Isaac Potoczny-Jones, founder and CEO, Tozny said: “This is an excellent example of how developers make mistakes in implementing cryptography, which undermines the power of those toolkits. Crypto is extremely hard to get right.

“This legislation marks a sea change in the continuing conflict between personal privacy and public good,” said David Archer, principal research scientist at Galois, a computer science firm. “The technology mandated here assures two things: that public policies affecting real people can be decided based on factual data about them, and that the privacy of […]

As secure HTTPS becomes more pervasive, it is worth asking: why should you end-to-end encrypt data when HTTPS is pretty secure? The answer is that HTTPS is an important but small piece of the crypto puzzle. Organizations determining what additional security requirements are needed should start the process by answering a few key questions

Legacy systems in the government are hard to secure against cyberattack, and that goes double for the embedded, real-time systems at the heart of the many control systems in advanced weapons, power plants and mission-critical infrastructure. Galois, a Portland, Ore.,-based secure software developer, has linked up with the Office of Naval Research under a three-year, […]

[…] there are a variety of methods to filter and redirect traffic, especially for those systems housed in the cloud. However, for the biggest attacks, and for institutions that cannot create replicated versions of their systems in the cloud, techniques such as 3DCoP are key in mitigating DDoS risk. Specifically, we believe that it is […]

What is the single best thing that military and civilian government agencies can do in their search for an all-in-one cybersecurity solution? Simple: Give up hope. As counterintuitive as that may sound, there is no magic bullet that will solve all our cybersecurity challenges. A sufficiently-motivated and capable adversary will get around our defenses, given […]

FHE allows for conducting more complex functions than Somewhat Homomorphic Encryption. “There’s more and more data available,” Archer says. “And people are recognizing, maybe not for the first time, that it’s important to keep that data private, yet it would be great if we could get utility out of it.” A researcher studying the opioid […]

Email was initially created without security in mind and we’ve paid for it ever since by continually bolting fixes onto it, said Isaac Potoczny-Jones, research lead at Galois. But the complexity of connected vehicle systems has created pushback on the issue of cybersecurity, he noted. “Innovative areas like this have a real challenge in baking nonfunctional requirements like cybersecurity into the basis of their systems,” Potoczny-Jones said. “But just because there’s no value today in attackers targeting these systems that there won’t be value tomorrow. We don’t know what we’re up against tomorrow. Things change. They will start to target these systems.”

Specifically, Galois will develop its Prattle system for the Air Force. Galois describes Prattle as a system that generates traffic that misleads an attacker that has penetrated a network: making them doubt what they have learned, or to cause them to make mistakes that increase their likelihood of being detected sooner.

The Air Force is giving Galois a $750,000 grant to work on the program as part of a larger $100 million effort to expand cyber detection technologies. The funds will be used to take the program out of its prototype phase. “The idea is to try to fool the adversary about what’s going on in the world, so that they either make bad decisions they take longer or they are easier to detect,” said Adam Wick, research lead at Galois, the company contracted with the Air Force for the project.