Summary: The FBI is no longer behind the times in cyber technology, and their executive assistant director for science and technology is responsible for keeping them current. This article highlights the role of that person, Amy Hess, who took the reins in 2014. A video games whiz when she entered the FBI academy, she now manages a budget of around half a billion dollars while navigating the boundaries of security and privacy in relationships with industry.

Summary: FBI Director James B. Comey made remarks at a Senate Judiciary Committee meeting urging the Senate to changed the "unacceptable" status quo with regard to encryption technology. The terrorist attacks in Paris and in San Bernadino, California have made law enforcement hungry to complete access to communications among suspected terrorists. Comey asserted that technology for encrypted intercepts was not an impediment and that controls could be installed without "breaking the Internet".

Summary: Juniper Networks makes high-speed routers that power the Internet, so it was no small matter when it was discovered that their operating system had not one but two "backdoors" allowing access to traffic passing through. Further, one of the backdoors allows access to encrypted VPN traffic. There is no information about who installed the code, who used it, or whether or not the two backdoors come from the same source. Speculation is rife, and some experts suspect that there is some intertwined further vulnerability associated with keys derived from NIST's flawed EC random number generator. Juniper has issued patches for both backdoors, and one expert reversed engineered a patch to find the master password underlying the secret access.

Summary:
In 2013, Iranian hackers infiltrated a software control system for a flood control dam in Rye Brook, New York, according to information from an unidentified US official and revealed in the Wall Street Journal last December. The hackers were not able to gain control of the floodgates, however. The town uses industry standard software control systems, but apparently the operators were not aware of security problems with the software or its configuration.

Summary: Google has been experimenting with alternatives to passwords. One trial involves combining computer access with cell phone authorization: when you try to login to an email account, a mesage is sent to your cell phone requesting permission. The cell phone response opens the email account to the computer. This method could be combined, in the future, with biometric authentication. Whether or not this increases the overall security of email access remains somewhat in question because it simply makes the cell phone the primary target of hackers.

Summary: John Hultquist, head of iSIGHT Partner's cyberespionage intelligence practice, said that hackers had used a known malware package called Black Energy against an electric power substations in the Ukraine in late December. As a result, half the homes in the Ivano-Frankivsk region were without power. This seems to be the first time that a cyberattack has caused an outage. Cyber intrusions in power grids are not unknown, but successful sabotage is unknown, until now. The malware was not designed to take down power grids. It deletes computer files, making the computer unusable. The malware rendered more than one substation inoperative. The brute force simplicity of the attack and the ease with which it permeated the substations is cause for alarm (for those who were not already alarmed).

Summary: Not all of the US government's cyber responses to terrorism are concerned with encryption. Two new efforts will focus on countering propaganda from the Islamic State. The Department of Homeland Security and the Justice Department will coordinate the program, and the State Department will launch an effort to counter disinformation and to "create positive images of the West." Officials from the Obama administration emphasize that they need help from big technology companies to carry out their program.

Home routers are cheap and easy to set up, but a study an expert hired by the newspaper found that a great many of them rely on an insecure version of the firmware. Furthermore, it can be difficult to impossible to find firmware updates. This investigative article shows that the reach of poor security practices is immense, and there seem to be few economic incentives to fix them.