Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars
AFCEA logo
 

Networks

Asymmetric Cyberwarfare Demands a New Information Assurance Approach

July 1, 2013
By Paul A. Strassmann

The planners of the Defense Department Joint Information Environment, or JIE, must specify the requirements that can cope with the surges in asymmetric cyberwarfare—now. Asymmetric warfare describes conflicts in which the resources of the two belligerents differ in terms of their weapons and organization. The opponents will attempt to exploit each other’s weaknesses.

To defend against asymmetric warfare requires the imposition of a unified intelligence that is applicable to all U.S. Army, Navy, Marine Corps and Air Force applications. Proceeding with comprehensive protective solutions is required prior to completing facility consolidations. Fixing applications before consolidating computer processing has become one of the primary requirements for safe cyber operations.

Proceeding with only enhancements of legacy operations will not be sufficient. For example, placing emphasis on data center consolidations without a simultaneous re-engineering of applications cannot deflect targeted cyber attacks.

Cyberwarfare has evolved over the past 40 years. Information security methods, which used to protect computer systems, now are inadequate. Thousands of unknown global cyber attackers examine millions of dispersed targets, but only hundreds of defenders protect tens of thousands of applications located in fixed positions. The disparity between many unknown attackers compared with a few known defenders has created a situation where asymmetric warfare is the prevalent condition under which system operations now take place.

In the Cyber Trenches

July 1, 2013
By Max Cacas

The Army adjusts its training and career path for cyber domain troops and leaders.

The U.S. Army is taking a successful model developed to train chief warrant officers in the realm of information assurance and is adapting it for qualified enlisted personnel and officers. Instead of reinventing the wheel, the program blends already-successful cybersecurity training designed for the private sector with training tailored for the Army’s mission-specific networks. The goal is to create a career path for what is expected to be a cadre of cyberspecialists whose primary goal is to protect and defend the service’s digital infrastructure.

“The Army realized that our networks were being constantly attacked, but we never realized it until after it had taken place,” says Joey Gaspard, chief, Information Assurance Branch, U.S. Army Signal Center at Fort Gordon, Georgia. He adds that in 2007, the service embarked on a program to match staffing and training to be more proactive about cybersecurity. “Instead of consistently sitting there, waiting to be hit, they decided to put themselves in a position where we looked at the training. Commercial industry was already training personnel to defend commercial organizations, so why couldn’t the Army do the same thing?”

In response to that question, the Army embarked on a re-examination of its military occupational specialty (MOS) categories, which describe every job at every rank within the Army. The Signal Center focused on the MOS pertaining to cybersecurity.

Hooked on Mobile 
Security

July 1, 2013
By George I. Seffers

Project Fishbowl spurs industry to
 meet military
 and intelligence 
community needs.

U.S. intelligence and defense officials are wrapping up a mobile device pilot program known as the Fishbowl project and are planning over the next year to expand on the capabilities it provides. Doing so is part of a larger strategy to wean the agency and the Defense Department off of government-designed mobile device technology, which will save time and money while providing secure, cutting-edge electronics for high-level government officials and to individual soldiers.

Fishbowl provided 100 Android devices to users across 25 organizations. The name is a reference to the fact that fishbowl users are a closed community capable of talking only to one another on the device, which provides secure voice and data services including email, calendar and some chat capability. “These are all Web-mediated services. We don’t store data directly on the device. It acts as a thin client back to the enterprise so that if the device gets lost, there’s very little data that can be obtained from the device itself,” says Troy Lange, National Security Agency (NSA) senior executive for the mobility mission. The NSA is teamed with the Defense Information Systems Agency (DISA) on the project.

The next step is for DISA to implement an operational capability that will replace the pilot. DISA also will establish a government-owned app store that will add to the catalogue of available software applications for mobile products.

Information Agency 
Changes Security Approach

July 1, 2013
By Robert K. Ackerman

The increasing use of readily available and inexpensive commercial technologies by the military is changing the way the Defense Information Systems Agency provides information assurance. As these technologies are integrated into the Defense Department information infrastructure, the agency is adjusting its approaches to providing security for its networks and the data that reside on them.

