The Cyber Edge

The Cyber Edge Home Page

May 16, 2019
By George I. Seffers
From l-r, Robert K. Ackerman, SIGNAL editor in chief, moderates a TechNet Cyber luncheon plenary with speakers Tony Montemarano, DISA executive deputy director, and Jeffrey Jones, executive director, JFHQ-DODIN. Photo by Michael Carpenter

If cyber is the ultimate team sport, as many in the U.S. Defense Department like to say, then artificial intelligence (AI) would likely be the number one draft pick for the Defense Information Systems Agency (DISA).

Anthony “Tony” Montemarano, DISA’s executive deputy director, stressed the importance of AI during a luncheon plenary on the final day of the AFCEA TechNet Cyber conference in Baltimore. “We’ve heard about it time and again. Artificial intelligence is probably the most significant technology we have to come to grips with.”

May 16, 2019
By George I. Seffers
Panelists at TechNet Cyber discuss the cyber workforce and the need for continuous education. Phoot by Michael Carpenter

Personnel working in cyber must continually look for opportunities to learn, say cyber professionals from across government.

During a morning panel discussion on the final day of the AFCEA TechNet Cyber conference in Baltimore, high-ranking officials from the Defense Department, Department of Homeland Security and National Security Agency discussed a wide range of issues concerning the cyber workforce today and tomorrow.

May 14, 2019
By George I. Seffers
Vice Adm.Nancy A. Norton, DISA director and commander of the JFHQ-DODIN, addresses the audience at TechNet Cyber. Photo by Michael Carpenter

The Defense Information Systems Agency (DISA) is increasing its focus on innovation and rapid acquisition through the use of other transactional authority (OTA) contracts.

Organizations across the Department of Defense and military services have begun using OTA contracts, which help cut much of the time and costs of developing technologies and acquiring systems. They also allow the military to work more closely with smaller, more agile startups and small businesses that may have creative products but don’t traditionally work with the government.

May 14, 2019
By George I. Seffers
Anthony “Tony” Montemarano, DISA executive deputy director, speaks about workforce challenges at TechNet Cyber. Photo by Michael Carpenter

The Defense Information Systems Agency (DISA) is challenged with a significant personnel shortage, including information technology, spectrum and cybersecurity experts.

Vice Adm. Nancy A. Norton, DISA director and commander of the Joint Forces Headquarters-Department of Defense Information Network (JFHQ-DODIN), told the audience at the AFCEA TechNet Cyber 2019 conference in Baltimore that the agency is seeking to hire personnel in a number of areas.

May 14, 2019
Kimberly Underwood
Lawmakers have created a new organization, the Cyberspace Solarium Commission, to tackle a national cybersecurity policy.

Legislators on Capitol Hill have formed the Cyberspace Solarium Commission, known as the CSC, which will put together a comprehensive U.S. cyber policy. Sen. Angus King (I-Maine), who is co-chairing the new organization with Rep. Michael Gallagher (R-Wisc.), announced the formation of the Geneva Convention-type commission in a call with reporters on May 13. The establishment of the commission was outlined in last year’s National Defense Authorization Act (NDAA), Sen. King said.

May 7, 2019
By Kimberly Underwood
The FBI’s Cyber Division is strengthening its investigative capabilities to battle more and more digital-based crimes from global adversaries, says Amy Hess, executive assistant director of the FBI’s Criminal, Cyber, Response, and Services Branch. Credit: Atlantic Council/Image Link

The FBI has a full plate: fighting public corruption, organized and white-collar crime and domestic and foreign terrorism; solving violent crimes; protecting civil rights; neutralizing national security threats, espionage and counterintelligence; and mitigating threats of weapons of mass destruction, among other responsibilities. And one part of the bureau is growing to protect the nation against cyber threats.

May 1, 2019
By Kimberly Underwood
Vice Adm. Nancy Norton, USN, director, DISA, and commander, Joint Force Headquarters–Department of Defense Information Network, speaks at West. Photo by Michael Carpenter

The Defense Information Systems Agency is a combat support agency, and as such, is charged with supplying key information technology to warfighters and civilians around the globe. The agency provides voice, data, video, spectrum, computing and other communication capabilities to combatant commands, the Joint Staff, the services, offices and agencies in Department of Defense and the intelligence community.

