Press Releases

ACSC Press Releases

Below are our latest press releases, and you can also click on the year to look through our archives. 

March 27, 2019

Three Top Boston Executives Join Advanced Cyber Security Center Board of Directors

Rick Grinnell (Founder and Managing Partner, Glasswing Ventures), John Letchford (CIO, UMass President’s Office) and Adeel Saeed (CISO, State Street) augment executive leadership of regional cybersecurity collaborative

January 7, 2019

Advanced Cyber Security Center Report Identifies Need for Board-Level Cyber Risk Management Standard

The Advanced Cyber Security Center (ACSC) today announced the findings of its first annual effective practice report, “Leveraging Board Governance for Cybersecurity, The CISO / CIO Perspective,” which calls for Boards to be active governance partners in “collaborative cyber defense.”

July 26, 2018 ACSC

Spring 2018

The ACSC had a busy first half of 2018 executing across all three of our primary focus areas - collaborative defense, workforce development, and public policy. Our members are active and involved in our workshops, forums and research and contribute critical and compelling insights to our monthly meetings. This information sharing with peers and across multiple sectors provides significant value to our members, particularly through the opportunities discussed below.

April 19, 2018 ACSC

Campaign Cyber Defense Workshop Announced for June 4th in Boston

The ACSC works with industry, government and academic experts to explore strategies for strengthening election security and campaign reputation management.

April 10, 2018 ACSC

Janet Levesque Joins Advanced Cyber Security Center Board of Directors

Seasoned cyber security and technology executive compliments executive leadership on regional cyber security collaborative.

January 8, 2018 ACSC

ACSC Names Lisa Johnson Director of Programs and Communications

Lisa Johnson brings her 10 years of marketing, content, and event experience to the ACSC community.

December 18, 2017 ACSC

ACSC Survey Finds Massachusetts Residents Deeply Concerned Over Privacy and Control of Personal Data

The Advanced Cyber Security Center (ACSC) today announced the results of a cyber security public opinion survey that finds Massachusetts residents deeply concerned over privacy and the control of their personal data. Titled “Cyber Security Post Equifax: Perceptions and Priorities from Massachusetts Residents,” the study examines public opinion on consumer and privacy matters related to cyber security.

November 17, 2017 ACSC

Fall 2017 Newsletter

Diversity, Startups, & Executive Positions

November 13, 2017 ACSC

Getting Past Blame: A Community Strategy for Hacking Security

The ACSC was invited to speak at the recent HIMSS Healthcare Security Forum (Boston, Sept. 11-13), the only peer-to-peer networking event focused on healthcare’s unique privacy and security challenges and threats. ACSC Executive Director Michael Figueroa took to the stage for a session titled “Getting Past Blame, offering a community strategy for hacking security.”

October 10, 2017 ACSC

ACSC Conference 2017 - Registration Open

The 2017 Advanced Cyber Security Center (ACSC) Annual Conference will take place from 8:00 am to 5:30 pm on Thursday, November 2, at the Federal Reserve Bank of Boston. The event brings together more than 200 executives and experts from the region’s industry, investor, university, and government organizations to address best practices for combatting the most advanced cyber threats.

July 16, 2017 ACSC

ACSC Joins Army National Guard Cybersecurity Seminar, Kicking Off “Exercise Cyber Yankee”

The ACSC supported the Army National Guard by hosting a cyber seminar as part of Exercise Cyber Yankee at Joint Base Cape Cod, a training exercise designed to simulate a cyber attack.

June 5, 2017 ACSC

Kasha Gauthier Joins the ACSC

Infosec veteran to oversee collaboration between industry, government, and academia; channel talent into local New England security jobs.

September 21, 2016

Opinion: For the sake of privacy, pardon Snowden

While Edward Snowden's leaks damaged US national security, the disclosures also led to crucial surveillance reforms. A pardon would signal to the world the US has learned from its mistakes and respects internet freedom, privacy, and human rights.

August 3, 2016

Homeland Security chief weighs plan to protect voting from hackers

Secretary of Homeland Security Jeh Johnson said he's considering whether to designate the US election system as critical infrastructure, which could trigger greater cybersecurity at the ballot box.

July 12, 2016

White House releases federal cybersecurity workforce strategy

The government is putting additional weight behind recruiting and retaining talent for information security jobs.

April 4, 2016

Cybersecurity spending: more does not necessarily mean better

Cybersecurity budgeting should start with a holistic and comprehensive risk assessment. Once all threats and vulnerabilities are listed and prioritized, companies can proceed to properly managed RFP to select right security controls. A security control shall assure appropriate, efficient and continuous risk mitigation in accordance to corporate risk strategy and risk appetite. However, in reality things happen in much different and less effective way.

March 24, 2016

Small banks face the greatest risk from hackers

Cyberattacks on the country’s largest banks, from JPMorgan Chase & Co. to Bank of America Corp., grab the headlines. But the Federal Reserve Bank of Boston and other regulators worry that smaller banks, with less robust cybersecurity, provide easier targets for criminals, terrorists, and foreign states seeking to infiltrate the US financial system.

February 29, 2016

Pentagon chief to appeal to Silicon Valley for help with cybersecurity

Defense Secretary Ashton Carter will visit a crucial front this week in the war the Pentagon considers its greatest potential threat: cyberspace.

February 26, 2016

Giving veterans a new start in cybersecurity

When Chris Crace, a Marine Corps captain, left the military in August 2006 he wasn't sure what to do next — a dilemma for many former military personnel.

February 25, 2016

U.S. Power Producers Seeking to Stem Grid Cybersecurity Threats

Exelon Corp. and other major U.S. power producers are in discussions with regulators and stakeholders on a detailed plan for preventing and responding to cyberattacks designed to disrupt the country’s electric system.

February 24, 2016

BlackBerry Buys UK’s Encription To Kickstart A New Cybersecurity Consultancy

BlackBerry is not the smartphone powerhouse it used to be, but it’s been making a concerted effort to hold on to its position as a go-to place for enterprise customers, specifically in highly secure environments. As part of that strategy, today the company announced that it has acquired Encription Ltd, a cybersecurity consultancy that delivers services globally but operates “from a secure location in Worcestershire” in the UK.

February 23, 2016

AT&T, Accenture, Nokia Invest 23 Million in Cybersecurity Startup-Creator

Team8, a cybersecurity startup based in Israel, said Tuesday it raised $23 million. The Series B round of financing includes investors AT&T T -0.33% , Accenture ACN -0.70% , Nokia NOK -1.78% , Japanese conglomerate Mitsui, and Singaporean government-owned Temasek.

February 22, 2016 ACSC

More than 1.3m Mass. residents affected by data breaches

More than 1.3 million Massachusetts residents had personal information compromised last year by cybercriminals, careless workers, and old-fashioned crooks, a fourfold increase from 2014 and the most since the state began tracking data breaches in 2007.

February 19, 2016

Apple, FBI in 'PR war': Cybersecurity expert

Apple's legal encounter with the FBI does not boil down to a fundamental right to privacy, but rather a battle of appearances, Michael Fertik, Internet security expert at, said Friday.

February 18, 2016

Two Mass. companies help found cybersecurity policy group

Hollywood Presbyterian Medical Center is the target on an ongoing cyberattack that has limited doctors' ability to access patient records.

February 17, 2016

Hackers’ Ransom Attack On California Hospital More Proof Healthcare Cybersecurity Is Floundering

Hollywood Presbyterian Medical Center is the target on an ongoing cyberattack that has limited doctors' ability to access patient records.

February 16, 2016

Protections and Rewards for Cybersecurity Whistleblowers

With cybersecurity becoming a topic of ever-increasing visibility and importance, information security professionals ask what protection they have when they make potentially unpopular disclosures of cybersecurity issues.

February 15, 2016

American Bureau of Shipping Publishes Cybersecurity Guidance

It is the first volume in the ABS CyberSafety™ series, which covers best practices in four key areas: cybersecurity, automated systems safety, data management and software assurance.

February 12, 2016

Cybersecurity & Healthcare: Does Cybersecurity Act Help or Hurt?

Without adequate resources, the new Cybersecurity Act of 2015 Act is merely a snapshot in time that does little to safeguard sensitive medical information.

February 11, 2016

Here's What 19B Will Buy the U.S. Government in Cybersecurity Measures

These questions originally appeared on Quora - the knowledge sharing network where compelling questions are answered by people with unique insights. Answers by Ed Felten, Deputy U.S. Chief Technology Officer, on Quora.

February 10, 2016

Andy Ozment on Information Sharing and Cybersecurity

The Homeland Security official discusses the potential impact of recent legislation

February 9, 2016

Obama signs two executive orders on cybersecurity

hrough two executive orders signed Tuesday, President Obama put in place a structure to fortify the government's defenses against cyber attacks and protect the personal information the government keeps about its citizens.

February 8, 2016

Report examines the massive future cybersecurity problem of connected cars

The cybersecurity of connected vehicles was called 'a massive future security problem just around the corner.'

February 5, 2016

Regulations, cybersecurity main hurdles left for autonomous vehicles

'Thieves no longer need a crowbar to break into your car, they just need an iPhone,' says Sen. Markey

February 4, 2016

Top Six Actions to Manage Hospital Cybersecurity Risks

Here are the best ways to tackle security issues in your hospital.

February 3, 2016

Clinton Calls Cybersecurity ‘One of the Most Important Challenges’ for the Next President

At the end of a get out the vote campaign event in New Hampshire on Wednesday, Hillary Clinton was asked about her plans for protecting cyber security.

February 2, 2016

Corporate legal dept. finds role shifting amid cybersecurity, privacy concerns

That “giant sucking sound” that can be heard is the tangled monster of data security and privacy issues pulling “all lawyers with expertise” into its grip, Juliet M. Hanna, associate general counsel at Fannie Mae, told attendees of the LegalTech conference in New York Tuesday.

February 1, 2016

Venture Capitalists Chase Rising Cybersecurity Spending

Investors have been pouring money into companies selling “next-generation” security products.

January 29, 2016

FDA outlines cybersecurity recommendations for medical device manufacturers

The U.S. Food and Drug Administration today issued a draft guidance outlining important steps medical device manufacturers should take to continually address cybersecurity risks to keep patients safe and better protect the public health. From 1/15/16

January 28, 2016

Ben Carson’s Cybersecurity Plan Is Terrible. But At Least He Has One.

It’s old news by now that Republican presidential candidate Ben Carson—despite his medical degree—has a tenuous relationship with science. So I didn’t exactly have great expectations for his campaign’s cybersecurity plan, modestly titled “Prescription for Winning the 21st Century Cyberspace Race.” To be honest, I wasn’t expecting a dedicated cybersecurity plan at all, much less an op-ed dedicated to the topic by Carson in Re/code this week.

January 27, 2016

Bank of America's Unlimited Cybersecurity Budget Sums Up Spending Plans In A War Against Hackers

The U.S. federal government, big banks, and big businesses are spending big bucks in a war against hackers and cyber criminals.

January 26, 2016

8 tips for recruiting cybersecurity talent

Finding cybersecurity talent isn't easy, but it's even harder if you use the same methods that work for other IT talent specialties. Here's how to get it right.

January 25, 2016

Brown to offer Executive Master in Cybersecurity

Brown University’s School of Professional Studies announces a new 16-month program leading to an Executive Master in Cybersecurity degree. Enrollment is underway for the fall session of the new degree program, created for individuals with five to 15 years of managerial experience and responsibility for information security.

