BAE Systems Information and Electronic Systems Integration Inc., Burlington, Mass., is being awarded a $29,023,781 cost-plus-fixed-fee contract (HR0011-13-C-0075). This award supports the Defense Advanced Research Projects Agency Insight Program, which is developing an adaptable, integrated human-machine exploitation and resource management system. The contracting activity is the Defense Advanced Research Projects Agency, Arlington, Va.
Lockheed Martin Aculight, Bothell, Wash., is being awarded an $11,796,483 modification to a previously awarded cost-plus-fixed-fee contract (N68936-12-C-0212) to exercise an option under this Phase III Small Business Innovation Research contract to fabricate, test, and deliver a spectral beam combined fiber laser subsystem. The Naval Air Warfare Center Weapons Division, China Lake, Calif., is the contracting activity.
Booz Allen Hamilton Inc., McLean, Va., is being awarded a $21,743,595 modification (P00009) under previously awarded cost-plus-fixed-fee contract (N00189-12-C-Z064) to provide support services in the areas of training and education; engineering; program and financial management; plans and programs; communications, command, control, computers and intelligence and electronic warfare; naval operation; manpower and personnel management; technical support; logistic and supply; English language training; special studies and management support services for the Royal Saudi Naval Forces associated with the Saudi Naval Support Program requirements in the United States and Saudi Arabia. Work will be performed in Saudi Arabia, and McLean, Va. The Naval Supply Systems Command Fleet Logistics Center, Norfolk, Philadelphia Office, Philadelphia, Pa., is the contracting activity.
While government and industry wrestle with issues of sharing cyber intelligence, different private sectors face an equally difficult—and important—task of information sharing among themselves. Many face similar threats, and their survival against cybermarauders may depend on how well they share threat knowledge.
Information sharing is a major discussion point in the two-day AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. In a panel discussion, Robert Mayer, vice president of industry and state affairs at the U.S. Telecom Association, called for more cross-sector activity and engagement so that the industry sectors share more information.
“We in industry have a responsibility to bridge across the silos and create cross-connections,” he stated.
That will not be an easy task. Industry traditionally has been reluctant to share information with government; sharing with other sectors will raise similar concerns. Larry Zelvin, director of the National Cyber and Communications Integration Center at the Department of Homeland Security, cited a lack of clarity, with industry on information sharing. Many companies are fearful, he noted, and longtime cultural issues must be overcome.
Effective cyber experts require an increasing skill set that is putting them out of reach of the government. As threats have become more diverse, so have the abilities needed to defend against them, and the government may need to turn to innovative methods of building its cyberforce.
Rear Adm. Edward Deets, USN (Ret.), director, software solutions division, Software Engineering Institute, Carnegie Mellon, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the nation has “a geopolitical knowledge gap—not just analysts, but also people doing things in the traditional tradecraft that we do today.” Foreign espionage is increasing as national relationships change and developing countries become players in the global marketplace.
Steven Chabinsky, chief risk officer and senior vice president for legal affairs at CrowdStrike, warned against expecting the incoming generation of professionals to be immediately adept at new technologies without the need for training. “Today’s generation is not that much more skilled than we are,” he stated. “They are familiar with using the technology, but don’t take false comfort in thinking that we won’t have to train them.”
Chabinsky also called for a new approach to training and education. “We have overemphasized college education to the point where people need their master’s degrees,” he charged. “Instead, we need more apprenticeships, and government can take the lead on this.”
Adm. Deets pointed out the need for government support for professional development. “[The Defense Department] must invest in intelligence training and education tracks for people to be integrated into the cyber domain. It’s incredibly expensive,” he said.
Just as an earlier panelist at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., emphasized the importance of the human element in cyber intelligence, a subsequent panel sounded the alarm for acquiring and keeping cyber personnel. Obsolete hiring rules and competition from the private sector loom large as impediments to the government’s ability to hire and retain effective cyber intelligence personnel.
Competition from the private sector is quantifiable. Daniel Scott, Office of the Director of National Intelligence, pointed out that the government is offering less than half the annual salary than the private sector for skilled cyber graduates. These young people need to earn a lot of money in the first 10 years of their careers so they can pay off their college loans, he pointed out. And, the need for these people is immediate.
