Cyber

A new computing architecture emphasizes shared resources.

The nation’s intelligence community has embarked on a path toward a common computer desktop and a cloud computing environment designed to facilitate both timely sharing of information and cost savings. The implementation could result in budget savings of 20 to 25 percent over existing information technology spending within six years, but the ramifications could include large cultural changes that result both in lost jobs and business for industry partners.

Al Tarasiuk, chief intelligence officer for the Office of the Director of National Intelligence (ODNI), explains that the changes will be difficult. Agency employees, and the vendors who help operate and manage information technology for the 17 agencies composing the nation’s intelligence apparatus, will feel the effects of the cost cuts.

“Right now, technology is not our biggest risk. The culture change is our biggest risk, and that extends to our industry partners. We have a lot of industry employed in the community through service contracts and other things. They could help, or they could choose not to help,” Tarasiuk emphasizes, candidly describing the pivotal role of these firms in a transition that could spell the loss of both business and jobs. “They know, and I’ve been very open with them, that we’re not going to need the pool of resources of people that we have today to manage what we have in the future.”

The final conference in the TechNet Land Forces series focuses on military efforts to defend vital computer networks.

It is noteworthy when the nation’s top military leader in the realm of cybersecurity openly admits to using a piece of shareware to teach himself how to think like a hacker. Gen. Keith Alexander, USA, commander of U.S. Cyber Command, and director, National Security Agency, related in his keynote address at the TechNet Land Forces East conference at the Baltimore, Maryland, Convention Center in August, that he spends some of his nights and weekends working with Backtrack, a Linux-based software application that is readily downloadable from the Internet and allows the user to practice and learn basic cyber-penetration tactics. The general said it is vital for cyberdefenders to think like hackers, who cultivate a working understanding of the vulnerabilities of networks and who work every day to exploit those vulnerabilities.

Rear Adm. David Simpson, USN, vice director of the Defense Information Systems Agency, rhetorically asked during a panel discussion on the future of cybersecurity how one would distinguish the collection of routers and switches that make up the Internet from the kitten videos, blogs and other content that populates its servers. It is vital to understand the distinction, he emphasized. Budgets are declining, and expectations are rising that the military one day may play a role in defending not only the .gov and .mil Internet domains but also the .com private business domain. Brig. Gen. George Franz III, USA, director of current operations at U.S. Cyber Command, noted that it is vital to develop the capability to see down to the end of the conduits.

The National Intelligence University prepares for its fifth decade with a shift in focus and a change in venue.

The National Intelligence University, which provides advanced training to U.S. intelligence professionals, is transitioning from an institution primarily focused on the U.S. Defense Department to one serving the entire intelligence community. This reflects the new emphasis toward sharing and collaboration within the nation's intelligence apparatus.

To make the change a reality, National Intelligence University (NIU) leaders are rethinking and expanding the educational programs the institution offers. Plans also are underway to relocate the university to its own new campus in the very near future—in part to bolster its perception as an intelligence community strategic resource.

Dr. David R. Ellison, president of the NIU, says that the change began with the appointment of James Clapper as the director of National Intelligence in 2010. “Director Clapper recognized that if we were going to have a National Intelligence University in the intelligence community, the best place to start was with an accredited institution that had already achieved success in an academic area,” Ellison explains. He adds that Clapper went on to draft a memorandum to then-Secretary of Defense Robert Gates, defining education as a force multiplier and a tool that must be used to the advantage of the entire intelligence community.

“What he envisioned was that the then-National Intelligence College would become the National Intelligence University, and it would provide accredited education, academic research and academic outreach to the intelligence community as a whole,” Ellison points out.

The defense information technology realm is exploding with innovation—so much so, the organizations tasked with ensuring effective information systems run the risk of losing control of both the process and its capabilities. The Defense Information Systems Agency has issued a new strategic plan that outlines its approach to ensuring advanced technology implementation without reining in innovation.

An instructor from Georgia teaches a class to a group of Afghan cyberprofessionals. The Afghans traveled to Turkey as part of a NATO program to improve cyberdefense in their home country.

Sixteen Afghan cyberprofessionals set out along the fabled Silk Road earlier this year, but unlike those who traversed the routes during times past, they peddled no wares nor carried any desires to conquer. Rather, they journeyed to Turkey in search of skills that will help them turn a developing nation dealing with a vast array of cyberthreats into a place of stability with the technology capabilities necessary in the modern world.

NATO spearheaded this SILK-Afghanistan education effort that allowed Afghan representatives to attend a two-week course at Turkey’s Middle East Technical University (METU). That school was chosen both for its expertise and for the relative ease of logistics in hosting the event in Turkey. The Afghan students work in various institutions in their native nation, including universities in the city of Kabul and in other provinces, the country’s Ministry of Higher Education and the Afghan Telecommunications Regulatory Authority under the Ministry of Communications and Information Technology. Students also were chosen because of their roles in setting up the Afghan national database and because of a desire to enhance cooperation between two ministries in the government.

Patrick Grother is a computer scientist with the NIST Information Technology Laboratory, in charge of the biometric portion of the FIPS 201 update.

The Personal Identity Verification cards used by every federal worker and contractor are being revised to address the technology advances that have occurred since the card standards were published in 2005. Changes are expected to reflect improvements in identity verification using biometrics and to address integration of mobile devices as well as to manage credentials in a more cost effective manner.

Each Personal Identity Verification (PIV) card carries an integrated circuit chip that stores encrypted electronic information about the cardholder, a unique personal identification number, a printed photograph and two electronically stored fingerprints. Along with being used to control access to facilities, some federal agencies use PIV cards with readers to control access to computers and networks. The Federal Information Processing Standards 201 (FIPS 201) ensures that the PIV card will be interoperable across the government.

The update to FIPS 201, which defines the operation of the PIV cards, is being managed by the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST). NIST expects to publish the final draft of the standard, which will be called FIPS 201- in the spring of 2013. The standard is currently in the comment period.

By year's end, NATO's rapid reaction team of network defenders is expected to be operational. These cyber experts will be capable of deploying within 24 hours to any NATO nation undergoing crippling attacks on its information technology infrastructure or to the battlefield in support of warfighters.