Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

PODCAST: The coming spike in ‘GPS jamming’ and ‘GPS spoofing’

If you’re like me, you’ve become obsessed with using GPS to find your way around town. Personally, I’d peg the accuracy of my GPS usage, locally and while on business travel, at roughly 85 percent, which is pretty darn good.

GPS isn’t infallible, of course. Just ask the woman in Port Jervis, New York who, on Nov. 5, blindly obeyed GPS, and drove her car down a muddy bank into the Neversink River. She’s not alone. GPS-myopic drivers have steered vehicles into bodies of water, up staircases, into buildings, onto golf courses and even off cliffs.

Relacted article: How Russia’s election meddling relates to power grid hacks

But here’s something to consider: could a GPS hack have factored into any of these mishaps? I learned about the two primary forms of GPS attacks — GPS jamming and GPS spoofing — from speaking with Vlad Gostomelsky, a security researcher at Spirent Communications.

Precise time, location

Gostomelsky explained how GPS is a worldwide network used for positioning and timing. A number of satellites encircling earth send timing signals to each individual receiving device, like your smartphone. Your iPhone or Android device uses these signals to calculate your precise location at a precise time.

“GPS is really important because we use it to get an exact time for financial transactions and for  server logs,” Gostomelsky says. “And it’s used extensively for navigation both for car GPSs and for smart vehicles.” (more…)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

GUEST ESSAY: A call for rethinking incidence response playbooks

By Liz Maida

We see it week after week. Insidious cyber threats that spread throughout enterprises like wildfire and proliferate around the globe, interfering with crucial work and holding data hostage. These attacks make the news cycle for a few days, security teams wring their hands over it, and then forget all about it – until the next attack. Lather, rinse, repeat.

When will the security community get smarter about our approach to identifying and thwarting cyber threats, instead of just responding to the one at hand?

Related video: Tempered Networks introduces identity-based networks

The known threat of today — whether it’s malware, social engineering or phishing — inevitably morphs into the zero-day threat of tomorrow. Which means that all the tactical work security teams …more

PODCAST: Why ‘machine learning’ is perfectly suited to mitigating network breaches

By Byron V. Acohido

The essence of  “machine learning” is that ML is perfectly suited to extracting value from large sets of data.

Thus, whether you realize it or not, ML has come to intersect with just about every aspect of daily living. ML today is used pervasively to profile our online behaviors. When we search for something on Google, make a purchase on Amazon, stream a movie from Netflix, post to Facebook, or Tweet, all of that data is stored and analyzed. And now ML advances are being applied to vehicle and driver data to rapidly steer us (pun intended) towards everyday dependence on driverless vehicles.

But there is another arena where one would expect ML to be making a much larger impact than it has to date: cybersecurity.

Related article: 2018 – Year of the CISO

Consider this: the typical corporate IT system is a sprawling amoeba generating large sets of data, minute-by-minute, day-by-day, from dozens of disparate systems. Hidden in this tumult of network logs are the fingerprints of threat actors actively stealing and disrupting – or getting into position to do so. …more

MY TAKE: How I came to cover two great ‘beats’ in my journalism career

By Byron V. Acohido

I’ve had the great good fortune to spend most of my career as a “beat reporter” covering two astounding beats.

The articles you see here on LastWatchdog are the work of my second great beat, which I’ve been immersed in since approximately 2004: cybersecurity. Or to put a finer point on it, I live and breathe developments having to do with the for-profit leveraging of the Internet, by both good guys and bad guys.

A journalist couldn’t ask for a richer topic. Cybersecurity affects how we live, work and play. Cybersecurity, at this moment, underpins the profound shifts in culture, economics, politics and national security we are all experiencing.

Related: Univerisity of San Diego lists LastWatchdog as top cybersecurity blog for 2017

Related: VPNMentor includes LastWatchog as Top 20 security blog

I’ve won my fair share of recognition for my work as a journalist. This can be attributed mainly to practicing the craft professionally since 1977, and being blessed to work alongside iconic mentors and inspiring colleagues. I reached the pinnacle of my profession covering my first great beat, aviation safety, for the Seattle Times. I was awarded the 1997 Pulitzer Prize for Beat Reporting for my coverage of a deadly design flaw incorporated into the rudder actuator of Boeing 737 jetliners.

That said, two recent acknowledgements of the work I’m doing here at The LastWatchdog on Privacy & Security are top of mind at this moment. I’d like to thank the University of San Diego for naming LW as one of the top cybersecurity blogs of 2017. And my gratitude also goes out to  vpnmentor.com for placing LW on its list of Top 20 online security blogs of 2017. …more

PODCAST: The quest for relevant, actionable threat intelligence

By Byron V. Acohido

In the war on cyber crime, access to rich stores of threat intelligence has never really been the problem.

Quasi-government entities, like the United States Computer Emergency and Readiness Team (US-CERT,) and industry sharing groups, like the Information Sharing and Analysis Centers (ISACS,) supply a rich baseline of threat data.

Related video: Why the NIST framework is vital to baseline security

Meanwhile, cybersecurity companies like FireEye, Symantec, CrowdStrike, Palo Alto Networks, Dell SecureWorks, Kaspersky Lab and countless others routinely share some of their hard won intel publicly, for the greater good, while keeping some intel close — for primary use by their paying customers.

In 2013 a couple of buddies working as security analysts at organization deep within the U.S. military complex got frustrated by their inability to truly leverage the deluge of threat intel in an efficient way. So the two analysts, Ryan Trost and Wayne Chiang, launched ThreatQuotient. …more

MY TAKE: The way forward, despite overwhelming cyber threats

By Byron V. Acohido

NEW YORK CITY – Cyber Connect 2017 cybersecurity summit that just wrapped up at the beautiful Grand Hyatt located adjacent to Grand Central Station here in the Big Apple. I got the chance to be on the other side of the interview, sitting down with John Furrier and David Vellante, co-hosts of The Cube. We did it live; here’s the recorded stream.

GUEST ESSAY: “Chess Master Project’ should restore resiliency to U.S. power grid

By Paul Myer

The evolving risk of a coordinated, catastrophic, cyberattack on U.S. energy delivery systems (collectively known as “the power grid”) via vulnerable Industrial Control Systems (ICS), resulting in wide spread, prolonged power outages, is not a new concern to energy industry executives or government policy makers.

Owners and operators of energy sector assets understand the possible impacts of coordinated physical and cyber-attacks which threaten reliability and resilience of U.S. energy delivery systems. They experienced havoc and disruptive economic and social impacts from the prolonged power outages over wide-spread areas resulting from the 2003 North East Blackout and the 2011 Southwest Blackout events.

Related podcast: How Russia’s election tampering relates to Ukraine power grid attacks

However, with an industry-standing focus on grid reliability, a lack of qualified cyber security experts, and reliance on the fact that a hypothetical cyberattack event resulting in wide spread outages has not yet occurred on the U.S. power grid, energy sector utilities have become complacent in their cyber protection strategies. …more