Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars
AFCEA logo
 

Cyber

Chinese and Iranian Cyberthreat Growing

February 27, 2013
By George I. Seffers

Gen. Michael Hayden, USAF (Ret.), former director of the CIA, indicated an astounding extent of Chinese cyber espionage and said he believes the Iranians are attacking U.S. banks with unsophisticated but pervasive cyber attacks.

Regarding the Chinese, Gen. Hayden said he believes the government solution to cyber espionage should be economic rather than cyber. “We have cyber espionage coming at us, and they’re bleeding us white. The reason the Chinese are doing this is economic. I think the government response should be economic. We can punish China in the economic sphere,” Gen. Hayden told the audience at the AFCEA Homeland Security Conference in Washington, D.C., on Wednesday.

He added that some believe we cannot punish China economically because the Chinese own too much U.S. debt. Gen. Hayden indicated he disagrees.

The general also said the U.S. engages in cyber thievery as well, but he indicated that it is more for security reasons than economic reasons. “We steal other people’s stuff, too. And we’re better at it. We’re number one. But we self-limit—we and a small number of other countries around the world, all of whom speak English,” Gen. Hayden said.

Regarding the Iranians, Gen. Hayden said the number of attacks on the U.S. banking industry has ballooned. “My sense is that we’ve seen a real surge in Iranian cyber attacks. The Iranians have committed distributed denial of service attacks against American banks. I’ve talked to folks in the game here, and they’ve reported to me there’s nothing sophisticated about the attacks, but they say they’ve never seen them on this scale,” Gen. Hayden revealed.

Cyber and Physical Protection Go Together

February 26, 2013
By George I. Seffers

Homeland Security Conference 2013 Show Daily, Day 1

All too often, cyber and physical protection are considered separately, when really they go hand-in-hand, according to experts speaking at the first day of the AFCEA Homeland Security Conference in Washington, D.C., February 26, 2013. The conference opened with a half-day of conversation about hackers, terrorists and natural disasters and addressed concerns involving both physical infrastructure and the cyber environment for all kinds of attacks, be they physical, virtual or even natural in origin.

Richard Puckett, chief security architect for GE, drove home the point that physical infrastructure, such as power plants, have a cyber component. “People want to be able to walk around a power plant with an iPad. They want to attach remotely to these systems, because it is an incredibly powerful and attractive tool. It’s very visceral to them,” he said. “What we’re concerned about as we see those increased patterns of connectedness is how to protect that.”

Puckett emphasized that the relationship between cybersecurity and physical infrastructure was a focus of government and military, noting that the term "cyber" means a lot of different things to different people and for the private sector was more connotative of personal and financial cybersecurity.

Paige Atkins, vice president of cyber and information technology research, Virginia Tech Applied Research Corporation, said that part of the problem is that cyber is a sometimes difficult concept. “Cyber is a little harder for us to understand and grasp because it is not as graphic," she said. "In my personal experience, the cyber-physical area is underappreciated and not fully understood.”

Presidential Cybersecurity Executive Order Has Limited Reach

February 13, 2013
By Max Cacas

One day after unveiling a long-awaited executive order concerning a wide-range of cybersecurity concerns, President Barack Obama’s top cybersecurity advisers admit that the order only goes so far in dealing with pressing Internet security needs. They say that the order is only a “down payment” and no substitute for permanent congressional legislation on the matter.

“We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and economy,” President Obama said in reference to his executive order and the urgency to act during his State of the Union address before a joint session of Congress on Tuesday night.

Michael Daniel, special assistant to the president and White House cybersecurity adviser, told reporters and congressional staffers at a Commerce Department briefing on Wednesday that the executive order, and a companion Presidential Policy Directive (PPD-21), “rest on three pillars”:

  • Information sharing
  • Privacy
  • A framework of standards

Both documents build on numerous cybersecurity measures already in use within the government, dating back to Homeland Security Presidential Directive 7 (HSPD-7) signed during the previous Bush administration. Daniel describes the philosophy behind the most recent order as a “whole of government” approach designed to engage all agencies in a stepped-up effort to secure the nation’s digital infrastructure. In addition, Daniels says, the executive order reflects the work of “a number of other stakeholders,” primarily during last fall’s push to gain passage of comprehensive cybersecurity legislation on Capitol Hill.

Joint Range Tailors Cyber Training to Warfighter Needs

February 1, 2013
By George I. Seffers

A cyberspace operations facility grows with the burgeoning mission.

The U.S. Defense Department’s network operations training and education capabilities must continually evolve in the ever-shifting cyber realm. To meet that need, one of the department’s premier cyber ranges harnesses the power of simulation to support a full array of training, education, certification and military exercises for the warfighters.

The Joint Cyberspace Operations Range (JCOR) provides cyberspace operators and others the ability to train in realistic environments. The operators gain hands-on experience in protecting, defending and fighting in the networked arena without impacting real-world operational networks.

