Ideas, Learning, and Resources for Cybersecurity Awareness Month 2021

IEEE Computer Society Team
10/01/2021
Share this on:

Cybersecurity MonthIf there is one thing we all have learned from the pandemic is how accessible and scalable the internet has become for us to pursue all aspects of our lives. This monumental shift in the way we live our lives has increased the importance of privacy and security. With increased connectivity brings the need for greater awareness.

October is Cybersecurity Awareness Month. The IEEE Computer Society encourages everyone to take some time to reflect on the many new and persistent threats that challenge the computing industry and our everyday lives. Make sure your company and personal practices stay cyber secure. Bookmark this page as it will be updated daily with a countdown of new ideas, learning, and resources to keep you informed!

 


IEEE Computer Society’s Resources for Cybersecurity Awareness Month 2021

18. How to Recognize and Successfully Resist Fileless Malware Threats

Few people are strangers to malware thanks in large part to anti-virus software like Norton. Cyberattacks are a threat to everyone. Hackers continue to innovate and find new ways to steal information from people and businesses.

One new method hackers are implementing is fileless malware. This new form of attack has increased by 265% in the last two years. Continue reading to learn about fileless malware and how to protect your business.

17. Privacy in a Time of COVID-19: How Concerned Are You?

The significant growth in the number of users with mobile phones as well as the adoption of key enabling technologies like cloud computing has led to the creation of an entire tracking ecosystem that could facilitate the use of pervasive surveillance methods. However, this development also brings serious privacy concerns as current governance and regulatory frameworks are lagging behind these technological advancements. Continue reading “Privacy in a Time of COVID-19: How Concerned Are You?

 

Abstract

We introduce a study examining people’s privacy concerns during COVID-19 and reflect on people’s willingness to share their personal data in the interest of controlling the spread of the virus and saving lives.

 

“Privacy in a Time of COVID-19: How Concerned Are You?” in IEEE Security & Privacy, vol. 19, pp. 26-35,  September-October 2021.

doi: <10.1109/MSEC.2021.3092607

Author: Ramona Trestian, Guodong Xie, Pintu Lohar, Edoardo Celeste, Malika Bendechache, Rob Brennan, Evgeniia Jayasekera, Irina Tal

 

16. The Top 10 Risks of Machine Learning Security

Building security into machine learning systems from a security engineering perspective is of interest to the Berryville Institute of Machine Learning. This means understanding how machine learning systems are designed for security and finding vulnerabilities. Continue reading “The Top 10 Risks of Machine Learning Security.”

Abstract

Our recent architectural risk analysis of machine learning systems identified 78 particular risks associated with nine specific components found in most machine learning systems. In this article, we describe and discuss the 10 most important security risks of those 78.

“The Top 10 Risks of Machine Learning Security” in Computer, vol. 53, pp. 57-61,  June 2020.

doi: 10.1109/MC.2020.2984868

Author: Gary McGraw, Richie Bonett, Victor Shepardson, Harold Figueroa

 

15. SE Radio Ep. 453 Security Chaos Engineering

In episode 453 of SE Radio, CTO of Verica, Aaron Rinehart, joins host Justin Beyer to discuss how security chaos engineering(SCE) can be used to increase security in applications architecture. They will be covering how SCE fits into the overall chaos engineering discipline and compare it to traditional security approaches.

Listen to SE Radio episode 453

 

14. A Trust-Based Scheme to Protect 5G UAV Communication Networks

UAVs are currently being used in city security, an inspection of power grids, fire control in tall buildings, base stations, and ships. In addition, they are also being used in logistics, emergency response, medical transport, and scientific research. Because of the potential of its many applications, UAVs are able to connect to 5G UAV airborne communication terminals. These terminals can collect and transmit data over these 5G networks to control beyond-the-line-of-sight (BLOS)flight of UAVs.

Continue reading “Trust Based Scheme to Protect 5G UAV Communication Networks” to dive into the proposed trust scheme for 5G UAV communications system.

 

“A Trust Based Scheme to Protect 5G UAV Communication Networks” in IEEE Open Journal of the Computer Society, vol. 2, pp. 300-307,  2021.

doi: 10.1109/OJCS.2021.3058001

Author: Yu Su

 

13. SE Radio Ep. 475 Secure Docind Veracode

This episode is joined by Rey Bango, Senior Director of Developer and Security Relations at Veracode is a discussion around the topic of secure code. Highlights of the discussion include the need for secure coding, barriers to adoption, and how training can help teams adopt secure coding practices.

