This post originally appeared on the blog of startup guru Steve Blank.

I grew up in New York City and for a few years heaven on earth for me was going to Boy Scout camp in the summer near the Delaware River.  The camp had all the summer adventures a city kid could imagine: hiking, fishing, canoeing, etc. But for me the best part was the rifle range.  For a 12-year old kid from the city shooting target practice and skeet with a .22 rifle meant being entrusted by adults with something you knew was dangerous – because they were beating gun safety into our brains every step of the way.

From the minute we walked onto the shooting range to even before we got to touch a gun, we learned basic rules of handling weapons I still haven’t forgotten. You screwed up and you got yelled at and if you did it again you got escorted out of the rifle range.

While target practice and skeet shooting were fun, safety was serious.

Over the years I would learn how to shoot an M-16 in basic training in the military, go through a basic combat course to go to Southeast Asia (when we acted like this was a lark, our instructor stopped our drill and said, “For your sake I hope the guys shooting at you were screwing around in their combat course.”  It got our attention.)

When I bought the ranch, herds of wild boar still roamed the fields. While we were putting in the miles of fencing to keep them out, I bought much heavier weapons to deal with a charging 400-pound boar and hired an instructor to teach me how to safely use them.  Each time, gun safety was an integral part of training with new weapons.  For me, guns and gun safety became one and the same.

Hacking and Cyber Security

For consumers, online surfing, shopping, banking, and entertaining ourselves have become an integral part of our lives. And with that has come identify theft, hacking, phishing, online scams, bullying, and predators online. As well as a loss of privacy.

But for businesses, the threats are even more real. Go ask RSA, Northrop, Lockheed, Google, Amazon and almost every other company with an online presence. Intellectual property stolen, customer data hacked, funds illegally transferred, goods stolen, can damage a company and put them out of business.

I think we’re missing something.

In the last 20 years 3 billion people have gained access to the web. Yet for most of them safety online remains a problem for other people. It pretty clear that for a company going online today is equivalent to playing with a loaded gun. The analogy of comparing the net with guns might seem stretched, but I think it’s an apt one. Guns have been around for hundreds of years, to provide food as well as wage war, but it wasn’t until the 20^th century that gun safety rules were codified and taught.

I think we need the equivalent of gun safety training for online access.

We now know the basic tools online hackers use. We know enough to harden sites to stop the simple hacks and to educate employees about basic social engineering and phishing attempts. It’s time to teach Cyber Security as integral part of the high school and/or college curriculum – not as an elective. Companies need to make Cyber Security education an integral part of their on-boarding process.

The Air Force Academy basic Cyber Security course is a good place to start (Stanford and other schools have similar syllabi.) The class consists of basic networking and administration, network mapping, remote exploits, denial of service, web vulnerabilities, social engineering, password vulnerabilities, wireless network exploitation, persistence, digital media analysis, and cyber mission operations.

Lessons Learned

• The web is not a benign environment
• Companies, high schools and colleges ought to make a basic Cyber Security course a requirement of getting online access.

Steve Blank is a retired serial entrepreneur now teaching entrepreneurship at UC Berkeley, Stanford, and Columbia.

Photo credit: JSmith Photo via photopin cc

The U.S. House of Representative passed the Cyber Intelligence Sharing and Protection Act (CISPA) today after spending two days amending and debating it.

CISPA intends to open up the lines of communication between the private and government sectors to share information about breaches on private companies’ computer systems and other security problems. Many privacy and advocacy groups, however, have opposed the bill saying it doesn’t protect personal information.

The bill will now head to the Senate for its approval. If approved, it will go on to the White House, where President Barack Obama has already expressed grave concerns over the bill. Prior to the two days of amendment approvals CISPA faced, the White House threatened to veto the bill if it arrived on Obama’s desk in its current state. It is unclear whether the White House stands by this comment now that a few amendments have passed.

“Now that CISPA has passed  the House, the real battle will be in the Senate. I think we’ve got a stronger position in the Senate to defend online privacy, but there’s a lot of political will to move cybersecurity legislation this year,” said Electronic Frontier Foundation Activism Director Rainey Reitman in an email to VentureBeat. “We also have enough time now for concerned citizens to actually reach out to staffers and set up meetings with Senate offices, either in DC or when they next visit their home districts.  Every letter, phone call, and meeting makes a difference.”

