The Honorable Charles E. Allen, former undersecretary for intelligence and analysis, U.S. Department of Homeland Security (DHS), stated that terrorism in the second decade of this century continues, but those groups that organized attacks are a shadow of their former selves. Allen, the initial Thursday speaker at AFCEA International’s Homeland Security Conference warned, “We cannot declare victory,” and he added that the United States must learn to be more resilient when attacks occur.

“We need to get tough. We are going to be attacked again. President Obama said that we could absorb another attack, but he was politically pummeled for it. But whether you are a Republican or Democrat, you have to know that we have to be resilient as a nation, and we aren’t there yet,” Allen said.

Allen described the time since 9/11 as one that included a slow but steady chipping away at al-Qaeda leadership. It is now a “hollowed out” organization, and while attacks continue overseas, those planned for U.S. sites have been thwarted time and time again, he said. Despite these successes, terrorist networks are still dangerous, and the U.S. must still worry, he stated.

Al-Qaeda–Iraq, or AQI, seems to be reinventing itself, Allen related. One of the most dangerous groups is the al-Qaeda in the Islamic Maghreb, which developed in North Africa. This umbrella organization that operates in Mali and Algeria appears to be focused on attacking the apostate governments but not yet focused on attacking Western Europe even though cells and sympathizers exist there, Allen shared.

The ability of terrorist organizations to recruit remains strong because their communication capability is the Internet. But Allen said that al-Qaeda does not need to actively seek new members, because disgruntled citizens in many nations are coming to them. These people are vetted and then trained. “It [al-Qaeda] is taking advantage of young men who have been influenced from an early age by what they read on the Internet,” he explained.

The U.S. should expect attacks to continue—particularly to the physical infrastructure where massive casualties are the goal. “In other wars, we had an end; not in this one,” Allen stated.

The U.S. Department of Homeland Security (DHS) is rife with opportunities for the commercial sector, according to panelists discussing ways to do business with the department speaking during the final Wednesday session at the AFCEA International Homeland Security Conference. But companies should be aware that the rules of engagement are changing, or already have changed, in a number of instances, so they should thoroughly research upcoming contract awards.

Kevin Boshears, director, Office of Small and Disadvantaged Business Utilization, DHS, offered a few examples of the changes. Calling some of these adjustments “scorching hot,” Boshears stated that the department has made a conscious effort to make small business participation a part of the acquisition process. “This participation has not been an afterthought and not the only thought but part of the process. And the accomplishments and the work that small businesses have done for us speak volumes,” he said.

“Some things you can absolutely count on to continue to see are that small businesses will continue to have both prime and subcontracting opportunities,” he added. “At DHS, we are going to continue to use a variety of contracting vehicles.”

Boshears also explained some of the new items companies should examine closely. For the first time in the history of the GSA Schedules Program, federal agencies—including the DHS—haves the authority to do formal set-asides on the GSA Schedule. This change is the result of the amended Federal Acquisition Regulation, which went into effect on November 2, 2011. “That’s having a ripple effect across the government,” he stated.

A key segment of the small business size standards also has changed, Boshears added. As of March 12, 2012, the 54 Series goes into effect. “One of the most commonly used small business NAICS codes is 541611. The current size standard is $7 million if you look it up today. The event that causes it to jump to $14 million is a big change. This also affects large business, because you have to ask for companies’ sizes when you’re looking for a subcontractor,” he related.

Amazing anecdotes kept the audience entertained during the lunch session at the AFCEA International Homeland Security Conference. The experts spoke about a serious subject: cyberwar. But the stories about their hands-on experiences in learning how to fight cyberwars, how they’ve fought cyberthreats and what they believe is needed to prepare future cyberwarriors kept conference attendees enthralled.

Among the panelists was Maj. T.J. O’Connor, USA, 10th Special Forces Group (A), S-6. While attending the U.S. Military Academy, Maj. O’Connor had some time on his hands that led him to learn how best to defeat cyberattacks. He and his fellow cadets would spend the little free time they had playing the now nearly 20-year-old video game Command and Conquer and attempting to defeat one another’s large armies with their own large armies.

Admittedly not being one to follow the rules, the major decided to spend all of his virtual dollars on training one character, Tanya, a Russian special operations soldier, rather than taking the tradition route of pitting large forces against his enemies. His adversaries, who had chosen to fight with large armies using state-of-the-art strategies, were constantly amazed that he was able to win time and time again by sending Tanya up against their massive forces.

This free-time hobby turned out to be strangely predictive of the adversaries he would face during his career in cyberspace. “Once trained, Tanya would take out entire infantry brigades. Also difficult with Tanya was that she was a single entity, so the enemy finding her on the battlefield to engage her was nearly impossible,” Maj. O’Connor explained.

“It was absolutely entertaining to watch as I would destroy Gen. Schwarzkopf wannabes with one single soldier. They were totally upset that their strategy and tactics that they had trained were totally ineffective against my no strategy at all. That’s where we’re at in cyber today. It’s a completely asymmetric platform that favors the adversary; it favors the individual,” he stated.