January 22, 2016

Feds bankroll $4.2M UMass program for cybersecurity training

Cybersecurity is one of the hottest fields in technology. And that means there’s plenty of competition for bright young people with the right skills. Government agencies are trying to improve their recruitment of these in-demand graduates by bankrolling scholarships for digital security students, including a new program at UMass Amherst. The $4.2 million grant-funded initiative will help train up to 28 students in cybersecurity at the school for two years each, beginning this fall.

December 18, 2015

Obama to sign cybersecurity bill as privacy advocates fume

President Barack Obama is set to sign the most substantial piece of cybersecurity legislation in years, after an intense sprint of 24/7 negotiations managed to get the bill ready in time to be attached to the government spending measure the House and Senate approved Friday.

December 17, 2015

Validating Supply Chain Cybersecurity

How to identify risks, understand downstream effects, and prepare for incidents.

December 16, 2015

Former national security officials urge government to embrace rise of encryption

A number of former senior national security officials are urging that the government embrace the move to strong encryption by tech companies — even if it means law enforcement will be unable to monitor some phone calls and text messages in terrorism and criminal investigations.

December 15, 2015

Major cyber bill expected in omnibus

A major cybersecurity bill will likely be included in a sweeping omnibus spending deal expected late Tuesday night, according to multiple people with knowledge of the talks.

December 14, 2015

Twitter begins warning users of attacks from state-sponsored hackers

Twitter has begun notifying account holders who the company believes are being targeted by state-sponsored hackers, following in the footsteps of Google and Facebook as government-hired cyber spies continue to set their sights on social media.

December 11, 2015

Anonymous launches operation against Trump

The activist hacking group Anonymous has selected Donald Trump as its latest target in the wake of the GOP presidential candidate's proposal to ban Muslims from entering the U.S.

December 10, 2015

The human factor in cybersecurity: 5 key thoughts

Though often discussed in highly technical terms, cybersecurity and safeguarding patient data are arguably more human-centric than anything. The root cause of breaches is usually human error — an employee who falls for a phishing scam or shares a password, for example. Research from IBM shows 95 percent of all security incidents involve human error.

December 9, 2015

Survey: Agencies love the NIST cybersecurity framework

Both the public and private sector are finding the guide to be a vital tool.

December 8, 2015

Tech sector denounces bill requiring firms report terrorist activity

In the wake of terrorist attacks in California and Paris, Sens. Dianne Feinstein and Richard Burr are reviving a controversial proposal requiring social media sites report terrorist activity to federal authorities.

December 7, 2015

Clone of Want job security? Try cybersecurity

Even as employers added 211,000 jobs in November, prospective employees still have trouble finding jobs — unless you work in cybersecurity. That is one field where the demand for workers routinely outpaces applicants.

December 7, 2015

Want job security? Try cybersecurity

Even as employers added 211,000 jobs in November, prospective employees still have trouble finding jobs — unless you work in cybersecurity. That is one field where the demand for workers routinely outpaces applicants.

December 4, 2015

Lockheed Martin Corp. To Exit Cybersecurity, Double-Down On Helicopters And Combat Jets

Lockheed Martin Corp. has been planning to sell off or spin off its roughly $4 billion government information technology business since earlier this year. That would include its Cybersecurity unit.

December 3, 2015

Hotline Bling: China, U.S. Work to Further Cybersecurity Pact

The two countries aim to set up a ‘hotline mechanism’ for cybersecurity concerns and are taking other steps to discourage criminal hacking.

December 2, 2015

Cyber security market to grow big time

The global healthcare cybersecurity market is expected to exceed $10 million by 2022. To be exact, a new report pegs the market at $10,848.87 million in U.S. dollars.

December 1, 2015

New cybersecurity bills would add more secrecy for companies under public records laws

A proposed law meant to encourage companies to share information about cyberthreats with the U.S. government includes measures that could significantly limit what details, if any, the public can review about the program through federal and state public records laws.

November 30, 2015

How to improve international cyber-security

THE VAST stores of digital information generated by everyday lives—communications data, CCTV footage, credit-card records and much more—are now yielding invaluable clues about the terrorist attacks in Paris and are helping guide the hunt for the surviving plotters. But prevention is better than cure. The attacks have highlighted the failure of the authorities to share information across borders and agencies. How can this be improved?

November 27, 2015

Beware Black Friday Shoppers: New Malware Targeting POS Systems Discovered

Cybersecurity company iSight has discovered a new malware virus that is able to entrench itself so deeply into point-of-sale systems that it will be overlooked by most antivirus software. The firm states that the new form of attack is the most advanced that it has ever seen.

November 25, 2015

Getting started with a career in cybersecurity

With the ongoing and seemingly never-ending flood of cyberattacks, companies and governments the world over need experienced, skilled professionals to protect, defend, and strike back. But how do you get into the lucrative cybersecurity career? David Gewirtz has some advice.

November 24, 2015

How Lockheed Martin, Cisco and PWC manage cybersecurity

Forget systems … it’s your own people who are your greatest security threats. Luckily, and with training, they can also be your first line of defense.

November 23, 2015

Microsoft CEO takes a collaborative approach to cybersecurity

Microsoft CEO Nadella talks of company's role in an ‘ecosystem,’ saying partnerships and top-to-bottom protection and detection critical to battle emerging security threats.

November 20, 2015

State Dept. cybersecurity still lagging, audit finds

The State Department is not meeting federal information security requirements, potentially endangering the sensitive data it protects, according to an audit commissioned by the agency’s inspector general.

November 19, 2015

Cybersecurity Lessons Learned from the 9/11 Commission Report

Organizations must move beyond misaligned goals, poor collaboration, and organizational intransigence that hamper cybersecurity efforts at enterprise organizations.

November 18, 2015

Benchmark surveys: GCs, executives not prepared to defend against cyberbreaches - key protective steps

Although cybersecurity has become a more prominent issue for executives and boards of directors, three recent benchmark surveys − the BDO Board Survey, the 2015 Consero Group’s General Counsel Data Survey, and the 2015 US State of Cybercrime Survey − indicate that a number of cyber-preparedness gaps remain.

November 17, 2015

Closing the cybersecurity talent gap, one woman at a time

The severe shortage of cybersecurity talent is leaving the U.S. vulnerable to attacks. Women, in particular, are key to closing the security skills gap.

November 16, 2015

A Cybersecurity Generation Gap

Millennials--especially young women--not pursuing careers in cybersecurity due to lack of both awareness and interest.

November 15, 2015 ACSC

Two winners announced for the ACSC Cybersecurity Poster Session

Attendees of the ACSC Annual Conference voted for the top two student innovations presented during the ACSC Cybersecurity Poster Session

November 13, 2015

Cybersecurity Questions Anderson Cooper And Megyn Kelly Should Ask The Presidential Candidates

Here’s a call out to Cooper and Kelly – two the most popular media figures covering the Republican and Democratic front runners: Get the candidates talking about cybersecurity.

November 12, 2015

Cybersecurity: A Millisecond Defense

From access to activation, we pass through multiple digital ecosystems with devices that can be used to hack unrelated digital system processes in a millisecond.

November 11, 2015

Cyber vigilantes flex growing power

Activist hackers -- so-called hacktivists -- are getting harder to differentiate from more serious threats such as terrorist groups and nation-state cyber warriors, security researchers say.

November 10, 2015

Financial regulators weigh cybersecurity requirements

New York regulators are considering a host of cybersecurity requirements for banks and insurers and urged other state and federal authorities to collaborate on establishing a framework of defenses for the financial sector.

November 9, 2015

Know Thy Enemy. Hire a Hacker to Enhance Your Cybersecurity.

If your cybersecurity strategy isn’t up to snuff, you could be exposing your business to financial ruin.

November 6, 2015 ACSC

Same Rhetoric Permeates Going Dark Encryption Debate

The Going Dark encryption debate surfaced again on Wednesday at a small security conference here, and as in previous iterations before larger technical audiences and even Congress, the issue continues to spin on a hamster wheel going nowhere.

November 5, 2015 ACSC

Threat information without context is useless

On Wednesday, I attended an interesting panel on operationalizing threat intelligence at the Advanced Cyber Security Center conference held in Boston every year

November 4, 2015

The Biggest Cybersecurity Threat: The Energy Sector

Cybersecurity has been at the forefront of the news for several years. Coverage of the space usually focuses on a breach at a consumer-facing company, resulting in people’s credit cards, bank and personal records being stolen.

November 3, 2015

Experian Study on Data Breaches Reveals Gaps in Response Plans

While an increasing number of companies have a basic data breach response plan in place, many plans do not cover important steps and executives lack confidence in their ability to manage a major breach, according to a new study.

November 2, 2015

Data Privacy: The Next Big Lawsuit Bonanza

You’ve got to give the trial bar credit for being innovative. It has opened up a new frontier in the litigation sweepstakes—data privacy.

October 30, 2015

White House Details Plan to Bring Feds' Cybersecurity Up to Date

The White House announced plans on Friday to modernize the federal government's out-of-date cybersecurity practices. Work has been underway for much of the Obama administration, but the Office of Personnel Management hack reported in June must have made it abundantly clear that things weren't progressing fast enough.

October 29, 2015

The Problems Experts And Privacy Advocates Have With The Senate's Cybersecurity Bill

It took more than four years for the Senate to pass a cybersecurity bill. As the legislation grew stale amid compromise and contention on the Senate floor over the years, hackers continued to refine their criminal craft and develop more sophisticated methods of attack.

October 28, 2015

A Quick Guide to the Cybersecurity Bill Passed by the U.S. Senate

Yesterday, after more than a year of bickering, stalling and revising, the Senate passed its most significant cybersecurity bill to date 74–21.

October 27, 2015

7 Ways This Cybersecurity Expert Wants You to Protect Yourself Against Hackers

Here are seven tips from Michael Kaiser, executive director of the National Cyber Security Alliance, to help you protect yourself and your private information.

October 26, 2015

Senate cybersecurity bill misses the mark

Over the past few years, the federal government and big corporations, including Sony and Target, have been hit by massive data breaches, a chilling reminder of the severity and scope of cybersecurity threats.

October 23, 2015

Building Tomorrow’s Cybersecurity Workforce

Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.

October 22, 2015

Cybersecurity bill advances in Senate, but hurdles remain

Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.

October 21, 2015

CIOs reporting directly to CFOs can create massive cybersecurity headaches

Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.

October 20, 2015

Senate considers controversial cyber security bill

The U.S. Senate on Tuesday began debating a long-delayed bill that would make it easier for corporations to share information about cyber attacks with each other or the government without concern about lawsuits.

October 19, 2015

Cybersecurity Firm Says Chinese Hackers Keep Attacking U.S. Companies

It was heralded as the first concrete step taken by the United States and China on the thorny issue of online espionage.

October 16, 2015

A crackdown is coming on firms with lax cybersecurity

Financial firms that have lax cybersecurity practices can expect a crackdown from regulators, the head of the Securities and Exchange Commission’s enforcement unit said Friday.

October 15, 2015

SBA Unveils Small Business Cybersecurity Tools

In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses.

October 14, 2015

Federally funded education programs aren't effectively closing the cybersecurity skills gap, says panel

Some federally managed university education programs focused on cybersecurity cannot, in their current state, address the skills gap for operational cyber defense talent in the federal government, according to a report.