But some legislators are still unconvinced. Minority Leader Rep. Nancy Pelosi (D-Calif.) expressed her worry on the House floor today saying the bill still didn’t meet the standards that uphold American’s civil liberties and gives companies too much immunity when providing attack information.

“They can just ship the whole kit and caboodle, and we are saying minimize what is relevant to our national security,” said Pelosi before the vote today. “The rest is none of the government’s business.”

Pelosi went on to say that the bill doesn’t touch on what she called the nation’s biggest cybersecurity issue: our infrastructure. The Rules Committee, which determines what jurisdictions you can and cannot touch in your bill, could have come together with the Homeland Security committee to allow CISPA’s writers to include infrastructure needs, according to Pelosi. But that didn’t happen.

“It’s just that curtail balance between security and liberty that I do not think has been struck in that bill. So for my own part, it will not have my support,” she concluded.

A second representative, Ed Perlmutter (D-Colo.) introduced a last-minute, slightly off-topic amendment that dictates government can never create an Internet firewall similar to China’s that disrupts the public’s access to the Internet. The amendment also made asking prospective employees for social media passwords during the interview process illegal. The amendment was not passed.

Rep. Mike Rogers (R-Mich.) image via CSPAN

If you’re a security startup you may want set up shop in Virginia, not Silicon Valley. Virginia Governor Bob McDonnell officially opened the doors to a security-focused startup accelerator today called Mach37.

The accelerator is modeled in the same form as Y Combinator, 500 Startups, and Techstars, according to a release by the organization. Each year, Mach37 will accept two classes of startups that will be mentored by security industry veterans, technology professionals, and investors for a 90-day period. Those startups will receive a round of investment at the beginning of the session and another after the successful completion of a demo day.

Mach37 will be based out of Virginia’s Center for Innovative Technology and is getting its first funding from the Commonwealth of Virginia. It will then look to private investors to fund the startup and keep the accelerator running.

At this point, only 8-10 companies will be admitted in each class, compared to the 40-50 companies Y Combinator admits. No word yet on how much money each startups will receive. The accelerator hopes, however, that the amount of advising and access to industry professionals will help speed up the time it takes to get these startups into the wild.

“The active ingredient that enables the accelerator to reduce startup development time is CIT’s sophisticated network of cyber experts, technologists and investors that will be integrated with entrepreneurs from the start of the 90-day session and throughout their early years of company formation,” said Virginia Secretary of Technology Jim Duffey in a statement.

A number of high-profile companies and organizations helped set up the accelerator, which Governor McDonnell hopes will make Virginia a destination for cyber security needs. These companies include Capital One, the CIA, DOD, Department of Homeland Security, General Dynamics, In-Q-Tel, Lockheed Martin, McAfee, New Enterprise Associates, and more.

Mach37 image via Mach37

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

Sometimes we all need a quick refresher on where to start when it comes to protecting our identities online, lest we get burned.

We’ve all heard of Mat Honan, the Wired reporter who had his digital life destroyed by hackers last year. F-Secure, a Finnish security company, created an infographic about his experience and provide tips on how to avoid making the same mistakes he did.

Of course, the focus here is all on the password — that lock that seems so easily picked. Since before Honan’s story got huge recognition, the security industry has called the password the “Achilles’ Heel” of security. In lieu of a better solution, F-Secure’s emphasize that two-factor authentication is the best way to put more obstacles in the way of your cyber assailants.

The second piece of advice may come as a surprise: lying. We’re all taught not to lie, but lying on your security questions may actually help keep the walls of your accounts standing. The answers to most of the traditional security questions — What’s your dog’s name? What’s your mom’s maiden name? What’s your paternal grandmother’s name? — can easily be found on social media profiles.

Which leads to an interesting last point: You need to get a little narcissistic. How? By Googling yourself and really going deep into those search results. Opt-out of personal listings websites like Spokeo and the White Pages. See what other types of website might have your profile pictures from social sites, or taken your Tumblr or blog posts without permission. You never really know where people are accessing little bits and pieces about you until you try to access that same information.

Check out the infographic below for a quick refresh on how to start protecting yourself:

Hacked image via Shutterstock

In the two weeks leading up to RSA, a major security conference in San Francisco, corporate giants such as Microsoft, Apple, Facebook, Twitter, The New York Times, and others admitted that they were hacked.  Cyber attacks are wreaking havoc on nations, businesses, and consumers alike. But just the fact that people are paying attention might be a bright spot in our fight against this adversary.

