Morning Security Brief: Google's "Project Zero" Internet Security Team, IT Defense Budget, and Nuclear Power Plant Security

By Holly Gilbert Stowell

► Google announced on Tuesday that it has put together a team of security researchers to reduce threats online and aid third party companies by looking for potential vulnerabilities on their sites and helping to patch them. According to a post on Google’s security blog, researcher Chris Evans said the Internet should be a safer place for users, and Project Zero is designed to make that a reality. “You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” he noted. Project Zero will set out to “improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers.” The team will keep an up-to-date external database listing all the bugs it discovers, and only report the vulnerabilities to the software’s vendor, not third parties. The term “Project Zero” comes from the concept of a zero-day vulnerability, a previously unknown vulnerability discovered in a network.

► Federal Computer Week reports that a proposal by the Senate Appropriations Committee would trim the defense IT budget by $500 million less than what President Barack Obama has requested. According to the article, “A bill summary provided by the subcommittee justified the lower figure—which it said was 3 percent below the president’s request–by saying, 'trimming IT funding will help prioritize and better target non-cybersecurity IT investments in an era of fiscal constraint.’” The appropriations bill encourages the defense secretary to improve the process for continuous evaluation of personnel with security clearances by considering measures to “streamline data sharing.” It also allocates millions of dollars for projects such as a school program designed to get students involved in sciences and math, and a fund that helps small business develop “advanced national security technologies.” 

► The Nuclear Regulatory Commission (NRC) has granted preliminary approval to a Japanese nuclear plant for meeting “stringent post-Fukushima security requirements,” Fox News reports. The NRC accepted a report today demonstrating that “design upgrades” and “safety improvements” at Kyushu Electric Power Company’s reactors at the Sendai Nuclear Power Station comply with the agency’s requirements it expressed last July. “The regulators said the plant is now deemed capable of avoiding severe accidents such as the Fukushima Dai-ichi meltdowns or an equally serious situation. All of Japan's 48 remaining reactors are offline for safety checks and repairs since the 2011 earthquake and tsunami hit Fukushima Dai-ichi, causing multiple meltdowns,” the news report states. The plant won’t receive final approval until after August 15, giving the NRC time to issue a 30-day period for technical public comments. The plant has 17 remaining reactors that applied for inspection that NRC regulators will now look at.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.