Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars  Apps     EBooks
   AFCEA logo
 

Cyber

Incentivizing Companies to Manage Cyber Risks Better

August 9, 2013

 

The White House is developing a core of practices to develop capabilities to manage cybersecurity risk. This Cybersecurity Framework will be available in draft form in October and finalized in February 2014. At that time, officials will create the Voluntary Program to encourage critical infrastructure companies to adopt the framework. Until then, the government is looking at ways to incentivize companies to participate. Some recommended incentives can be adopted quickly while others will require legislative action and additional work. The White House is collaborating with appropriate agencies now to move forward and to prioritize incentive areas including cybersecurity insurance, grants, process preference, liability limitation, streamlined regulations, public recognition, rate recovery for price regulated industry and cybersecurity research. For more detailed information, visit the White House Blog

 

 

AFCEA Answers: GSA’s McClure Cites Two Factors for Security in the Cloud

August 5, 2013
By Max Cacas

When it comes to cloud computing, there are two items that are top of mind for Dave McClure, Associate Administrator with the General Services Administration (GSA) in Washington, D.C.
 
“One is boundaries. Where does a cloud service provider’s authorization and control begin and end?” he noted on a recent edition of the “AFCEA Answers” radio show. McClure goes on to explain that while an infrastructure provider might have a given set of controls and responsibilities, there are software applications that, as he puts it, “sit on top of that infrastructure. Who owns the apps, and who is responsible for security in the application space?”
 
McClure, who has had a long career in information technology in both the private sector and government, suggests that the other challenging security area in today’s cloud computing environment deals with defining the business side of cloud. “There’s some confusion between security controls and contractual terms that deal with access issues, location issues, and usage, some of which are contract, more than straight security concerns. Getting all of that right—the boundaries, the authentication piece, the contract piece—there’s definitely a lot to pay attention to in the cloud space.”
 
Edwin Elmore, Cloud Computing Business Development Manager with Cisco Systems in Washington, sees the challenge of security in the cloud as one of “taking the physical world and moving it to the virtualized world. When you look at cloud computing, it’s a heavily virtualized environment, so the same controls you have around a physical perimeter in your physical data center, now you have to extend it to the virtualized world.” And that, he says, includes applying the same security protocols when it comes to virtual machines exchanging data with each other.
 

Software Increases 
Unmanned Craft Survivability

August 1, 2013
By George I. Seffers and Robert K. Ackerman

 

The U.S. Defense Advanced Research Projects Agency is developing new control software to reduce the vulnerability of unmanned systems to cyber attack. This effort is relying on new methods of software development that would eliminate many of the problems inherent in generating high-assurance software.

Unmanned vehicles suffer from the same vulnerabilities as other networked information systems. But, in addition to their data being co-opted, unmanned systems can be purloined if adversaries seize control of them. This problem also applies to human-crewed systems with computer-controlled components.

If the research program is successful, then unmanned vehicles will be less likely to be taken over by an enemy. Warfighters could trust that the unmanned vehicle on which they are relying will not abandon its mission or become a digital turncoat.

This security would extend to other vulnerable systems as well. Networked platforms and entities ranging from automobiles to supervisory control and data acquisition (SCADA) systems could benefit from the research. The vulnerability of SCADA systems is well-established, but only recently has research shown that automobiles can be co-opted through their computer-controlled systems. The program’s goal is to produce high-assurance software for military unmanned vehicles and then enable its transfer to industry for commercial uses.

The Defense Advanced Research Projects Agency (DARPA) program is known as High-Assurance Cyber Military Systems, or HACMS. Kathleen Fisher, HACMS program manager, says the program is aiming to produce software that is “functionally correct and satisfying safety and security policies.

“It’s not just that you’re proving the absence of a particular bad property from the security perspective,” she explains. “You’re actually positively proving that the software has the correct behavior.”

Building
 a Bigger,
 Better Pipe

August 1, 2013
By Max Cacas

 

Scientists at the U.S. Defense Department’s top research and development agency are seeking the best new ideas to provide a larger-scale mobile network to support an increasing array of bandwidth-hungry mobile computing devices for warfighters.

The Defense Advanced Research Projects Agency (DARPA) has issued a Request for Information (RFI) for new technical approaches that would expand the number and capacity of Mobile Ad Hoc Networks (MANETs) nodes available in the field.

“When we look at MANETs, it’s really tough to deliver networking services to more than about 100 users,” says Mark Rich, program manager, DARPA Strategic Technology Office. Those 100 users translate into approximately 50 nodes on a mobile wireless network operating in a forward location, generally supporting everything from tactical and operational systems to advanced video services. All of these functions are carried on a service that is largely dependent on highly secure digital radio systems. Once that limit is reached, network services begin to deteriorate in quality and effectiveness. To support larger deployments or to cover a greater area, military communications experts usually knit smaller networks using other available means, such as satellites.