October 13, 2015

Officials: Be specific about cybersecurity during acquisition

The administration has been pushing agencies to include more cybersecurity language in contracts, specifically in citing control standards like those advanced by the National Institute of Standards and Technology.

October 12, 2015

Cybersecurity Insurance: 4 Practical Considerations

There can't be reliable cybersecurity insurance until companies can identify who is responsible for the continuous exploitation of stolen data, long-lasting attacks, and hardly-detectable APTs.

October 9, 2015

Dell Files Confidentially for IPO of Cybersecurity Unit SecureWorks

SecureWorks could begin trading by year-end and may be worth as much as $2 billion

October 8, 2015

Cybersecurity education report aims to address student 'confusion'

According to the report, government can do more to explain and streamline different programs and scholarships available to students who want cyber skills.Tuesday, the Department of Homeland Security (DHS) Cybersecurity Strategy Act of 2015 (HR 3510) passed the House of Representatives which would direct the Secretary of the Department of Homeland Security to develop a departmental strategy to carry out cybersecurity responsibilities as set forth in law.

October 7, 2015

Important Cybersecurity Strategy Bill Passes House

Tuesday, the Department of Homeland Security (DHS) Cybersecurity Strategy Act of 2015 (HR 3510) passed the House of Representatives which would direct the Secretary of the Department of Homeland Security to develop a departmental strategy to carry out cybersecurity responsibilities as set forth in law.

October 6, 2015

Cybersecurity information-sharing bill to get Senate vote in October

The Senate is expected to take up a bipartisan cybersecurity bill later this month aimed at thwarting more massive hack attacks against the federal government and American companies, the bill's lead sponsors announced Tuesday.

October 5, 2015

Krebs: Most Firms Fail to Take Simple Cybersecurity Measures

Reports show federal agencies are unprepared for hackers and pending legislation won't help much.

October 4, 2015

What Comes After Cybersecurity Awareness?

Last year, for National Cybersecurity Awareness Month, we asked whether 2014 would be the year cybersecurity finally sinks in.

October 2, 2015

Government Is the Biggest Cybersecurity Threat

Reports show federal agencies are unprepared for hackers and pending legislation won't help much.

October 1, 2015

Happy Cybersecurity Awareness Month?

Well intended effort only calls attention to pervasive cybersecurity ignorance throughout society

September 30, 2015

GAO report sheds light on federal agencies' cybersecurity flaws

A U.S. Government Accountability Office report released Tuesday revealed that federal agencies are struggling to implement effective cybersecurity measures and policies, a notion that will surprise few.

September 29, 2015

Defense, Intel Leaders: Cybersecurity Priorities are Defense, Deterrence

Top officials from the Defense Department and the intelligence community told a Senate panel that defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities. Deputy Defense Secretary Bob Work testified on cybersecurity policy and threats before the Senate Armed Services Committee, Sept. 29, 2015. Joining him were Director of National Intelligence James R. Clapper and Navy Adm. Mike Rogers, commander of U.S. Cyber Command and director of the National Security Agency.

September 28, 2015

Gender gap widens in cyber security field long dominated by men

Women account for just one out of 10 cyber security professionals, as the gender gap widened over two years in a male-dominated field with a drastic workforce shortage, a survey showed.

September 25, 2015

US reaches economic cybersecurity agreement with China

oday, President Obama, appearing with Chinese President Xi Jinping, announced that the United States and China had reached an agreement to curb "cyber-enabled theft of intellectual property" between the two countries

September 24, 2015

Cybersecurity Stocks: Which Is the Best?

FireEye (FEYE), Palo Alto Networks (PANW) and Cyberark Software (CYBR) are all providers of advanced cybersecurity products. While each company provides a vast array of services, each company also has a niche that defines it.

September 23, 2015

Cybersecurity legislation still draws intense opposition

Efforts to craft legislation that would promote sharing cyberthreat information between the private sector and government – without jeopardizing privacy, civil liberties and leaving organizations vulnerable to liability – isn’t there yet, according to critics.

September 22, 2015

SEC goes after investment adviser for poor cybersecurity

The Securities and Exchange Commission (SEC) settled charges Tuesday with an investment adviser that allegedly failed to properly protect its clients’ data in what might be a first-of-its-kind enforcement action.

September 21, 2015

Apple removes malicious apps after security breach

Apple Inc. has removed some applications from its App Store after developers in China were tricked into using software tools that added malicious code in an unusual security breach.

September 18, 2015

Cybersecurity Demands Culture Change, DoD Official Says

A change in culture is needed to protect against threats in the rapidly changing cyber domain, the Defense Department's chief information officer said here yesterday.

September 17, 2015

How to Pass a Cybersecurity Audit in 10 Steps

With data breaches becoming an unfortunate everyday occurrence, cybersecurity is no longer just an IT issue. Legal departments, which have a need to protect sensitive information, such as employees’ and clients’ personally identifiable information and nonpublic corporate information, are increasingly becoming involved in data security issues as the universe of risk exposure expands.

September 16, 2015

Jeb Bush unveils cybersecurity plan

Two days before the second Republican debate, Jeb Bush unveiled a cybersecurity plan Monday that he cast partly in terms of economics.

September 15, 2015

Ex-Spies Join Cybersecurity Fight

Firms turn to cloak-and-dagger tactics to infiltrate hacker groups and pre-empt attacks

September 14, 2015

US, China conclude cybersecurity discussions

Senior U.S. and Chinese officials wrapped up four days of meetings on cybersecurity over the weekend, Reuters reports.

September 11, 2015

Where Next for Government Cybersecurity?

On the 14th anniversary of 9/11/01, there are plenty of reasons to be thankful regarding public safety in America. And yet, there is also a growing list of cyber threats that are grabbing news headlines.

September 10, 2015

Insurance requirements can drive stronger cybersecurity, Treasury official says

The insurance industry has a key role to play in helping U.S. companies strengthen cybersecurity, a senior Treasury Department official said Thursday.

September 9, 2015

Opinion: On cybersecurity info sharing, it’s the medium not the message

If Congress succeeds in pushing through CISA, neither the bill in its current form – nor any of the amendments – will do much to increase the effectiveness or timeliness of cybersecurity information sharing.

September 8, 2015

U.S. Senator Says Nation Is 'On Point' with Cybersecurity

Although recent cyberattacks have affected U.S. agencies, one Congressman believes that the Army Cyber Command is completely prepared to take on any future hacks.

September 7, 2015

Kaspersky And FireEye Security Products Cracked By Researchers

A security researcher at Google made public the fact he had cracked Kaspersky’s anti-virus product before revealing the details to the Russian company.

September 3, 2015

The word for 2015: "Cybersecurity"

In the age of the mega-hack, a cyber protection industry percolates.

September 2, 2015

States taking steps to bolster cybersecurity

Two governors this week took executive action to improve their states’ cybersecurity defenses.

September 1, 2015

Do boards of directors actually care about cybersecurity?

Survey says business leaders probably don’t care as much about cybersecurity as they say they do

August 31, 2015

GSA Seeks Industry Input on Cybersecurity Schedule Offerings

Earlier this month, the U.S. General Services Administration (GSA) issued a Request for Information (RFI) soliciting feedback from industry on ways to improve the sale of Cybersecurity and Information Assurance (CyberIA) products and services through GSA’s multi-billion dollar Information Technology (IT) Schedule 70. - See more at:

August 28, 2015

Court ruling leads to fears of FTC litigation on cybersecurity

Industry groups are worried that an appeals court ruling giving the Federal Trade Commission permission to sue for shoddy cybersecurity will result in overregulation.

August 27, 2015

Military leaders warn U.S. is falling behind in cybersecurity

The United States is at risk of falling behind its enemies in the field of cybersecurity, military leaders said this week.

August 26, 2015

The 22 Amendments That Could Determine the Fate of the Senate's Cybersecurity Bill

After a brief but heated battle, senators packed up for summer recess early this month without voting on a key cybersecurity bill. In announcing that the bill's consideration would be delayed, Majority Leader Mitch McConnell lined up 22 amendments that will get a vote when the bill comes up again in the fall, a product of intense negotiations over the bill's fate.The latest research from forecasts the global cybersecurity market to jump from $106.32 billion in 2015 to $170.21 billion by 2020.

August 25, 2015

Cybersecurity Market Expected To Lock Down $170B

The latest research from forecasts the global cybersecurity market to jump from $106.32 billion in 2015 to $170.21 billion by 2020.

August 24, 2015

With a Major Cybersecurity Job Shortage, We Must Act Like We Are at War

Recently, the Internal Revenue Service revealed the data breach that happened in May via the agency’s “Get Transcript” program affected three times as many users as originally reported -- 334,000 accounts in all.

August 21, 2015

Survey Roundup: Execs Lack Confidence in Cybersecurity Plans

A survey of 100 security executives by Raytheon Cyber Products/Websense found 63% of respondents said their organization had suffered one or two breaches in the past year.

August 20, 2015

White House cybersecurity czar: Threat awareness has improved, but protection hasn't

Federal agencies are increasingly engaged in cybersecurity issues and understand they have something to protect, said the White House's cybersecurity czar, but he added that most agencies, like their private-sector counterparts, are not protecting themselves as well as they should.

August 19, 2015

Cybersecurity IPOs: two biggies to report... for now

Rapid7 and Sophos go IPO while many cybersecurity firms pursue M&A and investments.

August 18, 2015

Gaming Industry Seek Tougher Federal Cybersecurity Policies

Cyberscecurity is a growing concern after a number of large companies lost customer data during breaches in recent years.

August 17, 2015

Defense Spending Red Tape Endangers Cybersecurity

The Navy is using Windows XP because complicated spending rules have prevented a better upgrade.

July 10, 2015

The Dinosaurs Of Cybersecurity Are Planes, Power Grids And Hospitals

As we continue down the path toward complete connectivity — in which all devices, appliances and networks connect to each other and the Internet — it is evident that much of our longstanding technology can no longer keep up.

July 9, 2015

DHS Secretary: 'Federal Cybersecurity Is Not Where It Needs To Be'

Department of Homeland Security Secretary Jeh Johnson on Wednesday reaffirmed his goal to make the latest version of a cybersecurity intrusion detection and prevention platform -- known as EINSTEIN 3A -- available to all federal civilian agencies by the end of 2015

July 8, 2015

Steven LaFountain: Working to increase the cybersecurity talent pipeline

This summer, approximately 1,300 middle and high school students plus a number of K-12 teachers will attend cybersecurity camps at universities in 18 states, learning about online threats, basic cyber defenses and the ethics of operating in the virtual world.

July 7, 2015

New Cybersecurity Council backs info sharing legislation

Information sharing legislation has stalled in the Senate but that hasn't stopped government and industry from collaborating on cybersecurity issues.

July 6, 2015

When hackers get hacked: Hacking Team falls prey to hack attack.

Emails, passwords, and client lists were dumped online over the weekend as controversial Italian company Hacking Team found itself victim of a massive hack.

July 3, 2015

Cybersecurity legislation only a partial solution

The shocking truth is that only about 6 percent of healthcare data breaches to date are the work of hackers.

July 2, 2015

GAO sees room for improvement in bank cyber security exams

U.S. banking regulators must hire and train more examiners with technology expertise so they can give more useful cyber security recommendations to small and mid-sized banks, a federal watchdog agency has warned.