Listen to Episode 475 to join the conversation around documentation and verifying security early and regularly.

 

12. Secure Sourcing of COTS Products: A Critical Missing Element in Software Engineering Education

Presented by Nancy Mead, Fellow of the Software Engineering Institute and adjunct professor of Software Engineering at Carnegie Mellon, and Daniel Shoemaker, professor and graduate program director at the University of Detroit Mercy.

Software engineering education often does not include methods to ensure code in commercial off-the-shelf (COTS) products have not been compromised during the sourcing process. This is a free webinar discussing the challenges and solutions for the integration of secure supply chain risk management in development projects.

Watch this webinar on-demand.

 

11. What is a Code Signing Certificate? How does it work?

Mobile apps have revolutionized the way we interact with businesses and content in general. However, we don’t always know if what we are downloading is secure. Code signing certificates provide consumers with peace of mind by providing credentials from the software developer that the application they are downloading has not been tampered with. Learn more about code signing certificates and how they work. Continue reading.

 

10. PPChecker: Towards Accessessing the Trustworthiness of Android Apps’ Privacy Policies

The average app user and website peruser has come across hundreds of privacy policies. So much so that you probably select “Agree” without giving much thought to what type of information these sites are collecting. However, with the rise of malicious software and data breaches, one must stop and ask themself, “are these companies truly holding to their privacy policies?” This paper carried out a study on privacy policies using an app called PPChecker. Results show a staggering amount of mobile apps have questionable privacy policies. Continue reading to learn about the 5 identified problem areas in this study.

Recent years have witnessed a sharp increase in malicious apps that steal users’ personal information. To address users’ concerns about privacy risks and to comply with data protection laws, more and more apps are supplied with privacy policies written in natural language to help users understand an app’s privacy practices. However, little is known whether these privacy policies are trustworthy or not. Questionable privacy policies may be prepared by careless app developers or someone with malicious intentions. In this paper, we carry out a systematic study on privacy policy by proposing a novel approach to automatically identify five kinds of problems in the privacy policy. After tackling several challenging issues, we implement the approach in a system, named PPChecker, and evaluate it with real apps and their privacy policies. The experimental results show that PPChecker can effectively identify questionable privacy policies with high precision. Applying PPChecker to 2,500 popular apps, we find that 1,850 apps (i.e., 74.0 percent) have at least one kind of problem. This study sheds light on the research of improving and regulating apps’ privacy policies. Continue reading.

 

“PPChecker: Towards Accessessing the Trustworthiness of Android Apps’ Privacy Policies” in IEEE Transactions on Software Engineering, vol. 47, pp. 221-242, Feb 2021.

doi: 10.1109/TSE.2018.2886875

Authors: Le Yu, Xiapu Luo, Jiachi Cheng, Hao Zhou, Tao Zhang, Henry Chang, Hareton K. N. Leung

9. How AI can help prevent Cyber Attacks in the eCommerce Sector

Technology has been crucial in everyone’s life while navigating the pandemic. From home, it has enabled education, work, and daily tasks like shopping. This means a large amount of personal information is being shared and hackers are taking notice. The amount of hackers using fileless malware is increasing at an extraordinary rate. Research is being conducted on how to best patch the loopholes currently being exploited. Continue reading to learn how AI is combating fileless malware.

 

8. IEEE Secure Development Conference 18-20 Oct, Fully Virtual

SecDev​ ​is​ ​a​ ​venue​ ​for​ ​presenting​ ​ideas,​ ​research,​ ​and​ ​experience​ ​about​ ​how​ ​to​ ​develop​ ​secure systems. It focuses on theory,​ ​techniques,​ ​and​ ​tools​ ​to build​ ​security​ ​into​ ​existing​ ​and​ ​new​ ​computing​ ​systems.