Marines Set the Stage for Next-Generation Network

August 1, 2013
By Robert K. Ackerman

 

The steady march toward the U.S. Navy’s Next-Generation Enterprise Network underwent a leap ahead as the U.S. Marines undertook a full transition before the contract for the new system even was awarded. The multiyear effort saw the Corps methodically absorb functions of the Navy/Marine Corps Intranet predecessor so the service was positioned for a smooth adoption of the new network.

This shift to a government-owned network required more than just a change in direction. The Corps had to achieve the transition without allowing any break in services to its Marines concurrent with deployments to Southwest Asia. It had to move network operations seamlessly across a philosophical gulf as well as a logistical one without creating a new infrastructure. And, it had to finish the transition perfectly positioned for the incorporation of the Next-Generation Enterprise Network, or NGEN.

By design, the transition planners had to aim at a hidden target. The entire transition took place before the contract for NGEN was awarded (see page 53), so they had no idea what the network would resemble. They needed to estimate what the winning bidder—whichever team it would be—would configure as a cost-effective, government-owned and -operated enterprise network. Then, the planners had to design a transition that would lead the Corps to that envisioned destination without losing any functionality along the way.

On June 1, the multiyear effort largely was completed. Brig. Gen. Kevin J. Nally, USMC, director of Command, Control, Communications and Computers (C4) and chief information officer (CIO) for the Marine Corps, lauds the results. “The transition effort went very, very well,” he states, crediting the skill of the personnel involved for its successful outcome. Their knowledge, as well as their ability to adapt and overcome hurdles, were key to the transition program.

All Aboard for Joint Information Environment

August 1, 2013
By George I. Seffers

 

Despite small pockets of resistance, officials across the U.S. Defense Department and military services support the convergence of multiple networks into one common, shared, global network. Lessons learned from the theater of operations indicate the need for the joint environment, which will provide enterprise services such as email, Internet access, common software applications and cloud computing.

That was the consensus from a wide range of speakers and panelists at the June 25-27 AFCEA International Cyber Symposium in Baltimore. The Joint Information Environment (JIE) was a major topic of discussion. Lt. Gen. Mark Bowman, USA, director of command, control, communications and computers, J-6, the joint staff, indicated that the joint environment is his highest priority and described it as the way to the future. “We have no choice. We have to be interoperable day one, phase one, to plug into any operation anywhere in the world, whether it be for homeland defense, disaster relief here in the United States or some combat operation somewhere around the world with coalition partners,” Gen. Bowman declared.

Lt. Gen. Susan Lawrence, USA, Army chief information officer (G-6), called the JIE “absolutely essential,” and indicated that it will better allow warfighters to deploy “on little notice into any austere environment.”

Teresa Salazar, deputy chief, Office of Information Dominance, and deputy chief information officer, U.S. Air Force, said she saw the need for the JIE while in the desert, where every service and every “three-letter agency” came in with its own network, which led to vulnerabilities and a host of complications.

Cyber Threats Abound, but Their Effects Are Not Certain

July 31, 2013
By Robert K. Ackerman

Protecting the nation from cyber attack entails deterring or preventing marauders from carrying out their malevolent plans. But, while government and the private sector endeavor to fight the menace jointly, evildoers constantly change their approaches and learn new ways of striking at vulnerable points. So many variables have entered the equation that even the likelihood of attacks—along with their effects—is uncertain.
 

SCADA Systems Face Diverse Software Attack Threats

July 31, 2013
By Robert K. Ackerman

Supervisory control and data acquisition (SCADA) systems face numerous threats from cybermarauders coming at them from any of a number of directions. Some systems could suffer malware attacks even though they are not the intended targets, according to a leading security expert.

Cyber Sabotage Attacks the Century’s Worst Innovation

July 31, 2013
By Robert K. Ackerman

One of the world’s leading experts on cybersecurity calls cyber sabotage attacks “the worst innovation of this century.” Cyberweapons have become too dangerous, and cyberattack can lead to visible and important damage to the critical infrastructure or telecommunications. And, attribution is almost impossible.

Democracy Is Doomed Without Effective Digital Identification

July 31, 2013
By Robert K. Ackerman

Democracy has only 20 years left to live if an effective means of digital identification is not developed before that deadline. As young people growing up with social media reach voting age in increasing numbers, they will lead a major shift to online voting. A lack of identity security will throw open the gates to massive voter fraud that will destroy the fidelity of elections, and with it, true representative government.

That gloomy assessment came from one the world’s leading experts on cybersecurity. Speaking at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., Eugene Kaspersky, chief executive officer and co-founder of Kaspersky Lab, warned that this will be a consequence of the failure to secure the Internet.

“Kids today are always online,” he pointed out. “They will want to vote online. We need a 100-percent, biometric-based digital identification card.”

Issuing this type of identification will help secure the Internet if it is restructured, Kaspersky continued. He suggested splitting the Internet into different components: One would be highly secure, where financial transactions would take place, and another would be totally open for noncrucial activities with no identification required. Other segments with varying degrees of importance and security would be located in between these two extremes, he offered.

Pages

Subscribe to RSS - Cyber