiapu Luo, Jiachi Cheng, Hao Zhou, Tao Zhang, Henry Chang, Hareton K. N. Leung

9. How AI can help prevent Cyber Attacks in the eCommerce Sector

Technology has been crucial in everyone’s life while navigating the pandemic. From home, it has enabled education, work, and daily tasks like shopping. This means a large amount of personal information is being shared and hackers are taking notice. The amount of hackers using fileless malware is increasing at an extraordinary rate. Research is being conducted on how to best patch the loopholes currently being exploited. Continue reading to learn how AI is combating fileless malware.

8. IEEE Secure Development Conference 18-20 Oct, Fully Virtual

SecDev is a venue for presenting ideas, research, and experience about how to develop secure systems. It focuses on theory, techniques, and tools to build security into existing and new computing systems.

The goal of SecDev is to encourage and disseminate ideas for secure system development among academia, industry, and government. It aims to bridge the gap between constructive security research and practice and to enable the real-world impact of security research in the long run. Developers have valuable experiences and ideas that can inform academic research, and researchers have concepts, studies, and even code and tools that could benefit developers.

View Conference Program

7. How to Check Trusted Root Certificates Installed on an Android Device

Mobile applications have revolutionized the way we use and interact with our phones. It has even had a tremendous impact on how we interact with businesses. A drawback to incorporating mobile phones and applications into our lives is an increased surface area for attacks to occur. Hackers are exploiting vulnerabilities in our mobile devices to gain access to sensitive information and pieces of our lives. Implementing an SSL certificate on a mobile phone is a vital security protocol every Android device should have. Continue reading to learn how to check and install a code signing certificate on your mobile device.

6. A Novel Intrusion Detection Model for Detecting Known and Innovative Cyberattacks Using Convolutional Neural Network

The amount of applications streaming services to users is exploding. This type of service requires minimal installation and demands less computing power on the user’s device because these applications are operating from a cloud. This provides many advantages for both companies and end-users, developing more streaming products for a customer base that doesn’t have access to the latest tech devices. However, the extensive data exchange creates more opportunities for cyberattacks.

As a tremendous amount of service is being streamed online to their users along with massive digital privacy information transmitted in recent years, the internet has become the backbone of most people’s everyday workflow. The extending usage of the internet, however, also expands the attack surface for cyberattacks. If no effective protection mechanism is implemented, the internet will only be very vulnerable and this will raise the risk of data getting leaked or hacked. The focus of this paper is to propose an Intrusion Detection System (IDS) based on the Convolutional Neural Network (CNN) to reinforce the security of the internet. The proposed IDS model is aimed at detecting network intrusions by classifying all the packet traffic in the network as benign or malicious classes. The Canadian Institute for Cybersecurity Intrusion Detection System (CICIDS2017) dataset has been used to train and validate the proposed model. The model has been evaluated in terms of the overall accuracy, attack detection rate, false alarm rate, and training overhead. A comparative study of the proposed model’s performance against nine other well-known classifiers has been presented. Continue Reading.

“A Novel Intrusion Detection Model for Detecting Known and Innovative Cyberattacks Using Convolutional Neural Network” in IEEE Open Journal of the Computer Society, vol. 2, pp. 14-25, 2021.
doi: 10.1109/OJCS.2021.3050917
Authors:Samson Ho, Saleh Al Jufout, Khalil Dajani, Mohammad Mozumbar

5. Workshop on 5G Security: Current Trends, Challenges, and New Enablers

The world has been busy upgrading their networks and making 5G more available to more people. Companies like OPPO have already begun research and planning for 6G, but there are still 5G trends and challenges waiting to unfold. 5G World Forum is the world’s flagship event of IEEE Future Networks Initiative taking place 13 – 15 October 2021. Each year the conference holds multiple workshops and sends out calls for papers.

2021 Workshops and Special Sessions:

The 5G long term vision is to turn the network into an energy-efficient distributed computer that enables agile and dynamic creation, move and suppression of processes and services in response to changing customer demands and information flows, and supports interaction with humans through new communication modes, such as gestures, facial expressions, sound, haptics, etc. To make this vision a reality, a shift towards a full automation of network and service management and operation is a necessity.

However, a major challenge facing full automation is the protection of the network and system assets (i.e., services, data and network infrastructure) against potential cybersecurity risks introduced by the unprecedented evolving 5G threat landscape. Recent advances in Blockchain technology and Artificial Intelligence have opened up new opportunities in developing robust and intelligent security solutions. The fusion of 5G, Blockchain, Security and AI is anticipated to be the core technologies to realise digital transformation in the next decade.

