Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars  Apps     EBooks
   AFCEA logo
 

Cyber

Defense Department Reworking Cyber Strategy

June 25, 2013
By George I. Seffers

Cyber Symposium 2013 Online Show Daily, Day 1

Maj. Gen. John Davis, USA, senior military advisor for cyber to the U.S. undersecretary of defense for policy, set the tone at the 2013 AFCEA International Cyber Symposium, Baltimore, when he told the crowd that his position—which was just approved last August—indicates how seriously senior leaders view the cyber arena to be.

Speakers across the spectrum highlighted the U.S. government’s growing dependence on computer networks and the need to keep those systems secure, even though the vast majority of systems are owned by the private sector. They also emphasized the growing, ever-evolving threat and offered a number of solutions to help tackle the issue.

“In an environment of reduced resources, that the department thought it was worth it to put a general officer in the Office of the Secretary of Defense for Policy is an indication how serious senior department leaders are taking this particular subject,” Gen. Davis stated. He quoted a number of high-level officials, including Defense Secretary Leon Panetta and his successor Chuck Hagel, both of whom have repeatedly warned of the potential dangers of the cyber threat. “Senior leaders in the department and beyond the department understand that cyber is a problem and cyber is important. They’ve made cyber a priority, and there’s a sense of urgency,” he said.

The general launched an in-depth discussion of the Defense Department’s strategy for operating in cyber space, which he indicated is already outdated. The “thin” little document has been guiding the department for two years. And it’s two years old. "What’s two years in cyber years? They’re kinda like dog years. This is like 20 years old as fast as the cyber domain evolves and changes,” he said. “So, as you might imagine, we are already working on the next version of this and what it will do to drive the department forward for the next several years.”

Government Coping With New Round of Cyber Attacks

June 25, 2013
George I. Seffers

U.S. government officials are traveling the country warning companies about a new round of cyberattacks that have targeted 27 companies, compromised seven and may ultimately affect up to 600 asset owners, according to Neil Hershfield, deputy director, control systems security program (CSSP), Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), Homeland Security Department.

Hershfield made the comments while taking part in a critical infrastructure protection panel discussion as part of the July 25-27 AFCEA International Cyber Symposium, Baltimore.

“The reason we’re out and about across the country is that we’re seeing a new adversary taking a new approach—rather than spearphishing, they are going after vulnerabilities with [structured query language] injections, and they’re then trying to get across the networks as fast as they can as broadly as they can,” Hershfeld reported. “We’ve been working with our intelligence community partners on this and we’re now going around the country letting people know about it. We basically do this jointly with the FBI, with field offices across the country. When we’re done, we’ll probably talk to 500-600 asset owners.”

Getting the word out is crucial because “the mitigation strategy here for this kind of exploit is significantly different than what you might use in other cases,” he added.

Hershfield is part of an industrial control systems working group, a public-private partnership that is co-led by one person from the private sector and another from the government sector. The group typically meets in-person twice a year, sharing information between the public and private sectors.

United States to Continue Cyber Dialogue With China in July

June 25, 2013
By George I. Seffers

The United States will continue to develop a bilateral relationship with China regarding cybersecurity issues. In fact, the two countries will meet again in Washington, D.C., on July 8th, according to Maj. Gen. John Davis, USA, senior military advisor to the undersecretary of defense—policy for cyber, Office of the Secretary of Defense. Gen. Davis, the luncheon keynote speaker on the first day of the July 24-27 AFCEA International Cyber Symposium in Baltimore, said the United States recognizes China as a rising power and a major voice in the cyber arena.

High-ranking officials from State Department, Defense Department and other agencies, have been engaged in bilateral, multi-lateral and international forums such as the United Nations and NATO. “As an example, of a critical bilateral relationship, I had the great honor to travel to China twice in the last year and engage as part of a collective U.S. academic and government interagency forum with counterpart Chinese academic and government organizations,” Gen. Davis said.

“U.S. senior government officials across the agencies have been actively engaging their Chinese government counterparts, including the People’s Liberation Army, in a number of ways already, and we would like to see those engagements expand,” Gen. Davis reported. “I had the opportunity to personally encourage a more direct military-to-military relationship with China in a serious effort to help our two nation’s militaries better understand each other, to reduce misconceptions, to reduce misinterpretations and ultimately, to reduce the chance of mistakes that can happen in cyberspace and perhaps spill over into the physical domains.”

