US Energy Department to Invest in Blockchain Technology as New Security Measure

blockchain

The U.S. Department of Energy is exploring blockchain technology as a new defence measure against cyberattacks in phase two of a nationwide project to upgrade power plant security.

Blockchain is a system that allows transactions to be made in cryptocurrency, maintained across several computers or servers. By decentralisation the cybersecurity concerns and only being linked to a peer – peer network. Blockchain technology makes it much harder to hack into than standard cyber security measures.

It was announced recently by the department’s National Energy Technology Laboratory (NETL) that development in the electric grid security project will focus on decentralised cybersecurity. Startup company Taekion, specialising in this field has been granted $1 million last year in R&D incentives and now will be focusing on researching how blockchain technology can be implemented as a new line of defence.

The NETL said: “The applications being developed in the NETL-managed project have the potential to thwart such attacks by preventing hackers from altering the plant’s operational information.”

A cyberattack on a power plant in Ukraine in 2016 has shown. The severity of such attacks as it resulted in power outages around the country. Such technology to prevent attacks like this are still in the early stages of development. Projects funded by the Department exploring this technology is funded by the department’s Small Business Innovation Research program.

This is not the first time the NETL has invested in research to explore the potential of blockchain energy for technological improvements in the security between power plants and grids within the nation. In 2017, they partnered with another technological company to explore using blockchain in higher security between transactions.

It has also been announced universities will receive fundings of up to $4.8 million for working on R&D blockchain projects.

No Rabbits Here: Austin-based HOPZERO battles cybercrime with hops

ransomware-2320793_960_720

Cyber-security is one of the most pressing challenges companies around the world will have to address in the coming years. Here are some recent statistics on cybercrime from thebestvpn.com:

– In 2016, the U.S government spent $28 billion on cyber-security, compared to $7.5 billion in 2007.
– According to Microsoft, the potential cost of global cyber crime to the global community is $500 billion, and a data breach can cost a company $3.8 million.
– Ransomware attacks increased by 36 percent in 2017.
– According to Warren Buffett, cyber attacks are the biggest threat to mankind, and in his opinion, this threat surpasses nuclear weapons.

With disturbing statistics like these, what can be done? An Austin-based company is developing a promising solution.

HOPZERO provides cyber-security by monitoring hops through its cloud-based service, Hop Sphere Radius Security. “For the last two years, I’ve been developing this technology to limit how far data can travel, and we do that by hop count,” Bill Alderson founder and CEO of HOPZERO said. For context, hops are one portion of the path between a source and a destination. By way of the internet, a data packet passes through bridges, routers and gateways that connects network devices, and thus the passing of a data packet is called a hop.

HOPZERO controls the number of hops a packet of data can make before it expires in a network—this means data is directed to destroy itself before it is used for pernicious or malicious purposes. “Every packet has a toll value in it, and we limit that toll value based upon our analysis that looks at every device it’s going to, and we record the hop count to and from all their peers,” Alderson continued. If a data packet is moving more hops than the set amount, HOPZERO will cease any further data movements. The hops technology controls distance, while firewalls control access, and when together, they make for an innovative defense system.

It is worth mentioning that a web server can be restricted to a local area, all the way up to another country. This is called a device hop radius. Any network device can be restricted to a set safe zone, even if a firewall is not present.

HOPZERO also wants to develop protections for various devices, including the copious amount of existent IoT devices out there. “We are automating to bring it to thousands of systems. We believe we have found the solution that everyone has been looking for that will significantly protect our government, businesses, homes and personal devices from hackers and malicious malware,” Alderson said.

Are you developing new cyber-security technologies?

Did you know that you can receive up to 14% back on your research expenses with the R&D Tax Credit? To find out more, please contact a Swanson Reed R&D Specialist today or check out our free online eligibility test.

Who We Are:

Swanson Reed is Texas’ largest Specialist R&D tax advisory firm, offering tax credibility assessments, claim preparation, and advisory services. We manage all facets of the R&D tax credit program in Texas, from claim prep & audit compliance to claim disputes. 

Swanson Reed regularly hosts free webinars and provides free IRS CE and CPE credits for CPA’s.  For more information please visit us at www.swansonreed.com/webinars or contact your usual Swanson Reed representative.

“Data is the New Oil” – Dallas Entrepreneur Develops Brainspace to Sift Through All that Information You Don’t Have Time For

Brainspace

Imagine trying to make sense of millions of emails, text messages, slideshows, and company reports. Sound daunting? That’s what Dallas-born and bred entrepreneur Dave Copps thought. His solution was Brainspace, a new software that does the grunt work of sifting through heaps of information.

