Encryption in space can be tricky. Even if you do everything right, a cosmic ray might come along and flip a bit, sabotaging the whole secure protocol. So if you can’t radiation-harden the computer, what can you do? European Space Agency researchers are testing solutions right now in an experiment running on board the ISS. Cosmic radiation flipping bits may sound like a rare occurrence, and in a way it is. But satellites and spacecraft are out there for a long time and it it only takes one such incident to potentially scuttle a whole mission. What can you do if you’re locked out of your own satellite? At that point it’s pretty much space junk. Just wait for it to burn up. Larger, more expensive missions like GPS satellites and interplanetary craft use that are carefully proofed against cosmic rays and other things that go bump in the endless night out there. But these bespoke solutions are expensive and often bulky and heavy; if you’re trying to minimize costs and space to launch a constellation or student project, hardening isn’t always an option. “We’re testing two related approaches to the encryption problem for non rad-hardened systems,” . To keep costs down and hardware recognizable, the team is using a Raspberry Pi Zero board, one of the simplest and lowest-cost full-fledged computers you can buy these days. It’s mostly unmodified, just coated to meet ISS safety requirements. It’s the heart of the Cryptography International Commercial Experiments Cube, or Cryptographic ICE Cube, or CryptIC. The first option they’re pursuing is a relatively traditional software one: hard-coded backup keys. If a bit gets flipped and the current encryption key is no longer valid, they can switch to one of those. “This needs to be done in a secure and reliable way, to restore the secure link very quickly,” said Armborst. It relies on “a secondary fall-back base key, which is wired into the hardware so it cannot be compromised. However, this hardware solution can only be done for a limited number of keys, reducing flexibility.” If you’re expecting one failure per year and a five year mission, you could put 20 keys and be done with it. But for longer missions or higher exposures, you might want something more robust. That’s the other option, an “experimental hardware reconfiguration approach.” “A number of microprocessor cores are inside CryptIC as customizable, field-programmable gate arrays, rather than fixed computer chips,” Armborst explained. “These cores are redundant copies of the same functionality. Accordingly, if one core fails then another can step in, while the faulty core reloads its configuration, thereby repairing itself.” In other words, the encryption software would be running in parallel with itself and one part would be ready to take over and serve as a template for repairs should another core fail due to radiation interference. A CERN-developed radiation dosimeter is flying inside the enclosure as well, measuring the exposure the device has over the next year of operation. And a set of flash memory units are sitting inside to see which is the most reliable in orbital conditions. Like many experiments on the ISS, this one has many purposes. The encryption tests are set to begin shortly and we’ll know how the two methods fared next summer.
Jeff Hussey. (Tempered Networks) Seattle-based has raised an additional $17 million to invest in engineering, sales resources, and partnerships. The company confirmed the new funding to GeekWire this week. The fresh cash brings total funding to $57 million, with backing from Ignition Venture Partners, IDG Ventures, Fluid Capital, Ridge Ventures and Rally Capital. Founded in 2014 by , who formerly helped launch F5 Networks, Tempered Networks builds products around , in which anything that connects to a network must pass an identification test. That’s in contrast to the traditional approach of trusting people and machines who are connected the organization’s network on site or through VPNs, while keeping out bad actors with firewalls. The company’s main technology, called “identity defined networking,” is a platform for zero trust networking. Connections are granted based on a whitelist that identifies trusted entities and gives access to the network. Tempered also claims to make the process of creating and managing networks easy with a simple point-and-click interface. Tempered’s customers include oil drillers, electrical substations, hospitals and smart buildings. The 55-person startup has recently been working on to accommodate the growth with internet-of-things devices. It has also to build secure systems for smart buildings. Tempered is part of a hive of cybersecurity activity in Seattle, joining startups including Auth0, ExtraHop, DefenseStorm and Polyverse, among others.
Cyemptive CEO Rob Pike. (Cyemptive Photo) Seattle-area cybersecurity startup today announced the acquisition of (ATG), a 14-year-old IT consulting service company also based in the Seattle region. The ten employees working for ATG will join Cyemptive, whose headcount is now north of 65 people. Terms of the deal were not disclosed. Cyemptive came out of stealth mode , announcing a $3.5 million investment round from undisclosed investors. The company describes its cybersecurity software as an “automatic self-repairing reliable platform.” It sells products including an endpoint protection service and advanced perimeter firewalls, among others. Cyemptive’s executive team includes founder , who was previously an executive at Hitachi; , who was formerly chief information officer at Microsoft; and , who spent 30 years at the NSA, most recently as chief computer architect. The company plans to use ATG’s expertise in customer service and support to help serve its growing customer base of businesses and government clients. ATG founder and CEO Bryan Greene will join the Cyemptive management team. “Incorporating ATG’s already-established infrastructure of customer focus, service and support with our groundbreaking failsafe, pre-emptive cyber protection technologies is a natural next step in providing the best in cyber security solutions and support to them,” DuBois said in a statement.
