Careers
This is a archive for Careers.
Wednesday, January 11, 2012 @ 10:01 AM gHale
Byres Security Inc. named Frank Williams senior product manager focusing on strategy, platforms and sales channels for growing the Tofino Security line.
Williams has 30 years of senior management experience in bringing new technologies to market in the process automation industries.
RELATED STORIES
Belden Deals for Byres Security
ICS, SCADA Boot Camp 2.0
ICS, SCADA Security Boot Camp
SCADA Hacking via Search Engines
During his career, Williams has been a key player in taking new technologies like industrial computers, industrial-grade human machine interface (HMI), fieldbus devices and industrial wireless from early to mainstream adoption in the automation industries.
In a move to strengthen its position in the security market, signal transmission provider Belden purchased Byres Security in September.
Most recently Williams was chief executive of ELPRO Technologies Pty Ltd., an industrial wireless products developer and president and chief executive of Action Instruments, a global supplier of single conditioners, measurement and data acquisition solutions for industrial and process businesses.
“Industrial cyber security is the next major impactful technology to hit the automation and process control industries,” Williams said.
“We are very excited to have Frank join our team,” said Joann Byres, vice president and general manager of Byres Security. “He adds a wealth of automation industry business and management experience into our group, and he will be invaluable as we ramp up development and sales channels as part of Belden.”
Thursday, November 3, 2011 @ 05:11 PM gHale
Danish vulnerability management company Secunia wants to make reporting software vulnerabilities easier for security researchers by offering to coordinate disclosure with vendors on their behalf.
The Secunia Vulnerability Coordination Reward Programme (SVCRP) is the latest addition to a list of offerings like TippingPoint’s Zero Day Initiative or Verisign’s iDefense Labs Vulnerability Contributor Program, which allow researchers to avoid the hassle of dealing with different vendor bug reporting policies.
RELATED STORIES
Tool Can Beat CAPTCHA
Paper Sensor Detects Explosives
Smartphones Get Smarter, Stealthier
Technology Keeps Private Data Private
SVCRP doesn’t aim to be an alternative to these programs, but a complement, said Carsten Eiram, Secunia’s chief security specialist.
“Other major vulnerability coordination offerings exist but most have a business model wrapped around them,” Eiram said.
“Most other schemes pay researchers for their discoveries, and, while these offerings are excellent for researchers, the companies are, naturally, very selective in which vulnerabilities they wish to purchase and coordinate,” he said.
Secunia plans to fill the void left by other programs by accepting the vulnerabilities they reject, regardless of their classification and as long as they are in off-the-shelf products. Flaws discovered in online services such as Facebook, for example, do not qualify.
The company won’t profit directly from SVCRP and doesn’t plan to provide advance notification about the reported flaws to its customers, as other companies do. “All customers, as well as the community at large, will receive the information simultaneously when the Secunia advisory is published,” Secunia said.
Researchers will continue to receive payments they are entitled to from vendors for disclosing vulnerabilities even if they use SVCRP for coordination, Secunia said.
However, vendors have the final word on whether they will pay out rewards to researchers who offload vulnerability coordination work to companies such as Secunia.
If you look at the guidelines of Google’s Chromium Vulnerability Rewards Program, it is clear that vulnerabilities disclosed through brokers and other third parties are not likely to receive a bounty.
“I do not know whether Google would pay for vulnerabilities coordinated via Secunia, however, considering the nature and the purpose of our program, especially the fact that we don’t have a business model wrapped around it, seems to make it more likely that Google would accept reports via Secunia rather than other programs,” said Thomas Kristensen, Secunia’s chief security officer and co-founder.
Secunia’s own experts will investigate and confirm every submitted vulnerability before sharing it with the corresponding vendor, so researchers will get independent validation of their findings, and affected companies will receive consistent reports.
Unlike other programs, SVCRP doesn’t require researchers to provide working exploits for the vulnerabilities they find. Kristensen said providing only information that allows his company to reproduce the findings will suffice, although additional details are welcome.
This allows security researchers to focus more on what they do best — finding vulnerabilities — than on writing reliable exploits, which can take a considerable amount of time. Not all researchers’ skills fall in the exploit writing category and not every exploit writer is necessarily good at finding vulnerabilities.
