Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars
AFCEA logo
 

Cyber

All Aboard for Joint Information Environment

August 1, 2013
By George I. Seffers

 

Despite small pockets of resistance, officials across the U.S. Defense Department and military services support the convergence of multiple networks into one common, shared, global network. Lessons learned from the theater of operations indicate the need for the joint environment, which will provide enterprise services such as email, Internet access, common software applications and cloud computing.

That was the consensus from a wide range of speakers and panelists at the June 25-27 AFCEA International Cyber Symposium in Baltimore. The Joint Information Environment (JIE) was a major topic of discussion. Lt. Gen. Mark Bowman, USA, director of command, control, communications and computers, J-6, the joint staff, indicated that the joint environment is his highest priority and described it as the way to the future. “We have no choice. We have to be interoperable day one, phase one, to plug into any operation anywhere in the world, whether it be for homeland defense, disaster relief here in the United States or some combat operation somewhere around the world with coalition partners,” Gen. Bowman declared.

Lt. Gen. Susan Lawrence, USA, Army chief information officer (G-6), called the JIE “absolutely essential,” and indicated that it will better allow warfighters to deploy “on little notice into any austere environment.”

Teresa Salazar, deputy chief, Office of Information Dominance, and deputy chief information officer, U.S. Air Force, said she saw the need for the JIE while in the desert, where every service and every “three-letter agency” came in with its own network, which led to vulnerabilities and a host of complications.

Cyber Threats Abound, but Their Effects Are Not Certain

July 31, 2013
By Robert K. Ackerman

Protecting the nation from cyber attack entails deterring or preventing marauders from carrying out their malevolent plans. But, while government and the private sector endeavor to fight the menace jointly, evildoers constantly change their approaches and learn new ways of striking at vulnerable points. So many variables have entered the equation that even the likelihood of attacks—along with their effects—is uncertain.
 

SCADA Systems Face Diverse Software Attack Threats

July 31, 2013
By Robert K. Ackerman

Supervisory control and data acquisition (SCADA) systems face numerous threats from cybermarauders coming at them from any of a number of directions. Some systems could suffer malware attacks even though they are not the intended targets, according to a leading security expert.

Cyber Sabotage Attacks the Century’s Worst Innovation

July 31, 2013
By Robert K. Ackerman

One of the world’s leading experts on cybersecurity calls cyber sabotage attacks “the worst innovation of this century.” Cyberweapons have become too dangerous, and cyberattack can lead to visible and important damage to the critical infrastructure or telecommunications. And, attribution is almost impossible.

Democracy Is Doomed Without Effective Digital Identification

July 31, 2013
By Robert K. Ackerman

Democracy has only 20 years left to live if an effective means of digital identification is not developed before that deadline. As young people growing up with social media reach voting age in increasing numbers, they will lead a major shift to online voting. A lack of identity security will throw open the gates to massive voter fraud that will destroy the fidelity of elections, and with it, true representative government.

That gloomy assessment came from one the world’s leading experts on cybersecurity. Speaking at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., Eugene Kaspersky, chief executive officer and co-founder of Kaspersky Lab, warned that this will be a consequence of the failure to secure the Internet.

“Kids today are always online,” he pointed out. “They will want to vote online. We need a 100-percent, biometric-based digital identification card.”

Issuing this type of identification will help secure the Internet if it is restructured, Kaspersky continued. He suggested splitting the Internet into different components: One would be highly secure, where financial transactions would take place, and another would be totally open for noncrucial activities with no identification required. Other segments with varying degrees of importance and security would be located in between these two extremes, he offered.

Armageddon by Cyber Not a Likely Scenario

July 31, 2013
By Robert K. Ackerman

A “digital Pearl Harbor Armageddon” that inflicts catastrophic damage on the United States is not likely soon or in the foreseeable future. The worst cyber attack that could be expected would have less of an effect for a shorter period of time, said an expert with the Office of the Director of National Intelligence (ODNI).

Sean Kanuck, national intelligence officer for cyber issues at the National Intelligence Council, ODNI, told the audience at the second day of the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that predictions of destruction that would bring the United States to its knees are unnecessarily pessimistic and unlikely to materialize.

The worst cyber event that could be expected would be regional, not national, in terms of its effects. It would not be enduring, instead lasting days at most. It probably would afflict familiar targets such as oil and gas distribution networks, power grids and transportation.

The financial sector could be damaged by a cyber attack that causes substantial losses. Right now, the U.S. government does not have a baseline or a metric for determining remediation expenses or financial losses, Kanuck said.

