Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars
AFCEA logo
 

Cyber

Corps
 Blazes 
Ahead With Cloud Computing

April 1, 2013
By Rita Boland

As they put the necessary pieces in place, Marines are mindful of tight resources and are seeking help from industry.

For the past year, U.S. Marine Corps technical personnel have been implementing a strategy to develop a private cloud. The initiative supports the vision of the commandant while seeking to offer better services to troops in disadvantaged areas of the battlefield.

As part of this effort, members of the Headquarters Marine Corps (HQMC) Command, Control, Communications and Computers (C4) Department are working on enterprise licensing agreements with multiple vendors to achieve economies of scale. They also are examining thinning the environment as an element of infrastructure as a service, and they are exploring how an enterprise services support desk would support a cloud environment during the transition from a continuity of services contract to a government-owned, government-operated scenario. In place is a 600-day transition plan to help move from the former to the latter. Robert Anderson, chief, Vision and Strategy Division, HQMC C4, explains that the May 2012 “Marine Corps Private Cloud Computing Environment Strategy” serves as the driving document for the transition, and now Marines are trying to reach the point where they execute the requirements outlined in the paper. “There are multiple pieces that have to occur for this to happen,” he states. Personnel are working on follow-up documents now, including a mobility strategy and a five-year transition plan scheduled for release in June. The latter lays out the next steps for the cloud environment.

DISA Lays Groundwork for Commercial Cloud Computing Contract

March 26, 2013
By Max Cacas

One of the U.S. Defense Department’s top information technology officials says work is beginning on a multiaward contract for commercial cloud computing services, but the official says he has no timeline or total value for the business.

Cyber Investigators Analyze South Korea Malware

March 25, 2013

The malware that infiltrated computer systems across South Korea’s banking and television broadcast industries on March 20 shares similarities with the Shamoon program used last year to wipe clean the hard drives of 30,000 Saudi Aramco workstations, according to experts at General Dynamics Fidelis Cybersecurity Solutions. Investigators at the company’s newly-opened cyber forensics laboratory in Columbia, Maryland, say the malware is not a Shamoon variant, but that the two programs share some characteristics.

Company officials acknowledge the speculation that North Korea launched the attacks but did not comment on the program’s origin. It is not unusual, they say, for a criminal group or nation to use malware that deliberately mimics attacks used by others. Doing so, of course, casts suspicion elsewhere, helping to mask the malware’s true origins. “A number of commercial firms were hit with a somewhat similar attack. It was not Shamoon. But the techniques were somewhat similar,” says Jim Jaeger, the company’s vice president of cybersecurity services.

Cyber lab personnel identified the South Korea malware as “239ed75323.exe,” a malicious file capable of wiping data in disk drives. One of the areas it targets is the disk’s master boot record, without which a computer cannot load its operating system. The program writes a pattern to the disk that repeats the word “HASTATI.” Hastati is an apparent reference to a class of infantry in the armies of the early Roman Republic that originally fought as spearmen and later as swordsmen. The malware did not overwrite the entire disk, so some data can be recovered. The cyber lab experts posted their initial findings in a blog the day after the attacks.

 

Nuclear Agency's Cloud Computing Plan Comes Together

March 20, 2013
By George I. Seffers

The U.S. National Nuclear Security Administration (NNSA) began working on its Yourcloud solution about two years ago and expects to have the cloud computing solution in place by year's end. You can read more about this in "U.S. Nuclear Agency Enhances Cybersecurity With Cloud Computing
." 

One of the surprises along the way to cloud was that NNSA is not alone in the problems it needs to solve, according to Travis Howerton, NNSA chief technology officer. "When we first started putting this together, I would have thought that we were more unique than we are, but when I traveled around talking to other chief information officers and other leaders in government agencies, or even in the commercial sector, everybody's struggling with the same set of issues," Howerton observes. "In general, what surprised me is how much synergy there is in trying to solve this problem government-wide. We're happy to be part of that overall ecosystem and to share with others what we're doing that may be helpful."