The JCOR allows users to connect disparately located cyber training systems from different services or agencies. The level of connections can vary depending on the users’ needs. “There are different ways of interfacing or integrating. We’re able to do, in many cases, both interfacing and integrating,” says Thomas May, technical project lead for the U.S. Air Force’s Simulator Training and Exercise (SIMTEX) range, which is the Air Force portion of JCOR. “If need be, we have been able to take the assets that other capabilities can provide and integrate them together so that they are actually components of our network.”

Joint Experimentation Enables Regional Cyber Protection

February 1, 2013
By Maj. Jose Gonzalez, USAF

Commanders wrestling with control of cyberspace elements now have a new tool to help them secure their corner of cyberspace in an operational setting. The Adaptive Network Defense of Command and Control concept of operations enables joint force commander control of key terrain in cyberspace, based on assessments at an operational tempo. To achieve a joint force command objective, network operators concentrate cybersecurity and monitoring of command and control systems to maintain the initiative against adversarial attacks and provide enhanced situational awareness.

This approach was developed by the Joint Cyber Operations Joint Test (JCO JT), under the auspices of the director, Operational Test and Evaluation. It developed and evaluated a concept of operations and tactics, techniques and procedures (TTP) to secure command and control (C2) systems with commercially available technologies.

The JCO JT tested the effectiveness of the Adaptive Network Defense of Command and Control (AND-C2) TTP for the Virtual Secure Enclave (VSE) TTP. The VSE TTP provides methods to establish and employ a community of interest virtual private network, with anomaly detection, for protection and defense of joint task force (JTF) C2 systems. The VSE TTP implements the AND-C2 concept of operations by using a virtual secure enclave for C2 protection.

The JCO JT employed a challenging test methodology for the VSE TTP. This methodology proved successful because of careful collaboration and deliberate planning. The JCO JT aligned testing with U.S. Pacific Command (PACOM) experimentation and a sister Joint Capability Technology Demonstration (JCTD) during a major theater exercise. Test planners closely coordinated with multiple red teams and created test conditions for quantitative analysis with statistical rigor.

Cyber, China Challenges Loom Large for U.S. Military

February 1, 2013
By Robert K. Ackerman

West 2013 Online Show Daily, Day 3

Quote of the Day: “Make no mistake: the PLAN is focused on war at sea and sinking an opposing fleet.”—Capt. Jim Fanell, USN, deputy chief of staff for intelligence and information operations, U.S. Pacific Fleet

Two separate issues, both on the rise, have become increasing concerns for U.S. military planners. The technology-oriented world of cyber and the geopolitical challenge of a growing Chinese military are dynamic issues that will be major focus points for the U.S. defense community in the foreseeable future.

Cyber security is becoming increasingly complex because of the plethora of new information technologies and capabilities entering the force. Security planners must strike a balance between effectively protecting these new information systems and imposing constraints that would wipe out most of the gains they offer.

China, the world’s rising economic power, is evolving into a military power with a reach that extends increasingly beyond its littoral waters. The U.S. strategic rebalance to the Asia-Pacific region is likely to enmesh U.S. military forces in local issues to a greater degree, and China’s steady growth in military strength will affect how international relations evolve in that vast region.

Many Issues Cloud the Future for the Military

January 31, 2013
By Robert K. Ackerman

 

 

 

U.S. Air Force Likely to Expand Cyber Force

January 30, 2013

 

The U.S. Air Force expects to add about 1,000 people, mostly civilians, to its cyberforces in the coming years.

 

Fiscal Armageddon Is No False Prophesy

January 30, 2013
By Robert K. Ackerman

West 2013 Online Show Daily, Day 1

Quote of the Day:“’Flat’ is the new ‘up’ in this defense budget environment.”— Robert O. Work, undersecretary of the Navy

The military services are facing potentially crippling constraints if sequestration takes place in March. Defense officials foresee the likelihood of draconian budget cuts being imposed that will cripple the force just as it is being counted on to assume new strategic missions. In most cases, the services will have to choose to sacrifice some capabilities so that others will remain part of the force. In worse-case scenarios, the U.S. military may be unable to meet its obligations when a crisis emerges.

These and other points were hammered home by speakers and panels on the first day of West 2013, the annual conference and exposition hosted by AFCEA and the U.S. Naval Institute in San Diego. While the event has the theme of “Pivot to the Pacific: What Are the Global Implications,” the first day’s discussions largely focused on the dire consequences of the fiscal cliff as well as potential solutions to avoid completely gutting the military force. Audiences generally were aware of the looming budget crisis, but many were surprised by the bluntness of the assessments offered by high-ranking Defense Department civilian and military leaders.

AFCEA Committee Positions Available

January 15, 2013

The AFCEA Cyber Committee is now accepting applications for participation. The committee coordinates and enhances AFCEA’s outreach to the cybercommunity, cultivates partnership opportunities among government, industry and academia, and serves as a forum to develop new ideas regarding cyber challenges and capabilities. In addition, the Cyber Committee is the association’s principal cyber resource in support of chapters and members through various forums and other information exchange services.

Pages

Subscribe to RSS - Cyber