CI Security’s Kraken Signal on the wall of its office. (CI Security Photo) A cybersecurity startup that pairs software with analysts who review and investigate attacks raised $9.6 million to continue battling intrusions against companies of all sizes, as well as healthcare and government organizations. CI Security CEO Garrett Silver. (CI Security Photo) In addition to the cash infusion, the company has changed its name from to . CEO Garrett Silver said the new name doesn’t mean a major shift in the business is on the way. It’s more about simplicity and reflecting the company’s core priorities and Critical Insight platform. “It gives customers critical insight into the threats they’re facing so we can help them manage, detect and respond,” Silver said of the company’s offerings. The new Series B round, led by a previous investor in Alan Frazier’s , brings the company to nearly $16 million in lifetime funding. The company has 68 employees, with its home office in Seattle and security operations centers in Bremerton and Ellensburg, Wash. The company is planning to expand the security centers, and the new funding round will help with that. Security and tech giants like ADT and Cisco Systems are in the “Managed detection and response” market that includes CI Security. One place where CI Security stands out, Silver says, is its offerings for healthcare and government organizations. The company’s office in Bremerton, Wash. (CI Security Photo) “Core to our mission is defending organizations that protect the health of our communities,” Silver said. “We’re seeing growth in our healthcare customer base as well as growth in our public sector customer base. We’re honored to be defending hospitals, clinics, cities, ports, and school districts. We want to help those organizations keep patients alive, keep the lights on, and keep our water clean.” Citing predictions from Silver said companies spent $96 billion on cybersecurity technology in 2018, yet attacks continue to impact organizations of all kinds. One big problem is a major shortage of qualified cybersecurity experts in the field, Silver said. CI Security’s technology is meant to amplify its human talent, not solve every problem on its own. Silver claims CI Security experts can spot attacks and help remove them much faster than the competitors: “in hours or minutes instead of months.” “There are threats everyday like phishing, crypto-mining, and malicious intruders,” Silver said. “When those threat actors get into a system, the industry standard is that it often takes months or years to detect them — the average is about 200 days. That’s not acceptable.”
Cyemptive CEO Rob Pike. (Cyemptive Photo) Former executives from the National Security Agency, Microsoft, Hitachi, and other companies are behind a Seattle-area cybersecurity startup that just came out of stealth mode three years after it launched. on Tuesday announced a $3.5 million investment round from undisclosed investors. The company’s executive team includes founder , who was previously an executive at Hitachi; , who was formerly chief information officer at Microsoft; and , who spent 30 years at the NSA, most recently as chief computer architect. Cyemptive describes its cybersecurity software as an “automatic self-repairing reliable platform.” It sells products including an endpoint protection service and advanced perimeter firewalls, among others. “We have invented technology that detects and deals with hackers in seconds, as opposed to existing solutions which can take weeks to months,” Pike told GeekWire. Pike said the technology is “a truly preemptive solution” which disallows actions that would corrupt a system or encrypt a file. It does not rely on API monitoring. “Such an approach is both too late and much too cumbersome as the sheer volume of APIs prevents effective protection after the fact,” he said. Cyemptive has more than 100 business and government customers, but Pike declined to provide details on specific clients. The 60-person company has additional offices in Washington D.C., Nevada, Canada, and India. Other execs include Bryan Greene, a former cybersecurity solution architect at HP and Pat McDermott, a veteran finance executive. Cyemptive recently won a national competition hosted by the Department of Homeland Security’s , beating out more than 60 other companies. “We were successful in convincing a comprehensive panel of senior government officials that our technology solution was the most innovative compared to the other concepts,” Pike said. “Cyemptive’s technology can be applied across a broad range of systems, including multiple border security needs and requirements.” The global cybersecurity market is expected to eclipse $200 billion by 2021, according to .
iOS 12, latest mobile software for iPhone and iPad, is . The new software packs in a bunch of you’ve probably already heard about. Here’s what you need to do to take advantage of the new settings and lock down your device. 1. Turn on USB Restricted Mode to make hacking more difficult This difficult-to-find new feature prevents any accessories from connecting to your device — like USB cables and headphones — when your iPhone or iPad has been locked for more than an hour. That prevents police and hackers alike from using tools to passcode and get your data. Go to Settings > Touch ID & Passcode and type in your passcode. Then, scroll down and ensure that USB Accessories are not permitted on the lock screen, so make sure the setting is Off. (On an iPhone X, check your Face ID settings instead.) 2. Make sure automatic iOS updates are turned on Every time your iPhone or iPad updates, it comes with a slew of security patches to prevent crashes or data theft. Yet, how often do you update your phone? Most don’t bother unless it’s a major update. Now, iOS 12 will update your device behind the scenes, saving you downtime. Just make sure you switch it on. Go to Settings > General > Software Update and turn on automatic updates. 3. Set a stronger device passcode iOS has gotten better in recent years with passcodes. For years, it was a four-digit code by default, and now it’s six-digits. That makes it far more difficult to run through every combination — known as brute-forcing. But did you know that you can set a number-only code of any length? Eight-digits, twelve — even more — and it keeps the number keypad on the lock screen so you don’t have to fiddle around with the keyboard. Go to Settings > Touch ID & Passcode and enter your passcode. Then, go to Change password and, from the options, set a Custom Numeric Code. 4. Now, switch on two-factor authentication Two-factor is one of the best ways to keep your account safe. If someone steals your password, they still need your phone to break into your account. For years, two-factor has been cumbersome and annoying. Now, iOS 12 has a new feature that auto-fills the code, so it takes the frustration step out of the equation — so you have no excuse. You may be asked to switch on two-factor when you set up your phone. You can also go to Settings and tap your name, then go to Password & Security. Just tap Turn on Two-Factor Authentication and follow the prompts. 5. While you’re here… change your reused passwords iOS 12’s password manager has a new feature: password auditing. If it finds you’ve used the same password on multiple sites, it will warn you and advise you to change those passwords. It prevents password reuse attacks (known as ““) that hackers use to break into multiple sites and services using the same username and password. Go to Settings > Passwords & Accounts > Website & App Passwords and enter your passcode. You’ll see a small warning symbol next to each account that recognizes a reused password. One tap of the Change Password on Website button and you’re done.