Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars  Apps     EBooks
   AFCEA logo
 

Cyber

Committed to Cloud Computing

October 1, 2013
By George I. Seffers

Recent insider security breaches have put increased scrutiny on the U.S. intelligence community’s cloud computing plans. But cloud computing initiatives remain unchanged as the technology is expected to enhance cybersecurity and provide analysts with easier ways to do their jobs in less time.

With cloud computing, reams of data reside in one location rather than in a variety of repositories. Combining data leads to greater efficiencies for intelligence analysts, but in the view of some, it also means greater vulnerabilities. “There’s a school of thought that says if you co-locate data, you actually expose more of it in case of an insider threat than if you keep it all in separate repositories by data type,” explains Lonny Anderson, National Security Agency (NSA) chief information officer. “The onus is on us to convince the rest of the community, the rest of the Defense Department, that we can secure their information in the cloud in a way that they simply can’t secure it today.”

Anderson acknowledges that the recent insider leaks have increased doubts within the intelligence community about cloud computing, but he expresses confidence that the agency and the intelligence community are on the right path. “I think everybody is a little more nervous and a little more security conscious.

“Everything we’ve learned so far of [NSA leaker Edward Snowden’s] activities has reinforced for us that the path we’re already on is the right path. The lesson we’ve learned is the need to share information but to share selectively, only with those with a need to know,” Anderson says. “The leaks actually reinforced the need to move to the cloud and move there more quickly.”

A New -INT Looms for Social Media

October 1, 2013
By Robert K. Ackerman

The Arab Spring, which rose from street-level dissent to form a mass movement, might not have come as a surprise to intelligence agencies if only they had been able to read the tea leaves of social media. The characteristics of social media that differentiate it from other messaging media are compelling intelligence officials to change the way they derive valuable information from it. As a result, experts are calling for the creation of a new discipline that represents a separate branch of intelligence activity.

The type of information found on social media is far different from that intercepted via any other type of messaging media. It is pushed by its sender out to large numbers of people. It often consists of information about individuals that is not readily available elsewhere. And, it can represent an indication of groupthink that is not discernible from traditional intercepts.

Sir David Omand is a visiting professor, Department of War Studies, King’s College, London. He is a former U.K. intelligence and security coordinator and the former director of the U.K. Government Communications Headquarters (GCHQ), which provides both signals intelligence (SIGINT) and information assurance as one of the United Kingdom’s three intelligence agencies.

“This is more than a shift from one kind of communications medium to another,” Omand declares. He points out that SIGINT experts have accommodated the shift from copper wires to fiber because the same messages were being carried by the different media. The only change was the transport mode.

Cybersecurity Technologies Ready for Prime Time

September 18, 2013

Eight emerging cybersecurity technologies ready for transition into commercial products will be unveiled at the Mayflower Renaissance Hotel on October 9. The U.S. Department of Homeland Security (DHS) Science and Technology Directorate is hosting the event, which will feature intrusion detection, removable media protection, software assurance and malware forensics capabilities.

The Department of Energy’s national laboratories developed the technologies that the DHS’ Transition-to-Practice program will showcase during the Technology Demonstration for Investors, Integrators and IT Companies East event.

Cybersecurity professionals and technology investors from private industry will learn about these new technologies through presentations, demonstrations and discussions with the research teams that produced them. Attendees also will have an opportunity to schedule a private one-on-one discussions with the researchers to discuss opportunities for commercializing the technologies and areas of interest to drive further cybersecurity research.

Attendance is free, but registration must be received by October 7.

Increase Future Cyber Staff Savvy

September 16, 2013
By Maryann Lawlor

AFCEA International’s Corporate Member Only Forum will focus on current and future cybersecurity staff needs. A panel of experts will discuss what it takes to ensure network security through knowledge. Dr. Earnest McDuffie lead for the National Initiative for Cybersecurity Education, National Institute of Standards and Technology, will moderate the discussion.

ICITE Builds From the Desktop Up

September 9, 2013
By Robert K. Ackerman

As the intelligence community moves into the cloud, it launches the first step at the desktop level.

Personal Identification Cards Become More Powerful

September 9, 2013

 

Federal employees and contractors are receiving updated identity management tools to log onto federal computers or to enter government facilities. The National Institute of Standards and Technology issued new versions of the Personal Identity Verification (PIV) Card as mandated by revised standards. The stronger authentication credential combines cutting-edge technology with lessons learned from federal agencies. Improvements include a derived PIV credential option for use in mobile devices, an optional on-card fingerprint comparison capability, use of iris pattern as a biometric with or without fingerprints, optional secure messaging between cards and readers, and remote updating of the card’s credentials.