The​ ​goal of SecDev​ ​is​ ​to encourage​ ​and​ ​disseminate​ ​ideas​ ​for​ ​secure​ ​system​ ​development​ ​among​ ​academia,​ ​industry, and​ ​government.​ ​It​ ​aims​ ​to bridge ​the​ ​gap​ ​between​ ​constructive​ ​security​ ​research​ ​and​ ​practice and​ to ​enable​ ​the real-world​ ​impact​ ​of security research in​ ​the​ ​long​ ​run. ​Developers​ ​have​ ​valuable​ ​experiences​ ​and​ ​ideas​ ​that​ ​can​ ​inform​ ​academic research,​ ​and​ ​researchers​ ​have​ ​concepts,​ ​studies,​ ​and​ ​even​ ​code​ ​and​ ​tools​ ​that​ ​could​ ​benefit developers.​ ​

View Conference Program

Register for this event before 18 October 2021

 

7. How to Check Trusted Root Certificates Installed on an Android Device

Mobile applications have revolutionized the way we use and interact with our phones. It has even had a tremendous impact on how we interact with businesses. A drawback to incorporating mobile phones and applications into our lives is an increased surface area for attacks to occur. Hackers are exploiting vulnerabilities in our mobile devices to gain access to sensitive information and pieces of our lives. Implementing an SSL certificate on a mobile phone is a vital security protocol every Android device should have. Continue reading to learn how to check and install a code signing certificate on your mobile device.

 

6. A Novel Intrusion Detection Model for Detecting Known and Innovative Cyberattacks Using Convolutional Neural Network

The amount of applications streaming services to users is exploding. This type of service requires minimal installation and demands less computing power on the user’s device because these applications are operating from a cloud. This provides many advantages for both companies and end-users, developing more streaming products for a customer base that doesn’t have access to the latest tech devices. However, the extensive data exchange creates more opportunities for cyberattacks.

As a tremendous amount of service is being streamed online to their users along with massive digital privacy information transmitted in recent years, the internet has become the backbone of most people’s everyday workflow. The extending usage of the internet, however, also expands the attack surface for cyberattacks. If no effective protection mechanism is implemented, the internet will only be very vulnerable and this will raise the risk of data getting leaked or hacked. The focus of this paper is to propose an Intrusion Detection System (IDS) based on the Convolutional Neural Network (CNN) to reinforce the security of the internet. The proposed IDS model is aimed at detecting network intrusions by classifying all the packet traffic in the network as benign or malicious classes. The Canadian Institute for Cybersecurity Intrusion Detection System (CICIDS2017) dataset has been used to train and validate the proposed model. The model has been evaluated in terms of the overall accuracy, attack detection rate, false alarm rate, and training overhead. A comparative study of the proposed model’s performance against nine other well-known classifiers has been presented. Continue Reading.

“A Novel Intrusion Detection Model for Detecting Known and Innovative Cyberattacks Using Convolutional Neural Network” in IEEE Open Journal of the Computer Society, vol. 2, pp. 14-25, 2021.
doi: 10.1109/OJCS.2021.3050917
Authors:Samson Ho, Saleh Al Jufout, Khalil Dajani, Mohammad Mozumbar

 

5. Workshop on 5G Security: Current Trends, Challenges, and New Enablers

The world has been busy upgrading their networks and making 5G more available to more people. Companies like OPPO have already begun research and planning for 6G, but there are still 5G trends and challenges waiting to unfold. 5G World Forum is the world’s flagship event of IEEE Future Networks Initiative taking place 13 – 15 October 2021. Each year the conference holds multiple workshops and sends out calls for papers.

2021 Workshops and Special Sessions:

The 5G long term vision is to turn the network into an energy-efficient distributed computer that enables agile and dynamic creation, move and suppression of processes and services in response to changing customer demands and information flows, and supports interaction with humans through new communication modes, such as gestures, facial expressions, sound, haptics, etc. To make this vision a reality, a shift towards a full automation of network and service management and operation is a necessity.

However, a major challenge facing full automation is the protection of the network and system assets (i.e., services, data and network infrastructure) against potential cybersecurity risks introduced by the unprecedented evolving 5G threat landscape. Recent advances in Blockchain technology and Artificial Intelligence have opened up new opportunities in developing robust and intelligent security solutions. The fusion of 5G, Blockchain, Security and AI is anticipated to be the core technologies to realise digital transformation in the next decade.

Although work on security has been engaged throughout the successive phases of 5G-PPP Programme (e.g., 5G-ENSURE, CHARISMA, NRG-5) and some results were achieved, if not already adopted by Standards Developing Organizations (SDOs) in the field (e.g. 3GPP), addressing 5G security concerns is far from being completely resolved. Existing solutions suffer from a number of limitations.

