Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars  Apps     EBooks
   AFCEA logo
 

Cyber

Financial Incentives May Compel Private Sector Security

July 30, 2013
By Robert K. Ackerman

Legislation that creates both positive and negative incentives may be necessary for industry to incorporate effective network security. The role of the insurance industry also can be brought to bear to convince companies it is in their best interest to ensure the sanctity of their data.

These points were offered by Rep. Mac Thornberry (R-TX). He told the morning audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the government should pursue a private sector approach as part of its efforts to strengthen information security in the United States.

“We need to make cyber a bigger deal at the CEO [chief executive officer] level, and to do that we need to have money involved,” he said. This would include market incentives for companies to secure their information. And, the counterpart would be a financial penalty for those firms that do not pursue adequate security.

“You have to have a stick with those carrots,” he continued. “A company that loses vital data because they didn’t have effective security involved pays a price.”

The congressman added that the insurance industry should be brought into play as well. The government needs to push cyber insurance that establishes minimum requirements and provides discounts for advanced security measures. This might work the same way that auto and home insurers provide discounts for safety technologies.

Congressman Decries “Political Demagogues” Who Threaten Security Measures

July 30, 2013
By Robert K. Ackerman

Many elected officials who opposed the National Security Agency’s (NSA’s) broad surveillance efforts were “demagogues” who did not know the real issues involved, said a member of the House Permanent Select Committee on Intelligence. Rep. Mac Thornberry (R-TX) told the morning audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the people in the House who voted to cut funding for the NSA’s surveillance efforts preferred taking a stand to understanding the situation. Those who voted against cutting the NSA’s funding were the people who’ve been getting the intelligence briefings.

Rep. Thornberry decried the NSA’s opponents as “people who don’t want to go to the briefings, they don’t want their minds to be cluttered by the facts, they just want to feed their Twitter streams.” Those who did attend the briefings understood the scope of the threat and recognized the vital importance of these efforts in protecting the United States.

The NSA controversy provides some guidelines, he continued. It points out that the real challenge is with laws and policies—above all, public confidence. As the threat has grown, policies have not kept up. The country needs an open discussion with as many facts that can be publicized.

“The more we can talk about cyber and intelligence in the open, the better we will be … the less the demagogues can take it and run with it,” the congressman declared.

Senate to Bring Cyber Bill Mirroring House Effort

July 30, 2013
By Robert K. Ackerman

The U.S. Senate is moving on a cyber bill that is more in line with the approach being taken by the House, said a member of the House Permanent Select Committee on Intelligence. Rep. Mac Thornberry (R-TX) told the morning audience at the AFCEA Global Intelligence Forum at the National Press Club in Washington, D.C., that this bill may be marked up by the Senate Commerce Committee this week. It would turn to standards established by the National Institute of Standards and Technology (NIST) for private sector guidelines.

Thornberry reflected on how the House passed four separate cyber bills a year ago, but they died in the Senate as that body pursued a single large bill. The congressman endorsed the House concept of legislating cybersecurity in “discrete, bite-size chunks” that reach across the relevant government committees and agencies.

The congressman called for greater cooperation between Congress and the White House, saying that this can produce a cyber policy that benefits the nation as a whole. The more the administration and Congress work together, the more their work becomes the policy of the nation rather than that of any particular administration, Republican or Democrat. “Only with this partnership can we have the solutions the country needs,” he declared.

Shifting Numbers Cast Doubt on Federal Data Center Consolidation

July 26, 2013
By Henry S. Kenyon

Government officials now admit they underestimated the scope and complexity of the federal data center realm.

 

Collaborative Portal Opens Business Opportunity Doors

July 18, 2013

General Dynamics Advanced Information Systems has created a portal to facilitate collaboration among experts from multiple industries in a secure, controlled, cooperative environment. GDNexus matches innovative solutions to customer requirements across the defense, federal government, intelligence community and commercial markets.

Registered members of the community are notified immediately when new Need Statements are announced and can respond through the portal with products and services that fulfill the requirements. The GDNexus team reviews and evaluates the responses and then sends the potential customers an assessment of the proffered solution.

The team also sends feedback to members to help them enhance their product strategy and align technology road maps to future requirements. Subject matter experts from General Dynamics work directly with technology providers, providing insight and perspective. “GDNexus also provides another important mechanism for us to act as an honest broker, bringing innovative technologies to our customers quickly as a prime systems integrator,” Nadia Short, vice president, strategy and business development, General Dynamics Advanced Information Systems, says.