Monday, October 31, 2011 @ 03:10 PM gHale
Hackers continue to steal identities, break into bank accounts and breach computer systems – and they get to the point of interrupting water or electricity service to targeted populations.
Along those lines, Sandia National Laboratories plans to increase cyber security research over the coming year through the new Cyber Engineering Research Institute (CERI) that will more closely coordinate with industry and universities and have a presence on Sandia campuses in New Mexico and California.
RELATED STORIES
Energy Dept. Cyber Attack Victim
Whitelisting a Solid Security Tool
Automation Industry on Anonymous Alert
3 Face Hacking Charges in AZ, CA
“The paradox is that even as we rely increasingly on computers to run our utilities, banks and basic security measures, the possibility of an adversary seriously damaging the increasingly complex programs that run these concerns has increased,” said , Rob Leland, Sandia Computer Science Research Center director during a two-day cyber security meeting
A key to developing strong cyber defenses is painting a realistic picture of the threats, said Ann Campbell, Sandia senior manager for cyber research. Firewalls and anti virus software are important but sophisticated adversaries are more devious. They may introduce malicious elements into the supply chain so they later can steal information, whether personal or relating to national security, or weaken an information system by degrading its performance or availability.
“The nation needs to find ways to share threat information without compromising sensitive information,” Campbell said.
The difficulties of defending against cyber attacks and what to do to change that situation, were major themes of the second University Partners Cyber Open House and Workshop led by Sandia researcher Ben Cook, manager of Cyber Research and Education.
“One of our overarching purposes for holding this workshop was to increase awareness of Sandia as a research and educational partner,” said Cook. “There are few places in the country where a student can come and work on real cyber security projects that have national impact.”
Attendees included 30 professors from across the U.S., along with cyber security program directors from the Department of Homeland Security and the National Science Foundation (NSF).
The meeting divided overwhelming macro-security problems into more workable pieces.
Another problem is stagnating student enrollment in cyber courses.
One way to solve that problem, and at the same time come up with radical security innovations, could be through the historically effective method of prize competitions, said Carl Landwehr, NSF’s program director for Trusted Computing.
“Evidence shows that a well-framed public competition can trigger innovation,” he said.
Landwehr highlighted the limited progress to date in building appropriate cyber defenses for large-scale computer systems. “I’ve been working on this problem for 40 years, and all I’ve seen are Bandaids,” he said. Then he provided a list of historical examples — one dating back to a 15th century design competition for a cathedral dome in Florence, Italy — to show how public competitions have led to technological breakthroughs, as well as significant public involvement.
A cyber security design competition with a particular target, prize and completion date, he said, could not only lead to radical technical solutions, but also help reinvigorate the research community and attract students to a field facing chronic talent shortages.
One reason for tepid student interest is that society rewards those who come up with imaginative, money-making programs, not cybercops, participants pointed out.
Also, university professors may find teaching the dynamic ins and outs of immediate response to threat less appealing than extensive investigations within specialty areas that lead to peer-reviewed publications.
As professor Ravi Sandhu of the University of Texas-San Antonio put it, “Academic incentives may encourage inertia, and inertia will not solve this problem.”
He said an effective cyber security curriculum might include computer science theory, principles and practice; security theory; STEM (Science, Technology, Engineering and Mathematics) instruction, principles and practice; and statistics, sociology, organizational theory, economics, game theory, laws, regulations, compliance, privacy, history, successes and failures.
“In a world of overwhelming complexity, with incomprehensible advances happening in every branch of computing every month, how do we train a cadre of enough students with enough incentives to learn so much that they can actively contribute before their [computer] knowledge is dated?” he said.
Friday, August 19, 2011 @ 04:08 PM gHale
The U.S. wants to boost the cyber security workforce and hike the pool of skilled workers under a new education plan.
The goal of the National Initiative for Cybersecurity Education (NICE) plan, released by the U.S. National Institute of Standards and Technology (NIST), is to improve U.S. cyber security by focusing on education, the agency said.
RELATED STORIES
PhD Program Tackles Cyber Security
Cyber Security Education in Action
Help Wanted: Government Hackers
Paranoia Means Better Security
“The cyber security vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity,” the agency said in the draft plan. “Now is the time to begin a coordinated national initiative focused on cyber security awareness, education, training, and professional development. The United States must encourage cyber security competence across the nation and build an agile, highly skilled workforce capable of responding to a dynamic and rapidly developing array of threats.”
