The Cyber Edge

The personnel within the Realities Lab at the Army Cyber Institute located at West Point explore every aspect of extended reality technologies, developing new tools, conducting studies and asking the hard questions.

The Realities Lab is dedicated to research in what is becoming known as extended reality, or XR, a term that includes augmented, virtual and mixed reality. Extended reality technologies offer a wide range of military uses, including realistic training available virtually anywhere, modeling and simulation for weapon system development, and actual situational awareness on the battlefield.

The U.S. Cyber Command, at the invitation of foreign governments, sends teams of cyber warriors overseas to aid in the search for, analysis of and protection against adversaries conducting cyber warfare.

While U.S. forces frequently deploy overseas, this is a different kind of military support. Instead of taking tanks, helicopters and ships, the U.S. military sends its cyber warriors, armed with their adroit offensive and defensive skills and digital tools.

Recent cyber attacks against critical infrastructure such as the attack on Colonial Pipeline Co. has put cybersecurity in the spotlight.

But combating cyber adversaries is a broad area requiring significant amounts of human intelligence and a deep technical expertise to identify them, Gene Yoo, CEO of Resecurity Inc., told SIGNAL Magazine Editor-in-Chief Robert K. Ackerman during a SIGNAL Media Executive Video interview.

Adversaries come in different types, he added, noting that these range from part-time hacktivists to skilled professionals working for criminal organizations or state intelligence agencies.

Cyber education and training should begin not in college, not in secondary school, not in middle school, not in elementary school, but at home as soon as children are able to view or use social media, say some experts. This training is important not just to lay the groundwork for future cybersecurity professionals in a field starved for expertise, but also to instill good cyber hygiene habits that can be passed on to other family members.

The U.S. Army is creating a pilot program for a limited number of Signal Warrant Officers to build certain skills that the service is identifying as being crucial for the future digital battlefield. The program, currently being developed by the Army’s Cyber Center of Excellence (CCoE) at Fort Gordon, Georgia, will feature an online training platform for soldiers to access on-demand education when needed to support future signal, cyber and electronic warfare operations.

The Cybersecurity and Infrastructure Security Agency, or CISA, the nation’s lead federal agency for protecting government networks and critical infrastructure against cybersecurity threats, reminded agencies and the private sector not to succumb to paying ransoms in cyber attacks and to take much greater steps to shore up any vulnerabilities. “As last week’s ransomware attack against the Colonial Pipeline and recent intrusions impacting federal agencies demonstrate, our nation faces constant cyber threats from nation states and criminal groups alike,” said Brandon Wales, CISA’s acting director in a May 13 statement. 

The massive cyber attack on the United States via information technology vendor SolarWinds continues to send shockwaves through the departments of Defense, State and Homeland Security as well as other agencies. Damage assessments are ongoing. If the U.S. government in general and Defense Department in particular are to successfully defend against attacks by well-funded, patient and highly motivated enemies, they will need to change their approach to defending their networks and systems.

The Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB), the sole authoritative source for operationalizing CMMC assessments and training by the U.S. Defense Department, has announced the formation of a cybersecurity Industry Advisory Council’s (IAC).

The CMMC-AB IAC mission is to provide a unified voice as representatives of organizations seeking certification to provide to the Defense Department and the accreditation board feedback, input and recommendations for implementing the CMMC.

The nature of military permanent change of station assignments can create gaps in the U.S. Defense Department’s protected posture to cyber assets. The current approach allows valuable institutional knowledge literally to walk out the door, often being replaced with inadequately prepared personnel walking in. This practice runs contrary to the Pentagon’s stated strategic goals that aim at building and maintaining a skilled workforce rather than solely acquiring new tools.

The federal government has been taking zero trust more seriously. Although a significant part of it has yet to be implemented, some initial work has been completed with zero trust network access, yet the outside-in approach to zero trust and complexity remains. But the more important aspect of zero trust relates to application and workload connections, which is what attackers care about and is not being protected today.

This “other side” of zero trust and a host-based micro-segmentation approach will lead to greater security and will stop the lateral movement of malware. Constituting multiple pilot projects is the best way forward in the inside-out approach to zero trust.

The rise of the People’s Republic China as a peer competitor vying for superpower status has emerged as an important challenge for the United States. To confront this competition, policy and decision makers must preserve and extend U.S. global interests to deter China if necessary and work in the international system in which the United States plays a vital role.

