Security Technology

Renesas to provide chips for Toyota's self-driving cars

DETROIT (Reuters) - Renesas Electronics Corp said on Tuesday it will provide semiconductors for self-driving cars that Japanese automaker Toyota Motor Corp plans to bring to market in 2020.

from Reuters: Technology News http://ift.tt/2iiyYD3

ADP, ISS reject Ackman's claims they exchanged non-public data

(Reuters) - Automatic Data Processing Inc rejected as "false and misleading" on Tuesday the accusation by billionaire investor William Ackman that the company gave proxy adviser Institutional Shareholder Services non-publicly disclosed information.

from Reuters: Technology News http://ift.tt/2z13XOv

Lawmakers turn to tech sector for answers on 2016 election

WASHINGTON (Reuters) - Lawyers from Facebook Inc , Twitter Inc and Alphabet Inc's Google head before U.S. lawmakers on Tuesday for two days of hearings on how Russia allegedly used their services to try to sway the 2016 U.S. elections.

from Reuters: Technology News http://ift.tt/2xF9GFR

Exclusive - Orange is the new bank? Telecoms giant ventures into lending

PARIS/LONDON (Reuters) - Telecoms giant Orange launches its own bank on Thursday, aiming to win 25 percent of France's online banking market by capitalizing on the rising use of smartphones to steal share from established lenders with inferior technology.

from Reuters: Technology News http://ift.tt/2ij1Zi9

U.S. lawmakers turn to tech sector for answers on 2016 election

from Reuters: Technology News http://ift.tt/2zUU5Tp

Senators to introduce bill to boost cyber defenses of voting systems

WASHINGTON (Reuters) - A bipartisan pair of U.S. senators plans to introduce legislation on Tuesday seeking to boost the cyber defenses of state election systems, after warnings from senior U.S. officials that future elections may be vulnerable to foreign interference.

from Reuters: Technology News http://ift.tt/2A3tioO

Senators to introduce bill to protect state voting systems from hacking

from Reuters: Technology News http://ift.tt/2z1hoxL

Uber CEO lobbies in Brazil against tough regulation, urges compromise

BRASILIA (Reuters) - The new chief executive of Uber Technologies Inc [UBER.UL] appealed to Brazilian lawmakers in the country's capital on Tuesday to block elements of a bill he said threatened the ride-hailing app's business model, calling for more dialogue and sensible regulation.

from Reuters: Technology News http://ift.tt/2lyZME6

CME to launch bitcoin futures in fourth quarter subject to approvals

NEW YORK (Reuters) - CME Group Inc , the world's largest futures market operator, said on Tuesday it intends to launch bitcoin futures in the fourth quarter, pending regulatory approvals.

from Reuters: Technology News http://ift.tt/2yiyVSA

Senators aim to protect election systems from hacking

from Reuters: Technology News http://ift.tt/2z10zkm

Protecting Critical Infrastructure from Cyber Threats

This last week of National Cyber Security Awareness Month (NCSAM), we focus on critical infrastructure (CI). For many years now we have discussed and seen the result of poorly designed and protected control system networks. I wrote on this very topic back in 2016. Now the threat landscape has evolved further and the attack surface is growing by the minute. By 2020, Gartner analysts predict there will be 20 billion connected devices globally. In the first half of 2017 alone, we reported more than 1.8 million cyber attacks have been conducted through home network routers. We are entering a new age with the convergence of IT and OT propelled by Artificial Intelligence. It will bring incredible innovations and efficiencies for smart homes, factories and cities; however, if we do not design and secure them properly we face grave consequences in our near future.

According to the 2017 Emerging Technology Domains Risk Survey released on October 20 from the CERT Coordination Center (CERT/CC), the three domains that it considers high-priority for outreach and analysis in 2017 are Intelligent Transportation Systems; Machine Learning; and Smart Robots. Having come to similar conclusions late last year we have dedicated a lot of engineering, research and resources to understand and protect the booming growth of smart infrastructure. Our Forward Looking Threat Research (FTR) team published reports this year highlighting the growth and innovation of smart cities but also focused on the risks posed by exposed cities. They also dove into discovering the vulnerabilities of critical manufacturing specifically around robotic infrastructure and demonstrated how easily they can be exploited. In addition, just last week we released a paper taking a deeper look into Intelligent Transportation Systems (ITS).

In this report we explored real world ITS cyber attacks and their impact and then we applied the industry standard DREAD (Damage Potential, Reproducibility, Exploitability, Affected Users, Discoverability) threat model to assess ITS cybersecurity risks. It is critical for us to identify the evolutionary changes to IT and OT infrastructure and threats that target them to help our customers develop and deploy robust enterprise risk management strategies.

Our reports try to answer three basic questions, what is the problem (systemic or technical threat or vulnerability); why should CISOs care; and how do they reduce the corresponding risk? Answering the “what” often times is a challenge. We take considerable care in our research to breakdown the trends in infrastructure coupled with the corresponding user behaviors; and expose the current and emerging threats and vulnerabilities. For example in the ITS report released last week, our researchers thoroughly dig deep into understanding intelligent transportation systems, their users and current attacks waged against them. The “why” is the most critical for CISOs of critical infrastructure to answer.

They face constant infrastructure changes that expand their attack surfaces from mobile, wireless, cloud, and industrial IoT. This coupled with minimal human resources and growing security stacks, prioritization becomes paramount. Using a threat model such as DREAD enables our researchers address the “why.” Our researchers analyzed and labeled ITS by Impact Severity Level (ISL) and then scored different physical, network and wireless attacks under Damage Potential, Reproducibility, Exploitability, Affected Users, Discoverability categories. The result, of the total number of threats that were modeled:

85 percent were rated as High Risk, 40 percent were rated as Medium Risk, and 6.15 percent were rated as Low Risk.
Of the High Risk threats, 71.4 percent were network attacks 31.4 percent were wireless attacks, and 25.7 percent were physical attacks and;
DDoS attacks against exposed cyber infrastructure, electronic jamming of wireless transmissions, vulnerability exploitation, and credential brute forcing attacks all scored the highest risk.

Incorporating threat modeling into our reports as seen here is key for us to help CISOs answer the “why.” If not answered properly, critical infrastructure CISOs are thus unable to answer the “how,” which ultimately is the application of maximum protection against the greatest risk.