President Obama stated that cyber-crime itself is a $1 trillion problem. Even if the amount is only in the hundreds of billions – Sony alone incurred $171m in damages related to its 2011 PlayStation Network breach – it is clear that the threat is at an all-time high.  The “bad guys” are more organized and better-funded than ever before, and their methods of attack are growing more and more sophisticated.

The good news, it seems, is that chief security officers (CSOs), chief information officers (CIOs), and more importantly, chief executives and corporate boards, have finally moved from denial to rage to facing up to the magnitude of the problem.

Industry leaders are recognizing that traditional approaches, technologies and solutions are insufficient. RSA Chairman Art Coviello, for example, acknowledged the shortcomings of the standard firewall and intrusion detection/prevention systems when he said “perimeter-based security reached its limits.”

As a partner at venture capital firm Jerusalem Venture Partners, which focuses on investments in cyber-security in a country known for its cyber-prowess, I watch developments in the industry very closely in an effort to locate the startups that can address security problems as they emerge – in what seems to be a dizzying pace.

What I see is that the industry does seem to be rising to the challenge in an effort to provide better solutions for governments, enterprises, and consumers. But those answers are not necessarily coming from established security vendors and so aren’t surfacing as quickly as they should.

A new favorite attack vector: BYOD

One attack vector being used more and more by hackers is through our mobile devices. Smartphone sales surpassed PC sales two years ago and, according to industry sources, 80 percent of employees use personal devices for work purposes. That compares with the 60 percent of enterprises that allow it. This BYOD (bring your own device) phenomenon allows cyber-criminals easy access to contact lists, critical enterprise information, transactions, and credentials.

Many of the current solutions to the BYOD problem rely on problematic rooting, or kernel-level access, or crippled user experience offered by dual-persona or container models. No wonder the winner of the RSA Conference 2013 Innovation Sandbox was a young start-up, Remotium, which tackles BYOD by using a virtual machine to run your “work phone,” which you can remotely access through your personal phone.

Its innovative approach has a real shot at making our smartphones more secure by essentially taking both data and processing to the cloud. Other similarly innovative approaches which attempt to protect our data rather than the personal devices themselves may better equip organizations for the BYOD phenomenon as well as burgeoning trends towards virtual organizations.

The shift to cloud-based enterprise infrastructure and apps creates even more attack vectors. Organized cyber-crime is taking advantage of the cloud and becoming a real revenue source for many rogue organizations. Cyber-attack infrastructure is already offered as a service by many of these groups. For example, botnets-for-hire, or a string of zombie computers used to launch attacks on healthy computers, can create damages in excess of half of a billion dollars a year (especially related to AdClick fraud).

Is anti-virus software cutting it?

What about anti-viruses – the classic cyber-defense? Unfortunately, existing anti-virus solutions has fallen out of favor with many given that it can only block malware it knows. Because it looks at digital signatures and stops those it recognizes to be malware, it misses a lot of the new threats that come through. According to Bret Hartman, CTO of the security technology group at Cisco, organizations have lost control of their end-points. The cat and mouse game is becoming more difficult and expensive to play.

We see many of the most promising end-point security solutions are moving away from signature-based approaches, like anti-virus software, and focusing on heuristics-based or behavior-based white-listing methodologies. While these solutions are not quite ready to take the place of current anti-virus solutions, especially not on the consumer level, they certainly act as a much-needed complement to available protection and will certainly one day vie for a place as the industry standard.

In parallel, industry-wide collaborative efforts helping cyber-intelligence systems to ferret out insidious malware, hand-in-hand with big-data based analytics and solutions are gaining significant ground in this ongoing battle. According to RSA’s Coviello, adaptive machine-learning and predictive analytics based on big-data are the secrets to success.

Where the startups really stand

Interestingly, many of the innovative new solutions being provided today are actually coming from the more nimble and dynamic startups in the field. The problem is, these startups often have a tough time convincing CISOs of their value. Unproven track records and prematurely released enterprise solutions offered by these unknown (and often under-financed or unstable) companies are problematic for large enterprises.

Startups also seem to form in clusters, latching on to the latest buzzwords. This makes it hard to explain exactly how they do things differently.

But none of that takes CISOs off the hook. To succeed in their jobs, they must engage with these innovative startups to help themselves and the industry find the right set of solutions. The enormous scope of the problem and its continuously evolving nature dictates the need to work with innovative startups, side-by-side with incumbent players.

