The Cyber Edge

The Cyber Edge Home Page

July 1, 2020
By George I. Seffers
The NETCOM Network Enterprise Center provided extended information technology support to many of the units deploying in support of Joint Task Force-Civil Support during the COVID-19 pandemic. U.S. Army Cyber Command has now delegated to NETCOM some its authorities for protecting Army portions of the Department of Defense Information Network. U.S. Army photo by Spc. Chafelmer Kroll

The U.S. Army Cyber Command is transferring some of its cyber defense responsibilities for the service’s networks to the Army Network Enterprise Technology Command, commonly known as NETCOM. The change, which officially took effect on June 1, transfers authority for the Army’s worldwide regional cyber centers to NETCOM, allows Cyber Command to increase its focus on electronic warfare and information operations and provides one primary point of contact for warfighters in need of network support.

July 1, 2020
By George I. Seffers
Credit: DR MANAGER/Shutterstock

Network data collection, analysis and sharing are core to cyber defense, and Tinisha McMillan is on a mission to improve all three.

As division chief for the Cyber Situational Awareness and NetOps Division within the Defense Information Systems Agency (DISA), McMillan is responsible for building and providing cyber analytics and tools to enhance the department’s cyber information sharing to protect the Department of Defense Information Network (DODIN).

July 1, 2020
By Allison Annick
After serving in the U.S. Navy during World War II, Grace Hopper remained in the naval reserve. In 1952, her team at Remington Rand created the first compiler for computer languages, which was a precursor for COBOL. In this 1960 report, Hopper stands next to a mainframe computer that ran using COBOL. Courtesy of the Computer History Museum

At 61 years old, the common business-oriented language is the same age as many college kids’ parents. The coding language had its own exhibit in the Smithsonian National Museum of American History in 2013. Many in the industry now call it a “legacy language,” but its continued, widespread use tells a different story.

July 1, 2020
By Stephen Wood
Devices such as copiers have been updated with Internet connectivity, creating a potential risk as an entry point to the network. Credit: Andrey_Popov/Shutterstock

In the past two years, hackers have increasingly targeted Internet of Things devices to breach cybersecurity defenses. Because these devices are frequently not patched when software flaws are found, they represent a soft target for attackers. In 2017, 15 percent of all successful attacks exploited one of these device’s beachheads. By 2019, that number increased to 26 percent of all incidents with growth expected to continue, according to a recent analysis performed by Ponemon Institute.

July 1, 2020
By Capt. Alex M. Roberts, USAF
U.S. Marines with 8th Communication Battalion, II Marine Expeditionary Force Information Group, collaborate as part of Team Spartan during Cyber Fury 2020. Cyber Fury is an annual training exercise that allows Marines to simulate a series of cyberspace attacks by identifying and countering them. Credit: Lance Cpl. Haley McMenamin, USMC

With the 2020 election fast approaching and tensions with Iran continually shifting, many people are looking to U.S. Cyber Command to help ensure cybersecurity. The command faces an uphill battle because the current construct allows each service branch to retain tactical command of its organic cyber experts. To be more successful in the cyberspace domain, the command needs to take over tasking authority for all cyber-related units, establish a standardized joint cyber schoolhouse and establish a Joint Cyber Operations Command to perform joint, effects-driven cyber operations.

June 1, 2020
By Maryann Lawlor
It’s tempting to think of open source software as free, but users must take into consideration the cost of systems and data protection. Credit: Wright Studio/Shutterstock

The efficiencies of using and embedding open source software (OSS) carry many risks. In the advent of free repositories and millions of open source projects, the notion of any reasonable centralized authentication about the origin or any assurance as to correctness is virtually impossible. As a result, users should cultivate trust relationships with a few suppliers and keep them up to date.

June 1, 2020
By George I. Seffers
DARPA’s Optimization with Noisy Intermediate-Scale Quantum (ONISQ) program intends to leapfrog current computing technology by combining classical and quantum computing capabilities to tackle a widespread class of problems known as combinatorial optimization problems, which have national security, commercial and global implications. Credit: Yurchanka Siarhei and Boex Design/Shutterstock. Edited by Chris D’Elia​

In the future, anyone trying to figure out how to use limited resources may reap the benefits of computers that are a hybrid of quantum and classical systems.