The Most Capable Cyber Attackers Are Less Likely to Attack

July 31, 2013
By Robert K. Ackerman

The most damaging cyber attacks possible are among the least likely to happen, because the powers capable of undertaking them are unlikely to launch them, according to an expert with the Office of the Director of National Intelligence (ODNI). Sean Kanuck, national intelligence officer for cyber issues at the National Intelligence Council, ODNI, told the audience at the second day of the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that cyber attack capability need not translate to immediate threat.

Kanuck explained that the most sophisticated players in cyber are powerful nations that know it would run counter to their interests to inflict a damaging attack on the United States. They will—and do—conduct cyber espionage, but they would not want to bring down the United States except possibly in an existential military conflict that threatens their regime or as a part of a major war.

On the other hand, some less capable cyber nations might be willing to launch a devastating attack. Nations such as Iran, for example, might see benefits from inflicting great harm on the United States.

Non-state players would join the major powers in eschewing a crippling attack on the United States. Kanuck pointed out that these non-state entities use cyber to their advantage, such as for criminal activities. “They do not want to kill the goose that lays the golden egg,” he noted. “They want to profit, but they don’t want to bring down the law upon themselves.”

Data Integrity Is the Biggest Threat in Cyberspace

July 31, 2013
By Robert K. Ackerman

The most serious national security threat looming in cyberspace may be the potential for vital data to be altered by cybermarauders, according to a cyber expert with the Office of the Director of National Intelligence (ODNI). Speaking to an attentive audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., Sean Kanuck, national intelligence officer for cyber issues at the National Intelligence Council in the ODNI, admitted that the threat to data integrity keeps him awake at night.

Kanuck offered that, some day, a chief executive officer or even a U.S. president might not be able to trust the normally reliable data needed to make a crucial decision. That situation might be even more damaging than cyber attacks currently envisioned as realistic near-term threats.

“The question will not be distributed denial of service,” he said. “The question will be, can I trust my data from being altered?” He noted that, when data is denied, victims know it immediately. But, if data is altered without people immediately realizing it, they only discover it after financial records are not clearing and balancing, for example.

“Whether it is national security information for the president, or financial information for a chief executive, when you don’t know whether the data is true or false, it’s a really bad day.”

It’s Culture, Not Technology, That Inhibits Cyber Information Sharing

July 31, 2013
By Robert K. Ackerman

Resistance to change may prove to be the biggest impediment to information sharing among the cyber intelligence community. Both government and industry must break out of their existing paradigms to share cyber intelligence that may prove vital to national security.

Panelists on the second day of the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., outlined some of the cultural obstacles that hold back information sharing. In the intelligence community, the conflict is the traditional need to know versus the new need to share.

“We need to change the paradigm of how we think about things,” said Vice Adm. Michael Rogers, USN, commander, U.S. Fleet Cyber Command and commander, U.S. Tenth Fleet. “How do we educate our senior officers about how we live in this [new information sharing] world?”

Larry Zelvin, director of the National Cyber and Communications Integration Center at the Department of Homeland Security, pointed out that cybersecurity is a competitive business; not everybody is going to share. “People may not want to be as open as we think they ought to be—for some very good reasons,” he added.

Paul Tiao, a partner in the law firm of Hunton and Williams, called for leadership and a community-wide dedication to information sharing. This should include metrics for measuring the sharing that takes place. And, personal contact is important for overcoming cultural barriers “People have to sit with each other and talk with each other—not videoconference. if you want to collaborate, do more than just share information,” he suggested.

Ultimately, private sector companies are the defenders of cyberspace, Zelvin offered. “It’s not the government that will protect us, it’s the private sector.”

Industry Must Share Cyber Intelligence Among Itself

July 31, 2013
By Robert K. Ackerman

While government and industry wrestle with issues of sharing cyber intelligence, different private sectors face an equally difficult—and important—task of information sharing among themselves. Many face similar threats, and their survival against cybermarauders may depend on how well they share threat knowledge.

Information sharing is a major discussion point in the two-day AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. In a panel discussion, Robert Mayer, vice president of industry and state affairs at the U.S. Telecom Association, called for more cross-sector activity and engagement so that the industry sectors share more information.

“We in industry have a responsibility to bridge across the silos and create cross-connections,” he stated.

That will not be an easy task. Industry traditionally has been reluctant to share information with government; sharing with other sectors will raise similar concerns. Larry Zelvin, director of the National Cyber and Communications Integration Center at the Department of Homeland Security, cited a lack of clarity, with industry on information sharing. Many companies are fearful, he noted, and longtime cultural issues must be overcome.

Pages

Subscribe to RSS - Cyber