Agency officials spent about a year developing a strategic plan for transformation, which includes three pillars: the NNSA Network Vision (2NV), which modernizes the current computing environment by providing a secure, mobile, agile and adaptive IT infrastructure that will allow the NNSA workforce to perform their duties from any device, anywhere, any time; the Joint Cybersecurity Coordination Center (JC3), which provides the agency a capability for understanding the health of the systems, data and network; and the Cyber Sciences Laboratory (CSL), which establishes a process through which theoretical research in IT and cybersecurity can be rapidly applied to operational computing environments.

 

 

U.S. Defense Science Board Calls for Segmented Force Cyber Defense

March 5, 2013
By Robert K. Ackerman

The United States quickly must adopt a segmented approach to its military forces to ensure that key elements can survive a comprehensive cyber attack, according to a recently released Defense Science Board (DSB) Task Force on Resilient Military Systems. This approach entails a risk reduction strategy that combines deterrence, refocused intelligence capabilities and improved cyber defense. The effort must constitute “a broad systems approach … grounded in its technical and economic feasibility” to face a cyber threat that has “potential consequences similar in some ways to the nuclear threat of the Cold War,” the DSB report says.

The report declares that the United States cannot be confident that its critical information technology systems will work under attack from sophisticated adversaries combining cyber capabilities with conventional military and intelligence assets. In particular, the Defense Department’s dependence on vulnerable information technology “is a magnet” to U.S. opponents. U.S. networks are built on “inherently insecure architectures with increasing use of foreign-built components.” The report states that the department and its contractor base already have sustained “staggering losses” of system design information representing decades of combat knowledge and experience.

No silver bullet exists to eliminate cyberthreats, the report allows. Instead, it recommends an approach analogous to that employed against U-boats in World War II. Risks are not reduced to zero, but the challenge can be contained and managed through broad systems engineering of a spectrum of techniques.

Military Moves on Mobile

March 4, 2013

Despite continued budget crunching, U.S. Defense Department officials are continuing to implement a three-phase plan to equip the department’s 600,000 mobile-device users with secure classified and protected unclassified mobile solutions that leverage commercial products. In conjunction with the Defense Information Systems Agency, the department’s chief information officer is establishing a basic multivendor mobility capability with the Defense Department for assessment. This first phase, which continues through April, deploys voice and data services over a commercial wireless network, and a contract will be awarded for the department’s initial enterprise mobile device management (MDM) and mobile application store (MAS). Phase two, which is set to last nine months, will focus on creating a security and service delivery infrastructure to support several competitive acquisition options. During the final phase, set to begin in October 2013, an operational capability will be offered to all Defense Department entities as a subscription-based service. Work is contingent on the availability of fiscal year 2013 and fiscal 2014 funding.
 

 

Change Is Challenge

March 1, 2013
George I. Seffers

Homeland Security Conference 2013 Show Daily, Day 3

Although many in government are moving as quickly as possible to adopt new technologies, such as cloud computing and mobile devices, individual agencies still face cultural challenges that sometimes prevent them from moving forward, according to officials speaking as part of the Chief Information Officer Council at the AFCEA Homeland Security conference in Washington, D.C.

Richard Spires, chief information officer for the Homeland Security Department (DHS), reminded the audience that DHS was created by joining a lot of disparate agencies, all of whom owned individual networks. While the department is working to integrate the information technology infrastructure and consolidate data centers, officials still meet some resistance at the individual agency level. “There’s still have lot of duplication and in some ways duplication is holding us back. I’d like to say we’re making progress, but I’ll let others grade us on that,” Spires said.

Other officials agreed that they meet resistance as well. Robert Carey, deputy chief information officer for the Defense Department cited a culture of change and said a constrained budget environment can be a power catalyst for action in moving toward a more centralized environment.