May 1, 2019
By Julianne Simpson
Mr.B-king/Shutterstock

The cybersecurity workforce gap is real, and it’s growing. Based on a state-by-state analysis on CompTIA’s cyberstates.org, there are currently 320,000 open cyber jobs in the United States. By 2022, the projected shortage of cybersecurity professionals worldwide will reach 1.8 million, according to the Center for Cyber Safety and Education.

May 1, 2019
By Robert K. Ackerman
Rawpixel.com/Shutterstock

Schooling at an early age, an appeal to patriotism and a government program that trades tuition support for public sector work may be necessary to produce the skilled cyber professionals so badly needed across the spectrum of technology jobs in the United States. While the current number of cyber workers is woefully insufficient, the demand increases. For government, the cyber threat escalates daily. For industry, cyber applications proliferate constantly.

May 1, 2019
By Janel Nelson
To attract more cybersecurity professionals into the teaching profession, school systems must change their qualifications requirements and revise recertification timelines. Credit: Photographee.eu/Shutterstock

Recruiting and maintaining a cybersecurity workforce is a complicated challenge for the government. According to the Information System Security Certification Consortium, 85 percent of cybersecurity professionals would consider leaving their current jobs. Information technologists do not need to search for positions that are exciting, respect their expertise, help them become more marketable and pay well because as many as 18 percent of non-active job seekers are contacted daily by employers seeking them out.

May 1, 2019
By George I. Seffers
With about 300,000 vacant cybersecurity positions in the United States, some experts recommend the creation of a civilian cyber corps of volunteers who could be called to take action when needed. Credit: BeeBright/Shutterstock

Some military and civilian experts are calling on the United States to create a civilian cyber corps to help fill the gap in cybersecurity expertise in times of need. Such a corps could enhance state and local emergency response efforts, help protect Defense Department networks and other critical infrastructure or combat social media information warfare campaigns.

May 1, 2019
By Howard R. Bandler
While preparing for a command cyber readiness inspection (CCRI), Staff Sgt. Jerome Duhan, USAF, a network administrator with the 97th Communications Squadron, inserts a hard drive into the network control center retina server at Altus Air Force Base, Oklahoma. Air Force photo by Senior Airman Franklin R. Ramos, USAF

Thirty years after the Morris Worm, networks face a long and growing list of potential attack vectors employed by an almost limitless number of threat sources, including criminals, hacktivists and nation-state actors. In response to threats, the U.S. Defense Department has taken prudent measures to shore up vulnerable systems and networks. In accordance with the well-established practice of concentric rings of security, the most sensitive department data exists on its most secure and isolated networks.

May 1, 2019
By George I. Seffers
DISA’s Roger Greenwell manages operational and technical risks on one of the world’s most complex—and most critical—networks, the Defense Information Systems Network. Credit: geralt/Pixabay

When operating one of the most complex and critical networks on the planet, risk is a given. That risk comes in two forms, technical and operational, and managing both is a matter of balance.

Roger Greenwell, Defense Information Systems Agency (DISA) risk management executive and authorizing official, is responsible for maintaining that balance on the Defense Information Systems Network (DISN), a global enterprise network that enables information superiority and critical communications. The DISN is the core of the Department of Defense Information Network, a worldwide conglomeration of military networks.

April 22, 2019
By Jim Hansen
The amphibious assault ship USS Boxer transits the Pacific Ocean, Oct. 3, 2018. The Navy’s Combat to Connect in 24 Hours program may redefine the ability to quickly adapt to cyber combat. Credit: Navy Petty Officer 3rd Class Alexander C. Kubitza

The Navy’s new Combat to Connect in 24 Hours (C2C24) is an ambitious program that has the potential to change naval warfare as we know it.

