Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars  Apps     EBooks
   AFCEA logo
 

Security

Obtaining Cyber Personnel Threatens Effective Defenses

July 30, 2013
By Robert K. Ackerman

Just as an earlier panelist at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., emphasized the importance of the human element in cyber intelligence, a subsequent panel sounded the alarm for acquiring and keeping cyber personnel. Obsolete hiring rules and competition from the private sector loom large as impediments to the government’s ability to hire and retain effective cyber intelligence personnel.

Competition from the private sector is quantifiable. Daniel Scott, Office of the Director of National Intelligence, pointed out that the government is offering less than half the annual salary than the private sector for skilled cyber graduates. These young people need to earn a lot of money in the first 10 years of their careers so they can pay off their college loans, he pointed out. And, the need for these people is immediate.

“We can spend millions and millions on scholarships, but we need to hire people today,” he stated.

Scott also called for comprehensive civil service reform. “It [civil service hiring] was written for the industrial age; it will not work for the skill set we will need in cybersecurity. We need more flexibility to bring people in and retain them,” he declared.

New Capabilities, Though Needed, May Not Be a Panacea for Cybersecurity

July 30, 2013
By Robert K. Ackerman

Information sharing, automated intelligence reporting and all-source analysis capabilities are cited by many experts as being necessary for helping ensure cybersecurity. However, the human element must remain not only present, but also dominant, in any cybersecurity process.

That was one point presented in a panel discussion at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. Rear Adm. Elizabeth Train, USN, director for intelligence, J-2, the Joint Staff, cited an automated unclassified intelligence reporting system as one capability that is needed but is still a way off.

She added that all-source analysis is still the key to good intelligence. Information sharing is another desirable capability, although achieving it is a challenge across the entire intelligence community, not just in cyber, she noted.

While endorsing the need for new capabilities, Mark Young, former executive director, Directorate for Plans and Policy, U.S. Cyber Command, sounded a cautionary note. “Correlation does not necessarily mean causation—the role of the analyst is even more critical,” he declared. “We use these automated tools to find the needle, but so what?

“We can talk about the pace of technology all we want, but if you have the proper mindset for analysis, the technology doesn’t matter,” Young emphasized.

Young agreed that industry can help with cyber threat intelligence, but it may be elusive. “We need information sharing legislation, but I don’t think it’s going to happen,” he offered.

Defense Information Security Still Fought in the Trenches

July 30, 2013
By Robert K. Ackerman

The military is so busy combating cybermarauders that it has not been able to shape an overall strategic approach to securing cyberspace, said the head of intelligence for the Joint Staff. Rear Adm. Elizabeth Train, USN, director for intelligence, J-2, the Joint Staff, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the cyberdomain is a multidimensional attack domain that threatens both the military and the private sector.

“We’re doing more tactical blocking and tackling than strategic defense right now,” Adm. Train said.

She called for a stronger two-way relationship between government and industry as a cornerstone of information sharing. While intruders largely target the private sector, they also are targeting the Defense Department. “We’ve experienced an unprecedented number of incidents,” she said of the department.

One of the challenges is that, in an interdisciplinary mission such as cyber, a gap in technology knowledge is present across the work force. The admiral called for a standard lexicon and vocabulary so that participants can understand each other clearly. For example, she noted, some cyber experts are not experts in intelligence tradecraft, which hampers effective communications in the rapidly changing cyber arena.

“The world is introducing digital capabilities at a pace faster than we can understand them,” the admiral stated.

A New Type of Police Officer Taps Cyber Advantages

July 30, 2013
By Robert K. Ackerman

The same challenges facing the military now confront law enforcement as it embraces cyber capabilities. Disciplines ranging from data fusion to security are becoming integral parts of the curriculum for police officers.

Cathy Lanier, chief of the Washington, D.C., Metropolitan Police Department, did not understate the changes technology has wrought as she spoke at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. “It almost feels like completely reinventing police work,” she said.

With the force using information technology in most aspects of police work, cybersecurity is one of the top priorities for officers. “With all that technology, we have had to re-educate our entire police force and civilians on cybersecurity,” the chief offered. “We’ve had to change the type of employee we go after and teach the current police how to use it.”

Chief Lanier added that training alone is not the only part of the equation. The department must bring its people up to speed on these new technologies, but it also must obtain the policy to go along with it.

Industry Can, Must Do More to Help FBI Cybersecurity Efforts

July 30, 2013
By Robert K. Ackerman

Companies that are hacked have valuable information that can help prevent future cyber intrusions, said an FBI cyber expert. Rick McFeely, executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the bureau is depending on industry to share vital information on cyber attacks.

“A key part of what the FBI does is victim notification,” McFeely said. “But, by calling out methods used to attack one company, we can see if those methods are being used to attack others. We now do that [a great deal].

“We need you to report it immediately,” he said, addressing industry. “If you share malware, we can tell you how others mitigated the same situation.” He added that the FBI is working to develop a tool that identifies malware’s fingerprints.