Cyber security experts and tech vendors have long called for an increased government focus on cyber security education and training. NICE grew out of the U.S. White House’s Comprehensive National Cybersecurity Initiative, released in 2008.
The plan focuses on public awareness as well as school- and college-based education. One of the plan’s goals is to raise awareness of cyber risks among U.S. residents.
“The American public has grown increasingly dependent on online activities to manage all aspects of daily life and remains largely unaware of the risks threatening their privacy, safety, and financial security,” the plan said. “This initiative needs to make more people aware that malicious actors exist and are ready to take advantage of people’s willingness to accept information from or provide personal information over the Internet.”
NIST also called for elementary and high schools to improve math and science education and to increase the number and quality of computer science courses. There needs to be new incentives to support graduate-level cyber security research, the agency said.
Friday, August 19, 2011 @ 04:08 PM gHale
Computer viruses, botnets, Trojans, malware, worms, and cyber attacks are among the online evil and crime that can defy any fiction writer’s imagination.
The traditional mindset just won’t work in battling the terror. That is where the University of Illinois at Chicago (UIC) doctoral students come in as they will soon get their chance to tackle the beast through a multi-disciplinary academic attack.
RELATED STORIES
Public, Private Sectors Partner on Security
Unified Strategy for Net Unleashed
Career Move: Biosafety Training
Grad Students Enlist in War Against Cyber Terrorism
“Malware and cyber-attack losses are estimated to run into at least the billions of dollars a year,” Sloan said. “Simultaneously, we face increasing loss of control over our personal information which can be stolen by cyber-attacks or made public through social media.”
UIC is receiving $3.2 million from the National Science Foundation over the next five years to form IGERT – an Integrative Graduate Education and Research Traineeship program. This is where doctoral students in a variety of fields will tackle electronic security and privacy matters from business, engineering, legal and social science perspectives.
“Technological expertise is a necessity to fight these threats, but technological solutions divorced from human, social, economic and legal considerations all too often fail,” said Robert Sloan, professor and head of computer science and a principal investigator of the IGERT grant.
Lead principal investigator (PI) Venkat Venkatakrishnan, associate professor of computer science, has been a pioneering researcher of online security and privacy issues since his own days as a doctoral student. Venkatakrishnan headed up efforts to secure the IGERT grant with the aid of more than a dozen researchers at UIC and other universities.
Sloan, along with Chicago-Kent College of Law professor Richard Warner, has successfully taught courses on privacy and security to a mix of computer science and law students. It convinced him of the benefits to multidisciplinary instruction.
Other co-PIs on the grant include Ranganathan Chandrasekaran, associate professor of information and decision sciences, who will focus on the economics of information security and risk analysis. Steven Jones, professor of communication, will focus on user attitudes toward security and privacy technologies. Annette Valenta, professor of biomedical and health information sciences, will focus on healthcare electronic security and privacy – a major concern as health records increasingly become digitalized.
Between 25 and 30 doctoral students will receive $30,000 annual stipends plus tuition for two years. The first students are likely to start the program in the fall, 2012 semester. Student eligibility requirements include U.S. citizenship or a Green Card.
While IGERT participants will earn their Ph.D.s from various academic departments, Sloan said each will take a required set of five multidisciplinary courses. Each student will write a dissertation on a topic related to electronic security and privacy.
“We anticipate creating a new concentration in electronic security and privacy, so a student will graduate with a Ph.D. in, for example, communications, electrical and computer engineering or computer science with a concentration in electronic security and privacy,” he said.
Wednesday, August 10, 2011 @ 04:08 PM gHale
When it comes to cyber security, the future all depends on a well-educated populace. That is where programs like the Cyber Innovation Center in Bossier City, LA, come into play.
“Cyberspace is an important part of our daily lives—from how we work and communicate to how we protect national and homeland security,” said Secretary of Homeland Security Janet Napolitano. “We are pleased to partner with the Cyber Innovation Center to enhance cyber education and prepare future generations as well as our current workforce in an ever-changing cyber world.”