The program is designed to improve operational efficiency by automating the Navy’s risk management framework (RMF) efforts; providing sailors with near real-time access to critical data; and accelerating the Navy’s ability to deploy new applications in 24 hours rather than the typical 18 months.

April 8, 2019
By Maryann Lawlor
The Ghidra tool suite examines compiled code using disassembly, decompilation and graphing.

The National Security Agency is now sharing the source code of Ghidra, its reverse engineering tool developed by the agency’s Research Directorate in support of its cybersecurity mission. Ghidra, a suite of software analysis tools, examines complied code using capabilities such as disassembly, assembly, decompilation, graphing and scripting.

Ghidra helps analyze malicious code and malware and improves cybersecurity professionals’ understanding of potential vulnerabilities in their networks and systems. With this release, developers can now collaborate, create patches and extend the tool to fit their cybersecurity needs.

April 1, 2019
By Maryann Lawlor
System and information security can be measured in a number of ways, including how it affects the bottom line. Credit: Shutterstock

Senior executives are increasingly interested in objective measurements to determine the robustness of their organizations’ cybersecurity protections. However, measuring the adequacy of network and data security can be likened to verifying the amount of air in a room: A formula can ascertain how much air the room contains in theory, but does it take into account the leaky windows?

March 29, 2019
By Robert K. Ackerman
Maj. Gen. Garrett Yee, USA, military deputy to the Army Chief Information Officer(CIO)/G-6, offers potential solutions to the challenge of bringing innovative technologies to the force rapidly and equipping them with adequate cybersecurity.

The Army is approaching cybersecurity in “a systematic methodical way that takes into consideration that not all things have the same level of risk or threat involved,” states Maj. Gen. Garrett Yee, USA, military deputy to the Army Chief Information Officer(CIO)/G-6.

He cites as an example trying to secure a stand-alone device that is not connected to the network but has an information technology component, versus securing a device that is connected to the network. The stand-alone device offers a negligible risk, so efforts should focus on the connected device, he offers.

April 1, 2019
By Kimberly Underwood
Given that one of the water sector’s challenges in protecting infrastructure from cyber attacks is cost, research is needed into affordable security measures for control systems. Credit: Daniel Jedzura/Shutterstock

The water and wastewater treatment industry is facing cybersecurity threats. The risks affect the sector disproportionately compared to other utilities, given local-level water processing operations.

Along with physically securing its critical infrastructure, the water industry has to leverage available tools to protect against cyber attacks, an expert says.

April 1, 2019
By Kimberly Underwood
In preparation for the NATO Trident Juncture 18 exercise, a British Army convoy enters Malmo, Sweden in October after crossing the Oresund Bridge that connects to Denmark. Shared classified “federated” networks used during such exercises are a key allied tool, says Col. Jenniffer Minks, USAF (Ret.), coalition interoperability division chief, Deputy Directorate for Cyber and C4 Integration, Joint Staff J-6. Photo courtesy of NATO

The requirement to partner with allied nations and share a classified network will only grow in the coming years, leaders say. In combined exercises, engagements or missions, coalition partners need to be able to connect digitally to share communications, resources and information to strengthen defenses and partnerships. At the Pentagon, the Joint Staff is working to improve coalition systems and how the U.S. can connect securely to those networks outside of the national networks, one expert shares.

April 1, 2019
By Robert K. Ackerman
Soldiers participate in NATO’s multinational live-fire exercise Scorpions Fury 2018 in Romania last November. The alliance has declared cyberspace to be an operational domain on a par with land, sea and air, but it still must develop a policy to integrate cyber operationally with the kinetic effect domains. NATO photo

NATO is taking a comprehensive approach to building a cyber policy that would deter adversaries, defend its member nations and provide key capabilities in multidomain operations. This approach to the alliance’s cyberspace strategy takes into account resilience, counter-cyber activities and operational capabilities in both civilian and military elements.

Yet when it comes to NATO cyber policy, much remains to be established. With 29 member nations all having different needs and different approaches to cyber operations, the alliance has not yet arrived at a fully functional policy. It continues to seek input from its nations while incorporating necessary capabilities amid continuing changes in the cyber domain.

Pages