A periodic table of cybersecurity to navigate the key players in the space including startups industry categories investors and exits More >>

A Times investigation reveals missed signals, slow responses and a continuing underestimation of the seriousness of a campaign to disrupt the 2016 presidential election. More >>

Another thing for CIOs to worry about. More >>

Earlier this year administrators at Hollywood Presbyterian Hospital suddenly discovered they had lost access to their computers Doctors were locked out of their patients medical records and they couldnt access their own reports Their system data had been encrypted by malicious software While all this data was being held hostage staffers had to direct sick people to other hospitals After two weeks of writing everything down on paper the hospital paid a 17000 ransom in Bitcoin to regain access to their computer systems Ransomware not only cost money it endangered lives More >>

Employees are responsible for 60% of all attacks. More >>

In the coming year, hackers will launch increasingly sophisticated attacks on everything from critical infrastructure to medical devices. More >>

Fraudsters are using legitimate executive names and email addresses to dupe unsuspecting employees to wire money or sensitive documents to their accounts. The CTO of the Boston Celtics, for one, is fighting back. More >>

The company says the attack was separate from the breach that led to an earlier disclosure that 500 million accounts were hacked. More >>

growing mass of poorly secured devices on the Internet of things represents a serious risk to life and property, and the government must intervene to mitigate it. That’s essentially the message that prominent computer security experts recently delivered to Congress. The huge denial-of-service attack in October that crippled the Internet infrastructure provider Dyn and knocked out much of the Web for users in the eastern United States was “benign,” Bruce Schneier, a renowned security scholar and lecturer on public policy at Harvard, said during a hearing last month held by the House Energy and Commerce Committee. No one died. But he said the attack—which relied on a botnet made of hacked webcams, camcorders, baby monitors, and other devices—illustrated the “catastrophic risks” posed by the proliferation of insecure things on the Internet. For example, Schneier and other experts testified that the same poor security exists in computers making their way into hospitals, including those used to manage elevators and ventilation systems. It’s not hard to imagine a fatal disaster, which makes it imperative that the government step in to fix this “market failure,” he said. The problems with IoT devices are worsening because manufacturers lack incentives to prioritize security. Even if consumers wanted to assess the relative security of Internet-connected thermostats and other devices, there are no established ratings or other measures. There is little disagreement that the government should do something about this, since so many critical systems are vulnerable to attacks like the one that hit Dyn. Exactly how the government should handle the situation, however, is a subject of an intensifying debate in Washington—one that won’t be settled before President-elect Donald Trump takes office. Business groups such as the U.S. Chamber of Commerce and the Consumer Technology Association argue that new regulations on IoT devices could hinder innovation. Schneier argues that we need a new agency in charge of cybersecurity rules. This seems unlikely, given that Trump campaigned on a broad promise to roll back regulations, and Republicans generally oppose expanding the government. But if something catastrophic were to happen, a frightened public would probably ask that something be done, and the government should be prepared for that, he warned the committee members. How big is the risk? Massive and growing, says Kevin Fu, a University of Michigan professor of computer science and engineering who specializes in cybersecurity. Not only are IoT devices being added in “sensitive places that have high consequence, like hospitals,” Fu said, but millions of them can be easily hacked and gathered into huge botnets, armies of zombie computers that adversaries can use to debilitate targeted institutions. Fu, who also testified in the House hearing, believes that without a “significant change in cyber hygiene” the Internet can’t be relied on to support critical systems. He recommends that the government develop an independent entity in charge of testing the security of IoT devices. The process should include premarket testing along the lines of the automotive crash testing done by the National Highway Traffic Safety Administration, post-attack testing similar to what the National Transportation Safety Board does after car crashes, and “survivability and destruction testing” to assess how well devices cope with attacks, says Fu. We don’t know yet whether the Trump administration or the next Congress will make addressing IoT-related risks a priority. So what can the government do in the meantime? Last month, the Department of Homeland Security released a set of “strategic principles for securing the Internet of Things,” and suggested that the government could sue manufacturers for failing to “build security in during design.” On the same day, the National Institute of Standards and Technology, which publishes industry standards for many areas of technology, issued voluntary guidelines for engineering “more defensible and survivable” connected systems. Meanwhile, every additional connected computer—whether it is in a car, drone, medical device, or any one of countless other gadgets and systems—is exposed to these risks. That’s why centralized regulatory authority is needed, according to Schneier: “We can’t have different rules if the computer has wheels, or propellers, or makes phone calls, or is in your body.” More >>