“We can spend millions and millions on scholarships, but we need to hire people today,” he stated.
Scott also called for comprehensive civil service reform. “It [civil service hiring] was written for the industrial age; it will not work for the skill set we will need in cybersecurity. We need more flexibility to bring people in and retain them,” he declared.
Information sharing, automated intelligence reporting and all-source analysis capabilities are cited by many experts as being necessary for helping ensure cybersecurity. However, the human element must remain not only present, but also dominant, in any cybersecurity process.
That was one point presented in a panel discussion at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. Rear Adm. Elizabeth Train, USN, director for intelligence, J-2, the Joint Staff, cited an automated unclassified intelligence reporting system as one capability that is needed but is still a way off.
She added that all-source analysis is still the key to good intelligence. Information sharing is another desirable capability, although achieving it is a challenge across the entire intelligence community, not just in cyber, she noted.
While endorsing the need for new capabilities, Mark Young, former executive director, Directorate for Plans and Policy, U.S. Cyber Command, sounded a cautionary note. “Correlation does not necessarily mean causation—the role of the analyst is even more critical,” he declared. “We use these automated tools to find the needle, but so what?
“We can talk about the pace of technology all we want, but if you have the proper mindset for analysis, the technology doesn’t matter,” Young emphasized.
Young agreed that industry can help with cyber threat intelligence, but it may be elusive. “We need information sharing legislation, but I don’t think it’s going to happen,” he offered.
The military is so busy combating cybermarauders that it has not been able to shape an overall strategic approach to securing cyberspace, said the head of intelligence for the Joint Staff. Rear Adm. Elizabeth Train, USN, director for intelligence, J-2, the Joint Staff, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the cyberdomain is a multidimensional attack domain that threatens both the military and the private sector.
“We’re doing more tactical blocking and tackling than strategic defense right now,” Adm. Train said.
She called for a stronger two-way relationship between government and industry as a cornerstone of information sharing. While intruders largely target the private sector, they also are targeting the Defense Department. “We’ve experienced an unprecedented number of incidents,” she said of the department.
One of the challenges is that, in an interdisciplinary mission such as cyber, a gap in technology knowledge is present across the work force. The admiral called for a standard lexicon and vocabulary so that participants can understand each other clearly. For example, she noted, some cyber experts are not experts in intelligence tradecraft, which hampers effective communications in the rapidly changing cyber arena.
“The world is introducing digital capabilities at a pace faster than we can understand them,” the admiral stated.
The same challenges facing the military now confront law enforcement as it embraces cyber capabilities. Disciplines ranging from data fusion to security are becoming integral parts of the curriculum for police officers.
Cathy Lanier, chief of the Washington, D.C., Metropolitan Police Department, did not understate the changes technology has wrought as she spoke at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. “It almost feels like completely reinventing police work,” she said.
With the force using information technology in most aspects of police work, cybersecurity is one of the top priorities for officers. “With all that technology, we have had to re-educate our entire police force and civilians on cybersecurity,” the chief offered. “We’ve had to change the type of employee we go after and teach the current police how to use it.”
Chief Lanier added that training alone is not the only part of the equation. The department must bring its people up to speed on these new technologies, but it also must obtain the policy to go along with it.
New information technologies have advanced the state of the art in law enforcement at the local level, but police now find themselves facing challenges brought about these innovative capabilities. Problems of security and adversarial use of cyber have added to traditional problems that police departments have faced for decades.
Cathy Lanier, chief of the Washington, D.C., Metropolitan Police Department, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that she believes the Metropolitan Police Department is the most automated in the country. But, even though that technology is helping law enforcement solve crimes, criminals are using technology to their own advantage.
“Cyber is creating a different breed of criminal,” Chief Lanier said. “It has changed dramatically how criminals operate. Criminals are learning how to use these new tools faster than the old criminal methods—the expertise out there is staggering.
“Street criminals are using technology much more efficiently than we are,” the chief continued. “We’ve had to learn how to infiltrate cyber to fight crimes—even violent crimes.”
Part of this effort includes greater use of the department’s fusion center to process vital data, she noted. The department is able to access a variety of different media to generate information that can help solve a case that would have been unsolvable just a few years ago.