Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars
AFCEA logo
 

Cyber

Biometrics' Unprecedented Public Integration

September 19, 2013
By Rita Boland

Biometrics is on the verge of becoming more pervasive than ever in everyday life, setting the stage for personal identifiers to take the place of other common security measures. The expansion mirrors increased usage in fields such as military operations, citizen enrollment and public safety.

 

Ask the Expert: The Current Cybersecurity Work Force

October 1, 2013
By Dr. Ernest McDuffie

This is an important question for a number of reasons. Popular media often talk about the growing shortage of skilled cybersecurity workers needed to fill critical open positions both in government and the private sector. This is true, but employers need specific details on the work force so they can make informed decisions about whom to hire and potential employees need to know what to study to position themselves to be hired. The problems of a lack of common language and terms, a complex new field and the ever-changing technology that enables much of cybersecurity combine to make analysis of this work force particularly difficult.

For the past few years, the federal government, by way of its National Initiative for Cybersecurity Education (NICE), has been hard at work on these and many other issues related to cybersecurity education, training, awareness and work force development. A major achievement of NICE has been the creation of the National Cybersecurity Workforce Framework (NCWF). This document was developed to provide a common understanding of and lexicon for cybersecurity work. Defining the cybersecurity population consistently using standardized terms is an essential step in ensuring that our country is able to educate, recruit, train, develop and retain a highly qualified work force.

In designing the framework, “Categories” and “Specialty Areas” were used as organizational constructs to group similar types of work. The categories, serving as an overarching structure for the framework, group related specialty areas together. Within each specialty area, typical tasks and knowledge, skills and abilities are provided. In essence, specialty areas in a given category typically are more similar to one another than to specialty areas in other categories.

Committed to Cloud Computing

October 1, 2013
By George I. Seffers

Recent insider security breaches have put increased scrutiny on the U.S. intelligence community’s cloud computing plans. But cloud computing initiatives remain unchanged as the technology is expected to enhance cybersecurity and provide analysts with easier ways to do their jobs in less time.

With cloud computing, reams of data reside in one location rather than in a variety of repositories. Combining data leads to greater efficiencies for intelligence analysts, but in the view of some, it also means greater vulnerabilities. “There’s a school of thought that says if you co-locate data, you actually expose more of it in case of an insider threat than if you keep it all in separate repositories by data type,” explains Lonny Anderson, National Security Agency (NSA) chief information officer. “The onus is on us to convince the rest of the community, the rest of the Defense Department, that we can secure their information in the cloud in a way that they simply can’t secure it today.”

Anderson acknowledges that the recent insider leaks have increased doubts within the intelligence community about cloud computing, but he expresses confidence that the agency and the intelligence community are on the right path. “I think everybody is a little more nervous and a little more security conscious.

“Everything we’ve learned so far of [NSA leaker Edward Snowden’s] activities has reinforced for us that the path we’re already on is the right path. The lesson we’ve learned is the need to share information but to share selectively, only with those with a need to know,” Anderson says. “The leaks actually reinforced the need to move to the cloud and move there more quickly.”

A New -INT Looms for Social Media

October 1, 2013
By Robert K. Ackerman

The Arab Spring, which rose from street-level dissent to form a mass movement, might not have come as a surprise to intelligence agencies if only they had been able to read the tea leaves of social media. The characteristics of social media that differentiate it from other messaging media are compelling intelligence officials to change the way they derive valuable information from it. As a result, experts are calling for the creation of a new discipline that represents a separate branch of intelligence activity.

The type of information found on social media is far different from that intercepted via any other type of messaging media. It is pushed by its sender out to large numbers of people. It often consists of information about individuals that is not readily available elsewhere. And, it can represent an indication of groupthink that is not discernible from traditional intercepts.

Sir David Omand is a visiting professor, Department of War Studies, King’s College, London. He is a former U.K. intelligence and security coordinator and the former director of the U.K. Government Communications Headquarters (GCHQ), which provides both signals intelligence (SIGINT) and information assurance as one of the United Kingdom’s three intelligence agencies.

“This is more than a shift from one kind of communications medium to another,” Omand declares. He points out that SIGINT experts have accommodated the shift from copper wires to fiber because the same messages were being carried by the different media. The only change was the transport mode.

Cybersecurity Technologies Ready for Prime Time

September 18, 2013

Eight emerging cybersecurity technologies ready for transition into commercial products will be unveiled at the Mayflower Renaissance Hotel on October 9. The U.S. Department of Homeland Security (DHS) Science and Technology Directorate is hosting the event, which will feature intrusion detection, removable media protection, software assurance and malware forensics capabilities.