In the end, it takes a global village. As the intensity and ferocity of cyber-attacks continue to grow, the “good guys” must understand that only through a concentrated, collaborative, cross-industry effort can we rise to meet these very serious challenges. Such partnership-based models joining VCs, strategic enterprises, academia and government will allow the industry to create a robust, proactive eco-system which can foster breakthrough technologies and approaches capable of meeting today’s cyber threats — and tomorrow’s. This multi-disciplinary, collaborative approach is the only way to stay one step ahead of the bad guys.

Yoav Tzruya is a partner at JVP, Israel’s leading venture capital firm. Yoav brings more than 20 years of executive-level experience in the IT industry, with extensive experience in cyber security, digital media, and enterprise software verticals.

Happy code image via Shutterstock

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

President Obama called to congratulate China’s new president Xi Jinping yesterday, reportedly taking the opportunity to talk to the leader about the increasingly tense cyber security situation developing between the two countries, according to the New York Times.

Xi Jinping successfully completed the transfer of power and became China’s president on Thursday, opening a door to new conversations with Washington. Despite many other issues the U.S. must hammer out with China, cyber security has been top of mind for many government officials and rightfully so. A number of high-profile companies have been hacked, tracing the attacks back to China. This includes the The Wall Street Journal and The New York Times. Security firm Mandiant also recently released a report saying China has been attacking the U.S. for a number of years, specifically one group within the Chinese military.

The New York Times reports that President Obama specifically mentioned stealing U.S. companies’ proprietary information and intellectual property.

On Monday, U.S. national security adviser Tom Donilon said in a speech in New York that the international community should not stand for action like this any longer and that China needs to come to the table to discuss cyber security rules.

“From the President on down, this has become a key point of concern and discussion with China at all levels of our governments,” he said in the speech.

China’s Foreign Ministry spokeswoman Hua Chuying responded on Tuesday saying the country is “willing, on the basis of the principles of mutual respect and mutual trust, to have constructive dialogue and cooperation on this issue with the international community including the United States to maining the security, openness and peace of the Internet.”

President Obama phone image via The White House/Flickr

While congress has yet to reach any sort of lasting solution regarding the nations growing cyber security problems, President Barack Obama has decidedly taken the first big step in an executive order signed earlier today.

The executive order places the National Institute of Standards and Technology with the responsibility of  creating cyber security standards for organizations and industries that are of great importance to the country, such as transportation, utilities (water and electric), and healthcare. The department of Homeland Security will then work with businesses and industry groups on a volunteer basis to ensure that the standards are being met properly as well as come up with incentives to get more organizations/businesses on board.

The executive order would also create a new initiative for businesses to share their cyber security data with a centralized organization that could make sense of it, and allow security experts to advise on how to prevent future attacks.

Right now the biggest deterrent in getting businesses and other organizations to get on some kind of standard cyber security plan is that most don’t want to be held liable for security breaches due to failure of these self-imposed regulations. However, if congress passes new legislation regarding cyber security standards, that could change.

Last year the House passed legislation call CISPA, or the Cyber Intelligence Sharing and Protection Act, which would have addressed many of the concerns businesses and other organizations had about a cyber security standards. The bill sought to give American companies more legal breathing room (protection against lawsuits) when collecting and sharing consumer/user data for the purpose of preventing massive Internet security threats. However, CISPA had few guarantees that it wouldn’t grossly violate an individual’s privacy rights, and initially faced of a presidential veto threat). The White House eventually put a stamp of approval on a revised version of the bill, which failed a vote in the Senate.

Now, that same House bill is tentatively headed back to the floor for another vote Wednesday, meaning congress has one more chance to pass the White House-approved version.

This is an issue that President Obama clearly understand is important (having highlighted it specifically in tonight’s State of the Union address), and his executive order essentially lays the groundwork for the CISPA bill to pass, should that happen.

You can read full text of the cyber security executive order in the document embedded below.

Rumors of CISPA’s demise were apparently greatly exaggerated, according to various privacy rights advocates and organizations today.

CISPA, or the Cyber Intelligence Sharing and Protection Act, initially sought to give American companies more legal breathing room (protection against lawsuits) when collecting and sharing consumer/user data for the purpose of preventing massive Internet security threats. It passed a House vote with few guarantees that it wouldn’t grossly violate a person’s privacy rights (even in the face of a presidential veto threat). The White House eventually put a stamp of approval on the bill, pending certain amendments. But the Senate vote failed, and the president resorted to other methods for the time being.