The workshop is aimed at discussing the emerging 5G security in a holistic manner to understand the challenges, opportunities & standardization imperatives and define the way forward and immediate next steps to ensure ubiquitous adoption of 5G globally.

Register for this event before 10 October 2021.

 

4. The Challenges of Software Cybersecurity Certification [Building Security In]

The European Union has been leading the privacy and security fight with the introduction of the General Data Protection Regulation (GDPR) in 2016. Most recently, the Cybersecurity Act (CSA) established a certification framework for products and services. This mandate is meant to end the fragmentation of the previous cybersecurity certification schemes.

In 2019, the new European Union (EU) cybersecurity regulation “Cybersecurity Act” (“CSA”)1 entered into force to create a common framework for the certification of any information and communication technology (ICT) system, including products, services, and processes. The main purpose of this framework is to reduce the current fragmentation of cybersecurity certification schemes2 as well as to increase end-users? trust in a hyperconnected society3 by fostering a mutual recognition of certified ICT components in any EU country. Continue Reading

“Challenges of Software Cybersecurity Certification [Building Security In]” in IEEE Security & Privacy, vol. 19, pp. 99-102, January 2021.

doi: 10.1109/MSEC.2020.3037845

Authors: Jose L. Hernandez-Ramos, Sara N. Mattheu, Antonio Skarmeta

3. Scheme Flooding Vulnerability – A Threat to Online Privacy

Think back to a time when you were engaged in a heated debate and you were sure your friend misstated facts. You undoubtedly took to the internet to do a quick Google search to verify the veracity of their statement. Our lives are filled with moments requiring us to search for answers to our momentary needs. It is this interconnectedness with technology – and browsers –  that create opportunities to become the victim of a cybercrime.

Browser privacy has largely been relegated to popup blockers and opting out of cookies, yet there are still massive vulnerabilities that have been neglected. This is why we are seeing an increase in scheme flooding vulnerabilities as the reason for data breaches and exploits.

Continue reading to learn more about scheme flooding vulnerability.

 

2. Pandemic Parallels: What Can Cybersecurity Learn From COVID-19?

Cybersecurity and COVID-19 share many characteristics, which make them difficult to mitigate. While there are differences between the two, with the effects of the pandemic being more severe, there are still many parallels that can inform future decisions.

The COVID-19 pandemic has demonstrated society’s dependence on information technology, including the need for adequate cybersecurity to protect the remote workforce and the technologies we are using. Beyond this direct linkage, there are further parallels that can be drawn between COVID-19 and cybersecurity threats. While acknowledging that COVID-19 impacts may be more extreme than those of cybersecurity, this article explores the similarities, especially the challenges inherent in how people manage risk and respond to these threats. A better understanding of the parallels can inform our future approach to tackling the promotion of cybersecurity and response to cybersecurity threats. Continue Reading.

Pandemic Parallels: What Can Cybersecurity Learn From COVID-19?” in IEEE Computer, vol. 54, pp. 68-72, March 2021.

doi: 10.1109/MC.2020.3046888

Authors: Steven Furnell, Julie Haney, Mary Theofanos

 

1. Global Connected Healthcare Cybersecurity Workshop Series

Technologies like artificial intelligence, virtual reality, 3D imaging, robotics, and nanotechnology are changing the face of healthcare before our eyes. Embracing technology is helping healthcare workers to provide better care for their patients.

The increased reliance on technology requires added attention to the cybersecurity threats facing the healthcare industry. The Global Connected Healthcare Cybersecurity Virtual Workshop Series is a gathering of leaders in healthcare, technology, and policy. This workshop series is being presented by IEEE SA, IEEE P2933 Working Group, and the Northeast Big Data Innovation Hub of Columbia University, with the goal to develop a mutual understanding and recommendations for standards to improve connected healthcare security. Topics that will explore challenges and opportunities in connected healthcare security, privacy, ethics, trust, and identity, including data and device validation and interoperability.

The resulting recommendations of these workshops will include an Integrated Systems Design approach, leveraging the TIPPS framework being developed by IEEE working groups to enhance Trust, Identity, Privacy, Protection, Safety, and Security of clinical IoT and connected healthcare systems.

Learn more and register here.