Streamlining Coalition Mission Network Participation

June 17, 2013
By George I. Seffers

NATO and eight coalition nations participating in the Coalition Warrior Interoperability eXploration, eXperimentation and eXamination, eXercise (CWIX) are working to reduce the amount of time it takes to join coalition networks in the future. On average, it took a year or more for a nation to join the Afghan Mission Network, but officials hope to trim that down to a matter of weeks, says Lt. Col, Jenniffer Romero, USAF, the CWIX Future Mission Network focus area lead.

“On average, it was taking a year, maybe 18 months, for a nation to join the Afghan Mission Network, and usually we don’t have that much time,” says Col. Romero, who also serves as the chief, cyber assessments for the U.S. Joint Staff J6 Command, Control, Communications and Computers Assessments Division.

The network for future operations will be a federated network modeled after the Afghan Mission Network, for which NATO offered the core infrastructure that participating nations could connect with using their own networks. Col. Romero explains that the goal is to have core services up and running on “day zero,” which she defines as the day pre-deployment orders drop. “Our goal is for the lead nation or lead organization to have the core up and running on that day and for people to be able to join within weeks as opposed to months and months,” she says.

To streamline the process, officials are creating templates of instructions for joining future coalition networks, which NATO officials refer to as the Future Mission Network and U.S. officials dub the Mission Partner Environment. For the CWIX exercise, which runs from June 3-20, they have built a mission network that includes core services such as voice, chat, email and document handling. “We’re assessing those core enterprise services on a future mission network that was built for CWIX 13 specifically for that purpose,” the colonel states.

Cyber Commander Calls for Consolidated Activities

June 12, 2013
By Robert K. Ackerman

In the midst of a raging controversy over widespread National Security Agency (NSA) monitoring, the head of the NSA and U.S. Cyber Command defends cyber surveillance efforts and calls for greater consolidation of cyber activities among diverse organizations.

Cyber, Security Focuses for Marine Forces Pacific

June 12, 2013
By Rita Boland

Cyberwarfare is a primary concern for the U.S. Marine Corps as it continues its rebalance toward the Asia-Pacific region. With the growing involvement of cyber in every operation along with specific concerns of virtual attacks from large nations in the region, emphasis on the new domain is becoming increasingly important.

Cyber Command Redefines the Art

June 1, 2013
By Robert K. Ackerman

The U.S. Cyber Command is developing a strategy that acknowledges the convergence of network systems by empowering a similar convergence of military disciplines to help place U.S. cyberspace operators on a level field with their malevolent counterparts. This strategy acknowledges that the structure of the cyberforce has not kept pace with technology developments. As all types of information management—networking, communications and data storage—became digitized, previously disparate disciplines assumed greater commonality. With more common aspects, these disciplines share similar vulnerabilities as well as potential solutions.

The Biggest Threat Today

June 1, 2013
By Kent R. Schneider

U.S. Director of National Intelligence Lt. Gen. James R. Clapper, USAF (Ret.), recently testified in Congress that cyber attacks have become the greatest single threat facing the United States. He went on to say the threat is particularly acute for the nation’s critical infrastructure and reminded Congress that the majority of critical infrastructure in the United States is privately owned.

The European Union Internal Security Plan, written in 2011 and updated annually, makes the same assertion: cyber security has become the greatest vulnerability for the European Union and its member nations.

Cybersecurity has become so important because the range of threats includes recreational hackers, hacktivists, cyber criminals, terrorists, and state or state-sponsored actors. The targets include government networks, systems, applications and data as well as those of industry and private citizens. At the same time, the tools available to bad actors are diverse, sophisticated and inexpensive or free—and easy to obtain on the Internet.

If you have not visited a cyber laboratory recently, I encourage you to do so. Should you have doubted the seriousness of the threat, such a visit will make a believer of you. Many of AFCEA’s member companies have good laboratories; the iCollege at the National Defense University has a great set of laboratories specific to various types of systems; and the National Police Academy in Prague, Czech Republic, has done some amazing work in computer forensics that will open your eyes. In addition, the NATO Cyber Center of Excellence in Tallinn, Estonia, was developed to support a multinational approach to cybersecurity.

Cybersecurity--
Everybody's Doing It

June 1, 2013
By George I. Seffers

With attacks on critical data increasing in numbers, intensity and sophistication, securing networks is becoming a global effort while fostering greater information sharing among agencies, governments and the public and private sectors. The future of cybersecurity offers greater opportunities for industry and greater cooperation on national security and critical infrastructure protection, say executives at some of the largest U.S. defense companies.

The Best Laid Plans Fly Awry

June 1, 2013
By Max Cacas

The U.S. Air Force’s migration to a new enterprise network known as AFNET will be at least two years late in completion because the project turned out to be more complicated than planners anticipated.

Pages

Subscribe to RSS - Cyber