Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars  Apps     EBooks
   AFCEA logo
 

Cyber

Armageddon by Cyber Not a Likely Scenario

July 31, 2013
By Robert K. Ackerman

A “digital Pearl Harbor Armageddon” that inflicts catastrophic damage on the United States is not likely soon or in the foreseeable future. The worst cyber attack that could be expected would have less of an effect for a shorter period of time, said an expert with the Office of the Director of National Intelligence (ODNI).

Sean Kanuck, national intelligence officer for cyber issues at the National Intelligence Council, ODNI, told the audience at the second day of the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that predictions of destruction that would bring the United States to its knees are unnecessarily pessimistic and unlikely to materialize.

The worst cyber event that could be expected would be regional, not national, in terms of its effects. It would not be enduring, instead lasting days at most. It probably would afflict familiar targets such as oil and gas distribution networks, power grids and transportation.

The financial sector could be damaged by a cyber attack that causes substantial losses. Right now, the U.S. government does not have a baseline or a metric for determining remediation expenses or financial losses, Kanuck said.

The Most Capable Cyber Attackers Are Less Likely to Attack

July 31, 2013
By Robert K. Ackerman

The most damaging cyber attacks possible are among the least likely to happen, because the powers capable of undertaking them are unlikely to launch them, according to an expert with the Office of the Director of National Intelligence (ODNI). Sean Kanuck, national intelligence officer for cyber issues at the National Intelligence Council, ODNI, told the audience at the second day of the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that cyber attack capability need not translate to immediate threat.

Kanuck explained that the most sophisticated players in cyber are powerful nations that know it would run counter to their interests to inflict a damaging attack on the United States. They will—and do—conduct cyber espionage, but they would not want to bring down the United States except possibly in an existential military conflict that threatens their regime or as a part of a major war.

On the other hand, some less capable cyber nations might be willing to launch a devastating attack. Nations such as Iran, for example, might see benefits from inflicting great harm on the United States.

Non-state players would join the major powers in eschewing a crippling attack on the United States. Kanuck pointed out that these non-state entities use cyber to their advantage, such as for criminal activities. “They do not want to kill the goose that lays the golden egg,” he noted. “They want to profit, but they don’t want to bring down the law upon themselves.”

Data Integrity Is the Biggest Threat in Cyberspace

July 31, 2013
By Robert K. Ackerman

The most serious national security threat looming in cyberspace may be the potential for vital data to be altered by cybermarauders, according to a cyber expert with the Office of the Director of National Intelligence (ODNI). Speaking to an attentive audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., Sean Kanuck, national intelligence officer for cyber issues at the National Intelligence Council in the ODNI, admitted that the threat to data integrity keeps him awake at night.

Kanuck offered that, some day, a chief executive officer or even a U.S. president might not be able to trust the normally reliable data needed to make a crucial decision. That situation might be even more damaging than cyber attacks currently envisioned as realistic near-term threats.

“The question will not be distributed denial of service,” he said. “The question will be, can I trust my data from being altered?” He noted that, when data is denied, victims know it immediately. But, if data is altered without people immediately realizing it, they only discover it after financial records are not clearing and balancing, for example.

“Whether it is national security information for the president, or financial information for a chief executive, when you don’t know whether the data is true or false, it’s a really bad day.”

It’s Culture, Not Technology, That Inhibits Cyber Information Sharing

July 31, 2013
By Robert K. Ackerman

Resistance to change may prove to be the biggest impediment to information sharing among the cyber intelligence community. Both government and industry must break out of their existing paradigms to share cyber intelligence that may prove vital to national security.

Panelists on the second day of the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., outlined some of the cultural obstacles that hold back information sharing. In the intelligence community, the conflict is the traditional need to know versus the new need to share.

“We need to change the paradigm of how we think about things,” said Vice Adm. Michael Rogers, USN, commander, U.S. Fleet Cyber Command and commander, U.S. Tenth Fleet. “How do we educate our senior officers about how we live in this [new information sharing] world?”

