Are cyber compliance requirements getting in the way of security?

C4ISR & Networks

When systems simply can’t meet existing security mandates, Archer advises developing new mandates from the ground up. “NIST offers a process for security assessment that flows from an understanding of adversarial capabilities, types and sensitivities of data or controls to be protected, and available budget,” Archer said. “Following this process, you can identify potential security risks specific to the system and then develop practices to secure the system against those risks becoming vulnerabilities.”

Permalink

DARPA looks to measure privacy protection

GCN

“Privacy, especially when it comes to data, can be difficult to pin down. Security measures are key, but when done wrong can add to the difficulty, making it hard for authorized users to effectively access the data they need. So the Defense Advanced Research Projects Agency has been funding research efforts to develop technologies that could help bridge troublesome privacy gaps.”

Permalink

Isaac Potoczny Jones: Encryption Debate – The Issue Isn’t Strong Crypto; It’s Easy Crypto

NextGov

strong encryption is not the real issue that faces law enforcement now. In reality, strong encryption has been available for decades. The real issue that government agencies are facing today is actually easy, default, and ubiquitous crypto. Ease of use and security are both in the interest of the public, and in line with the White House cybersecurity priorities.

Permalink

Mobile security Q&A with Isaac Potoczny-Jones: Securing the mobile minimum viable app

CSO

We know application security is one of the most important aspects of data security, but if software teams are moving more quickly than ever to push apps out, security and quality assurance needs to be along for the process. The flip side is minimum apps and features could mean less attack surface. To get some answers on the state of mobile app security and securing the MVP, we reached out to Isaac Potoczny-Jones research lead, computer security with a computer security research and development firm Galois.

Permalink

DDoS Defense: Better Traction in Tandem?

Security Intelligence

With DDoS tools and hacking-as-a-service now available for purchase at virtually any Dark Web marketplace and effectively being advertised through public attacks, companies are understandably concerned. Even when caught midstream, it’s difficult to respond before servers start failing and other, more sophisticated attacks take aim at critical corporate data. As a result, dealing with DDoS has become a top priority for organizations like the DHS, which just awarded a $1.7 million contract to tech company Galois in hopes of strengthening DDoS defense.

Permalink

Department of Homeland Security doles out $1.7 million for DDoS protection

The Washington Times

Galois of Portland announced on Monday this week that the federal government has contracted the company to develop technology capable of countering DDoS attempts — elementary but often successful cyberattacks in which hackers cause a computer system to collapse by subjecting it to a sudden surge in traffic. Individuals ranging from politically-motivated hacktivists to state-sponsored cyberwarriors have relied on DDoS attacks to take entire systems offline. And yet while the lasting effects may be minimal, downtime suffered by the likes of a major financial institution — or, as Galois’ contract suggests, a government agency — may cause immeasurable damages.

Permalink

Galois Awarded $1.7 Million DHS Contract To Combat DDoS Attacks

Galois today announced it has been awarded a $1.7 million contract by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to create technology that is capable of defending against large and sophisticated Distributed Denial of Service (DDoS) attacks. The contract is part of the DHS S&T Cyber Security Division’s larger Distributed Denial of Service Defenses (DDoSD) program.

Read More

Adam Wick on Security, Formal Methods, Types, Unikernels, HaLVM, DRM

InfoQ

Adam Wick leads the systems software group at R&D company Galois, Inc. Galois does research in formal methods, programming languages, OS, compiler engineering, and security. Adam has worked in a variety of fields from HW synthesis to web apps, but has recently focused on network and OS security. Amongst his current jobs, he also maintains HaLVM and oversees Galois’ projects using it.

Permalink