Although work on security has been engaged throughout the successive phases of 5G-PPP Programme (e.g., 5G-ENSURE, CHARISMA, NRG-5) and some results were achieved, if not already adopted by Standards Developing Organizations (SDOs) in the field (e.g. 3GPP), addressing 5G security concerns is far from being completely resolved. Existing solutions suffer from a number of limitations.

The workshop is aimed at discussing the emerging 5G security in a holistic manner to understand the challenges, opportunities & standardization imperatives and define the way forward and immediate next steps to ensure ubiquitous adoption of 5G globally.

4. The Challenges of Software Cybersecurity Certification [Building Security In]

The European Union has been leading the privacy and security fight with the introduction of the General Data Protection Regulation (GDPR) in 2016. Most recently, the Cybersecurity Act (CSA) established a certification framework for products and services. This mandate is meant to end the fragmentation of the previous cybersecurity certification schemes.

In 2019, the new European Union (EU) cybersecurity regulation “Cybersecurity Act” (“CSA”)1 entered into force to create a common framework for the certification of any information and communication technology (ICT) system, including products, services, and processes. The main purpose of this framework is to reduce the current fragmentation of cybersecurity certification schemes2 as well as to increase end-users? trust in a hyperconnected society3 by fostering a mutual recognition of certified ICT components in any EU country. Continue Reading

“Challenges of Software Cybersecurity Certification [Building Security In]” in IEEE Security & Privacy, vol. 19, pp. 99-102, January 2021.

doi: 10.1109/MSEC.2020.3037845

Authors: Jose L. Hernandez-Ramos, Sara N. Mattheu, Antonio Skarmeta

3. Scheme Flooding Vulnerability – A Threat to Online Privacy

Think back to a time when you were engaged in a heated debate and you were sure your friend misstated facts. You undoubtedly took to the internet to do a quick Google search to verify the veracity of their statement. Our lives are filled with moments requiring us to search for answers to our momentary needs. It is this interconnectedness with technology – and browsers – that create opportunities to become the victim of a cybercrime.

Browser privacy has largely been relegated to popup blockers and opting out of cookies, yet there are still massive vulnerabilities that have been neglected. This is why we are seeing an increase in scheme flooding vulnerabilities as the reason for data breaches and exploits.

Continue reading to learn more about scheme flooding vulnerability.

2. Pandemic Parallels: What Can Cybersecurity Learn From COVID-19?

Cybersecurity and COVID-19 share many characteristics, which make them difficult to mitigate. While there are differences between the two, with the effects of the pandemic being more severe, there are still many parallels that can inform future decisions.

The COVID-19 pandemic has demonstrated society’s dependence on information technology, including the need for adequate cybersecurity to protect the remote workforce and the technologies we are using. Beyond this direct linkage, there are further parallels that can be drawn between COVID-19 and cybersecurity threats. While acknowledging that COVID-19 impacts may be more extreme than those of cybersecurity, this article explores the similarities, especially the challenges inherent in how people manage risk and respond to these threats. A better understanding of the parallels can inform our future approach to tackling the promotion of cybersecurity and response to cybersecurity threats. Continue Reading.

“Pandemic Parallels: What Can Cybersecurity Learn From COVID-19?” in IEEE Computer, vol. 54, pp. 68-72, March 2021.

doi: 10.1109/MC.2020.3046888

Authors: Steven Furnell, Julie Haney, Mary Theofanos

1. Global Connected Healthcare Cybersecurity Workshop Series

Technologies like artificial intelligence, virtual reality, 3D imaging, robotics, and nanotechnology are changing the face of healthcare before our eyes. Embracing technology is helping healthcare workers to provide better care for their patients.

The increased reliance on technology requires added attention to the cybersecurity threats facing the healthcare industry. The Global Connected Healthcare Cybersecurity Virtual Workshop Series is a gathering of leaders in healthcare, technology, and policy. This workshop series is being presented by IEEE SA, IEEE P2933 Working Group, and the Northeast Big Data Innovation Hub of Columbia University, with the goal to develop a mutual understanding and recommendations for standards to improve connected healthcare security. Topics that will explore challenges and opportunities in connected healthcare security, privacy, ethics, trust, and identity, including data and device validation and interoperability.

The resulting recommendations of these workshops will include an Integrated Systems Design approach, leveraging the TIPPS framework being developed by IEEE working groups to enhance Trust, Identity, Privacy, Protection, Safety, and Security of clinical IoT and connected healthcare systems.

Learn more and register here.

Recommended by IEEE Computer Society