RELATED STORIES
Help Wanted: Government Hackers
Web Sites to Find if You’re a Target
Paranoia Means Better Security
In July 2011, DHS awarded $300,000 in grant funding to the Cyber Innovation Center to support their cyber camp and other educational programs—focusing on science, technology, engineering, and mathematics across all education levels, the cyber camps seek to build a sustainable knowledge-based workforce that can support the future needs of government, industry, and academia.
“Threats to our homeland continue to change, especially in the emerging area of cyber security. Louisiana has stepped up to meet the 21st Century challenges that threaten our national security and economic stability,” said U.S. Senator Mary Landrieu. “The $300,000 grant DHS has awarded to the Cyber Innovation Center in Bossier City will help build a well-trained workforce to develop cutting edge technology that we need to counter this threat.”
Over the past two years, DHS has increased the size of its cyber security workforce by 500 percent and works with academic institutions to encourage graduates to pursue careers in this emerging field through competitive scholarships, fellowships, and internship programs. The Department also partners with other agencies to carry out the National Initiative for Cybersecurity Education, which seeks to develop successful training and development programs for the nation’s cyber workforce.
Thursday, August 4, 2011 @ 03:08 PM gHale
Want to hack for a living, give the National Security Agency a call, or DHS, or NASA or DoD.
Computer hacker skills are in demand in the U.S. government in the ongoing battle to fight the cyber wars that pose a growing national security threat. Good guy hackers are in short supply.
RELATED STORIES
Feds Fear New Stuxnet Threats
Busted: FBI Takes On Hackers
Web Sites to Find if You’re a Target
Paranoia Means Better Security
A panoply of government agencies — DOD, DHS, NASA, NSA — are even going to Las Vegas for Defcon, an annual hacker convention. There should be close to 10,000 hackers at the conference.
The National Security Agency (NSA) is among the keen suitors. This agency plays offense and defense in the cyber wars. It conducts electronic eavesdropping on adversaries and protects U.S. computer networks that hold top secret information.
“Today it’s cyber warriors that we’re looking for, not rocket scientists,” said Richard George, technical director of the NSA’s Information Assurance Directorate, the agency’s cyber-defense side.
The NSA is hiring about 1,500 people in the fiscal year which ends Sept. 30 and another 1,500 next year, most of them cyber experts. With a workforce of just over 30,000, the Fort Meade, MD-based NSA dwarfs other intelligence agencies, including the CIA.
It also engages in cyber-spying and other offensive operations, something it rarely discusses publicly.
NSA, along with the other federal agencies, are facing stiff competition with corporations also on the hunt for hacking talent.
The NSA needs cyber security experts to harden networks, defend them with updates, do “penetration testing” to find security holes and watch for any signs of cyber attacks.
The NSA is expanding its fold of hackers, but George said there is a shortage of those skills. “We are straining to hire the people that we need.”
Friday, June 24, 2011 @ 04:06 PM gHale
Clean energy got a little greener this week as General Electric Co. and its venture capital partners said they will invest a further $63 million in 10 start-up ventures.
The investments, in areas such as solar thermal systems and LED lighting, are part of GE’s ongoing “ecomagination challenge,” a program that reviews thousands of start-ups’ business plans for possible funding. Much of the technology focuses on reducing energy use in the home, or on better communication between energy users and utilities.
RELATED STORIES
Self-Cleaning Anodes Power Coal Fuel Cells
Waste Heat Converts to Energy
Charging Up Battery Research
Sunlight to Hydrogen System Works
The investments aim to help innovative technology reach a commercial stage earlier. To that end, GE will partner with Best Buy Co. Inc., the companies said.
“We’re going to fast-track them from the idea stage to store shelves,” said Beth Comstock, GE’s chief marketing officer.
Energy-reducing products, such as a home energy control device and a solar air conditioning control system, will be available at Best Buy stores in 2012. A GE product to monitor home electricity use, “Nucleus,” will come out later this year.
GE said its investments typically involve taking an equity stake in the start-up companies. One of GE’s initial 2010 investments, in Ireland-based smart-grid company FMC-Tech, led GE to buy the company this month. It declined to disclose the purchase price but said that deal would close next month.
GE, the world’s largest maker of electric turbines, is working with venture capital firms Kleiner Perkins Caufield, RockPort Capital, Foundation Capital and Emerald Technology Ventures.