July 1, 2015

Doctors See Big Cybersecurity Risks, Compliance as Key for Hospitals

Cybersecurity and healthcare IT are both burgeoning areas of business. Put them together and you have a volatile mix of emerging technologies, security and privacy risks, and regulatory requirements—but also a lot of opportunity for growth and improvements.

June 30, 2015

When It Comes to Cybersecurity, Millennials Throw Caution to the Wind

Studies show young adults' risky online behaviors leave them more prone to cyber threats.

June 29, 2015

New tactics for improving critical infrastructure cybersecurity pushed by MIT consortium

The MIT Sloan School of Management has launched a consortium that touts interdisciplinary research and cooperation as keys to improving cybersecurity.

June 26, 2015

CIOs seek cybersecurity solutions, bigger voice in C-suite

Tech chiefs come together to sift through security issues, ranging from cybersecurity to budgets to CISO roles.

June 25, 2015

Military Branches Assemble to Break Ground on National Cybersecurity Strategy

The nation's best defense in cyberspace involves not only the military but private citizens and corporations, top security planners said in a closed-door meeting at the U.S. Army War College.

June 24, 2015

Officials Masked Severity Of Hack

OPM definition of hack allowed administration to initially deny security records were stolen; FBI suspects China was behind breach

June 24, 2015

Why Most Cybersecurity Activity Happens Outside the CISO’s Office

Most corporate cybersecurity efforts happen outside the official security department, says James Kaplan, a partner at McKinsey & Co. and co-author of “Beyond Cybersecurity: Protecting Your Digital Business.” Critical cybersecurity work touches all areas of a company, including risk management and application development, Mr. Kaplan said. He stopped by The Wall Street Journal’s office to discuss the current state of cybersecurity and how it can be more effective.

June 23, 2015

China says up to United States to resume cyber security talks

It is up to the United States to create conditions to resume regular talks on cyber security, China's foreign ministry said on Tuesday, as the two countries began three days of high-level meetings in Washington.

June 22, 2015

Money hasn't solved all our cybersecurity problems

Video report of expenditures by government and by private sectors.

June 19, 2015

This terrifying chart explains why cybersecurity is such a big problem for the government

The massive breach of Office of Personnel Management systems that compromised the personal data of millions of Americans is still making headlines. But behind those headlines is a much bigger story about the government's systematic failure to protect itself from cybersecurity risks that have expanded at an alarming rate.

June 18, 2015

Breach Defense Playbook, Part 4: Reviewing Your Cybersecurity Program

Most organizations are involved in a cyclical process of enhancing their cybersecurity posture focused around their sensitive data and processes. While enhancement involves roadmaps and milestones, a key element should also be evaluating your cybersecurity people, processes, and technology with the purpose of making transitional changes from a current state to a more secure future state.

June 17, 2015

Federal CIO says 'digitization of everything' will help enhance cybersecurity across government

The federal government's top technology official said June 15 that "the digitization of everything" will help accelerate a new technological model that infuses cybersecurity as a core component.

June 16, 2015

Cybersecurity stocks hit high; Goldman sees more

Cybersecurity stocks surged to an all-time high Friday as the U.S. government continues to investigate the possibility that Social Security numbers for every federal employee were stolen by hackers.

June 15, 2015

Feds on '30-day sprint' to better cybersecurity

As news of the full scope of the breach of Office of Management and Budget systems emerges, Federal CIO Tony Scott launched a government-wide Cybersecurity Sprint on June 12, giving agencies 30 days to shore up their systems.

June 12, 2015

Senate Rejects Measure to Strengthen Cybersecurity

On the heels of a vast breach of the personal information of federal employees, the Senate failed Thursday to advance a cybersecurity measure, the third time in three years that a bipartisan effort to tackle the problem has fallen victim to procedural actions.

June 11, 2015

Kaspersky Lab cybersecurity firm is hacked

Kaspersky Lab said it believed the attack was designed to spy on its newest technologies. It said the intrusion involved up to three previously unknown techniques. The Russian firm added that it was continuing to carry out checks, but believed it had detected the intrusion at an early stage. Although it acknowledged that the attackers had managed to access some of its files, it said that the data it had seen was "in no way critical to the operation" of its products.

June 10, 2015

Mitch McConnell tries to turn the tables on Dems with cyber bill

Senate Majority Leader Mitch McConnell is firing back at Senate Democrats’ procedural threats — by daring them to oppose a cybersecurity bill just days after a massive attack on the federal government’s computer systems was revealed. On Tuesday, McConnell announced his strategy to link the cybersecurity measure to a sweeping defense policy bill that’s now on the Senate floor. That could make it harder for Democrats to oppose the underlying bill, which they say uses a budget gimmick to boost defense funding.

June 9, 2015

Obama: U.S. Cybersecurity Problems Will Get Worse

The U.S. government has long known about its cybersecurity vulnerabilities, and the problem is only getting worse, President Barack Obama said Monday. "We have known for a long time that there are significant vulnerabilities, and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector," Obama said at news conference from the Group of Seven summit in Germany.

June 8, 2015

HackerOne turns hacking into legitimate, lucrative work

In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. They found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter, and 95 other companies’ systems. They called their list the Hack 100. When they alerted executives of those companies, about a third ignored them. Another third thanked them, curtly, but never fixed the flaws, while the rest raced to solve their issues. Thankfully for the young hackers, no one called the police.

June 5, 2015

US believes China behind cybersecurity breach affecting at least 4M federal employees

Hackers based in China are believed to be behind a massive data breach that could have compromised the personal data of at least 4 million current and former federal employees, U.S. officials said late Thursday.

June 4, 2015

Boston cybersecurity teams win a spot in Highland Capital’s pilot accelerator

Earlier this year, Highland Capital announced that in addition to hosting its competitive Summer@Highland accelerator in San Francisco this summer, it would also partner with a pair of MIT PhD students to launch a pilot accelerator in its Cambridge office specializing in cybersecurity startups. The program, Cybersecurity Factory, is being organized by Jean Yang and Frank Wang, and has just announced the two winning teams, both of which are Boston-based companies working on cloud encryption technology.

June 3, 2015

OVERNIGHT CYBERSECURITY: Senate finally passes NSA reform

It's finally over. The Senate on Tuesday sent legislation reforming the nation's surveillance laws to President Obama's desk. The 67-32 vote for the USA Freedom Act came more than 36 hours after three parts of the Patriot Act expired, forcing the National Security Agency (NSA) to wind down its bulk collection of U.S. phone data. The bill will essentially end the phone data collection program altogether.

June 2, 2015

The Power And Problem Of Privilege In Cybersecurity

All identities are not created equal. There are regular users. And then there are superusers, people who wield far greater access and privilege in the organization’s IT environment.

June 1, 2015

DoD slow to implement new rules on cybersecurity breaches

It's now been almost two years since the Defense Department issued a final rule requiring contractors to inform the government when their systems have been involved in cybersecurity breaches and that government technical data has been stolen.

May 29, 2015

NYSE and Veracode Reveal Surprising Results From Board Cybersecurity Survey

66% Are Not Confident Their Companies Are Properly Secured Against Cyberattacks

May 28, 2015

China cybersecurity plan aims to protect state secrets: official paper

China will prepare a five-year cybersecurity plan to protect state secrets and data, the official China Daily said on Thursday, citing a senior official of the Ministry of Industry and Information Technology.

May 27, 2015

A growing threat: Car hacking

A string of high-profile hacks — the most recent on President Obama’s personal email account — have made cybercrime an ever-growing concern in the United States. Despite the publicity, most people still think of hacking as something which is done only to information systems like computers and mobile devices. In reality, hacking is no longer confined to the information world. The level of automation in modern physical systems means that even everyday automobiles are now vulnerable to hacking.

May 26, 2015

What the security industry can learn from the World Health Organization

The discovery of computer bugs can be marketing boons for cybersecurity firms. But one critic says the industry should take a page from the health profession and select names for flaws that aren't designed to stoke fear or generate buzz.

May 25, 2015

Division of Investment Management Issues Cybersecurity Guidance-- Securities and Exchange Commission

On April 28, 2015, the staff of the Division of Investment Management of the SEC published a Guidance Update addressing cybersecurity risks and the need for funds and advisers to protect confidential and sensitive information concerning fund investors and advisory clients.

May 22, 2015

IEEE Cybersecurity Initiative Releases “Building Code for Medical Device Software Security”

IEEE, the world's largest professional organization dedicated to advancing technology for humanity, today announced the release of Building Code for Medical Device Software Security, a set of guidelines to help companies establish a secure baseline for software development and production practices of medical devices. Authored by leading security research scientists Tom Haigh and Carl Landwehr, Building Code for Medical Device Software Security provides the blueprint to reduce or eliminate vulnerabilities that adversaries can exploit to gain access to medical devices.

May 21, 2015

DoJ Calls On Private Sector to Strengthen Cybersecurity

The U.S. Department of Justice is stepping up its program to engage more actively with the private sector on dealing with cybercrime and cybersecurity breaches.

May 20, 2015

Toward Omniscient Cybersecurity Systems

CISOs need an all-knowing central system to truly address their cybersecurity monitoring, diagnostics, and operations need

May 19, 2015

CyberFed Encourages Women to Become more Involved in Cybersecurity

Men have long dominated the technology industry and the Cybersecurity Competition Federation (CyberFed) seeks to close that gender gap. To educate and inspire women to participate in cybersecurity competitions, CyberFed produces The CyberFed Show to showcase more women in the cybersecurity sector.

May 18, 2015

Inflated Cybersecurity Threat Escalates US-China Mistrust

The rhetorical spiral of mistrust in the Sino-American relationship threatens to undermine the mutual benefits of the information revolution. Fears about the paralysis of the United States' digital infrastructure or the hemorrhage of its competitive advantage are exaggerated. Policymakers in the United States often portray China as posing a serious cybersecurity threat. In 2013 U.S. National Security Adviser Tom Donilon stated that Chinese cyber intrusions not only endanger national security but also threaten U.S. firms with the loss of competitive advantage.

May 15, 2015

What is ‘cybersecurity law’?

Cybersecurity has become a big deal. Corporations have begun to worry about cybersecurity risks. In response, some major law firms have recently established or significantly bolstered practice groups in cybersecurity law. If you look closely, though, there isn’t much clarity about what ‘cybersecurity law’ actually means. In this post, I thought I would explain what I think of as the field of cybersecurity law.

May 14, 2015

For hackers, people are an IT system’s weak link

As big businesses spend millions of dollars to plug holes in their technology and block cyber criminals from databases of private consumer information, hackers are increasingly targeting a different weakness: employees. They are sending official-looking e-mails to large health systems, banks, retailers, and vendors to try to trick employees into giving up passwords or other credentials. Armed with employee passwords, criminals can access mines of sensitive information and use it to steal identities and commit fraud. That is how data from about 3,300 patients was breached last year at Partners HealthCare. Several employees responded to so-called phishing e-mails and mistakenly allowed access to patient names, addresses, health insurance information, and Social Security numbers. It turns out that tricking an employee to give up a password is easier than hacking, cyber-security specialists said.

May 13, 2015

Women In Security Speak Out On Why There Are Still So Few Of Them

They're now CISOs, security officials in DHS and the NSA, researchers, and key players in security -- but women remain a mere 10% of the industry population. It's a perplexing -- and sometimes annoying -- question nearly every female information security professional hears over and over again: why are there still so few women in their field? Just 10% of information security pros worldwide are women today, according to the latest data from (ISC)2, despite the fact that women are getting more high-profile roles in the industry and that there are job opportunities aplenty. It's a reality that confounds and frustrates many women in the industry, who today represent a mix of researchers, chief information security officers, executives, and top government cyber security leaders.