Shifting Tides of Cyber

July 1, 2013
By George I. Seffers

Industry officials foresee 
changes in network security.

Cyber industry experts predict a number of coming developments in the cyber realm, driven in part by government strategy and funding uncertainties. The future may include a greater reliance on law enforcement to solve state-sponsored hacks, increased automation and more outsourcing.

Earlier this year, the White House released the Administration’s Strategy on Mitigating the Theft of U.S. Trade Secrets. It calls for an increase in diplomatic engagement; makes investigation and prosecution of trade secret thievery a top priority; and promises a review of legislation regarding trade secret theft to determine what changes may be necessary. The strategy contains “lots of hints” the administration will rely on law enforcement in addition to national security channels in some cases involving nation-state-sponsored hacks, says Kimberly Peretti, a former senior litigator for the Justice Department Computer Crime and Intellectual Property Section.

“The big gorilla in the room is what we do with state-sponsored attacks. One of the priorities of the strategy itself is having the Justice Department continue to make investigations and prosecutions of trade secrets a priority. So, if we see a lot of these trade secret thefts happening by Chinese hackers or state-sponsored attackers, that could be incorporated into the strategy—to start looking at pursuing avenues criminally as well as on the national security side,” says Peretti, who is now a partner in the White Collar Group and co-chair of the Security Incident Management and Response Team, Alston and Bird Limited Liability Partnership, a law firm headquartered in Atlanta.

NSA Director Defends Intelligence Workforce

June 27, 2013
By George I. Seffers

Cyber Symposium 2013 Online Show Daily, Day 3

Gen. Keith Alexander, USA, who directs the National Security Agency (NSA) and commands U.S. Cyber Command, wrapped up the final day of the AFCEA International Cyber Symposium with a strongly-worded defense of the U.S. intelligence community, which is under fire following recently-leaked documents concerning the collection of data on the online activities of ordinary citizens in the United States and abroad. The general deviated from the topic of cyber long enough to address the controversy.

The NSA director said intelligence community employees protect the nation and civil liberties simultaneously. “These leaks have inflamed and sensationalized for ignoble purposes the work the intelligence community does lawfully under strict oversight and compliance. If you want to know who who’s acting nobly, look at the folks at NSA, FBI, CIA, and the Defense Department who defend our nation every day and do it legally and protect our civil liberties and privacy. They take an oath to our constitution—to uphold and defend that constitution,” he said. “They’re the heroes our nation should be looking at.”

During the question and answer session, Gen. Alexander also praised contractors who work for the intelligence community. “From my perspective, we couldn’t do our job without the contractors or the help we get from industry. That’s been absolutely superb. One individual has betrayed our trust and confidence, and that shouldn’t be a reflection on everybody else,” he stated.

In fact, he said, the United States government is one of the best in the world at protecting data on individuals. “Most nations around the world collect signals intelligence just like we do. And they’re governments use lawful intercept efforts that require and compel companies to provide the requested information. I think our nation is among the best at protecting our privacy and civil liberties,” he opined.

Citing Cost, Innovation and Flexibility, Navy Awards NGEN Contract to HP Group

June 27, 2013
By Robert K. Ackerman

The U.S. Navy has programmed change into its $3.45 billion Next-Generation Enterprise Network (NGEN) contract.

 

NSA Director Says U.S. Is Best at Protecting Civil Liberties

June 27, 2013
By George I. Seffers

The United States is one of the best in the world at protecting civil liberties, Gen. Keith Alexander, USA, director of National Security Agency (NSA) and commander of the U.S. Cyber Command said at the AFCEA Cyber Symposium in Baltimore.

Edward Snowden, the NSA contractor who leaked reams of data about NSA monitoring activities to the press, has been called a hero whistleblower by some, but Gen. Alexander contends that the employees at the NSA, FBI, CIA and Defense Department, who protect the nation while protecting civil liberties, are the real heroes.