One problem the bureau has had with industry is that companies often expect to learn the identity of the intruder. That is not always possible given confidential sources of information, and the FBI discourages firms from seeking that data. “We need to get away from the constant need of private industry to know who’s behind the keyboard,” McFeely states. “We need to worry less about positively identifying [intruders] and focus on their intent and capability. We provide intelligence so you can defend your own networks, not so you can identify where an attack comes from.”

FBI Creates New Cyber Information Sharing Portal

July 30, 2013
By Robert K. Ackerman

The FBI has created an information sharing portal for cyber defense modeled on its Guardian counterterrorism portal. Known as iGuardian, the trusted portal represents a new FBI thrust to working more closely with industry on defeating cyberthreats. It is being piloted within the longtime InfraGard portal, according to an FBI cyber expert.

 

Security Measures Need to Raise the Cost of Operations for Hackers

July 30, 2013
By Robert K. Ackerman

Hackers need to pay a greater price for intrusions if network security is to be effective, said a former director of national intelligence. Adm. Dennis Blair, USN (Ret.), who also is a former commander of the U.S. Pacific Command, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the nation needs to raise the cost to the hacker without breaking the bank for the defender.

The admiral emphasized that he is not advocating the legalization of counter-cyber attacks—as much as the concept appeals to him. Instead, he called for legalization of “a myriad of nondestructive counter cyber attacks” that would raise the minimal cost to these hackers.

Some measures might involve empowering cyber operators to take action against hackers. Adm. Blair suggested establishing the cyber equivalent of private surveillance cameras with the ability to turn evidence over to the authorities, and maybe even creating the digital equivalent of a citizen’s arrest.

Other defensive measures could thwart cyber marauders. These might take the form of documents that self destruct when unauthorized users try to open them, for example, and the digital equivalent of indelible ink that is used for marking money.

The former head of the U.S. Pacific Command cited China as an example of a cyber adversary that should be impressed with the need for supporting cybersecurity rules and laws. “We need to put more penalties into the equation instead of relying on Chinese maturing,” he offered. “How many U.S. companies must go out of business, how many billions of dollars must be lost, before the Chinese realize it’s in their best interest to cooperate in cybersecurity?”

Senate to Bring Cyber Bill Mirroring House Effort

July 30, 2013
By Robert K. Ackerman

The U.S. Senate is moving on a cyber bill that is more in line with the approach being taken by the House, said a member of the House Permanent Select Committee on Intelligence. Rep. Mac Thornberry (R-TX) told the morning audience at the AFCEA Global Intelligence Forum at the National Press Club in Washington, D.C., that this bill may be marked up by the Senate Commerce Committee this week. It would turn to standards established by the National Institute of Standards and Technology (NIST) for private sector guidelines.

Thornberry reflected on how the House passed four separate cyber bills a year ago, but they died in the Senate as that body pursued a single large bill. The congressman endorsed the House concept of legislating cybersecurity in “discrete, bite-size chunks” that reach across the relevant government committees and agencies.

The congressman called for greater cooperation between Congress and the White House, saying that this can produce a cyber policy that benefits the nation as a whole. The more the administration and Congress work together, the more their work becomes the policy of the nation rather than that of any particular administration, Republican or Democrat. “Only with this partnership can we have the solutions the country needs,” he declared.

Asymmetric Cyberwarfare Demands a New Information Assurance Approach

July 1, 2013
By Paul A. Strassmann

The planners of the Defense Department Joint Information Environment, or JIE, must specify the requirements that can cope with the surges in asymmetric cyberwarfare—now. Asymmetric warfare describes conflicts in which the resources of the two belligerents differ in terms of their weapons and organization. The opponents will attempt to exploit each other’s weaknesses.

To defend against asymmetric warfare requires the imposition of a unified intelligence that is applicable to all U.S. Army, Navy, Marine Corps and Air Force applications. Proceeding with comprehensive protective solutions is required prior to completing facility consolidations. Fixing applications before consolidating computer processing has become one of the primary requirements for safe cyber operations.

Proceeding with only enhancements of legacy operations will not be sufficient. For example, placing emphasis on data center consolidations without a simultaneous re-engineering of applications cannot deflect targeted cyber attacks.

Cyberwarfare has evolved over the past 40 years. Information security methods, which used to protect computer systems, now are inadequate. Thousands of unknown global cyber attackers examine millions of dispersed targets, but only hundreds of defenders protect tens of thousands of applications located in fixed positions. The disparity between many unknown attackers compared with a few known defenders has created a situation where asymmetric warfare is the prevalent condition under which system operations now take place.

Information Agency 
Changes Security Approach

July 1, 2013
By Robert K. Ackerman

The increasing use of readily available and inexpensive commercial technologies by the military is changing the way the Defense Information Systems Agency provides information assurance. As these technologies are integrated into the Defense Department information infrastructure, the agency is adjusting its approaches to providing security for its networks and the data that reside on them.

Pages

Subscribe to RSS - Security