The recently “deceased” bill, however, is scheduled for a new vote. House Intelligence Committee Chairman Mike Rogers (R-MI) and fellow congressman Dutch Ruppersberger (D-MD) will reintroduce CISPA this Wednesday, which should bear a striking resemblance to last year’s bill and not the amended version that failed to gain even a senate vote of approval.

So, what can you do to thwart (or at the very least stay informed about) CISPA this time around? Well, non-profit privacy awareness group Fight for the Future has created a webpage listing all the contact information for each congressperson that co-signed the last version of the bill, a list of companies that support the new CISPA, and other important facts.

The group also produced the infographic embedded below which contains a condensed explanation of what CISPA is trying to make legal.

If there is any weakness in security, you can guarantee the criminals will try to exploit it. And if a cyber criminal discovers a weakness in one community, it won’t be long before that isolated crime turns into a trend. The commercialization of malware is rapidly becoming a well-organized and highly lucrative business.

So what can we expect in 2013? Based on what crimes we are seeing around the globe, here is a list of the top six emerging cyber security threats we will likely see in 2013.

Criminals will enter your home using smart TVs – Smart TVs are extremely vulnerable to attacks especially as app stores for TVs become more prevalent. Hundreds of applications are becoming available for users to download, and an attacker needs to exploit vulnerabilities in just one of these apps to enter people’s homes. In 2013, the attacks may be geared more towards stealing content, like movies and games, but as Smart TVs become more sophisticated and integrated into home networks, you can be assured cyber criminals will find new ways to exploit this new avenue inside the home.

Virtual kidnapping of cellphones – Scarlett Johansson, Olivia Munn, Christina Hendricks, and Rihanna were just a few celebrities who got their phones hacked in 2012. Next year, you can expect this crime to go from celebrities to consumers. TopPatch has already seen hackers hold phones for ransom. It is a virtual form of hijacking your cell phone and we are expecting more of these crimes to hit the global consumer in 2013 as smartphone use continues to increase.

Attacks using bloggers will increase - Many content management systems that bloggers use, and the ad servers they are integrated with, don’t have enough security measures to protect content created by writers and bloggers, or the ad units served by advertisers. In 2013, hackers will exploit these security weaknesses further to spread viruses, conduct phishing attacks, and steal data from the audiences who visit these websites.

Virtual attacks end in human death - Nation-state attackers will target critical infrastructure networks such as power grids at unprecedented scale in 2013, resulting in human casualties from a cyber attack. Violent extremist groups have already attacked nuclear reactors, hospitals and assembly lines at automobile companies. These types of attacks are growing more sophisticated, and will soon enough lead to the loss of human life at an unprecedented scale.

Rogue regimes use cyberterrorism to attack their governments – In 2012 we already saw numerous government-sponsored cyber attacks, but next year we will see rogue regimes utilize the skills they have developed to attack their own governments.

Attacks will follow natural disasters - Cyber criminals like to attack when people are most vulnerable. Many networks go down during natural disasters, leaving security gaps for cyber criminals. With the rise of natural disasters in 2013, we can expect more systems to become vulnerable, leaving more opportunities for cyber criminals to exploit. If global warming leads to more hurricanes and weather changes, you can expect the opportunities for cyber criminals to grow during these down times.

Chiranjeev Bordoloi is the CEO of TopPatch. He has consulted government agencies, financial institutions and Fortune 500 companies on cyber security for more than 20 years. TopPatch was the first cyber security company to develop a patent-pending Peer-to-Peer Security Patch Management Software that exponentially improves on the “old” way of securing computers, which required all security to go through one server.

Cyber security photo via alexskopje/Shutterstock

President Obama signed a new cyber security directive in mid-October, according to The Washington Post, that begins to outline the government’s involvement in securing the private sector and how it will act when on the offensive.

For the most part, the directive is still secretive and murky. A senior administrative official told the Washington Post that it will deal specifically with the issue of defensive measures, or protecting the government and citizens from being hacked, and offensive measures, how the U.S. should act when pushing back. The official explained that the directive also touches on the subject of government-operated networks and civilian networks. This will be referred to as “cyber operations,” or the defensive measures the government might have to take to protect the private sector.

The directive is also meant to help ensure that everyone involved in cyber warfare abides by the international rules of warfare.

U.S. Defense Secretary Leon Panetta recently warned that we may experience a cyber Pearl Harbor, that the U.S. is the cross hairs of cyber attackers across the world. Specifically, Panetta is afraid of major attacks on our critical infrastructure, such as energy grids, water infrastructure, and smart devices.

