Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars
AFCEA logo
 

homeland defense

Shifting Tides of Cyber

July 1, 2013
By George I. Seffers

Industry officials foresee 
changes in network security.

Cyber industry experts predict a number of coming developments in the cyber realm, driven in part by government strategy and funding uncertainties. The future may include a greater reliance on law enforcement to solve state-sponsored hacks, increased automation and more outsourcing.

Earlier this year, the White House released the Administration’s Strategy on Mitigating the Theft of U.S. Trade Secrets. It calls for an increase in diplomatic engagement; makes investigation and prosecution of trade secret thievery a top priority; and promises a review of legislation regarding trade secret theft to determine what changes may be necessary. The strategy contains “lots of hints” the administration will rely on law enforcement in addition to national security channels in some cases involving nation-state-sponsored hacks, says Kimberly Peretti, a former senior litigator for the Justice Department Computer Crime and Intellectual Property Section.

“The big gorilla in the room is what we do with state-sponsored attacks. One of the priorities of the strategy itself is having the Justice Department continue to make investigations and prosecutions of trade secrets a priority. So, if we see a lot of these trade secret thefts happening by Chinese hackers or state-sponsored attackers, that could be incorporated into the strategy—to start looking at pursuing avenues criminally as well as on the national security side,” says Peretti, who is now a partner in the White Collar Group and co-chair of the Security Incident Management and Response Team, Alston and Bird Limited Liability Partnership, a law firm headquartered in Atlanta.

NSA Director Says U.S. Is Best at Protecting Civil Liberties

June 27, 2013
By George I. Seffers

The United States is one of the best in the world at protecting civil liberties, Gen. Keith Alexander, USA, director of National Security Agency (NSA) and commander of the U.S. Cyber Command said at the AFCEA Cyber Symposium in Baltimore.

Edward Snowden, the NSA contractor who leaked reams of data about NSA monitoring activities to the press, has been called a hero whistleblower by some, but Gen. Alexander contends that the employees at the NSA, FBI, CIA and Defense Department, who protect the nation while protecting civil liberties, are the real heroes.

As he has before, Gen. Alexander said the leaks have done irreparable harm to national security. “Public discussion of the NSA’s trade craft or the tools that support its operation provides insights that our adversaries—to include terrorists—can and do use to hide their activities. Those who wish us harm now know how we counter their actions. These leaks have caused significant and irreversible damage to our nation’s security. Historically, every time a capability is revealed, we lose our ability to track those targets,” he said. “What is going on with these leaks is unconscionable in my opinion.”

Gen. Alexander pointed out that approved processes exist for whistleblowers to express concern, and he pointed out that Snowden leaked information to the press rather than following those approved processes. “There are lawful and legitimate mechanisms to raise concerns about these programs. The NSA, the Defense Department and the director of national intelligence all have investigator generals who are in a position to do this. An individual acting nobly would have chosen one of those to voice his concerns,” he declared.

He also repeated claims that the monitoring programs have helped protect the United States and its allies on 54 occasions. He added that a recent oversight report found zero instances where the monitoring programs led to civil liberty violations.

Government Coping With New Round of Cyber Attacks

June 25, 2013
George I. Seffers

U.S. government officials are traveling the country warning companies about a new round of cyberattacks that have targeted 27 companies, compromised seven and may ultimately affect up to 600 asset owners, according to Neil Hershfield, deputy director, control systems security program (CSSP), Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), Homeland Security Department.

Hershfield made the comments while taking part in a critical infrastructure protection panel discussion as part of the July 25-27 AFCEA International Cyber Symposium, Baltimore.

“The reason we’re out and about across the country is that we’re seeing a new adversary taking a new approach—rather than spearphishing, they are going after vulnerabilities with [structured query language] injections, and they’re then trying to get across the networks as fast as they can as broadly as they can,” Hershfeld reported. “We’ve been working with our intelligence community partners on this and we’re now going around the country letting people know about it. We basically do this jointly with the FBI, with field offices across the country. When we’re done, we’ll probably talk to 500-600 asset owners.”

Getting the word out is crucial because “the mitigation strategy here for this kind of exploit is significantly different than what you might use in other cases,” he added.

Hershfield is part of an industrial control systems working group, a public-private partnership that is co-led by one person from the private sector and another from the government sector. The group typically meets in-person twice a year, sharing information between the public and private sectors.

Cyber Commander Calls for Consolidated Activities

June 12, 2013
By Robert K. Ackerman

In the midst of a raging controversy over widespread National Security Agency (NSA) monitoring, the head of the NSA and U.S. Cyber Command defends cyber surveillance efforts and calls for greater consolidation of cyber activities among diverse organizations.

The Bottom Line: Military Operational Paradigm Shifts

June 17, 2013
By Maryann Lawlor

Up until now, elected officials, in consultation with military and intelligence experts, have made strategic national decisions about the role of the United States in global security. But the current congressional budgeting approach is turning this procedure on its head: military leaders will tell the elected what they can accomplish with the appropriated resources.

