News

Cyberspace is the next front in Iran-US conflict – and private companies may bear the brunt

January 13, 2020

by Bryan Cunningham

Front lines in an Iran-U.S. cyberwar are spread out all over the country. Taylor Vick/UnsplashCC BY

Iran and other nations have waged a stealth cyberwar against the United States for at least the past decade, largely targeting not the government itself but, rather, critical infrastructure companies. This threat to the private sector will get much worse before it gets better and businesses need to be prepared to deal with it.

As in the days of pirates and privateers, much of our nation’s critical infrastructure is controlled by private companies and enemy nations and their proxies are targeting them aggressively.

The U.S.-Iran cyberconflict has simmered for years, but the current crisis boiled over with Iranian attacks on U.S. interests in Iraq that led to the Jan. 3 U.S. drone strike that killed a senior Iranian general and terrorist leader. Iran’s supreme leader threatened “harsh revenge,” but said Iran would limit those efforts to military targets.

Read the entire article at The Conversation

Trump still uses his personal cell phone despite warnings and increased call scrutiny

December 10, 2019

The_phone_call picture of trump and giuliani

President Donald Trump has continued to use his personal cell phone to make calls, despite repeated warnings from his staff that the practice could leave him vulnerable to foreign surveillance, multiple officials told CNN.

“All communications devices of all senior government officials are targeted by foreign governments. This is not new,” Bryan Cunningham, executive director of the Cybersecurity Policy and Research Institute at the University of California-Irvine, told CNN last year.

“What is new in the cell phone age is the ease of intercepting them,” Cunningham added. “Of course, calls are only secure if both parties use a secure device.”

Read more at CNN

Russian spies likely intercepted ambassador’s cell phone call with Trump

November 15, 2019

US Ambassador to the European Union Gordon Sondland’s cell phone call to President Donald Trump from a restaurant in Ukraine this summer appears to be a shocking security breach that raises significant counterintelligence concerns, according to several former officials, who told CNN there is a high probability that intelligence agencies from numerous foreign countries, including Russia, were listening in on the conversation.

“All communications devices of all senior government officials are targeted by foreign governments. This is not new,” Bryan Cunningham, executive director of the Cybersecurity Policy and Research Institute at the University of California-Irvine, told CNN.

Read more at CNN

2019 Health Care Data Breaches Setting Records

September 26, 2019

by Janel MillerSeptember 26, 2019
~ Courtesy of Healio Primary Care

Picture of April Sather
April Sather

The article also said that more than 35 million individuals are known to have had their health care records “compromised, exposed, or impermissibly disclosed” thus far in 2019, which is more than the previous 3 full years combined.

A record-breaking 50 health care data breaches involving more than 500 records each were reported to HHS this past July, according to a report published in HIPAA Journal.

(more…)

Researcher Spotlight: Ian Harris

September 25, 2019

Ian Harris
Ian Harris

Professor of Computer Science at UCI Donald Bren School of Information and Computer Sciences

Researcher Spotlight: Ian Harris

What brought you to UCI?
I came to UCI because it’s in California and I wanted to work with the people here. I was already familiar with several UCI researchers, including Professor Dan Gajski who has since retired, and many of the group was known for embedded systems research. Embedded systems is basically IoT before the term IoT was coined.

What is your major focus area as a researcher, and why?
My major focus is the design and security of IoT systems. I have a strong background in digital hardware design in addition to low-level software development. That gives me an advantage in IoT systems which involve both hardware and software components. I was also a testing person in a previous research life and testing is closely related to security.

In one sentence, what is the most important question you want to address?
How do we secure IoT systems in a cost-effective way?

What has been (or will be) the impact of your research?
I’ve developed several hardware-based security approaches for IoT systems, including using the debug port of a processor to detect malware execution. I’ve developed methods to guarantee security of IoT networks, specifically Bluetooth Low Energy (BLE) networks. I’ve developed approaches to detect social engineering scams using natural language processing to understand the intent of sentences spoken by an attacker.

What is innovative about your research?
I try to make sure that all of my IoT security research is grounded in reality, so I evaluate it using real systems, not simulations. I also use Natural Language Processing to support security in the detection of social engineering scams.

What papers do you have coming through in the next year?
I expect to publish a paper on a new approach to reverse engineering malware executables which defeats code obfuscation techniques. I expect to publish the results of a study on the susceptibility of students to phone scams. We will publish the scams that we used so that other researchers can have a set of realistic scams to use for learning and evaluation.

UCI Cybersecurity Group Will Simulate Attacks

September 3, 2019

By Kevin Costelloe
Monday, August 26, 2019

A University of California-Irvine cybersecurity effort is planning a “test range” to simulate and evaluate various types of cyberattacks, the group’s executive director said.

UCI Cybersecurity Policy & Research Institute’s Bryan Cunningham said the effort will let the group “pretend we’re all different kinds of attacker groups” targeting electronic victims.

(more…)

Record-breaking year: UC Irvine nets $441 million in research funding

August 12, 2019

The earliest development of computers, servers and the internet didn’t factor in security from outside attacks, and “we’ve made the exact same mistake again with internet-connected devices that are not information-handling computers,” said Bryan Cunningham, executive director of UCI’s Cybersecurity Policy & Research Institute.

He’s overseeing a $1.4 million grant from the Herman P. & Sophia Taubman Foundation that’s taking a three-pronged approach to vulnerabilities in the Internet of Things, which includes all kinds of gadgets that can connect to the internet – from pacemakers and exercise trackers to smart speakers and apps that let you adjust the thermostat when you’re not home.

Read the full story at The Orange County Register.

Mobilizing A Collective Cyber Defense

Mobilizing A Collective Cyber Defense

August 8, 2019

Aug 28 Cover Flyer
As the constant news of yet another enterprise data breach becomes the norm, the private sector and government agencies must increase collaboration to increase resiliency and defenses to these attacks. While large corporations increase their budgets for cybersecurity, there must also be a concerted effort to ensure small and medium-sized businesses, sometimes the weakest link in our collective cybersecurity defenses, have the adequate tools and resources they need. Join a discussion between government and private sector subject matter experts and attendees on how we can best leverage public-private partnerships to mobilize a collective cyber defense.
Page 2of 7: 1 2 3 4 ... 7