With a processing and analyzing speed of about 1 million documents in 45 minutes, Brainspace gathers unstructured information like human language and converts it into a visual representation that makes sense for users and helps them identify patterns. It allows companies to better understand the frequently scattered conversations going on within the organization and to protect those conversations from unwanted hackers. It has also proved useful in lengthy legal investigations and counter-terrorism intelligence.  Used by consulting firms, intelligence agencies, and Fortune 500 companies, Brainspace is transforming the way companies share and analyze information.

During its development stages, it was technically challenging to teach the software to understand human language, especially since humans typically use jargon, puns, and speak sarcastically. To bypass this problem which affects other language systems, Brainspace does not isolate words and meanings. Rather, it gathers information on how that word is used in relation to other words and determines meaning from that context. In one instance, many employees had misspelled “manager” as “manger”. Eventually, Brainspace was able to learn that “manger” meant “manager” because of the context surrounding the word’s use. This technique is useful in finding information that some people try to conceal by using code names. Copps said, “If someone is doing something wrong inside a company and trying to get away with something, they never speak explicitly about what they’re doing wrong. They try to use code names. There’s no history. But it doesn’t matter for us. We see that made-up word, that new word, that slang and we start to associate it with all the words around it and all these different instances where it occurred. Then, we can very quickly tell you what it is.”

This ability to extract information behind concealed meaning is a gamechanger in the counterterrorism field. Copps explained, “It’s really the same problem, but a different data set: How do you take information that you collect about bad guys and find out who they are and what you can do about it to thwart it? Of all the things we’re doing, that’s the one that has me most excited: knowing we can help prevent terrorism.”

Brainspace was absorbed into Cyxtera, a cybersecurity, data center company earlier this year. Cyxtera developed a new version of Brainspace software this year, allowing it to learn over 300 languages including Mandarin and Farsi. Innovation for Brainspace doesn’t seem to be stopping anytime soon. Copps said, “Data is really the new oil. If you have information, that’s one thing. But if you have information and can understand it and be able to do things with it, that’s a competitive advantage over anyone else.”

Experimenting with software and codes to make sense of unstructured information like Brainspace? You could be eligible for the R&D Tax Credit and can get up to 14% on your R&D expenses, even if your experiments were not successful. To find out more, please contact a Swanson Reed R&D Specialist today.

Swanson Reed regularly hosts free webinars and provides free IRS CE credits as well as CPE credits for CPA’s.  For more information please visit us at www.swansonreed.com/webinars or contact your usual Swanson Reed representative.

 

Using Wi-FI? Here are three things you need to know about the KRACK in the system

Using Wi-FI? Here are three things you need to know about the KRACK in the system

Billions of people use Wi-Fi – in fact, you’re probably using it right now. But be warned: according to the United States Computer Emergency Readiness Team, there is a vulnerability in the Wi-Fi system known as KRACK or Key Reinstallation Attacks that could put your encrypted information at risk.

  1. What is KRACK?

The modern Wi-Fi system uses the Wi-Fi Protected Access II (WPA2) protocol to authenticate and protect the connection between access points and devices, such as computers and smartphones. Two researchers Mathy Vanhoef and Frank Piessens have found vulnerabilities in the WPA2 system which allow attackers to eavesdrop on Wi-Fi traffic between devices and access points. Because the vulnerability is at the protocol-level, attackers can access encrypted information previously assumed to be secured, ranging from passwords, emails, credit card numbers, photos, and so forth. In some cases, attackers may also manipulate information such as by injecting malware into websites.

  1. Who is vulnerable?

Most devices are vulnerable to attack, from Android, Linux, Apple, Windows, OpenBSD, to MediaTek Linksys operating systems. However, the severity of threat varies as companies respond to the vulnerability. Microsoft announced earlier today that it has provided a software update protecting customers against the KRACK vulnerability. Google has promised to address the vulnerability on its systems within the coming weeks, with Google Pixel as the first to receive an update. Currently, Linux and Android 6.0 or higher systems are the most susceptible to attack.

  1. What can I do?

While it is unknown whether hackers are already exploiting the KRACK vulnerability, researchers urge users to implement safety measures when possible. They recommend that users should avoid connecting to Wi-FI until patches have been developed and can be safely installed on Wi-Fi clients’ devices and access points. Microsoft users, as mentioned above, should be safe. However, when Wi-FI is the only option, people should use HTTPS, STARTTLS, Secure Shell, and other protocols to encrypt online traffic as it passes between computers and access points. Users could also use a virtual private network (VPN) as an added safety measure. Fortunately, network providers are already starting to deploy security patches.