At the time, Panetta also plugged a cyber security bill with the hopes that new lines of communication can open up between the government and private sector to work together on securing the country’s networks.

President Obama image via The White House/Flickr

OneID provides customers with an account that can be used across multiple websites and payment systems. The technology authenticates user identity, while also consolidating all financial information into one secure location.

The vendor partners are Marketlive, Jagged Peak, ShopVisible, and Acadaca. By further integrating its services with e-commerce software, OneID provides retailers and customers with a more streamlined checkout process and greater confidence that sensitive data will not be hacked. These new partnerships will bring the benefits of OneID’s single sign-in to millions of people a year.

OneID was launched in March by six-time entrepreneur Steve Kirsch, who sold one of his former companies, Infoseek, for a reported $1.7 billion. Considering how sensitive the data is and how complicated the technology, it took someone with his credentials to execute the product.

The company raised $7 million in April from Khosla Ventures to expand its user base. To do this, strategic partnerships were necessary because OneID customers are not consumers but rather e-commerce providers.

Today’s announcement is a further step in that direction. A few more partnerships, and passwords can be saved for fun stuff, like speakeasies and Top Secret CIA missions.

The White House is losing its cyber security coordinator Howard Schmidt to retirement this year after a tumultuous 2011, often referred to a the year of the hack.

Schmidt served the White House in this role for two and a half years, and has acted as a pivotal liaison between the National Security Agency and Homeland Security, as noted by the Washington Post. He was instrumental in passing the first cyber security legislative proposal, and watched as “hacktivist” groups such as Anonymous and Lulzsec grew to become the household names they are today. He leaves his office in a time where tensions on the Internet security front are high.

Security firm Symantec claims that it stopped 5.5 billion attacks from happening last year, and that due to new automated processes for creating malware, that number is only due to grow. And it’s not just the private sector that’s on red alert. State-sponsored attacks are also popping up much more frequently, and fear is growing around the idea of attacking “connected devices.” An example of this was the 2010 attack on Iranian nuclear power plants using the malware named Stuxnet.

Michael Daniel, who has served the Office of Management and Budget for 17 years, succeeds Schmidt. He too has had experience with cyber security matters, devoting 10 of those 17 years to the matter. He is the current Chief of the White House Budget Office’s Intelligence Branch.

via the Washington Post; Howard Schmidt photo via veni markovski

At VentureBeat, we come across a lot of funding news every day. In order to bring you the most information possible, we’re rounding up the quick-and-dirty details about the funding deals of the day and serving them up here in our “Funding daily” column.

Square may be raising a new round at $4B valuation

Mobile payment startup Square is said to be raising a new round of funding that would value the company at a whopping $4 billion. Square has already raised $137 million Kleiner Perkins, Tiger Global Management, Sequoia Capital, and Khosla Ventures, among others.

Eucalyptus secures $30M investment

Open-source cloud software maker Eucalyptus Systems has raised $30 million in its third round of funding. The company offers an open-source software platform for private and hybrid clouds. Institutional Venture Partners (IVP), led the round, with Benchmark Capital, BV Capital, and New Enterprise Associates (NEA) participating.

AdSafe gets funding to keep your ads off porn sites

AdSafe Media has raised $10 million in funding to make sure your company’s ads don’t intentionally wind up in potentially embarrassing places such as porn or pirating sites. Pelion Venture Partners, Atlas Venture, and Coriolis Ventures participated in the round.

Coursera goes back to school with $16M

Shaking up online education and bringing university courses to anyone with an Internet connection, Coursera grabbed a $16 million investment. Kleiner Perkins Caufield & Byers was the venture firm behind the investment.

Cyphort raises $7M

Stealthy Cyphort filed a form D Wednesday for what appears to be a new $7 million funding round. The company fights cyber threats for government agencies and business with software.

CircleUp grabs money for crowdfunding

CircleUp has raised $1.5 million from David Topper and other investors. The company launched its service today, which helps startups get funding from wealthy investors —  those that make over $200,000 in yearly income or have a net worth of more than $1 million. Instead of focusing on tech startups, CircleUp helps investors give capital to consumer product companies.

TransferWise gets funding to shake up currency exchanges

TransferWise closed $1.3 million in funding for its scheme to sidestep the banks using cheap, peer-to-peer currency exchange. Among the new investors is Max Levchin, the co-founder of PayPal.