May 12, 2015

Quantum computing is about to overturn cybersecurity’s balance of power

“Spooky action at a distance” is how Albert Einstein described one of the key principles of quantum mechanics: entanglement. Entanglement occurs when two particles become related such that they can coordinate their properties instantly even across a galaxy. Think of wormholes in space or Star Trek transporters that beam atoms to distant locations. Quantum mechanics posits other spooky things too: particles with a mysterious property called superposition, which allows them to have a value of one and zero at the same time; and particles’ ability to tunnel through barriers as if they were walking through a wall.

May 11, 2015

Whistleblower accuses cybersecurity company of extorting clients

A cybersecurity company faked hacks and extorted clients to buy its services, according to an ex-employee.

May 8, 2015 ACSC

What’s new in the U.S. cyber strategy

The Department of Defense has just issued a new cyber strategy, which perhaps provides the best public presentation of how the United States thinks about cybersecurity. As always with these documents, what is left out is as important as what is put in. So how has U.S. strategic thinking about cybersecurity changed in the post-Snowden era?

May 7, 2015 ACSC

Valuable Federal Cybersecurity Training for Critical Infrastructure Organizations

Last week I wrote two blogs about cybersecurity, critical infrastructure organizations, and the US government. In the first blog, I mentioned some ESG research stating that 76% of cybersecurity professionals working at critical infrastructure organizations were somewhat or very unclear about the US government’s cybersecurity strategy (note: I am an ESG employee). In spite of this confusion, 83% of these same cybersecurity pros want to see the feds become more active with cybersecurity programs and defenses.

May 6, 2015

Cybercriminals borrow from APT playbook in attack against PoS vendors

Cybercriminals are increasingly copying cyberespionage groups in using targeted attacks against their victims instead of large-scale, indiscriminate infection campaigns. This change in tactics has been observed among those who launch attacks, as well as those who create and sell attack tools on the underground market. A recent example of such behavior was seen in a cybercriminal attack against vendors of point-of-sale systems that researchers from RSA documented last week.

May 5, 2015

16 World Renowned IT Security Experts Provide Their Website Security Tips and What You Should NEVER Do

Everyone – including the experts – makes mistakes when it comes to information security. Whether it’s failing to properly secure your website for customers, or not implementing effective password managers, minor cybersecurity gaps can rapidly evolve into a much more serious security incident. As security experts from around the globe gather for the annual RSA Conference in San Francisco, Distil Networks has compiled a list of tips and things you should NEVER do.

May 4, 2015

Once a field of self-taught hackers, cybersecurity education shifts to universities

Over the past year, colleges and universities across the country have received millions in funding from the government and foundations to launch cybersecurity initiatives. The result is a stark change for an industry made up of programmers who have often learned by trial and error.

May 1, 2015

Partners HealthCare Notifies 3,300 Patients of Email Breach

Boston-based nonprofit health care system Partners HealthCare is notifying about 3,300 patients about a security breach.

April 22, 2015

Raytheon VP: New cybersecurity joint venture will be 'formidable' against breaches

Obama signed an executive order today authorizing a program of sanctions to battle digital assaults coming from overseas. While the order seems aimed at the Chinese, it might also be the president's most successful tool for thwarting cyberattacks.

April 1, 2015

Opinion: Sanctions may be Obama's best idea yet to battle cyberattacks

Obama signed an executive order today authorizing a program of sanctions to battle digital assaults coming from overseas. While the order seems aimed at the Chinese, it might also be the president's most successful tool for thwarting cyberattacks.

March 26, 2015 ACSC

Guest Opinion: UMass is a line of defense from cyber-attacks

One way we can move forward in Massachusetts is in partnership with the Advanced Cyber Security Center, a four-year-old industry, higher education and government consortium that seeks to ensure that Massachusetts has the research and educational strengths it needs to be a global cybersecurity leader.

March 26, 2015

Citigroup Report Chides Law Firms for Silence on Hackings

Every month it seems another American company reports being a victim of a hacking that results in the theft of internal or customer information. But the legal profession almost never publicly discloses a breach.

March 25, 2015 ACSC

The race to build the Silicon Valley of cybersecurity

“We certainly think we have the resources and capabilities to be one of those centers of gravity [in cybersecurity],” Benway says. “We think we are one of the centers of gravity. We do have the right mix of assets and resources to be a national leader in cybersecurity.”

March 12, 2015 ACSC

Sell By Date: Research Finds Stolen Data is a Perishable Commodity

Nagourney’s research was funded by a grant from the National Science Foundation (NSF) and the Advanced Cyber Security Center (ACSC). Her findings were first presented in September 2014 at a Workshop on Cybersecurity Risk Analysis for Enterprises, held at the Sloan School at MIT.

March 12, 2015 ACSC

Charlie Baker cites increase in cyber attacks in Mass.

Yet the number of professionals in the field in Massachusetts is not enough to meet the demand, said Charlie Benway, executive director of the Advanced Cyber Security Center, a Bedford nonprofit consortium Mass Insight established in 2011.

March 12, 2015 ACSC

Security expert: Sharing is caring in fending off cyber attacks

Mick Costa, who works in cyber security for the Federal Reserve Bank of Boston, also works with a nonprofit consortium called the Advanced Cyber Security Center of Massachusetts, an outfit that educates businesses and organizations about cyber attacks. Costa spoke to North Shore business leaders Thursday at the North Shore Chamber of Commerce’s business expo, which featured 100 exhibitors at the DoubleTree by Hilton Boston North Shore.

March 11, 2015

Baker outlines email habits, touts cybersecurity as job base

The use of a personal email account by a high-ranking government official has also prompted questions about security. Baker may not be operating his own email server out of his Swampscott home, but on Wednesday in a speech to Mass Insight’s Global Massachusetts 2024 conference the governor highlighted cyber security as a “major challenge” in the digital age.

March 9, 2015

Akamai CSO takes a creative approach to finding security pros

Andy Ellis, chief security officer at Akamai, doesn't try to hire perfect candidates. Here’s why.

March 9, 2015 ACSC

Shortage of security pros worsens

“The size and scope of the problem has grown dramatically as the threat has increased and as we've seen more high-profile breaches,” says Charlie Benway, executive director of the Advanced Cyber Security Center (ACSC).

March 1, 2015

How Superfish’s Security-Compromising Adware Came to Inhabit Lenovo’s PCs

Until its advertising software was discovered deep inside Lenovo personal computers two weeks ago, a little company called Superfish had maintained a surprisingly low profile for an outfit once named America’s fastest-growing software start-up.

February 27, 2015

The Growing Cyber Threat

The “frequency, scale, sophistication, and severity” of cyber attacks against the United States are increasing from “profit-motivated criminals, ideologically motivated hackers or extremists, and variously capable nation states like Russia, China, North Korea, and Iran,” said James Clapper, director of national intelligence, during testimony before the Senate Armed Services Committee on Thursday.

February 24, 2015

Veracode CEO Bob Brennan on cyber threats (Video)

Bob Brennan, CEO of Burlington-based cybersecurity firm Veracode, talks about the state of cyber threats to companies worldwide and locally, and what his company can do to help. Video by Chen Shen, special to the Boston Business Journal.

February 20, 2015

Windows SSL Interception Gone Wild

This week researchers found that newer Lenovo laptops shipped with pre-installed software made by Superfish. The discovery is the latest reminder that our collective security depends on one another more than ever. As the news quickly rippled out, our Threat Infrastructure team at Facebook began performing an analysis of the details. Given our strong belief in the value of openness in security and learning from one another, we summarized some of our findings below to help guide future research on the subject.

February 17, 2015 ACSC

Security, Privacy and the Law Update on President Obama’s “Summit on Cybersecurity and Consumer Protection,” Part II: The Executive Order

As a follow up to our summary of the key takeaways from the White House’s first Summit on Cybersecurity and Consumer Protection, the centerpiece of which was President Obama’s signing of a new Executive Order, “Promoting Private Sector Cybersecurity Information Sharing,” what follows is an analysis of that Order.

February 12, 2015

Obama to encourage companies to share cyber threat data

Businesses are unlikely to share a lot of timely and "actionable" cyber intelligence without liability relief, said Mike Brown, a vice president with the RSA security division of EMC Corp.

February 11, 2015 ACSC

Security expert Michael Chertoff discusses cybersecurity challenges, solutions

Michael Chertoff, who served as secretary of the U.S. Department of Homeland Security from 2005-2009, will deliver the first University of Delaware Cybersecurity Initiative Distinguished Lecture on Feb. 10.

January 30, 2015 ACSC

Press Release: Cyber Security and Financial Stability

Founding member of the ACSC and President & CEO of the Federal Reserve Bank of Boston Eric S. Rosengren discusses Cyber Security and Financial Stability in Cape Town, South Africa on January 30, 2015

January 26, 2015 ACSC

Massachusetts’ profile as an innovator could reach new levels

Cybersecurity is another natural opportunity for a research center of excellence. Already a nonprofit consortium, the Advanced Cyber Security Center, has been launched, situated in Bedford, bringing together experts from industry, universities, and government to address cybersecurity threats. In robotics, Massachusetts has a fast-growing cluster, including some of the leading companies in the world.

January 21, 2015 ACSC

Obama’s Former Privacy Director Decries America’s Data Security

While legislation can offer liability protection, the need for such protection as an incentive for sharing has been exaggerated. Companies can and do already share confidential threat information under the protection of nondisclosure agreements. The Advanced Cyber Security Center, based in Boston, is one such sharing arrangement. It includes companies like Pfizer, State Street, and RSA/EMC Corporation along with with the Federal Reserve Bank of Boston and the Commonwealth of Massachusetts.

January 12, 2015

Cybersecurity startup scene in Boston is 'frothy,' RSA exec says

The cybersecurity startup scene in the Boston area could be summed up in one word: "frothy."

January 11, 2015

Obama to Call for Laws Covering Data Hacking and Student Privacy

President Obama on Monday called for federal legislation intended to force American companies to be more forthcoming when credit card data and other consumer information are lost in an online breach like the kind that hit Sony, Target and Home Depot last year.

January 8, 2015 ACSC

ACSC In The News

2014 was a pivotal year for media coverage of cybersecurity. Pervasive data breaches at major retailers and other institutions garnered consistent headlines across both trade media as well as mainstream press. For its efforts to facing pervasive cyber challenges, ACSC also received positive coverage in 2014 culminating in a Boston Business Journal op-ed piece on cyber resiliency and a feature story in Network World that highlights the ACSC and its direction in 2015.

January 5, 2015 ACSC

What Should the 114th Congress Do About Cybersecurity in 2015?

Rather than throw cybersecurity education funding at Congressional districts, we need to invest strategically in centers of excellence like the Massachusetts-based Advanced Cybersecurity Center which brings together private sector, public sector, and leading academic institutions.

December 22, 2014

‘Interview’ attack may signal new cyberwar

In a tweet, former US House speaker Newt Gingrich said, “With the Sony collapse America has lost its first cyberwar.”