Vanhoef and Piessens will present their paper Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 on November 1, 2017 at the Computer and Communications Security conference in Dallas.

Are you conducting R&D to develop cyber-security measures to defend against potential security threats like KRACK? You could be eligible for the R&D Tax Credit and receive up to 14% back on your expenses. To find out more, please contact a Swanson Reed R&D Specialist today.

Swanson Reed regularly hosts free webinars and provides free IRS CE credits as well as CPE credits for CPA’s.  For more information please visit us at www.swansonreed.com/webinars or contact your usual Swanson Reed representative.

Security in a Heartbeat: Texas Tech Researcher develops “cardiac password”

heart

From passwords, thumbprints, retina scans, to facial recognition, there’s no shortage of identity authentication features for phones and computers. But Changzhi Li, a researcher from Texas Tech University, envisions an even more intimate security method: a “cardiac password” which can identify users by their heart waves.

Existing security measures are vulnerable to cyber-attacks. Hackers have consistently proven their ability to hack passwords and use fake thumbprints to gain unauthorized access and penetrate existing security defenses. Countermeasures for increased cyber security, however, are often invasive and inconvenient, such as requiring users to continuously re-log in or re-scan their thumbprints every few minutes. Instead, the project, developed by Li under Wenyao Xu from the University of Buffalo, seeks to create a method that is both secure and user-convenient.

Theoretically, the “cardiac password” would work similar to a police radar that measures the speed of a car but instead measures the speed of a heartbeat and how that movement changes over time. Xu said, “No two people with identical hearts have ever been found.” Building on the assumption that each person has his or her own unique heart and waveform, the “cardiac password” involves releasing a radio frequency signal to measure and authenticate the user’s signature heartbeat. When the user walks away from the computer or if another person attempts to log in, the device would automatically lock down.

The “cardiac password” would not be invasive since it would continuously authenticate the user without the user’s active participation. Li explained, “This system does not ask people questions or require us to do anything like type in a password or do a finger scan or face scan. You just do whatever you want to inside your office, and the system sends out a signal to check out your cardiac waveform without letting you know it is doing it.” The signals would also be less powerful than Wi-Fi and the radiation from cellphones and therefore, would not pose a severe health concern.

This project is still in its development stages. The team is currently testing different sensitivity devices and hardware that could be used for the “cardiac password.” From there, Li would better assess the feasibility of the project. He also recognizes that the project would need to account for signal changes in the user’s heartbeat, such as aging or pacemakers. Li and Xu hope the “cardiac password” would one day be used for computers, cell phones, and even in airport identification.

Are you also engaging in R&D experiments to develop new cyber-security measures? Did you know that If you conduct your R&D projects in universities, you could receive up to an additional 20% credit for your expenses? To find out more, please contact a Swanson Reed R&D Specialist today.

 

Swanson Reed regularly hosts free webinars and provides free IRS CE credits as well as CPE credits for CPA’s.  For more information please visit us at www.swansonreed.com/webinars or contact your usual Swanson Reed representative.

US-Israel Cybersecurity R&D Cooperation

software

This week a large majority of the US Congress voted in favor of two bills which will benefit US-Israel cybersecurity research and development. The bills were introduced by John Ratcliffe, from Texas, and Jim Langevin, from Rhode Island, following discussion which commenced in May regarding cybersecurity threats recorded in the US and Israel.

The United States-Israel Cybersecurity Cooperation Enhancement Act of 2016

This bill moves to increase detection and combat of cyber threats through a grant program supporting R&D projects for US-Israel joint ventures, non-profits, and academic or government entities in both countries. These grants will be provided to non-classified projects and the program is expected to run for seven years.

The United States-Israel Advanced Research Partnership Act

This act will expand an existing bi-national R&D program which is run by the US Department of Homeland Security and Israel’s Ministry of Public Security. Not only will the bill expand the program to include cybersecurity research, the bill aims to increase the success rate of products moving from the initial stages of development to successful commercialization.

Cyber Giants

As web security is the greatest security challenge of current generations, the US and Israel have recognized the importance of uniting as primary cybersecurity technology exporters to promote cooperation and unity against a dangerous front.

If  you are performing research and development and would like to discuss the R&D Tax Incentive further, please do not hesitate to contact one of Swanson Reed’s offices today.