Author Archive

Cyberspace is the next front in Iran-US conflict – and private companies may bear the brunt

by Bryan Cunningham

Front lines in an Iran-U.S. cyberwar are spread out all over the country. Taylor Vick/UnsplashCC BY

Iran and other nations have waged a stealth cyberwar against the United States for at least the past decade, largely targeting not the government itself but, rather, critical infrastructure companies. This threat to the private sector will get much worse before it gets better and businesses need to be prepared to deal with it.

As in the days of pirates and privateers, much of our nation’s critical infrastructure is controlled by private companies and enemy nations and their proxies are targeting them aggressively.

The U.S.-Iran cyberconflict has simmered for years, but the current crisis boiled over with Iranian attacks on U.S. interests in Iraq that led to the Jan. 3 U.S. drone strike that killed a senior Iranian general and terrorist leader. Iran’s supreme leader threatened “harsh revenge,” but said Iran would limit those efforts to military targets.

Read the entire article at The Conversation

Trump still uses his personal cell phone despite warnings and increased call scrutiny

The_phone_call picture of trump and giuliani

President Donald Trump has continued to use his personal cell phone to make calls, despite repeated warnings from his staff that the practice could leave him vulnerable to foreign surveillance, multiple officials told CNN.

“All communications devices of all senior government officials are targeted by foreign governments. This is not new,” Bryan Cunningham, executive director of the Cybersecurity Policy and Research Institute at the University of California-Irvine, told CNN last year.

“What is new in the cell phone age is the ease of intercepting them,” Cunningham added. “Of course, calls are only secure if both parties use a secure device.”

Read more at CNN

Russian spies likely intercepted ambassador’s cell phone call with Trump

US Ambassador to the European Union Gordon Sondland’s cell phone call to President Donald Trump from a restaurant in Ukraine this summer appears to be a shocking security breach that raises significant counterintelligence concerns, according to several former officials, who told CNN there is a high probability that intelligence agencies from numerous foreign countries, including Russia, were listening in on the conversation.

“All communications devices of all senior government officials are targeted by foreign governments. This is not new,” Bryan Cunningham, executive director of the Cybersecurity Policy and Research Institute at the University of California-Irvine, told CNN.

Read more at CNN

2019 Health Care Data Breaches Setting Records

by Janel MillerSeptember 26, 2019
~ Courtesy of Healio Primary Care

Picture of April Sather
April Sather

The article also said that more than 35 million individuals are known to have had their health care records “compromised, exposed, or impermissibly disclosed” thus far in 2019, which is more than the previous 3 full years combined.

A record-breaking 50 health care data breaches involving more than 500 records each were reported to HHS this past July, according to a report published in HIPAA Journal.

(more…)

Researcher Spotlight: Ian Harris

Ian Harris
Ian Harris

Professor of Computer Science at UCI Donald Bren School of Information and Computer Sciences

Researcher Spotlight: Ian Harris

What brought you to UCI?
I came to UCI because it’s in California and I wanted to work with the people here. I was already familiar with several UCI researchers, including Professor Dan Gajski who has since retired, and many of the group was known for embedded systems research. Embedded systems is basically IoT before the term IoT was coined.

What is your major focus area as a researcher, and why?
My major focus is the design and security of IoT systems. I have a strong background in digital hardware design in addition to low-level software development. That gives me an advantage in IoT systems which involve both hardware and software components. I was also a testing person in a previous research life and testing is closely related to security.

In one sentence, what is the most important question you want to address?
How do we secure IoT systems in a cost-effective way?

What has been (or will be) the impact of your research?
I’ve developed several hardware-based security approaches for IoT systems, including using the debug port of a processor to detect malware execution. I’ve developed methods to guarantee security of IoT networks, specifically Bluetooth Low Energy (BLE) networks. I’ve developed approaches to detect social engineering scams using natural language processing to understand the intent of sentences spoken by an attacker.

What is innovative about your research?
I try to make sure that all of my IoT security research is grounded in reality, so I evaluate it using real systems, not simulations. I also use Natural Language Processing to support security in the detection of social engineering scams.

What papers do you have coming through in the next year?
I expect to publish a paper on a new approach to reverse engineering malware executables which defeats code obfuscation techniques. I expect to publish the results of a study on the susceptibility of students to phone scams. We will publish the scams that we used so that other researchers can have a set of realistic scams to use for learning and evaluation.

UCI Cybersecurity Group Will Simulate Attacks

By Kevin Costelloe
Monday, August 26, 2019

A University of California-Irvine cybersecurity effort is planning a “test range” to simulate and evaluate various types of cyberattacks, the group’s executive director said.

UCI Cybersecurity Policy & Research Institute’s Bryan Cunningham said the effort will let the group “pretend we’re all different kinds of attacker groups” targeting electronic victims.

(more…)

Record-breaking year: UC Irvine nets $441 million in research funding

The earliest development of computers, servers and the internet didn’t factor in security from outside attacks, and “we’ve made the exact same mistake again with internet-connected devices that are not information-handling computers,” said Bryan Cunningham, executive director of UCI’s Cybersecurity Policy & Research Institute.

He’s overseeing a $1.4 million grant from the Herman P. & Sophia Taubman Foundation that’s taking a three-pronged approach to vulnerabilities in the Internet of Things, which includes all kinds of gadgets that can connect to the internet – from pacemakers and exercise trackers to smart speakers and apps that let you adjust the thermostat when you’re not home.

Read the full story at The Orange County Register.

Avast Blog: “Avast CEO Vince Steckler Gives a Q&A on His Ten Years at the Top”

Vince Steckler

Q: What does being a UC Irvine alum mean to you?

A: I’m on the Executive Committee of the UCI Cybersecurity Policy & Research Institute, and if you look at the people on that committee, it is really world class. When a large public university achieves that kind of excellence, it helps a lot of people. Cybersecurity needs the best minds and lots of them, and you don’t always get there by being exclusive and prestigious, like some private colleges. A large, diverse student body can really provide great competition. Avast is protection for people, and UC schools provide top education for people through a real meritocracy. I like that atmosphere of meritocracy more than aristocracy when people are launching their careers. Personally we also fund a number of scholarships and fellowships at UCI focused on women in computer science. In cybersecurity, tech, and science generally there is a real need to diametrically increase diversity in some key areas. UCI is making great strides there, and I love being part of that.

Read the full story on the Avast Blog.

Page 3of 5: 1 2 3 4 5