Larry Zelvin, director of the National Cyber and Communications Integration Center at the Department of Homeland Security, pointed out that cybersecurity is a competitive business; not everybody is going to share. “People may not want to be as open as we think they ought to be—for some very good reasons,” he added.

Paul Tiao, a partner in the law firm of Hunton and Williams, called for leadership and a community-wide dedication to information sharing. This should include metrics for measuring the sharing that takes place. And, personal contact is important for overcoming cultural barriers “People have to sit with each other and talk with each other—not videoconference. if you want to collaborate, do more than just share information,” he suggested.

Ultimately, private sector companies are the defenders of cyberspace, Zelvin offered. “It’s not the government that will protect us, it’s the private sector.”

Industry Must Share Cyber Intelligence Among Itself

July 31, 2013
By Robert K. Ackerman

While government and industry wrestle with issues of sharing cyber intelligence, different private sectors face an equally difficult—and important—task of information sharing among themselves. Many face similar threats, and their survival against cybermarauders may depend on how well they share threat knowledge.

Information sharing is a major discussion point in the two-day AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. In a panel discussion, Robert Mayer, vice president of industry and state affairs at the U.S. Telecom Association, called for more cross-sector activity and engagement so that the industry sectors share more information.

“We in industry have a responsibility to bridge across the silos and create cross-connections,” he stated.

That will not be an easy task. Industry traditionally has been reluctant to share information with government; sharing with other sectors will raise similar concerns. Larry Zelvin, director of the National Cyber and Communications Integration Center at the Department of Homeland Security, cited a lack of clarity, with industry on information sharing. Many companies are fearful, he noted, and longtime cultural issues must be overcome.

Cyber and Intelligence Need Each Other

July 30, 2013
By Robert K. Ackerman
AFCEA Global Intelligence Forum Online Show Daily, Day 1

Quote of the Day:

“The more we can talk about cyber and intelligence in the open, the better we will be … the less the demagogues can take it and run with it.”—U.S. Representative Mac Thornberry (R-TX)

Intelligence needs cyber, and cyber needs intelligence. How they can function symbiotically is a less clear-cut issue, with challenges ranging from training to legal policy looming as government officials try to respond to a burgeoning cyber threat.

The cyber threat is growing, and the defense and homeland security communities must strive to keep up with new ways of inflicting damage to governments and businesses. Many experts believe that the cyber threat has supplanted terrorism as the greatest national security issue, and new technologies are only one avenue for blunting the menace. Intelligence must expand its palette to identify and detect cyber threats before they realize their malevolent goals.

Many of these points were discussed in the first day of the two-day AFCEA Global Intelligence Forum, held July 30-31 at the National Press Club in Washington, D.C. Leaders from industry, the military and federal and local government converged in a lively discussion of challenges and their potential resolutions. No single approach reigned supreme among solutions, and the dynamic nature of both the threat and its environment heightened the uncertainty surrounding the future. One prediction that nearly all participants agreed on was that inaction in addressing cyber threats would be catastrophic for the nation as a whole.

Needed Cyber Skill Sets Grow in Number, Complexity

July 30, 2013
By Robert K. Ackerman

Effective cyber experts require an increasing skill set that is putting them out of reach of the government. As threats have become more diverse, so have the abilities needed to defend against them, and the government may need to turn to innovative methods of building its cyberforce.

Rear Adm. Edward Deets, USN (Ret.), director, software solutions division, Software Engineering Institute, Carnegie Mellon, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the nation has “a geopolitical knowledge gap—not just analysts, but also people doing things in the traditional tradecraft that we do today.” Foreign espionage is increasing as national relationships change and developing countries become players in the global marketplace.

Steven Chabinsky, chief risk officer and senior vice president for legal affairs at CrowdStrike, warned against expecting the incoming generation of professionals to be immediately adept at new technologies without the need for training. “Today’s generation is not that much more skilled than we are,” he stated. “They are familiar with using the technology, but don’t take false comfort in thinking that we won’t have to train them.”