Such hybrid computers might prove especially efficient and effective at solving certain kinds of problems, such as strategic asset deployment, global supply chains, battlefield logistics, package delivery, the best path for electronics on a computer chip and network node placement. Research also could impact machine learning and coding theory.

June 1, 2020
By Kimberly Underwood
Advances in quantum information science will allow the military a different approach to communications and networking. Credit: Shutterstock

Across the U.S. Air Force’s research arm, scientists are developing quantum information science capabilities in four key areas of interest to the service: timing; sensing; communications and networking; and computing. Experts at the Air Force Research Laboratory, known as AFRL, are also investigating the development of enabling technologies, which will springboard the use of quantum capabilities in the four areas.

June 1, 2020
By Bryan C. Ward and Ryan D. Burrow
Hollis Roush, a Coast Guard Cadet intern at the Massachusetts Institute of Technology Lincoln Laboratories (MITLL), demonstrates a prototype representative industrial control system. Credit: Glen Cooper, MIT Lincoln Laboratory

Multiple decades of research have focused on building more secure and resilient systems by incorporating defensive techniques into computer systems. Such techniques range from enforcement-based defenses that apply some invariant to the execution of code on a machine to randomization-based defenses that enhance a system’s resiliency to attacks by creating uncertainty, diversity or dynamism in the internals of the system. Such defenses have evolved to address increasingly sophisticated attacks that bypass previous defensive technologies and minimize security-related overheads.

May 27, 2020
By Maryann Lawlor
Cybersecurity experts emphasize it’s important for businesses, no matter their size, to have a plan to protect their data and systems as well as recover from an inevitable cyber attack. Credit: Den Rise/Shutterstock

Rapid changes in technology create new security vulnerabilities that require small businesses to expend resources to remain compliant. Lack of guidance, definitions or policies place these companies in positions that require them to make security investments without fully understanding the need or outcome of the resources they are spending.

While government information technology firms are better staffed from a security perspective, those that provide other services often do not have enough employees or the expertise to operate their internal computer systems at a high level of security. This situation makes them ideal targets for adversaries.

May 20, 2020
By George I. Seffers
Network data gains value for the Defense Department amidst an increase in attacks during the COVID-19 pandemic. Credit: solarseven/Shutterstock

The COVID-19 pandemic presents a unique challenge for the Defense Department. More people are working remotely, networks are busier than ever and hackers from around the world seek to take advantage, driving up demand for more situational awareness data to keep those networks safe. And the Defense Information Systems Agency (DISA) continues to deliver that data under the most unusual of circumstances.

May 18, 2020
By Kimberly Underwood
The Defense Information Systems Agency’s Cyberspace Operations Directorate is relying on a so-called battle drill concept, pulling in teams of experts to troubleshoot and fix hard-to-solve communications challenges. Credit: Shutterstock/Gorodenkoff

The Cyberspace Operations Directorate within the Defense Information Systems Agency is employing a so-called battle drill concept to ensure communications and data are available to the combatant commanders, senior leaders or other key officials when required. The directorate is responsible for the global flow of information, especially in support of the U.S. military’s 11 combatant commands and other key Defense Department operations. The battle drill model collectively pulls together the resources needed to tackle complex communication and data issues.

May 13, 2020
By Julianne Simpson
Credit: Shutterstock/metamorworks

By using multiple lines of effort, including college and university engagement, social media, virtual events, military outreach and partnerships, the Defense Information Systems Agency is taking a multidimensional approach to the development and growth of its cybersecurity workforce.

According to the (ISC)² 2019 Cybersecurity Workforce Study, the global cybersecurity workforce needs to grow by 145 percent to meet the demand for skilled cybersecurity talent. In the United States, it needs to grow by 62 percent. “It’s a big task,” the report said.