The first customer Need Statements focus on the cyber domain and are now available in the portal. GDNexus member companies currently include NetApp and RSA.

Corporate Espionage Concerns Could Affect Contracting

July 17, 2013

Frank Kendall, undersecretary of defense for acquisition, technology and logistics, told the Senate Banking, Housing and Urban Affairs Committee that he is concerned about the level of cyber attacks affecting defense suppliers. As a result, he is considering changes in contracting procedures to mitigate the risk of corporate espionage. “I’m talking particularly about design information that might not be classified, but if you acquire that information, it certainly shortens your lead time to building things, and it reduces your costs,” he told committee members. “That’s an advantage we don’t want to give our potential adversaries.”

Kendall expressed his concerns during his testimony in support of the reauthorization of the Defense Production Act, which grants the president the power to ensure timely procurement of essential services and materials during war or national emergencies. Parts of the act are set to expire on September 30, 2014.

The law is an urgent operational requirement that is as necessary today as it was in 1950 when it was enacted, Kendall said. “Industry has no obligation to prioritize national security requirements, and at times, they’re financially motivated to do otherwise,” he stated. “New, expanded and modernized domestic industrial capabilities reduce the risk of foreign dependencies caused by geopolitical factors or other economic issues and strengthen the economic and technological competitiveness of U.S. manufacturers.”

Subscribe for Cybersecurity Education

July 15, 2013

AFCEA International is partnering with Carnegie Mellon University’s Software Engineering Institute to offer its members a comprehensive range of online cybersecurity training on an annual subscription basis. For the cost of one five-day classroom course, students have unlimited access to more than 30 classes.

Cyber Committee Explores the Insider Threat

July 15, 2013

A new white paper titled “Insider Threat: Protecting U.S. Business Secrets and Sensitive Information” focuses on raising risk awareness by highlighting current issues and outlining continuous challenges.

Asymmetric Cyberwarfare Demands a New Information Assurance Approach

July 1, 2013
By Paul A. Strassmann

The planners of the Defense Department Joint Information Environment, or JIE, must specify the requirements that can cope with the surges in asymmetric cyberwarfare—now. Asymmetric warfare describes conflicts in which the resources of the two belligerents differ in terms of their weapons and organization. The opponents will attempt to exploit each other’s weaknesses.

To defend against asymmetric warfare requires the imposition of a unified intelligence that is applicable to all U.S. Army, Navy, Marine Corps and Air Force applications. Proceeding with comprehensive protective solutions is required prior to completing facility consolidations. Fixing applications before consolidating computer processing has become one of the primary requirements for safe cyber operations.

Proceeding with only enhancements of legacy operations will not be sufficient. For example, placing emphasis on data center consolidations without a simultaneous re-engineering of applications cannot deflect targeted cyber attacks.

Cyberwarfare has evolved over the past 40 years. Information security methods, which used to protect computer systems, now are inadequate. Thousands of unknown global cyber attackers examine millions of dispersed targets, but only hundreds of defenders protect tens of thousands of applications located in fixed positions. The disparity between many unknown attackers compared with a few known defenders has created a situation where asymmetric warfare is the prevalent condition under which system operations now take place.

In the Cyber Trenches

July 1, 2013
By Max Cacas

The Army adjusts its training and career path for cyber domain troops and leaders.

The U.S. Army is taking a successful model developed to train chief warrant officers in the realm of information assurance and is adapting it for qualified enlisted personnel and officers. Instead of reinventing the wheel, the program blends already-successful cybersecurity training designed for the private sector with training tailored for the Army’s mission-specific networks. The goal is to create a career path for what is expected to be a cadre of cyberspecialists whose primary goal is to protect and defend the service’s digital infrastructure.

“The Army realized that our networks were being constantly attacked, but we never realized it until after it had taken place,” says Joey Gaspard, chief, Information Assurance Branch, U.S. Army Signal Center at Fort Gordon, Georgia. He adds that in 2007, the service embarked on a program to match staffing and training to be more proactive about cybersecurity. “Instead of consistently sitting there, waiting to be hit, they decided to put themselves in a position where we looked at the training. Commercial industry was already training personnel to defend commercial organizations, so why couldn’t the Army do the same thing?”

In response to that question, the Army embarked on a re-examination of its military occupational specialty (MOS) categories, which describe every job at every rank within the Army. The Signal Center focused on the MOS pertaining to cybersecurity.

Pages

Subscribe to RSS - Cyber