December 19, 2014 ACSC

ViewPoint: The latest cybersecurity threat

This notion, that "threat actors' are already in, is a paradigm shift in the way sophisticated enterprises approach cybersecurity. To echo this point, this month, the Advanced Cyber Security Center (ACSC) welcomed Michael Chertoff, former secretary of The U.S. Department of Homeland Security and the Executive Chairman of The Chertoff Group to keynote our annual meeting.

December 16, 2014 ACSC

New England security group shares threat intelligence, strives to bolster region as cybersecurity mecca

The Advanced Cyber Security Center is a three year old organization with a bold mission to “bring together industry, university, and government organizations to address the most advanced cyber threats” and drive cybersecurity R&D in the New England region.

December 10, 2014 ACSC

Hanscom Air Force Base Partners With The Military Task Force To Create The Hanscom Collaboration and Innovation Center

New center located at Hanscom Air Force Base to enhance partnerships around cyber security, public safety, and information technology

December 2, 2014

Obama’s pick to lead the Pentagon is big on cybersecurity

President Obama's pick to lead the Pentagon, former deputy secretary of defense Ashton "Ash" Carter, has been a big supporter of increasing the country's cybersecurity capabilities.

November 24, 2014 ACSC

Press Release: ACSC Announces Winners of Cybersecurity Student Competition

National Cybersecurity Experts Vote to Select Cybersecurity’s “Next Big Thing”

November 12, 2014

Americans Say They Want Privacy, but Act as if They Don’t

Americans say they are deeply concerned about privacy on the web and their cellphones. They say they do not trust Internet companies or the government to protect it. Yet they keep using the services and handing over their personal information.

November 10, 2014

Federal government struggles against cyberattacks

A $10-billion-a-year effort to protect sensitive government data, from military secrets to Social Security numbers, is struggling to keep pace with an increasing number of cyberattacks and is unwittingly being undermined by federal employees and contractors.

November 7, 2014

Expert: Home Depot email hack may lead to ID thefts

Two months after it revealed that 56 million of its customers’ debit and credit cards had been compromised, Home Depot yesterday disclosed that hackers also stole 53 million email addresses — information that, coupled with customers’ financial data, could be used to hack their family and friends, as well as banks, businesses and government agencies, one expert said

November 6, 2014 ACSC

Schools, industry plan security consortium for cybersecurity

Mass Insight and the 3-year-old nonprofit Advanced Cyber Security Center plan a formal launch of the consortium next year. They so far have letters of support from the Univer­sity of Massachusetts, Northeastern University, MIT Computer Science and Artificial Intelligence Laboratory, State Street Corp., the Federal Reserve Bank of Boston, .406 Ventures and the city of Boston.

November 5, 2014 ACSC

Chertoff: Cybersecurity takes teamwork

Cyber security, to be successful, has to be a “team sport,” former Homeland Security secretary Michael Chertoff told attendees of the Advanced Cyber Security Center (ACSC) Conference at the Federal Reserve Bank of Boston Tuesday morning.

November 5, 2014 ACSC

Former Homeland Security chief warns of cyber threat

The conference was sponsored by Advanced Cyber Security Center, a Boston-based group of business representatives, government officials, and academics who share information and research about online threats.

October 31, 2014 ACSC

Press Release: Left of Boom: How and Where to Invest Across the Kill Chain

Press Release: ACSC welcomes Michael Chertoff, former secretary of the U.S. Department of Homeland Security and Executive Chairman of The Chertoff Group for keynote at the ACSC Annual Conference on November 5, 2014 at the Federal Reserve Bank of Boston.

October 17, 2014

Ponemon research: Cost of a breach rising, U.S. hit hardest

News roundup: New research shows a dramatic increase in the cost of cybercrime and data breach remediation. Plus: Security as a service popularity surges, Snowden journalist touts the importance of free security software, and more.

October 2, 2014

Cyberattack Against JPMorgan Chase Affects 76 Million Households

A cyberattack this summer on JPMorgan Chase compromised the accounts of 76 million households and seven million small businesses, a tally that dwarfs previous estimates by the bank and puts the intrusion among the largest ever

September 24, 2014

Remote exploit vulnerability in bash CVE-2014-6271

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some. This affects Debian as well as other Linux distributions. You will need to patch ASAP.

September 23, 2014 ACSC

Faculty Coordinate MIT Workshop on Cybersecurity Risk Analysis for Enterprises

Anna Nagurney and Senay Solak from the operations and information management department, Mila Getmansky Sherman of the finance department, and Wayne Burleson from electrical and computer engineering, supported the conference with proceeds from a $40,000 grant from the Advanced Cyber Security Center, a nonprofit consortium based in Bedford.

September 20, 2014 ACSC

Cybersecurity Risk Analysis for Enterprise Risk Security

The event was sponsored through a grant that we received from the Advanced Cyber Security Center (ACSC): Professors Wayne Burleson of the College of Engineering, Mila Sherman of the Finance Department, and Senay Solak, and I of the Department of Operations and Information Management at UMass Amherst.

September 19, 2014

Home Depot: Breach cost $62M, exposed 56M cards

The Home Depot Inc.’s Sept. 2 data breach will cost the company $62 million and is estimated to have put information at risk for 56 million payment debt/credit cards.

September 19, 2014

Cyber Alliances: Collective Defense Becomes Central To Securing Networks, Data

When the North Atlantic Treaty Organization — NATO — wrapped up its summit in Wales earlier this month, the member-states issued a lengthy communique expressing solidarity on major defense challenges. One of the challenges mentioned was cybersecurity. The alliance stated that “cyber defence is part of NATO’s core task of collective defence,” presenting concerns so severe that they might lead to invocation of Article Five of the North Atlantic Treaty — the article calling on all members to come to the defense of a threatened nation.

September 18, 2014

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

The bulk of mobile applications (75 percent) will fail basic security tests over the next 15 months or so – through the end of 2015 – leaving businesses vulnerable to attack and violations of their security policies, according to a report from Gartner.

September 11, 2014

Local cybersecurity startups grow into IPO contenders

Burlington-based Veracode on Thursday announced $40 million in new funding to fuel further growth, one of the largest rounds of venture capital funding secured by a Boston-area tech company in 2014.

September 7, 2014

Job market red hot for those with the right skills

The information technology sector has boomed for a number of years now, creating a shortage of workers with degrees and experience in the computer sciences. From startups to established tech firms, companies can’t find enough qualified IT workers for their needs, said Brendan King, chief executive of King & Bishop Inc., a Waltham recruiting company.

September 4, 2014

Data thefts hit 1.2 million Mass. residents in 2013

Nearly one in five Massachusetts residents had their personal or financial information stolen in data breaches last year, a figure driven by a massive data theft at Target Corp. stores, according to a state report set for release Thursday, as cybercrime becomes more frequent, sophisticated, and malicious.

August 29, 2014

Make cybersecurity a priority for your business

All organizations, regardless of industry or size, are subject to cybersecurity risks.

August 29, 2014

Report: Greater Boston trails only Silicon Valley in tech employment

The Greater Boston area ranks second in the nation in tech employment and fourth in tech-related venture capital funding among major U.S. markets, according to a report released Friday from commercial real estate firm Jones Lang Lasalle.

August 29, 2014

Companies lag in revealing data breaches, consumer groups say

Rumors of a data breach at a major New York bank started circulating more than a week ago in cybersecurity circles. So for insiders, news that JPMorgan Chase had been victimized was more confirmation than revelation, the latest headline from a digital crime wave that shows no sign of ebbing.

August 27, 2014

JPMorgan and Other Banks Struck by Hackers

A number of United States banks, including JPMorgan Chase and at least four others, were struck by hackers in a series of coordinated attacks this month, according to four people briefed on a continuing investigation into the crimes.

August 25, 2014

Casualties of Cyber Warfare

American and Chinese companies are getting caught in the crossfire of the brewing cyber war.

August 24, 2014

Market watchdog warns on danger of cyber attack

A global watchdog has sounded the alarm about the growing danger of cyber attacks, on financial markets, warning that companies and regulators around the world need to address the “uneven” response to the threat of online assaults.

August 22, 2014

U.S. Finds ‘Backoff’ Hacker Tool Is Widespread

More than 1,000 American businesses have been affected by the cyberattack that hit the in-store cash register systems at Target, Supervalu and most recently UPS Stores, the Department of Homeland Security said in an advisory released on Friday.

August 20, 2014 ACSC

New England’s Advanced Cyber Security Center and the Western Cyber Exchange Demonstrate Major Cybersecurity Advancement

In an unprecedented victory for cyber security, the Advanced Cyber Security Center (ACSC) in Boston, Mass., and the Western Cyber Exchange (WCX) Network Laboratory in Colorado Springs, Colo., successfully and securely exchanged cyber threat messages using leading cyber analytic tools.

August 5, 2014

Russian Gang Amasses Over a Billion Internet Passwords

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

August 3, 2014

Meet Fortune's 2014 Big Data All-Stars

Big data is about more than big numbers. Meet Fortune’s first class of Big Data All-Stars: 20 extraordinary people who we think are the best at connecting the dots, digging deep, and discovering the information that will transform the way businesses operate.

July 22, 2014

NSA targets college students to fill cyber professionals shortage

In response to a shortage of cyber professionals in the U.S., the National Security Administration is reaching out to a younger crowd: college students. Beginning in 2012, the NSA started its National Centers of Academic Excellence in Cyber Operations Program at select universities across the nation to attract students to the field.

July 20, 2014

A Tough Corporate Job Asks One Question: Can You Hack It?

Chief information security officers have one of the toughest jobs in the business world: They must stay one step ahead of criminal masterminds in Moscow and military hackers in Shanghai, check off a growing list of compliance boxes and keep close tabs on leaky vendors and reckless employees who upload sensitive data to Dropbox accounts and unlocked iPhones.

July 12, 2014

Defending the digital frontier

Companies, markets and countries are increasingly under attack from cyber-criminals, hacktivists and spies. They need to get much better at protecting themselves, says Martin Giles.

July 11, 2014

The 5 biggest data breaches of 2014 (so far)

According to the Identity Theft Resource Center, there have already been 395 data breaches in the U.S. this year that have been reported to regulators or covered by media outlets, a 21 percent increase over the same period last year.

July 9, 2014

Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee

The Senate Select Committee on Intelligence voted Tuesday to approve a controversial cybersecurity bill known as the Cyber Information Sharing Act (CISA).

June 30, 2014

Energy companies hit by cyber attack from Russia-linked group

The industrial control systems of hundreds of European and US energy companies have been infected by a sophisticated cyber weapon operated by a state-backed group with apparent ties to Russia, according to a leading US online security group.

June 18, 2014 ACSC

Confer and The MITRE Corporation Join Forces to Accelerate Threat Sharing and Operationalize Threat Intelligence

CRITs has already established itself as a key tool in active defense. The Advanced Cyber Security Center (ACSC)—a non-profit consortium, comprised of 27 New England area industry, university, and government organizations, established to address the most advanced cyber threats—leverages CRITs to share threat intelligence among its members.

June 11, 2014

P.F. Chang's May Have Leaked Info on Thousands of Credit Cards

The restuarant chain may be the latest victim of point-of-sale card heisters.

June 10, 2014

Cybercrime costs world economy about $445b, group projects

The likely annual cost of cybercrime and economic espionage to the world economy is more than $445 billion — or almost 1 percent of global income, according to estimates from a Washington think tank.