Cyber Command Redefines the Art

June 1, 2013
By Robert K. Ackerman

The U.S. Cyber Command is developing a strategy that acknowledges the convergence of network systems by empowering a similar convergence of military disciplines to help place U.S. cyberspace operators on a level field with their malevolent counterparts. This strategy acknowledges that the structure of the cyberforce has not kept pace with technology developments. As all types of information management—networking, communications and data storage—became digitized, previously disparate disciplines assumed greater commonality. With more common aspects, these disciplines share similar vulnerabilities as well as potential solutions.

Cybersecurity--
Everybody's Doing It

June 1, 2013
By George I. Seffers

With attacks on critical data increasing in numbers, intensity and sophistication, securing networks is becoming a global effort while fostering greater information sharing among agencies, governments and the public and private sectors. The future of cybersecurity offers greater opportunities for industry and greater cooperation on national security and critical infrastructure protection, say executives at some of the largest U.S. defense companies.

Scientists Take One Step Closer to Medical Tricorder

April 2, 2013

The National Institutes of Health is funding the development of a medical instrument that will quickly detect biothreat agents, including anthrax, ricin and botulinum as well as infectious diseases. Scientists at Sandia National Laboratories are creating the first of its kind point-of-care device that could be used in emergency rooms during a bioterrorism incident. To design the device, which will be able to detect a broader range of toxins and bacterial agents than is currently possible, the $4 million project will include comprehensive testing with animal samples. According to Anup Singh, senior manager, Sandia biological science and technology group, this differentiates the work on this device, because toxins may behave differently in live animals and humans than in blood samples.

Sandia scientists will be collaborating with researchers from the University of Texas Medical Branch and the U.S. Department of Agriculture’s Western Regional Research Center, which will provide insights into toxins and diseases at animal laboratory facilities. Bio-Rad, which manufactures and distributes devices and laboratory technologies, is consulting on the project to evaluate product development, assist with manufacturers’ criteria and provide feedback when a prototype is built.

“We want dual-use devices that combat both man-made and nature-made problems,” Singh says. “We’re not just going to wait for the next anthrax letter incident to happen for our devices to be used and tested; we want them to be useful for other things as well, like infectious diseases.”

 

Change Is Challenge

March 1, 2013
George I. Seffers

Homeland Security Conference 2013 Show Daily, Day 3

Although many in government are moving as quickly as possible to adopt new technologies, such as cloud computing and mobile devices, individual agencies still face cultural challenges that sometimes prevent them from moving forward, according to officials speaking as part of the Chief Information Officer Council at the AFCEA Homeland Security conference in Washington, D.C.

Richard Spires, chief information officer for the Homeland Security Department (DHS), reminded the audience that DHS was created by joining a lot of disparate agencies, all of whom owned individual networks. While the department is working to integrate the information technology infrastructure and consolidate data centers, officials still meet some resistance at the individual agency level. “There’s still have lot of duplication and in some ways duplication is holding us back. I’d like to say we’re making progress, but I’ll let others grade us on that,” Spires said.

Other officials agreed that they meet resistance as well. Robert Carey, deputy chief information officer for the Defense Department cited a culture of change and said a constrained budget environment can be a power catalyst for action in moving toward a more centralized environment.

Cybersecurity itself can present challenges, according to Luke McCormack, chief information officer for the Justice Department. “Cyber’s hard. The individual pieces of that can be very difficult,” he said. He also cited the need to bring people together on emerging technologies, such as cloud-as-a-service, as a challenging issue.

Securing Critical Infrastructure Through Nontraditional Means

February 1, 2013
BY Rita Boland

A cloud project takes advantage of emerging concepts to protect energy against disruptive threats.

Researchers at Cornell University and Washington State University have teamed to create GridCloud, a software-based technology designed to reduce the time and difficulty involved with creating prototypes of smart-grid control paradigms. The system will help overcome hurdles of cloud computing in complex settings. The effort combines Cornell’s Isis2 platform, designed for high-assurance cloud computing, with Washington State’s GridStat technology for smart grid monitoring and control. The advent of this technology promises to boost both the security and the reliability of electrical services.

Developers aim to build a scalable software structure that is secure, self-healing and inexpensive to operate. They believe that by combining Isis2 and GridStat, a cloud-based grid can have all those factors as well as guarantee consistency. Infrastructure owners motivated by economies of scale and the desire to deploy the new smart-grid solutions end up with a system that also is more resistant to attack and likely to survive other disruptions.

Dr. Ken Birman, a professor at Cornell and co-principal investigator on the project, explains that several motivations drive the effort. One involves trying to find a solution to control a power grid when multiple organizations own and have access to the infrastructure. “A second challenge that’s emerged is that people have studied the power grid and found that we don’t operate it very efficiently,” Birman says. Power suppliers often are producing extra power, for example, or finding it difficult to take advantage of renewable sources. Sometimes renewable energy—such as the type that comes from solar panels on homes—is blocked from entering the power grid because officials lack the knowledge to access and use it safely.

Pages

Subscribe to RSS - homeland defense