But Maj. O’Connor did not leave the audience hanging. He shared the lessons he learned from this experience, saying that today’s cyber battlefield requires an asymmetric defense. To deploy an effective defense, cyberwarriors must understand the offense. “Our individual defenders must be offenders first,” he stated.

Pointing out some failed cybersecurity approaches, the major proposed that a unified defense leads to a unified failure. Although sole-source solutions have advantages, they also can be a weakness if they are deployed across all networks. “If we reduce our investment in one line of defense, we have reduced our adversary’s R&D to break into it to nothing,” he stated.

In a time when government agencies and industry must tighten their belts, it may be a cloak that saves the security day. While discussing best practices in securing the cloud at the AFCEA International Homeland Security Conference, panelist Tim Kelleher, vice president of professional services, BlackRidge Technology, shared details about his company’s approach to stopping cybermarauders in their recon tracks.

The technique is called cloaking, and Kelleher used caller ID to describe how his company’s solution could improve cybersecurity not only in future environments but in current networks as well. Most cyber attacks begin with reconnaissance, he explained. Prior to the caller ID capability, when a phone rang, a person would have to pick it up to determine who was calling. The simple act of answering the phone gave the caller reconnaissance information: the phone number was valid, someone was at home and that someone was male or female. If noises could be heard in the background, the caller also may know that the person had a spouse, children, a pet or a television. Without saying a word, the call recipient had enabled the caller to obtain information.

Because the Internet relies on TCP/IP—a protocol that’s sacrosanct—this same recon mission takes place countless times each day within networks, Kelleher explained. A three-packet process connects the correct computers to one another. However, it is the second packet that establishes a connection similar to life without caller ID—a connection that occurs before firewalls are engaged.

“We’ve known this is a problem, but we don’t want to touch TCP/IP,” he allowed. However, Kelleher’s company has created a technology that enables networks to know who is “calling” before the second packet engages. As a result, hackers conducting recon operations do not even know which computer or network has been reached. “Effectively, the solution cloaks off the network,” he explained.

Kelleher said that this technology is designed to bring more security to the cloud environment and in general protects traditional systems on the basis of identity.

Paul A. Schneider, former deputy secretary, U.S. Department of Homeland Security (DHS), kicked off the AFCEA Homeland Security Conference this morning by stating that not enough revenue has been allocated in the U.S. budget to fight all the cyberthreats, which are some of the most critical dangers facing the nation today. The U.S. currently is as unprepared to protect its cybernetworks as it was to protect New York and Washington, D.C., on 9/11, Schneider said.

Shortfalls exist in protecting physical infrastructure such as power and water facilities. “When all is said and done, this is just crime using the Internet,” he added. To address these threats, Congress has been working on legislation that allows for information sharing between government and industry. Calling himself a “net purist,” Schneider stated that making it easier for industry to report security breaches is a solid step forward, but he agrees that civil liberties and privacy must be taken into consideration.

Although he has been away from government service for two years, it is obvious that Schneider has kept in touch with what needs to be done to increase cybersecurity. And it is perhaps because he has been an outsider that he has some common sense recommendations to address today’s cyberthreats.

First, Schneider pointed out that the overall cybersecurity issue is too large to take on as a whole, and as a result, he suggested government agencies address a few chunks of the problems at a time. He proposed government-industry cooperation between the agencies and companies in and around the National Capital Region—a region that is ripe with innovators and test beds.

He also recommends open information technology portals between industry and government agencies, because “normal contracting does not meet the speed at which technology changes.” Noting that he is and has been on the boards of several companies, he has experienced first hand the frustrations of small and large companies alike as they attempt to offer viable cybersecurity solutions to the government.

One of Schneider’s solutions sounded almost too simple to be possible. Just as people have security firms to protect their homes and properties, solutions should be developed that also protect facilities’ networks.

Although not claiming victory, the U.S. Department of Homeland Security (DHS) has made some serious headway in improving cybersecurity, according to panelists discussing the topic at the DHS 2012 Information Technology Industry Day in Washington, D.C. Experts said the threats have not disappeared but rather have changed, and various DHS agencies have been learning how to better handle them.

Alma Cole, chief systems security officer, U.S. Customs and Border Protection, described today’s cyberthreats in a way the other panelists agreed with. In previous years, some of the most serious cyberconcerns revolved around malicious activity from personnel within an organization. Although that threat cannot be ignored, new network activity tracking capabilities are helping to keep that threat in check to some degree. And although hactivists may embarrass organizations in the public forum, today one of the largest threats is silent—those hackers who creep into networks to steal intellectual property or identification.

But with a few years of tracking hacking beneath their belts, the DHS cybersecurity experts have put into place a number of solutions to help protect national infrastructure—both cyber and physical. Concepts of operations have been developed and central security control centers have been put into place. Both of these enable the DHS and its agencies to know what’s going on across networks and what to do when suspicious activity is suspected or a breach occurs. In addition, today’s capabilities provide forensics, which enables cybersecurity personnel to understand what happened and how to address the vulnerabilities.