June 8, 2014

Cyberattack Insurance a Challenge for Business

Julia Roberts’s smile is insured. So are Heidi Klum’s legs, Daniel Craig’s body and Jennifer Lopez’s derrière. But the fastest-growing niche in the industry today is cyberinsurance.

May 30, 2014

Akamai CEO Tom Leighton on the four 'grand challenges' facing the Internet

The past five decades have seen extraordinary advances in computer science and artificial intelligence, but one of the most important was the advent of the Internet.

May 30, 2014 ACSC

Leading cyber minds converge at Hanscom

Organized by the Advanced Cyber Security Center (ACSC) and hosted by leaders at Hanscom, the event fostered vigorous discussion about the most efficient and secure ways to store and protect critical data and systems.

May 29, 2014 ACSC


The Commonwealth of Massachusetts through the Executive Office of Public Safety and Security, Massachusetts Army National Guard, the Information Technology Division and the University of Massachusetts are members of the Advanced Cyber Security Center. The center is a nonprofit consortium that brings together industry, university and government partners to address the most advanced cyber threats.

May 19, 2014

in China Army Face U.S. Charges of Cyberattacks

In the Obama administration’s most direct confrontation with China over its theft of corporate secrets, the Justice Department on Monday unsealed an indictment of five members of the Chinese People’s Liberation Army and charged them with hacking into the networks of Westinghouse Electric, the United States Steel Corporation and other companies.

May 5, 2014

How the Target CEO resignation will affect other execs' security views

Target Corp. announced today that CEO Gregg Steinhafel has stepped down from his position, effective immediately, less than five months after it was discovered the retail giant had been struck by a massive data breach.

May 2, 2014

Boston Business Journal names 2014 CIO Awards winners

Congratulations to ACSC member Chris Perretta of StateStreet for winning BBJ’s 2014 top CIO award!

May 1, 2014

Call for Limits on Web Data of Customers

The White House, hoping to move the national debate over privacy beyond the National Security Agency’s surveillance activities to the practices of companies like Google and Facebook, released a long-anticipated report on Thursday that recommends developing government limits on how private companies make use of the torrent of information they gather from their customers online.

April 27, 2014

State seeks cyber aces

Techies who win code contest to get boost at career job fair

April 25, 2014 ACSC

Kilmer, Tsongas bill will increase military cyber security

Congressman Derek Kilmer (WA-6) and Congresswoman Niki Tsongas (MA-3) announced today they will introduce legislation to make the Department of Defense information technology systems stronger, more efficient and more secure.

April 23, 2014

Around Internet, password fatigue setting in

Protection becomes a not-so-secret frustration

April 10, 2014 ACSC

Getting Serious about Information Sharing for Cybersecurity

Non-profit information sharing organizations such as Boston’s Advanced Cybersecurity Center, the Bay Area Security Council, and ChicagoFirst have shown value in building smaller trust networks across sectors in metropolitan areas. And many for-profit information sharing organizations are also stepping into the game.

April 9, 2014

‘Heartbleed’ Internet security bug is as bad as it sounds

The word “Heartbleed” meant nothing at the start of the week. Today it is one of the hottest topics on the Internet — a simple security bug in an obscure piece of software that could compromise the personal information of millions.

April 4, 2014

The FBI and the growing threat of cyberattacks on Boston's startups

Federal officials and IT-security industry executives are worried that more attacks like the Bit9 hack could be coming soon. They say cyber attacks are posing an increasing threat to small and midsized firms.

March 26, 2014

Law Firms Are Pressed on Security for Data

A growing number of big corporate clients are demanding that their law firms take more steps to guard against online intrusions that could compromise sensitive information as global concerns about hacker threats mount.

March 25, 2014

Allied Minds, MITRE partnership means more funding for cyber security

Allied Minds, Inc., a Boston technology capital investment firm that funds early-stage technologies from U.S. national labs, has partnered with The MITRE Corp., a not-for-profit organization that operates six federally funded research labs, with the aim of commercializing technologies, starting those in the cyber and mobile security field.

March 18, 2014 ACSC


Funding for Hanscom Air Force Base and Barnes Air National Guard Base will support economic growth for municipalities, aid national security efforts

March 2, 2014

Report Calls for Better Backstops to Protect Power Grid From Cyberattacks

Despite rising anxiety over the possibility of a cyberattack on the power grid, the industry and government are not set up well to counter the threat, according to a report produced by leading energy security experts.

February 25, 2014

Next-Generation Cybersecurity Ratchets Up

Silicon Valley is jumping into the effort to find more sophisticated ways of stopping attacks like the one on Target

February 25, 2014

White House, MIT in data privacy workshop

The administration selected the Massachusetts Institute of Technology to help it understand the privacy implications of big data, in which computers — deep inside the NSA or in the offices of Inc. — analyze massive collections of personal information to either uncover potential terror threats or figure out shopping habits.

February 6, 2014

Akamai shares spike 20% on rosy forecast

In a week that started out badly for Akamai Technologies, the firm's shares surged on Thursday after it gave higher-than-expected guidance for first-quarter revenue and profit.

January 31, 2014

'ChewBacca' hackers targeted retailers in 11 countries: RSA

A cyber criminal ring targeting small retailers in 11 countries stole data on 49,000 payment cards using a malicious software known as "ChewBacca" before the operation was shut down, according to a cyber research firm.

January 29, 2014

Massachusetts data breaches, large and small, hit record level in 2013

The number of reported data breaches hit a record level in Massachusetts last year.

January 28, 2014

Akamai Releases Third Quarter, 2013 'State of the Internet' Report

Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released its Third Quarter, 2013 State of the Internet Report.

January 27, 2014

Techstars enrolls a new class of startups

Mass. ranks 3d with promising companies

January 15, 2014

Startups flock to Biogen Idec hoping to do business

A report released last summer by the Massachusetts Biotechnology Council listed the state as the leading biotechnology cluster in the world, with more than 56,000 jobs — over half in research — and 1,174 drugs under development.

January 6, 2014 ACSC

Network Economics of Cyber Crime with Applications to Financial Service Organizations

In this presentation, Nagurney describes the multidisciplinary research conducted as part of an Advanced Cyber Security Center grant on Cyber Security Risk Analysis and Investment Optimization.

January 3, 2014

Customers paying the price after Target breach

CNBC's Kayla Tauche discusses how big banks can respond to security breaches more quickly than smaller institutions and how that helps their customers.

January 2, 2014

FireEye Computer Security Firm Acquires Mandiant

In a deal that may have broad repercussions for companies and governments fending off sophisticated hackers and state-sponsored digital attacks, FireEye, a provider of security software, has acquired Mandiant, a company known for emergency responses to computer network breaches.

November 14, 2013 ACSC

Experts propose better cybersecurity information-sharing models

Better cybersecurity information sharing has long been a priority for the security industry, but significant hurdles have always halted the progress of sharing initiatives. At the annual ACSC conference, security leaders from government, education and private industry made another attempt at cracking the info-sharing chestnut.

November 13, 2013 ACSC

Cybersecurity threat sharing faces challenges, warns MITRE's security officer

Firms trying to share information about the wrong things--vulnerabilities and compromises

November 13, 2013 ACSC

Defenders Still Chasing Adequate Threat Intelligence Sharing

Caulfield was speaking about the Advanced Cyber Security Center (ACSC) which hosted its annual conference at the Fed here Tuesday. The ACSC is a cross-sector group of more than 30 public and private sector security officers who meet monthly to facilitate information sharing.

October 3, 2013

With Cyber Aces, Massachusetts hopes to turn hackers into crime fighters

A bad guy turned good is a valuable asset, and Governor Deval Patrick is looking for people like Red to help nab cyber criminals — except he’s hoping they’ll skip the years of real lawbreaking and just practice hacking legally through the Governor’s Cyber Aces Championship.

September 30, 2013

Worry About Cyberattacks Increases, Survey Says

94 percent of small-business owners were worried about cybersecurity and nearly half reported their businesses were victims of cyberattacks

September 27, 2013 ACSC

Cyberattacks on the rise in higher education

Foreign governments and organized crime targeting institutions’ most sensitive information.

September 25, 2013

Cyber attacks to escalate over next decade

Medical implants, cars and critical infrastructure such as gas pipelines could be at risk from cyber attacks by the end of the decade.

September 12, 2013 ACSC

Hack victims urged to share the gory details

Advanced Cyber Security Center fosters voluntary information sharing among private organizations as a way of staying ahead of the bad guys

September 5, 2013

N.S.A. Able to Foil Basic Safeguards of Privacy on Web

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

September 2, 2013

Syrian Electronic Army Hacks Marines Website

A collection of pro-Syrian government hackers apparently defaced a Marine Corps recruitment website Monday.

August 22, 2013 ACSC

Advanced Cyber Security Center Names New Executive Director

The Board of Directors of the Advanced Cyber Security Center (ACSC), a non-profit consortium bringing together industry, university, and government partners to address the most advanced cyber threats, has concluded a comprehensive, six-month search by selecting Charlie Benway as the ACSC’s new executive director effective immediately.

August 21, 2013 ACSC

Courion Joins Advanced Cyber Security Center to Help Companies Prevent Sophisticated Cyber Security Attacks

Collaborates with experts from healthcare, energy, defense and financial services to develop next-generation defenses by augmenting security solutions with intelligent IAM

August 14, 2013 ACSC

Cyber attack danger grows

EARLY WARNING: James Caufield of the Advanced Cyber Security Center in Boston speaks at the National Association of State Auditors, Comptrollers and Treasurers’ annual conference at the World Trade Center yesterday.

August 2, 2013

Chinese Hacking Team Caught Taking Over Decoy Water Plant

A hacking group accused of being operated by the Chinese army now seems to be going after industrial control systems.

July 31, 2013

DDoS attacks getting bigger but shorter in duration

Hacktivist group Izz ad-Dim al-Qassam Cyber Fighters's strategy said to be driving up raw number of attacks and depressing their duration

July 25, 2013

Russian hackers charged in 'biggest' data breach case, 160mn credit card numbers stolen

A US court has charged four Russians and a Ukrainian for stealing more than 160 million credit card numbers, which the prosecution says has resulted in hundreds of millions of dollars in losses for major corporations worldwide.

July 22, 2013

Study Lowers Loss Estimates from Cyberespionage

The cost of cyberespionage and cybercrime to the U.S. may reach $100 billion a year, according to a study to be released Monday, casting doubt on earlier estimates that the costs were as much as 10 times higher.

July 16, 2013

Universities Face a Rising Barrage of Cyberattacks

America’s research universities, among the most open and robust centers of information exchange in the world, are increasingly coming under cyberattack, most of it thought to be from China, with millions of hacking attempts weekly.

June 20, 2013 ACSC

ACSC Member Survey: Actionable Intelligence Increases

The ACSC Q2 Threat Sharing Survey demonstrates the positive impact of participation in the ACSC.

June 13, 2013

Potential Cyberattacks on Implanted Medical Devices Draw Attention

Worries over medical-device cybersecurity have largely focused on plugged-in equipment primarily used in hospitals, such as computed tomography scanners and heart monitors that are vulnerable to viruses traveling across medical networks.

June 7, 2013

Is Big Data turning government into 'Big Brother'?

With every phone call they make and every Web excursion they take, people are leaving a digital trail of revealing data that can be tracked by profit-seeking companies and terrorist-hunting government officials.

