K2, founded by corporate investigators Jules Kroll and his son Jeremy, has been bulking up its cyber-response unit with former FBI agents. AIG, one of the first firms to offer insurance for property damage caused by hackers, is counting on Berglas' team to investigate attacks on policyholders. It's also asking K2 to provide data on threats to protect clients from events that could cost hundreds of millions of dollars.
"We'd like to aggregate that data to use for ourselves, but also to use for our clients so they know what industries are being targeted by what type of attackers, what the motivation is, if it's on the rise," said Tracie Grella, who oversees cybercoverage at AIG for clients including retailers, banks and energy companies.
Grella said AIG will offer coverage limits of as much as $100 million for property damage and $100 million in bodily injury caused by a cyberattack. She predicts the market could balloon to $10 billion in annual premiums by 2020, compared with about $2 billion this year, as more companies buy policies.
The first two-thirds of the cyber analysis course consist of mundane but essential subjects meant to help students understand the making and breaking of computer systems. These include math, basic programming, Windows and Unix operating systems, and the science behind networks and wireless technologies. Then students move on to the fundamentals of hacking: target research, signal analysis, network defense, and malware. They learn to hack a simulated network with open source software and tools such as Metasploit. The curriculum is adjusted to keep pace with advances in both offensive and defensive tactics, an unusual challenge for the military, says Maureen Fox, CID’s commanding officer. “Missile technology changes, but it doesn’t change in a day or an hour,” she says. “The technology in the area we’re in does.”
BusinessWeek in a story on US Navy’s Corry Station base in Pensacola, FL
sounds counter-intuitive but what Google is doing internally according to the WSJ
“With this approach, trust is moved from the network level to the device level. Employees can only access corporate applications with a device that is procured and actively managed by the company. In this setup, Google requires a device inventory database that keeps track of computers and mobile devices issued to employees as well as changes made to those devices.
After the device is authenticated, the next step involves securely identifying the user. Google tracks and manages all employees in a user database and a group database that is tied into the company’s human resources processes. These databases are updated as employees join the company, change responsibilities or leave the company. There’s also a single sign-on system, a user authentication portal that validates employee use against the user database and group database, generating short-lived authorization for access to specific resources.”
First you establish a baseline pattern for a system as it operates normally. PFP sees a particular opportunity in poorly protected infrastructure systems, so take a protective relay for example. That's a device used to sense and cut off voltage surges on power lines.
Once the power signature for the device is recorded, PFP's monitor can detect even the smallest change in that pattern. Maybe the relay has stopped functioning properly—or perhaps a hacker has implanted a piece of malicious code in it. Either way, the technology can alert a human technician to the anomaly within milliseconds.
The technology, made up of sensors and software that analyzes what the sensors pick up, was developed in 2006 at Virginia Tech by Jeffrey Reed, a professor of electrical and computer engineering, and Carlos Aguayo Gonzalez, one of his Ph.D. students at the time. The research was inspired by the side-channel attack, a way of breaking into an encrypted system by analyzing physical signals such as heat and power consumption, says Reed, PFP's president.
It’s particularly hot among universities in the Tampa Bay area. Consider:
♦ The University of Tampa has announced it will begin offering an undergraduate major in cybersecurity this fall.
♦ Saint Leo University launched a master’s program in cybersecurity in August, complementing its undergraduate program in information assurance and security.
♦ The brand new Florida Polytechnic University in Lakeland has a concentration in information assurance and cybersecurity in its computer science and information technology degree track.
♦ Last year, buoyed by a $5 million allocation from the Legislature, the Florida Cybersecurity Center, or FC², opened on the campus of USF, acting as a statewide clearinghouse to share knowledge, resources and training among the state’s 12 public universities.
Myris, a sleek handheld iris scanner, brings biometric security to home computers. The device plugs into a USB port and takes a split-second video of both eyes, scanning more than 240 points in each. A government-grade encrypted digital signature syncs with passwords stored on Myris, and never on your desktop. Once it verifies a match, it automatically signs the user into accounts through a browser extension. Since no two irises are alike, the chance of a false positive is less than one in two trillion.
Cisco and McAfee have rolled out products intended to function as central hubs. Cisco’s is called the Platform Exchange Grid, and McAfee’s is the Threat Intelligence Exchange(see video). In February, CSG Invotas introduced Security Orchestrator, a program that unifies security data onto a single screen and can automate some functions. An employee in the IT department can push a button to reset a compromised user’s password instead of having to do it manually. “Our tool turns that data into actions, and when we turn that data into actions, it doesn’t require people to do what machines do a whole lot better,” says CSG Invotas’s chief information security officer, Peter Clay.
Gillis now runs Bracket Computing, a startup that on Oct. 22 unveiled software designed to make public clouds secure enough for sensitive corporate data. Essentially, Bracket’s software wraps a company’s business applications in a bubble of encryption without making the applications harder to manage. “If we demonstrate that the public cloud is every bit as good, why would anyone build another data center?” says Gillis.
Security software is typically designed to protect a particular application or type of data. Bracket encrypts everything before it gets to the cloud servers, leaving the customer with the only key to decrypt it. Its setup also seeks to simplify how IT is managed.