The Department of Energy’s national laboratories developed the technologies that the DHS’ Transition-to-Practice program will showcase during the Technology Demonstration for Investors, Integrators and IT Companies East event.

Cybersecurity professionals and technology investors from private industry will learn about these new technologies through presentations, demonstrations and discussions with the research teams that produced them. Attendees also will have an opportunity to schedule a private one-on-one discussions with the researchers to discuss opportunities for commercializing the technologies and areas of interest to drive further cybersecurity research.

Attendance is free, but registration must be received by October 7.

Increase Future Cyber Staff Savvy

September 16, 2013
By Maryann Lawlor

AFCEA International’s Corporate Member Only Forum will focus on current and future cybersecurity staff needs. A panel of experts will discuss what it takes to ensure network security through knowledge. Dr. Earnest McDuffie lead for the National Initiative for Cybersecurity Education, National Institute of Standards and Technology, will moderate the discussion.

ICITE Builds From the Desktop Up

September 9, 2013
By Robert K. Ackerman

As the intelligence community moves into the cloud, it launches the first step at the desktop level.

Personal Identification Cards Become More Powerful

September 9, 2013

 

Federal employees and contractors are receiving updated identity management tools to log onto federal computers or to enter government facilities. The National Institute of Standards and Technology issued new versions of the Personal Identity Verification (PIV) Card as mandated by revised standards. The stronger authentication credential combines cutting-edge technology with lessons learned from federal agencies. Improvements include a derived PIV credential option for use in mobile devices, an optional on-card fingerprint comparison capability, use of iris pattern as a biometric with or without fingerprints, optional secure messaging between cards and readers, and remote updating of the card’s credentials.

Learning Real-World Intelligence Analysis

September 6, 2013
George I. Seffers

Officials at Auburn University, Auburn, Alabama, are developing a program that allows students from any academic discipline to work closely with the U.S. intelligence community in a variety of actual national security-related problems. The university is on track to begin offering a minor in intelligence analysis in the relatively near future and a major in the next five years.

Implemented about a year ago, the program is described as a work in progress. In fact, it has not yet been officially named, but will likely be called the Intelligence Analysis Program. “The goal of the program is to train the future analysts for the intelligence community, the military and business. "What we are trying to do is to provide a learning environment in which students have to deal with real analytical problems,” reports Robert Norton, professor and director of the Open Source Intelligence Laboratory, Auburn University. “We’re not just using things like case studies. We’re actually working current problems. And we do so in an environment where they’re working under an operational tempo similar to what is experienced in the intelligence community.”

Future intelligence analysts learn how analytical products are put together, how data is validated and how to communicate findings in a timely manner. “What we say is that our students work on real problems with real customers. We are working with the intelligence community, we’re working with various combatant commands, and we’re working with various businesses,” Norton says.

Have We Gone Down the Rabbit Hole?

September 1, 2013
By Kent R. Schneider

Do you ever find yourself trying to reconcile with your environment? That is where I am now with regard to national security and reaction to leaks and programs designed to protect against terrorist threats.

In 2010, Julian Assange and his WikiLeaks organization got themselves on the world stage by publishing large volumes of classified documents, many provided by Pfc. Bradley Manning, USA, an intelligence analyst. At that time, and since, both Assange and Manning have been held up as villains by some and as heroes and whistle-blowers by others.

In May of this year, Edward Snowden, a computer analyst hired by Booz Allen Hamilton to work on U.S. National Security Agency (NSA) programs, leaked massive classified data to the British newspaper The Guardian concerning NSA intelligence-gathering programs. Again, Snowden is a traitor or a hero, depending on whom you talk to. A recent USA Today poll found 55 percent of Americans felt Snowden was a whistle-blower and hero.

The government continues to address these massive leaks, their implications to national security and the changes to law that may be needed. In the Manning case, the administration consistently has been determined to prosecute him for treason and aiding the enemy. On July 30, USA Today reported on its online front page with the headline, “Manning verdict redefines meaning of traitor.” While the military court ruled that Manning was guilty of a number of the charges, including parts of the Espionage Act, he was found not guilty of “giving aid to the enemy,” the most serious of the charges, because the prosecutors did not prove beyond a reasonable doubt that he had “a specific intent to aid or assist the enemy.” Legal analysts now are saying that Congress should review the Espionage Act in light of the pervasiveness of technology and its new role in warfighting and terrorism.

Pages

Subscribe to RSS - Cyber