Cybersecurity itself can present challenges, according to Luke McCormack, chief information officer for the Justice Department. “Cyber’s hard. The individual pieces of that can be very difficult,” he said. He also cited the need to bring people together on emerging technologies, such as cloud-as-a-service, as a challenging issue.

A New Chip Thinks Like a Brain

March 1, 2013
By Max Cacas

An Army research team develops a device that could assist warfighters' decision making.

A U.S. Army scientist and his colleagues, working in the nascent field of neural computing and quantum physics, have earned a patent for a powerful quantum neural dynamics computer chip. The device, which has been tested in a laboratory, and the advanced mathematical computations that make it work may lead one day to powerful devices that could help warfighters sift through huge datasets of information and make important tactical decisions in the field. The chip also holds promise for civilian applications requiring the rapid analysis of big data, and it could represent a bridge to the next generation of computing.

“The patent covers different ways to make computer chips,” states Ron Meyers, a computer scientist with the Army Research Laboratory (ARL) who is the principal investigator for the neural chip project. “We developed a type of mathematics that allows for quick function-changing and also emulates some of the processes of neural intelligence that the human brain uses. We combined those together, and we made a new type of computer chip that incorporates those functions. It’s qualitatively different. It doesn’t do the same kinds of computations as traditional computer chips.”

The chip, and its underlying operating system based on newly developed mathematical formulas, will make possible faster and more powerful computers. “We’re talking about the ability to compute that exceeds exponentially millions of times greater than any of the computers that exist today or are on the drawing boards using conventional approaches,” Meyers explains.

Securing Critical Infrastructure Through Nontraditional Means

February 1, 2013
BY Rita Boland

A cloud project takes advantage of emerging concepts to protect energy against disruptive threats.

Researchers at Cornell University and Washington State University have teamed to create GridCloud, a software-based technology designed to reduce the time and difficulty involved with creating prototypes of smart-grid control paradigms. The system will help overcome hurdles of cloud computing in complex settings. The effort combines Cornell’s Isis2 platform, designed for high-assurance cloud computing, with Washington State’s GridStat technology for smart grid monitoring and control. The advent of this technology promises to boost both the security and the reliability of electrical services.

Developers aim to build a scalable software structure that is secure, self-healing and inexpensive to operate. They believe that by combining Isis2 and GridStat, a cloud-based grid can have all those factors as well as guarantee consistency. Infrastructure owners motivated by economies of scale and the desire to deploy the new smart-grid solutions end up with a system that also is more resistant to attack and likely to survive other disruptions.

Dr. Ken Birman, a professor at Cornell and co-principal investigator on the project, explains that several motivations drive the effort. One involves trying to find a solution to control a power grid when multiple organizations own and have access to the infrastructure. “A second challenge that’s emerged is that people have studied the power grid and found that we don’t operate it very efficiently,” Birman says. Power suppliers often are producing extra power, for example, or finding it difficult to take advantage of renewable sources. Sometimes renewable energy—such as the type that comes from solar panels on homes—is blocked from entering the power grid because officials lack the knowledge to access and use it safely.

Cloud Industry Group Issues Mobile Computing Guidelines

March 1, 2013
By Max Cacas

When it comes to popular smartphones and tablets, security can be a many-layered and necessary endeavor

The growing use of advanced mobile devices, coupled with the increase in wireless broadband speed, is fueling demand by employees to bring their own devices to the job. This situation has opened a new set of security challenges for information technology staff, especially when it comes to the use of apps.

As the popularity and capability of mobile devices expands, standards are necessary to ensure that personal devices can function securely on enterprise networks. To address this need, the Cloud Security Alliance (CSA) organized its Mobile Working Group last year. The group recently released guidance to members on how enterprise administrators can successfully integrate smartphones and tablets into their work environment. The CSA is a not-for-profit organization of industry representatives focused on information assurance in the cloud computing industry.

Pages

Subscribe to RSS - Cyber