May 29, 2013 ACSC

How Obama should work with business to combat China cyberspying

The US Department of Homeland Security needs to use its authority to incentivize and enable the creation of trusted federations of companies, like the Advanced Cyber Security Center in Massachusetts, that share cyberthreat information and best practices for cyberprotection.

May 10, 2013

Cybersecurity: Government Regulations Can’t Keep Up

For the first time since 2005, the U.S. National Institute of Standards and Technology (NIST) has revised the federal cybersecurity standards.

May 7, 2013

Banks Say Fed Should Lead in CyberSecurity for Industry

U.S. banks urged the Federal Reserve to take the lead in defending the financial services industry from cyber attacks by working with federal counterterrorism, intelligence and law enforcement agencies, documents show.

April 27, 2013

White House eases stance on corporate cybersecurity

The White House has backed away from its push for mandatory cyber­security standards in favor of an approach that would combine voluntary measures with incentives for companies to comply with them.

April 18, 2013

Congress still at cyber odds after CISPA passage

Chinese cyberspies are stealing businesses’ trade secrets. Iranian hackers are targeting U.S. banks. And the federal government is grappling with cyber espionage almost daily — even as it’s spending more than ever to stop it.

April 11, 2013

Obama Boosts Pentagon Cyber Budget Amid Rising Attacks

The Obama administration plans to boost U.S. spending on computer network security, including a 21 percent increase at the Pentagon, after reports of rising cyber attacks and electronic theft of secrets linked to China.

March 12, 2013

The Companies and Countries Losing Their Data

With China hacking the US, the US hacking China, and LinkedIn and Facebook and credit card companies and Google and who knows who else all vomiting our data all over the web, I was intrigued when a new report on data loss ran across my desk from auditing firm KPMG.

March 8, 2013

How Many Cyberattacks Hit the United States Last Year?

Thanks to the warnings of senior lawmakers and Obama admiistration officials, Americans are growing more aware of online vulnerabilities that could lead to a “cyber Pearl Harbor” attack.

March 6, 2013 ACSC

Hot security skills of 2013

David Luzzi, executive director of Northeastern University's Strategic Security Initiative, adds logical reasoning and the ability to inspect ideas as important skills to build on the foundation of excellent verbal and written communication skills.

February 25, 2013

You Call This an Army? The Terrifying Shortage of U.S. Cyberwarriors.

When the Soviet Union launched the first satellite in 1957, it set off an intellectual arms race that led to more than $1 billion of federal investment in science education. Within a decade, Americans were sending their own expeditions to outer space.

February 20, 2013

The Art of Cyberwar

If Beijing was going to threaten the United States with a cyberattack, how would it do it?

February 20, 2013

Chinese cyberspies have hacked most Washington institutions, experts say

Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies, and this is the usual answer: almost all of them.

February 15, 2013 ACSC

Internship Information Sessions

Help us Develop Tomorrow's Cyber Security Experts

February 6, 2013

NIST Updating Security Controls

Final Draft Issued of Revisions to Special Publication 800-53

January 30, 2013

Hackers in China Attacked The Times for Last 4 Months

Chinese hackers infiltrated The New York Times’s computer systems, getting passwords for its reporters and others.

January 24, 2013 ACSC

WCX bringing cyber security experts to Springs Jan. 30

At the quarterly update and dinner, WCX will provide a progress report on its efforts to collaborate with the Advanced Cyber Security Center in Boston. The two organizations have teamed up to increase local and national resilience to threats from cyber attacks.

January 9, 2013

Security Skills Shortage Places IT at Risk

Experts Assess Impact of Open Positions

January 3, 2013 ACSC

White House staff calls ACSC the "most impressive" model

Pat Falcone, Associate Director, National Security & International Affairs Division at the White House OSTP singled out the ACSC as the "most impressive" and one of the best models she has seen for bringing together regional entities around the topic of cyber security.

January 2, 2013 ACSC

ACSC Research and Development year-end announcement

The ACSC is pleased to announce the submission of the proposal entitled, Cybersecurity Risk Analysis based on Financial Engineering and Big-Data Analytics (CRAFA), led by the University of Massachusetts Amherst, represented by PIs Wayne Burleson, Anna Nagurney, Mila Getmansky, Senay Solak, Yanlei Diao, and the Massachusetts Institute of Technology, represented by PI Andrew Lo.

December 1, 2012

Inside 'Plan X:' The Pentagon’s plan for cyberweapon central

New publication from the Pentagon's research arm details a foundation for cyberwarfare.

November 28, 2012 ACSC

UMass student wins security competition

The Advanced Cyber Security Center — a New England consortium of university, industry, and government leaders focused on meeting cyber security challenges — this month named University of Massachusetts Amherst PhD student Georg T. Becker of as the winner of its "Best Cyber Security Solution" competition.

November 28, 2012

CyberCity allows government hackers to train for attacks

“The development of a science of cybersecurity could take decades,” Fred B. Schneider, the Samuel B. Eckert professor of computer science at Cornell University and a Pentagon adviser, wrote recently in “The Next Wave,” a nonclassified publication of the National Security Agency. “The sooner we get started, the sooner we will have the basis for a principled set of solutions to the cybersecurity challenge before us.”

November 27, 2012 ACSC

Winner of ACSC’s Best Cyber Security Solution: Georg T. Becker, University of Massachusetts Amherst

The Advanced Cyber Security Center (ACSC), New England’s premier consortium of university, industry, and government leaders collaboratively facing cyber security challenges, has named Georg T. Becker of University of Massachusetts Amherst as the winner of its Best Cyber Security Solution.

November 16, 2012 ACSC

ACSC launches regional agenda to attack cyber threats

Hundreds of thought leaders from government, academia and the tech industry joined together at the Federal Reserve Bank of Boston to discuss the new agenda of the Advanced Cyber Security Center.

November 15, 2012 ACSC

Government, industry leaders share cybersecurity funding priorities

Organizations need to move from a static, perimeter-based approach to a more analytical-based defense strategy, according to experts at the second annual Advanced Cyber Security Center Conference.

November 15, 2012 ACSC

Adequate Attack Data and Threat Information Sharing No Longer a Luxury

While some industry groups such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cross-industry groups such as the Advanced Cyber Security Center (ACSC) facilitate the exchange of threat information, for the most part organizations are still hamstrung by legal constraints and other business factors that prevent an adequate flow of actionable information.

November 15, 2012 ACSC

$10+ Million Collaborative University-Industry Research Projects Highlight the Advanced Cyber Security Center Annual Conference

More than 250 leaders from industry, academia, and government joined Gregory Bialecki, Secretary of The Massachusetts Executive Office of Housing and Economic Development today to welcome Dr. Steven King from the U.S. Department of Defense and Scott Tousley from the U.S. Department of Homeland Security for the Advanced Cyber Security Center Annual Conference: Organizing Public-Private Assets to Solve Grand Challenges at the Federal Reserve Bank of Boston.

November 6, 2012

10 IT Security Tips for Small and Midsize Businesses

Security attacks often arrive unannounced, but a well-established security plan and implementation can help mitigate these often costly situations. A recent discussion I had on the IBM for Midsize Businesses group on Linkedin, however, aimed to offer midsize business leaders guidance on how to protect their business, and their data.

November 6, 2012 ACSC

Liberty Mutual Insurance melds regulatory compliance and security awareness

John McKenna of Liberty Mutual speaking about the benefits of collaborating with industry and university members within the ACSC.

October 31, 2012 ACSC

Advanced Cyber Security Center Helps Level the Cyber Playing Field

From its offices at MITRE in Bedford, Mass., the Advanced Cyber Security Center (ACSC) is developing innovative ways to identify, analyze, and respond to cyber threats.

October 29, 2012

Killing the Computer to Save It

Dr. Shrobe argues that because the industry is now in a fundamental transition from desktop to mobile systems, it is a good time to completely rethink computing. But among the biggest challenges is the monoculture of the computer “ecosystem” of desktop, servers and networks, he said.

October 23, 2012

In Cyberattack on Saudi Firm, U.S. Sees Iran Firing Back

The attack, intelligence officials say, was a wake-up call. “It proved you don’t have to be sophisticated to do a lot of damage,” said Richard A. Clarke, the former counterterrorism official at the National Security Council. “There are lots of targets in the U.S. where they could do the same thing. The attacks were intended to say: ‘If you mess with us, you can expect retaliation.’ ”

October 11, 2012

Panetta Warns of Dire Threat of Cyberattack on U.S.

Defense Secretary Leon E. Panetta warned Thursday that the United States was facing the possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government.

October 1, 2012 ACSC

National Cyber Security Awareness Month 2012

As a proud partner of the U.S. Department of Homeland Security’s national cybersecurity awareness Stop.Think.Connect.TM Campaign, we are happy announce the commencement of National Cyber Security Awareness Month (NCSAM) 2012.

September 28, 2012

Cyber Attacks on U.S. Banks Expose Vulnerabilities

Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. (JPM) and Wells Fargo (WFC) & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists tracking the assaults.

September 24, 2012

Medical Device Security: A Call to Action

A CISO Says FDA Needs to Address the Risks

September 24, 2012 ACSC

30 Issues: Why You Should Care About ... Cybersecurity

The ACSC is somewhat unique. It's been forming for 3 years, and it brings together security experts from area nonprofits, universities and financial services companies — places like Fidelity, John Hancock and State Street Bank.

September 11, 2012

9/11 Haunts Debate Over Cybersecurity

More than a decade after the Sept. 11, 2001, terrorist attacks, the tragedy haunts Washington policymakers who are deadlocked over how to protect the country against cyberattacks.

September 7, 2012

'Elderwood' Crew, Tied to Google Aurora Attack, Targeting Defense, Energy, Finance Companies

The same team that attacked Google in the Aurora campaign in 2009 is still active and has been conducting a long-term campaign targeting defense contractors, financial services companies, energy companies, human rights organizations and government agencies using a seemingly inexhaustible supply of zero day vulnerabilities.

August 31, 2012

Six IT security firms gearing for IPOs

IT security is emerging as one of the Boston area’s commercial technology specialties, with six fast-growing security software firms in the region saying they are eyeing an initial public offering of stock in the next several years.

August 27, 2012 ACSC

Become a mentor for a local high school CyberPatriot team today!

The ACSC is helping to match local high school CyberPatriot teams with mentors who can provide technical expertise.

August 13, 2012

Cybersecurity Tops Federal IT Priorities List

Amid flat IT budgets, government tech teams are focused on establishing a solid, secure foundation, according to our annual survey.

August 13, 2012

Study: Companies remain vulnerable as ever to hackers

Despite well-publicized data­ thefts in recent years, major US companies are as vulnerable as ever to hacker attacks, and many executives say their businesses lack the resources to protect themselves, according to a report from the Waltham-based computer security company CounterTack Inc.

August 11, 2012

Congress' Profound Failure on Cybersecurity

On August 2, 2012 Congress did it again. They acknowledged the looming threat of cyberwarfare while discussing the Cybersecurity Act of 2012, and then they "kicked the can down the road."

August 10, 2012

Dept. of Energy wants electric utilities to create "cybersecurity governance board"

DoE asks utilities for sensitive cybersecurity data, promises to share it anonymously with other utilities

August 7, 2012

How Cyber Security Could Be a Winning Issue for Obama

A blackout in Manhattan. A major dam failure. Mayhem at a chemical plant. Those are all potential, and entirely plausible, consequences of a cyber attack, according to a range of current and former national security officials, including the top American commander in charge of cyber security.