So far, GE and its partners have allocated about $134 million out of a planned $200 million in funding for start-ups working on commercial products to reduce energy use.
Among the 10 start-ups winning GE funding are Ember, a Boston communications and software company; Austin-based Nuventix and Manchester, England-based VPhase, which both make building efficiency systems; and WiTricity, a communications and software company in Watertown, Massachusetts.
The partners will also award $100,000 feed grants to five winners of an innovation contest for ideas such as windows that collect solar energy.
Wednesday, June 15, 2011 @ 11:06 PM gHale
Everyone relies on integrated circuits in our laptops, desktops and mobile devices to communicate, access information and store data. But that all works if the circuits in your computer are on the up and up.
Jia Di, associate professor of computer science and computer engineering at the University of Arkansas, Fayetteville, said it would be very easy for hardware designers to insert malicious functionalities into their designs.
“With a few lines of code, they can put in additional functionalities,” said Di. “They could steal your information or modify the data you receive without you knowing.”
This type of code, called hardware descriptive language, or HDL, describes the design of a piece of hardware. Often, companies that make the hardware buy certain designs from third parties, and have no way of knowing if the HDL contains code that could present a security threat. “It would be exhaustively hard to test for these,” said Di.
In spite of this challenge, the Department of Defense is making hardware security a priority, and Di earned a $250,000 grant from the Defense Advanced Research Projects Agency to develop a way to test hardware designs for malicious elements.
Di and his students are now creating a tool that can look at HDL code and determine all the functionalities it is capable of performing. In the next phase of the project, they will find a way to figure out if any of those functionalities are malicious.
Wednesday, May 25, 2011 @ 02:05 PM gHale
The annual harvestable amount of solar energy is around 50 Terrawatts and the world consumes 15 Terrawatts of power every year. If you do some simple math, it goes to show if we can capture a fraction of the solar energy emitted a year, we could set the energy crisis aside and go on to tackle other pressing issues.
That is where Stevens Institute of Technology comes in as they are working on a supercapacitor that will allow us to harness more of this renewable energy through biochar electrodes for supercapacitors, resulting in a cleaner, greener planet.
Supercapacitors are common today in solar panels and hydrogen fuel cell car batteries, but the material they use to store energy, activated carbon, is unsustainable and expensive. Biochar, on the other hand, represents a cheap, green alternative.
Biochar electrodes for supercapacitors are now in development and the Stevens chemical engineering design team of Rachel Kenion, Liana Vaccari, and Katie Van Strander is looking to bring their solution to market.
For their project, the team designed, fabricated, and tested a prototype supercapacitor electrode. The group demonstrated biochar’s feasibility as an alternative to activated carbon for electrodes, which can go in hybrid electric automobile batteries or home energy storage in solar panels.
Biochar is a green solution to the activated carbon currently used in supercapacitor electrodes. Unlike activated carbon, biochar is the byproduct of the pyrolysis process used to produce biofuels. That is, biochar comes from the burning of organic matter. As the use of biofuels increases, biochar production increases as well.
“With our process, we are able to take that biochar and put it to good use in supercapacitors,” Vaccari said. “Our supply comes from goldenrod crop, and through an IP-protected process, most organics, metals, and other impurities are removed. It is a more sustainable method of production than activated carbon.”
Another significant advantage: Biochar is nontoxic and will not pollute the soil when discarded. The team estimates biochar costs almost half as much as activated carbon, and is more sustainable because it reuses the waste from biofuel production, a process with sustainable intentions to begin with.
One of the largest concerns for solar panel production today is the sheer cost of manufacturing supercapacitors. Current photovoltaic arrays rely on supercapacitors to store the energy harnessed from the sun. And while the growth rate of supercapacitors is advancing at 20 percent a year, their cost is still very high, in part because they require activated carbon. Biochar, on the other hand, is cheaper and readily available as a byproduct of a process already used in energy production.
“My favorite part of this project was seeing the creation of the prototype,” Van Strander said. “It was cool to be able to hold it in my hand and test it and say that I made this.”
“Using this technology, we can reduce the cost of manufacturing supercapacitors by lowering the cost of the electrodes,” Van Strander said. “Our goal is eventually to manufacture these electrodes and sell them to a company that already makes supercapacitors. Once supercapacitors become cheaper, they will become more common and be integrated into more and more devices.”