If all goes as planned, a major mobile cellphone carrier will ultimately adopt technology developed under the Defense Advanced Research Project’s Agency’s Open, Programmable, Secure 5G program. Doing so will allow the open-source, secure technology to proliferate as so-called Internet of Things technologies become more ubiquitous.

The telecommunications industry is currently rolling out the fifth-generation wireless network known as 5G, which is bringing more bandwidth, lower latency, high-speed throughput, improved reliability and increased connectivity to mobile communications. Off of that advancing communications point will come 6G, the sixth iteration of the wireless network.

Like the rest of the world, the U.S. intelligence community has been forced to telework during the COVID-19 pandemic, which offers opportunities, but then again, U.S. adversaries are working from home as well, which may offer opportunities, intelligence experts pointed out during a February 23 AFCEA Intelligence Committee webinar.

The online event included Melissa Planert, director, Tradecraft and Technology Group, Analysis Directorate, National Geospatial-Intelligence Agency, and Reid D, an innovator in secure government in the United Kingdom who did not want to be fully identified.

The Federal Bureau of Investigation (FBI) has a unique role as a federal law enforcement agency as well as a national security department. Its vast information technology enterprise must support its functionality in carrying out these roles, which have different rules of engagement. And when adding new tools, processes or software, the bureau has to consider solutions carefully. With zero trust architecture—a method that combines user authentication, authorization and monitoring; visibility and analytics; automation and orchestration; end user device activity; applications and workload; network and other infrastructure measures; and data tenants to provide more advanced cybersecurity—gaining use in the U.S.

Officials in U.S. federal and state governments need to consider and address the possible cyber risks stemming from the current civilian unrest, cyber experts advise. Until now, the federal government, especially, has had a foreign intelligence focus, said Adm. Michael Rogers, USN (Ret.).

Germany, the United States and many other nations are facing a more diverse, complex, quickly evolving and demanding security environment than at any time since the end of the Cold War. The resulting challenges to national and international security and stability could be as harmful to societies, economies and institutions as conventional attacks.

The U.S. Army upped the tempo when Gen. Mark Milley, USA, fired off his first message to the force in August 2015 as the newly sworn-in Army Chief of Staff: “Readiness for ground combat is—and will remain—the U.S. Army’s No. 1 priority.” Today, Gen. Milley is the chairman, Joint Chiefs of Staff, and the Army has rebuilt its tactical readiness through a transformational process that it is now expanding to focus on strategic readiness.

December’s news of yet another highly sophisticated break into U.S. government agencies’ cyber systems didn’t come as a surprise to the Government Accountability Office. The government’s auditing agency investigates possible weaknesses or cybersecurity gaps and makes key recommendations to rectify problems. In some ways, it saw this coming.

Cyber attacks against the Defense Department and many other organizations have increased dramatically during the COVID-19 pandemic, but the integration of cyber threat intelligence has helped the department defend its networks, according to Col. David Violand, deputy director of intelligence, Joint Forces Headquarters-Department of Defense Information Network (DODIN).

Col. Violand made the comments during the AFCEA TechNet Cyber conference, a virtual event held December 1-3.

Massive amounts of sensitive information on U.S. citizens are being collected, created, shared, bought and sold, and in some cases used as a weapon by the country’s adversaries, according to a panel of experts speaking at the AFCEA TechNet Cyber conference, a virtual event held December 1-3.

The information is gathered and sold by companies such as Facebook and Google and the producers of a wide range of applications, programs and technologies. 

The U.S. Defense Department is developing a machine learning tool that can more quickly detect cyber intrusions and enable a more rapid response.

U.S. data protection and its relationship to national interests are swiftly evolving. One reason this trend will continue, cybersecurity specialists say, is that other nations see cyberspace differently than the United States and other democracies. Rather than incorporating technology into their societies as a tool, they use cybersecurity—both offensively and defensively—to support their different views and overall significantly challenge U.S. interests.

The U.S. military is rapidly pursuing Joint All-Domain Command and Control, known as JADC2, as a way to confront near-peer adversaries China, Russia and other nations. The effort requires innovative computing, software and advanced data processing; emerging technologies such as artificial intelligence, cloud and 5G communications; along with integration of the military’s existing legacy systems. Leaders have learned that to fully implement JADC2, they have to shed some of the military’s old practices.