Learning Real-World Intelligence Analysis

September 6, 2013
George I. Seffers

Officials at Auburn University, Auburn, Alabama, are developing a program that allows students from any academic discipline to work closely with the U.S. intelligence community in a variety of actual national security-related problems. The university is on track to begin offering a minor in intelligence analysis in the relatively near future and a major in the next five years.

Implemented about a year ago, the program is described as a work in progress. In fact, it has not yet been officially named, but will likely be called the Intelligence Analysis Program. “The goal of the program is to train the future analysts for the intelligence community, the military and business. "What we are trying to do is to provide a learning environment in which students have to deal with real analytical problems,” reports Robert Norton, professor and director of the Open Source Intelligence Laboratory, Auburn University. “We’re not just using things like case studies. We’re actually working current problems. And we do so in an environment where they’re working under an operational tempo similar to what is experienced in the intelligence community.”

Future intelligence analysts learn how analytical products are put together, how data is validated and how to communicate findings in a timely manner. “What we say is that our students work on real problems with real customers. We are working with the intelligence community, we’re working with various combatant commands, and we’re working with various businesses,” Norton says.

Have We Gone Down the Rabbit Hole?

September 1, 2013
By Kent R. Schneider

Do you ever find yourself trying to reconcile with your environment? That is where I am now with regard to national security and reaction to leaks and programs designed to protect against terrorist threats.

In 2010, Julian Assange and his WikiLeaks organization got themselves on the world stage by publishing large volumes of classified documents, many provided by Pfc. Bradley Manning, USA, an intelligence analyst. At that time, and since, both Assange and Manning have been held up as villains by some and as heroes and whistle-blowers by others.

In May of this year, Edward Snowden, a computer analyst hired by Booz Allen Hamilton to work on U.S. National Security Agency (NSA) programs, leaked massive classified data to the British newspaper The Guardian concerning NSA intelligence-gathering programs. Again, Snowden is a traitor or a hero, depending on whom you talk to. A recent USA Today poll found 55 percent of Americans felt Snowden was a whistle-blower and hero.

The government continues to address these massive leaks, their implications to national security and the changes to law that may be needed. In the Manning case, the administration consistently has been determined to prosecute him for treason and aiding the enemy. On July 30, USA Today reported on its online front page with the headline, “Manning verdict redefines meaning of traitor.” While the military court ruled that Manning was guilty of a number of the charges, including parts of the Espionage Act, he was found not guilty of “giving aid to the enemy,” the most serious of the charges, because the prosecutors did not prove beyond a reasonable doubt that he had “a specific intent to aid or assist the enemy.” Legal analysts now are saying that Congress should review the Espionage Act in light of the pervasiveness of technology and its new role in warfighting and terrorism.

Ask the Expert: Evolutions in Cyberlaw

September 1, 2013
By Lt. Col. Carl Allard Young, USA

A great deal of discussion revolves around cyberspace, cyberwarfare, cybercrime, cyberdefense and cybersecurity, but what about cyberlaw, a critical component of societies’ abilities to address the other components successfully? “Cyber” is a global, multitrillion- dollar industry with annual cybercrime cost estimates ranging from $250 billion to $1 trillion. Determining how to define cybertransgressions; properly and accurately identify friendly, neutral and adversarial cyber actors; and develop the laws and international conventions to handle them are serious concerns for the future of civilian and national security and defensive realms. Such determinations have to properly balance corporate, security and defensive, property and privacy interests within frameworks consistent with U.S. legal ideals.

Government Seeks New Identity Markers

September 1, 2013
By Max Cacas

 

In the next few years, usernames and passwords could gradually fade from popular use as a way to conduct business online. A public/private coalition is working on a new policy and technical framework for identity authentication that could make online transactions less dependent on these increasingly compromised identity management tools. A second round of federal grants from the group, expected this fall, will lead to continued work on what is expected to become a private sector-operated identity management industry.

“The fact is that the username and password are fundamentally broken, both from a security standpoint as well as a usability standpoint,” says Jeremy Grant, senior executive adviser for identity management with the National Institute of Standards and Technology (NIST), an agency of the Department of Commerce. As a result of such security weakness, cybercrime is costing individuals and businesses billions of dollars every year. An estimated 11.7 million Americans were victims of identity theft of some kind, including online identity theft over a recent two-year period, according to NIST, the federal agency tasked with setting cybersecurity standards.

Pages

Subscribe to RSS - Cyber