May 4, 2020
By 1st Lt. Cory Mullikin, USA
Army soldiers check the setup up of an antenna for voice and data tactical communications in Port-au-Prince, Haiti. While the responsibilities between the Cyber and Signal branches are still evolving, a seven-layer model may be helpful in defining the divide. U.S. Navy photo by Chief Petty Officer Robert J. Fluegel

The rising prominence of the Cyber branch in the U.S. military, and namely the Army, begs the question “What will the Cyber branch be used for?” Citing the Defense Department’s plan for the Cyber branch, as well as the Signal branch’s shifting roles in the realm of cyberspace, the responsibilities of both branches are becoming clear. It is evident that as time goes on, the Cyber branch will become focused mainly on the defense of the military domain and cyberspace.

May 11, 2020
By Maryann Lawlor
Katie Arrington (r), chief information security officer, office of the undersecretary of defense for acquisition, U.S. Defense Department, and other Pentagon acquisition officials brief reporters on cybersecurity standards for government. Photo by Petty Officer 2nd Class James K. Lee, USN

The coronavirus is not stopping the U.S. Defense Department from proceeding with work on the Cybersecurity Maturity Model Certification (CMMC), and it shouldn’t slow down industry in doing the same. Although some of the public hearings that should have taken place by now have been delayed because of the pandemic, the CMMC team continues to train and get the word out about rules changes.

May 1, 2020
By Robert K. Ackerman
Members of the NATO Military Committee are briefed at the NATO Joint Warfare Centre in Norway. The Atlantic alliance is broadening its activities in cybersecurity amid more diverse threats and growing new technologies. Credit: NATO

NATO is doubling down on cyberspace defense with increased partnerships and new technology thrusts. Information exchanges on threats and solutions, coupled with research into exotic capabilities such as artificial intelligence, are part of alliance efforts to secure its own networks and aid allies in the cybersecurity fight.

The threats the alliance networks face constitute relatively the same ones confronting other organizations. NATO faces the double challenge of securing its own networks and information assets, as well as helping its member nations improve their own national cyber resilience.

May 1, 2020
By Shaun Waterman
A SpaceX Falcon 9 rocket launches the first of the new generation of modernized, harder-to-hack GPS block III satellites in December 2018. GPS is one of the space-based functions that’s increasingly vital to the functioning of the U.S. economy. Credit: GPS.gov

Amid growing fears that U.S. military reliance on civilian space infrastructure might prove a weak point, two organizations are seeking to improve cybersecurity in the burgeoning satellite industry. The Orbital Security Alliance has published a detailed set of cybersecurity guidelines for commercial satellite operators, which aims specifically at smaller, newer companies in the fast-growing “minisat” sector.

May 1, 2020
By Robert K. Ackerman
Credit: Shutterstock/Blackboard

As cloud computing gains greater numbers of adherents, their increasing demands are straining security measures designed to guard operations. This problem is going to worsen dramatically when applications such as artificial intelligence development assume a significant presence in the cloud.

Yet those same complications offer opportunities. The new types of security that will need to be applied to the cloud can be used for other forms of cyberspace operations. Solutions to the difficulties of cloud security could help protect data elsewhere commensurate with the enhanced role played by the cloud.

May 1, 2020
By Travis Johnson
Citizens must be confident that their votes are counted as they are cast. Following the example of the NIST SP 800-53 Revision 4 Control Families list would be one way to ensure the information technology piece of voting machines is protected from threats and vulnerabilities. Credit: Shutterstock/Burlingham

To truly ensure the principle of one person, one vote, the American electoral infrastructure should adopt security protocols similar to those used in the cybersecurity industry. Electoral management should be conducted using variations on the techniques employed for financial systems and national security data. Unfortunately, today’s U.S. voting mechanisms at all levels as well as national policy would not pass even the most rudimentary information assurance audit.

May 1, 2020
By Kimberly Underwood
Through four use cases, including one that applies to street light operations, the city of Syracuse, New York, is evaluating a secure cloud architecture designed to provide cyber attack protections. Credit: Shutterstock/Debra Millet

Digital structures are needed to protect government information and operations. A group participating in a National Institute of Standards of Technology challenge is offering a secure cloud-based platform that can improve the digital and actual health of a city and protect its information.

Pages