Chabinsky also called for a new approach to training and education. “We have overemphasized college education to the point where people need their master’s degrees,” he charged. “Instead, we need more apprenticeships, and government can take the lead on this.”

Adm. Deets pointed out the need for government support for professional development. “[The Defense Department] must invest in intelligence training and education tracks for people to be integrated into the cyber domain. It’s incredibly expensive,” he said.
 

 

Obtaining Cyber Personnel Threatens Effective Defenses

July 30, 2013
By Robert K. Ackerman

Just as an earlier panelist at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., emphasized the importance of the human element in cyber intelligence, a subsequent panel sounded the alarm for acquiring and keeping cyber personnel. Obsolete hiring rules and competition from the private sector loom large as impediments to the government’s ability to hire and retain effective cyber intelligence personnel.

Competition from the private sector is quantifiable. Daniel Scott, Office of the Director of National Intelligence, pointed out that the government is offering less than half the annual salary than the private sector for skilled cyber graduates. These young people need to earn a lot of money in the first 10 years of their careers so they can pay off their college loans, he pointed out. And, the need for these people is immediate.

“We can spend millions and millions on scholarships, but we need to hire people today,” he stated.

Scott also called for comprehensive civil service reform. “It [civil service hiring] was written for the industrial age; it will not work for the skill set we will need in cybersecurity. We need more flexibility to bring people in and retain them,” he declared.

New Capabilities, Though Needed, May Not Be a Panacea for Cybersecurity

July 30, 2013
By Robert K. Ackerman

Information sharing, automated intelligence reporting and all-source analysis capabilities are cited by many experts as being necessary for helping ensure cybersecurity. However, the human element must remain not only present, but also dominant, in any cybersecurity process.

That was one point presented in a panel discussion at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. Rear Adm. Elizabeth Train, USN, director for intelligence, J-2, the Joint Staff, cited an automated unclassified intelligence reporting system as one capability that is needed but is still a way off.

She added that all-source analysis is still the key to good intelligence. Information sharing is another desirable capability, although achieving it is a challenge across the entire intelligence community, not just in cyber, she noted.

While endorsing the need for new capabilities, Mark Young, former executive director, Directorate for Plans and Policy, U.S. Cyber Command, sounded a cautionary note. “Correlation does not necessarily mean causation—the role of the analyst is even more critical,” he declared. “We use these automated tools to find the needle, but so what?

“We can talk about the pace of technology all we want, but if you have the proper mindset for analysis, the technology doesn’t matter,” Young emphasized.

Young agreed that industry can help with cyber threat intelligence, but it may be elusive. “We need information sharing legislation, but I don’t think it’s going to happen,” he offered.

Defense Information Security Still Fought in the Trenches

July 30, 2013
By Robert K. Ackerman

The military is so busy combating cybermarauders that it has not been able to shape an overall strategic approach to securing cyberspace, said the head of intelligence for the Joint Staff. Rear Adm. Elizabeth Train, USN, director for intelligence, J-2, the Joint Staff, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the cyberdomain is a multidimensional attack domain that threatens both the military and the private sector.

“We’re doing more tactical blocking and tackling than strategic defense right now,” Adm. Train said.

She called for a stronger two-way relationship between government and industry as a cornerstone of information sharing. While intruders largely target the private sector, they also are targeting the Defense Department. “We’ve experienced an unprecedented number of incidents,” she said of the department.

One of the challenges is that, in an interdisciplinary mission such as cyber, a gap in technology knowledge is present across the work force. The admiral called for a standard lexicon and vocabulary so that participants can understand each other clearly. For example, she noted, some cyber experts are not experts in intelligence tradecraft, which hampers effective communications in the rapidly changing cyber arena.

“The world is introducing digital capabilities at a pace faster than we can understand them,” the admiral stated.

Pages

Subscribe to RSS - Cyber