SkySQL raises $4M

SkySQL has raised $4 million in first-round funding. SkySQL consults with businesses to set them up with MySQL and MariaDB database services. OnCorps led the round with Finnish Industry Investment Ltd., Spintop Ventures and Open Ocean Capital. The full release is below.

Boxing image via Flickr user djclear904

After lots of public outcry, Facebook has published a letter today explaining its support for controversial cyber-security legislation, the Cyber Intelligence Sharing and Protection Act, or CISPA (PDF).

CISPA intends to grant companies more leeway when it comes to collecting and sharing data about their consumers (or users, in the case of social networks) — specifically, data regarding security threats. Essentially, the bill’s goal is to enable companies to share this information with the government to help fight and prevent cyber security attacks. Currently, most businesses are hesitant to share such precious information with third parties for fear of violating antitrust laws. The bill has broad support from over 100 House co-sponsors from both sides of the aisle.

Critics of CISPA often incorrectly refer to it as a new version of international copyright infringement bill SOPA, which would have given the government the authority to shut down websites accused of internationally committing acts of piracy. But while CISPA only intends to thwart security threats, many believe it could end up paving the way for copyright holders to begin policing the net. Critics also point out that it promotes the idea of companies creating extensive user databases, intercepting or modifying communications under the guise of security, and blindly complying with government requests for private  user information.

Facebook, however, believes CISPA’s cyber security benefits greatly outweigh any of the potential negative impacts critics have cited.

“We recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity,” wrote Facebook VP of Public Policy Joel Kaplan in the letter. “Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 [a.k.a. CISPA] in the first place — the additional information it would provide us about specific cyber threats to our systems and users.”

Facebook isn’t alone in its support of CISPA. Other companies that support the bill include AT&T, Microsoft, Verizon, IBM, Intel, and over 25 others.

Facebook’s entire statement follows below. Let us know your thoughts in the comments section.

Via Facebook:

“More than 845 million people trust Facebook with their information, and maintaining that trust is at the core of everything we do. Keeping the site secure to protect our users and their information requires a combination of technological innovations; around-the-clock coverage from our dedicated staff; and relationships within the broader security community.

A successful defense against bad actors also requires that we have timely information about cyber threats. One challenge we and other companies have had is in our ability to share information with each other about cyber attacks. When one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack. Similarly, if the government learns of an intrusion or other attack, the more it can share about that attack with private companies (and the faster it can share the information), the better the protection for users and our systems.

A number of bills being considered by Congress, including the Cyber Intelligence Sharing and Protection Act (HR 3523), would make it easier for Facebook and other companies to receive critical threat data from the U.S. government. Importantly, HR 3523 would impose no new obligations on us to share data with anyone –- and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today.

That said, we recognize that a number of privacy and civil liberties groups have raised concerns about the bill – in particular about provisions that enable private companies to voluntarily share cyber threat data with the government. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place — the additional information it would provide us about specific cyber threats to our systems and users.

The overriding goal of any cybersecurity bill should be to protect the security of networks and private data, and we take any concerns about how legislation might negatively impact Internet users’ privacy seriously. As a result, we’ve been engaging directly with key lawmakers as well as industry and consumer groups about potential changes to the bill to help address privacy concerns.

The bill’s sponsors, House Intelligence Committee Chairman Mike Rogers and Ranking Member Dutch Ruppersberger, have stated publicly that they are working with privacy and civil liberties groups to address legitimate questions and concerns about how information might be shared with the government under the bill. They’ve made clear that the door is still open to change the bill before it comes to the House floor for consideration.

We hope that as Congress moves forward in considering this and any other cyber legislation, the result will be legislation that helps give companies like ours the tools we need to protect our systems and the security of our users’ information, while also providing those users confidence that adequate privacy safeguards are in place.

Plastic toy soldiers photo via jcjgphotography/Shutterstock

6Scan released a new plugin for WordPress today, aimed at giving small businesses the same level of cyber security that enterprises can afford.

“I think what SMBs [small to medium-sized businesses] want most of all is something that doesn’t take technical expertise to set up,” said 6Scan chief executive officer Nitzan Miron in an interview with VentureBeat. “And it needs to just work. It doesn’t need to require manual work or technical work. It needs to be a ‘set it and forget it.’”