As he has before, Gen. Alexander said the leaks have done irreparable harm to national security. “Public discussion of the NSA’s trade craft or the tools that support its operation provides insights that our adversaries—to include terrorists—can and do use to hide their activities. Those who wish us harm now know how we counter their actions. These leaks have caused significant and irreversible damage to our nation’s security. Historically, every time a capability is revealed, we lose our ability to track those targets,” he said. “What is going on with these leaks is unconscionable in my opinion.”

Gen. Alexander pointed out that approved processes exist for whistleblowers to express concern, and he pointed out that Snowden leaked information to the press rather than following those approved processes. “There are lawful and legitimate mechanisms to raise concerns about these programs. The NSA, the Defense Department and the director of national intelligence all have investigator generals who are in a position to do this. An individual acting nobly would have chosen one of those to voice his concerns,” he declared.

He also repeated claims that the monitoring programs have helped protect the United States and its allies on 54 occasions. He added that a recent oversight report found zero instances where the monitoring programs led to civil liberty violations.

Navy to Announce NGEN Winner Tonight

June 26, 2013
By George I. Seffers

The U.S. Navy will announce the winner of the Next Generation Enterprise Network (NGEN) tonight, according to Brig. Gen. Kevin Nally, USMC, Marine Corps director of command, control, communications and computers and chief information officer. Gen. Nally discussed the pending decision while participating in a panel discussion on the final day of the AFCEA International Cyber Symposium in Baltimore.

NGEN is expected to be a multi-billion contract and will replace the Navy/Marine Corps Intranet (NMCI) network implemented about a decade ago. The NGEN contract differs substantially from that of NMCI. The NMCI contract called for a commercial firm to determine and provide network services to the Navy and the U.S. Marine Corps. For NGEN, the government wields control over the network.

The Marine Corps officially took full control of its network from contractors this month, and feedback from around the world has been positive, Gen. Nally indicated. “As of June 1, we became a government-owned, government-operated environment. That means we have more control of the network. We tell the contractors what to do, when to do it and how to do it. The perception throughout the Marine Corps from Okinawa to Europe, Korea, and around the world is that we’re getting things done more efficiently and effectively, and we’ve given flexibility back to the commanders,” Gen. Nally said.

The Marine general reminded the audience that the service started a few years ago to collapse five major unclassified networks into one under the Marine Corps Network Unification Plan. The plan should be complete in the next few years. “That is in full support of the Joint Information Network effort. We’re key players in that,” Gen. Nally said.

Joint Information Environment Serves Five Eye Nations

June 26, 2013
By George I. Seffers

Cyber Symposium 2013 Online Show Daily, Day 2

The Joint Information Environment (JIE) took center stage during the second day of the AFCEA International Cyber Symposium in Baltimore. The conference devoted one full panel to the joint environment, but presenters throughout the day stressed the JIE’s importance to the future of the U.S. military and coalition partners, discussed some of the challenges to achieving the vision and vowed that the department will make it happen despite any remaining obstacles.

The JIE is not a program and does not have a budget, some presenters pointed out. It is, instead, a construct what will eventually consolidate all of the Defense Department’s networks into one single, global network, improving interoperability, increasing operational efficiency, enhancing situational awareness and ultimately saving costs.

The United States has been working with the so-called “five eye” nations—which also include Australia, Canada, New Zealand and the United Kingdom—to implement a Joint Information Environment capability, Lt. Gen. Mark Bowman, U.S. Army director for command, control, communications and computers for the joint staff, told the audience. The five countries have agreed to share intelligence.

Gen. Bowman described the tactical end of JIE as the Mission Partner Environment. The Mission Partner Environment is essentially the same thing as the Afghan Future Network, which is the preferred terminology within NATO. “We’ve been working this hardest with the five eyes, and we have come up with a system that we’re using today so that we can exchange email and files from our national secret network to their national secret networks,” Gen. Bowman reported. “We just started that this past year. It’s a resounding success, it continues to grow, and we’re putting the rigor into it. That’s the way we need to run forward. We can’t be designing a new network.”

Pages

Subscribe to RSS - Networks