Cybersecurity's Crystal Ball

August 16, 2012
By Max Cacas, SIGNAL Online Show Daily

The final day of the TechNet Land Forces East conference in Baltimore yielded signs that the task of protecting the military’s and the nation’s digital infrastructure is still very much a work in progress. But peering through the crystal ball, one sees signs that both the defense establishment and private industry are making decisive steps toward the goal of safeguarding the Internet from attack.

In fact, Steven Sprague, president and chief executive officer of Wave Systems, said the priority in cybersecurity needs to shift away from protecting the network to making individual devices that access that network more trustworthy in the first place. His firm writes the key software for the Trusted Platform Module (TPM), a chip that has been installed on more than 600 million devices, primarily solid state electronic drives, all over the world. The problem, says Sprague, is that not all manufacturers are willing to spend the extra money to enable the chip’s security capabilities. Apple Computer has done so with nearly every iPhone and iPad that’s been made, and those devices, he said, are relatively easy to secure if needed. This fall, devices running Windows 8 for mobile devices will become the first Microsoft products that will support the use of TPM. Sprague is hopeful that more adoption of the TPM will herald a new cybersecurity doctrine known as “Only Known Devices.”

In an effort to stimulate new thinking in the realm of acquisition, and agile software development as part of the TechNet Land Forces series, AFCEA has featured PlugFest, a competition in which developers are handed an information technology challenge and given under 48 hours in which to formulate a solution. In Baltimore, developers were given a cybersecurity-related challenge. Steven Price from Omni Rational Enterprises won first place for devising a means to turn multiple social networks around the world into a virtual “cybercop” to ferret out and detect patterns and trends in criminal behavior. The second place winner, Steve Guerin from Simtable, developed a way to display information gathered in a social-media-like context from warfighters carrying smartphones and tablets to update strategic maps of a test incident in Afghanistan in near-real time. Morakot Pilouk, with ESRI Incorporated in Thailand, took third place for developing a system able to verify malicious or safe data sources at the far end of any sensor network.

Lt. Gen. Rhett Hernandez, USA, the first commanding general of the U.S. Army Cyber Command, took some time during his visit to the conference to roam up and down the aisles of the exhibit hall to visit with companies that had hardware and applications to sell to the Defense Department. In his luncheon keynote speech, Hernandez took time out to talk about expectations for the Joint Information Sharing Environment, which he says will allow warfighters to more readily exchange vital information. The general repeated a plea made by other speakers and panelists at the conference: that the acquisition process be modified and made more agile to help the military acquire and implement the latest technology on a timelier basis.

With cyberattacks against the networks of the military and even private sector businesses taking place almost daily, one might consider the final panel of the conference on how to define “winning” in the cybersecurity arena to be somewhat presumptuous. But Bill Waddell, director, C2 and Cyberspace Operations Group with the U.S. Army War College, and moderator of the panel, said that neither the nation or the military have a thorough understanding of cyberspace, so it may be premature to begin looking for the signs of success. Still, he said, it’s vital that the “whole of government” doctrine of cybersecurity discussed frequently during TechNet Land Forces East be the primary influence as policies and procedures are laid out and executed.

Like Gen. Hernandez, Lt. Gen. Susan Lawrence, USA, the Army’s chief information officer/G6, said that defense in depth must be the watchword for protecting Army networks, which are currently being revamped to improve performance and simplify their defense. Jeff Witsken, chief of network integration with the Mission Command Center of Excellence, noted that his organization is putting the finishing touches on the first field manual that will address both cybersecurity and electronic warfare.

For complete coverage of TechNet Land Forces East, visit SIGNAL’s Coverage and Collaboration page.