The software is completely Internet based and has two different layers, the Patrol and the Bodyguard. The Patrol is what Miron calls “your own white hat hacker.” It crawls a company’s website and attacks it, like a cyber criminal looking for entry would. The attacks are used to find vulnerabilities in the site, which are then transferred to the Bodyguard. This second function then fixes the vulnerability before it can be exploited. Vulnerabilities do not have to be previously discovered for Bodyguard to know how to fix it. The automated system is able to detect and fix unknown issues, which are then published for public benefit.

The plugin costs $10 a month, and Miron says more plugins for other website platforms, such as Drupal, are coming.

“We capitalize on the fact that most SMBs are running on well-known platforms,” said Miron. “They’re not going to start their sites from scratch, they’re going to start from well-known platforms like WordPress.”

6Scan is headquartered in Israel and serves 2,500 websites thus far. It was founded in April 2011, has eight employees, and has raised an undisclosed amount of funding from YL Ventures.

White hat via Shutterstock

The names of customers, account numbers, and contact information, including email addresses, were viewed in the breach. Citi told Reuters that “social security number, date of birth, card expiration date and card security code were not compromised”.

The high-profile data breach is the latest cyber attack on a major company, following attacks on Sony, Google, and Lockheed Martin. It makes you wonder just how vulnerable other companies holding your data are to similar attacks.

A Citi spokesman noted that the breach affected just 1 percent of North American card customers, which total 21 million. The bank said it would be contacting customers whose data was accessed and would implement “enhanced procedures to prevent a recurrence of this type of event.”

U.S. government officials have recently started to address cyber attacks in a more serious manner. Yesterday, FBI director Robert Mueller told Congress that the bureau plans to increase its focus on cyber attacks. The Pentagon also recently weighed in on cyber attacks and said that if a hacker attack produces “death, damage, destruction or high-level disruption that a traditional military attack would cause,” then the attack could by considered an act of war and merit retaliation by force.

Are you a Citi customer? Does this data breach make you want to switch banks?

IBM

Those events are part of a growing problem. IBM says that cyber crime and malware saw a big increase in 2010, according to a new company report. The year marked the rise of increasingly sophisticated and targeted security threats against both governments and companies.

In the 2010 Trend and Risk Report, IBM’s X-Force security division said that phishing attacks (where cyber criminals try to trick users out of passwords and other information) declined to a quarter of previous numbers. But targeted attacks, or “spear phishing,” was on the rise. That suggests a focus on quality of attacks, rather than quantity of attacks.

IBM found that there were 8,000 new web vulnerabilities discovered during 2010, up 27 percent from 2009. The adoption of smartphones within the enterprise posed added risks, raising the need for tighter security on password management and data encryption. Attacks against mobile phones are on the rise.

IBM also said that the shift to cloud computing (web-connected data centers) carries risks as well and companies have to improve security so they can assure users that none of their data stored in the cloud gets stolen.

IBM says it is opening a Brussels-based Advanced Institute for Security to provide access to security research. The company says it has a database of more than 50,000 computer security vulnerabilities and that it monitors 13 billion security events in real time every day for more than 130 countries. IBM also says it has the world’s largest security services practice with more than 3,500 security services, nine research labs, 250 security-related products and 11 security acquisitions since 2006.

“The numerous, high-profile targeted attacks in 2010 shed light on a crop of highly sophisticated cyber criminals who may be well-funded and operating with knowledge of security vulnerabilities that no one else has,” said Tom Cross, threat intelligence manager at IBM X-Force. “Staying ahead of these growing threats and designing software and services that are secure from the start has never been more critical.”

The funding announcement comes in conjunction with its launch of IPTrust, a security detection suite for preventing malware and botnets — networks of infected computers controlled remotely by hackers — from affecting cloud-based applications. IPTrust provides real-time monitoring of security risks that IT professionals handling cloud-based networks can access and address on the fly.

The software determines if there is a security threat and notifies technical support of the infection. It can also determine the “trustworthiness” of an address from a computer accessing the network by checking if it is from a client or not.

David Cowan of Bessemer Venture Partners and Arun Gupta of Columbia Capital, both experts in wireless technology startups, have joined the Atlanta, Ga.-based company’s board of directors as part of the deal. TechOperators also participated in the round of funding, along with Columbia Capital, Kleiner Perkins, and Bessemer Venture Partners.

More than 280,000 organizations and 250 million IP addresses have been affected by botnet networks and malware, according to Endgame. But there’s increasing danger of hackers using botnets to gain access to a master account on a cloud network and having access to hundreds or thousands of “virtual desktops” — computers that can be run remotely on cloud servers and accessed through the internet.