Summary:
CERIAS at Purdue University is celebrating its 20th anniversary this year, as a leading center of innovation in education and research. We'd like to invite friends and colleagues - old and new - to attend our annual symposium and celebration, April 3 & 4. There will be a no-cost workshop on cyberphysical research held the day before for symposium attendees who wish to attend.

Registration and other details about the symposium are available at https://ceri.as/symp. Note that anyone with a ".edu" can register at no charge.

Summary:
The White House and Downing Street announced that they believe that Russia was responsible for a ransomware attack that cost the world more than a billion dollars by rendering computers useless due to loss of access to their files. The attack may have been meant to target the Ukraine, but it spread far and wide after its inception in June of 2017. The British defence secretary called it "a new era of warfare" (perhaps showing that he hadn't been paying attention until recently).

Summary:
The Department of Homeland Security is taking steps to assure that state election officials can know about the software threats facing them during midterm elections this year. Nonetheless, at a recent conference of state secretaries of state, there were complaints that the federal government was too reticent in its information sharing efforts. While it is known that Russians tried to access voter information in 21 states, some state officials feel that they do not have a clear picture of the threats and how to counteract them. In other states, even simple steps to add safeguards to voter information systems are stymied by the fact that not all election precincts have smartphones and Internet access.

Summary:
When an election board in a rural Pennsylvania county hired a computer science expert to analyze a problem with the touchscreens on voting machines, they did not expect to find that the machines had remote access software installed. In fact, the software was present, and it had been installed by contractor for the county who worked from home. His convenience was a security nightmare because it was a way for hackers to gain access and control the machine. Fortunately, there was no evidence of that happening, but it underscored the severe difficulties that plague the thousands of precincts that have no way to properly safeguard the voting machines, if indeed there is anyway to completely safeguard them.

Summary:
According to US officials, in March of 2016 Russia began a concerted cyber-attack to conduct surveillance on the management of US energy grid. The campaign used spear phishing attacks to learn passwords and other access methods, followed by installation of remote monitoring software. The FBI and Homeland Security feel certain that the actions were conducted by the Russian government. The US industrial control systems have been the subject of years of security analysis and recommendations, and this recent hacking shows the importance of moving to secure all critical systems immediately.