“We also have been able to get critical analysts to map out how people have been trying to attack our networks,” Cole added. “And then, they are able to figure out how to stop them.”

While this news is mostly good, Dave Epperson, chief information officer, National Protection and Programs Directorate, pointed out that the volume of data these capabilities produce has become a challenge. He called for cyber visualization tools that are more specific than the “green, amber, red” and “trending” capabilities available today. Creating such tools is “tough to do,” Epperson admitted, and he added that it is difficult even to describe the specific capability needed, but he said he will know it when he sees it.

Members of the two morning panels at the DHS 2012 Information Technology Industry Day hammered home the need all DHS agencies have for information sharing and information security within a mobile environment.

In addition to constrained budgets—a topic that all the panelists said was unnecessary to mention yet spoke about extensively—the agencies continue to face slow processes to put these capabilities into place. Among the hurdles that continue to surface are slow certification and accreditation processes, barriers to entrance for industry and exit from contracts for government, and management of authoritative data sources.

Every chief information officer (CIO) must treat each dollar as if it’s the last one they have to spend on IT, panelists agreed. This means that they are no longer interested in gadgets but rather capabilities that feature economical operating and management in the future. In addition, companies that come to the table with metrics about return on investment are those that DHS’ CIOs are most likely to pay close attention to and seek the dollars to “prime the pump” for a purchase despite diminishing budgets.

CIOs from the DHS emphasized that their information sharing about companies’ solutions has improved immensely during the past several years. As a result, they are able to build on each others’ purchases, saving time and dollars that can be invested in areas that have had to do without in the past.

Rear Adm. Robert Day, USCG, CIO, U.S. Coast Guard, perhaps summed up the budget issues best: “In fiscal year 2012, the ‘nice-to-haves’ have gone away; in fiscal year 2013, the ‘should haves’ are going away; in fiscal year 2014, the ‘must haves’ will go away. This progression is one that worries all the CIOs as they wonder if they’ll have the revenue they need to address future threats,” he added.

Richard Spires, chief information officer, U.S. Department of Homeland Security (DHS), kicked off DHS Industry Day by declaring that it is time to find the balance between the IT needs of individual DHS agencies and leveraging IT throughout the department as a whole. The department needs to take a “shared first” approach to commodities and then look at unique technologies needed by the individual agencies.

Although the DHS on the whole has not always completed IT projects on time and on budget, Spires said that the council has set up centers of excellence that help determine how to assist the agencies achieve success. Robert Foster, acting CIO, Immigration and Customs Enforcement (ICE), added that the centers enable the agencies to tap into a central repository to meet individual IT needs from an enterprise level, and he called for increasing the number of centers.

Spires led a panel comprising the department’s CIO council, including Margie Graves, deputy CIO, who said that one of this year’s focus areas will be “as a service” offerings, including email, SharePoint and testing new IT capabilities not only throughout the development process but also during the roll-out process.

Leveraging department resources across the agencies that comprise the DHS will be increasing important as each organization grows its mission. For example, Rear Adm. Robert Day, USCG, CIO, pointed to the data collected after the April 2010 Deepwater Horizon oil spill in the Gulf Coast—18 terabytes of it. If the DHS did not have the capability to efficiently process and analyze that plethora of data, the Department of Justice would not have the evidence it needs for the subsequent law suits and holding BP accountable for the clean-up.

Panelists agreed that, despite the benefits, challenges exist in moving toward an enterprise-wide infrastructure. Among the most common challenges are legacy applications, the need for agile development and testing, and new acquisition approaches that enable agencies to purchase capabilities in small chunks rather than through huge contract commitments.

Protecting any nation’s citizens and institutions is difficult under any circumstances, but today’s economic limitations make this task even more challenging. Government and business leaders will meet at the Ronald Reagan International Trade Center February 28 to March 1 to tackle this topic during AFCEA International’s 11th annual Homeland Security conference.

Conference discussion topics include cloud computing, cyberwar, procurement, wireless broadband and social media. Small businesses’ interaction with the U.S. Department of Homeland Security (DHS) also will be explored.

Speakers and panelists include Jim Flyzik, president, The Flyzik Group; Peter Tseronis, chief technology officer, U.S. Department of Energy; Cathy Lanier, chief of police, District of Columbia; and Bruce Walker, acting vice president, homeland security, Northrop Grumman Information Technology.

Although the first day of DHS IT strategy sessions is not affiliated with the AFCEA conference, coverage of the sessions will be featured on the Coverage and Collaboration: Homeland Security 2012 Web page.

Robert K. Ackerman and Beverly Cooper will be co-blogging the AFCEA/USNI Joint Warfighting Conference from Virginia Beach next week.

Go directly to the coverage at www.afcea.org/signal/signalscape/index.php/subject/joint-warfighting.

Follow coverage on Twitter by using the hash tag #jwc11, or visit this link to see the Twitter stream in action.