The Cyber Edge

New capabilities and platforms, such as Internet of Things devices and cloud computing, require updated cybersecurity implementation strategies across different technologies and platforms. One approach is to examine multiple capabilities and platforms, identifying shared vulnerabilities and mitigation strategies. Benefits of this are three-fold: results can better inform an organization’s risk assessment, limited resources can be prioritized for higher risk vulnerabilities and overall complexity of security management can be reduced. One example of this strategy is to examine cloud computing, Internet of Things devices and Wi-Fi wireless networks to find shared vulnerabilities.

Imagine the following scenarios: An explosive device, an enemy fighter jet and a group of rebels are misidentified as a cardboard box, an eagle or a sheep herd. A lethal autonomous weapons system misidentifies friendly combat vehicles as enemy combat vehicles. Satellite images of a group of students in a schoolyard are misinterpreted as moving tanks. In any of these situations, the consequences of taking action are extremely frightening. This is the crux of the emerging field of adversarial machine learning.

SIGNAL Media is reaching out to Microsft Corp. for comment and this article will be updated accordingly.

Issued back in late January, the M-22-09 memorandum from the Office of Management and Budget (OMB), entitled Moving the U.S. Government Toward Zero Trust Cybersecurity Principles and issued by OMB acting director Shalanda Young, required federal agencies to meet specific cybersecurity standards and objectives by the end of fiscal year 2024. Eric Mill, a senior advisor to Federal Chief Information Officer Clare Martorana, who helped draft the federal zero-trust architecture (ZTA) strategy, advised agencies to have a mix of “specific and very tangible” technical steps as well as some broader architectural changes.

With the growing number of satellite constellations comes an increasing amount of congestion in space, in addition to existing space assets and debris. But beyond the need to identify and manage space congestion is a role not quite as needed before—that of space defense. The ability to protect assets in space from adversaries is critical to the U.S. military and allies, and it starts with adroit space domain awareness. The operators of the U.S. Space Force’s Space Delta 2 aim to provide this crucial function.

Passing the National Security Agency’s comprehensive cybersecurity training is no easy feat, but the Air Force’s 39th Information Operations Squadron has achieved unusually high success rates in getting students through the programs.

On May 18, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive (ED) (ED 22-03) that requires federal agencies to apply VMware updates or remove specific VMware products from use until protective updates can be applied. The products possess four possible exploitable vulnerabilities that would allow cyber marauders to execute remote code on a system without authentication and to elevate network access privileges.

“For all affected VMware products identified as being accessible from the internet, agencies are directed to assume a compromise and immediately disconnect the product from their network and conduct threat hunt activities,” CISA stated. 

A panel of cyber educators today encouraged subject matter experts in the military and industry to teach cybersecurity part time.

The panel enthusiastically embraced the suggestion from an audience member at the AFCEA Cyber Education Research and Training Symposium on May 11 in Augusta, Georgia.

The U.S. Army in the past 30 days kicked off 10 Junior Reserve Officers’ Training Corps focused specifically on students interested in cyber careers. The service also has offered the first direct commission to a lieutenant colonel in the cyber realm and will soon do the same for a full colonel.

Brig. Gen. Paul Craft, USA, commandant, U.S. Army Cyber School, told the audience at the AFCEA Cyber Education Research and Training Symposium (CERTS) in Augusta, Georgia, that the new Junior ROTC efforts are important for the Army and for the nation. “That’s a big thing for the U.S. We now have multiple focused Cyber Junior ROTC programs in our nation, and they will expand over time.”

A panel of cyber experts discussing the pros and cons of dramatically expanding joint cyber training among the military services and other agencies agreed the pros outweigh the cons.

The panel discussion took place on the second day of the AFCEA Cyber Education, Research and Training Symposium (CERTS), May 10, in Augusta, Georgia.

Moderator Robert Kazimer, deputy to the commanding general, U.S. Army Cyber Center of Excellence and Fort Gordon, told the audience he intended to ask provocative questions but that on the subject of joint training the participants agreed.

A ransomware attack on a major maritime corporation could have affected its vessels in the Mid-Atlantic region, causing a U.S. Coast Guard officer to take extra precautions, according to Rear Adm. Michael Ryan, USCG, former commander, Coast Guard Cyber Command.

Adm. Ryan left his position at Coast Guard Cyber Command last week and is now the deputy for operational policy and capabilities at Coast Guard Headquarters.

Cybersecurity officials from Australia, Canada, New Zealand, the United Kingdom and the United States issued an advisory April 27 disclosing the most common digital vulnerabilities and exposures routinely leveraged by cyber attackers in 2021. Of the top 15 software vulnerabilities identified across all of the countries, Microsoft products accounted for nine such issues.

The United States’ Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI collaborated with the Australian Cyber Security Centre, Canadian Centre for Cyber Security, New Zealand National Cyber Security Centre and United Kingdom’s National Cyber Security Centre to issue the advisory.

Russia’s well-known cyber attacks on Western nations could be setting the country up for a powerful backlash, offers a retired U.S. Army expert formerly based in Moscow. After years of relentless penetrations and attacks on databases and infrastructure in U.S. and NATO countries, Russia now is finding itself as much—if not more—of a target of reciprocal cyber assault capabilities increasingly wielded by the West.

The U.S. Army’s massive modernization effort requires rapid adaptability in the courses being taught in its cyber and signal schools. Efforts are underway to fundamentally change the approach to teaching and instituting courses for zero trust, cloud computing and other technology advances that will affect the future of combat.

February’s invasion of Ukraine by Vladimir Putin was a shock to geopolitical order. NATO and the United States acted quickly to aid Ukraine while avoiding entering a war against Russia and shoring up any threat to NATO and the United States. From their early observations of the war, U.S. officials from Congress, and the cyber and intelligence communities are looking closely to glean understanding and apply key knowledge to U.S. actions and defenses.

The Defense Information Systems Agency (DISA) is still in the prototyping stage with its zero-trust solution but already is looking ahead to the next version.

Thunderdome, the prototype being developed by Booz Allen Hamilton under a six-month contract awarded in January, is DISA’s solution for implementing zero-trust cybersecurity. It is a comprehensive effort requiring cooperation across the agency, as well as with the military services, combatant commands and others.

A panel of artificial intelligence (AI) experts from industry discussed some of the technology’s promise and perils and predicted its future during an AFCEA TechNet Cyber Conference panel April 26 in Baltimore.

The panelists were all members of AFCEA’s Emerging Leaders Committee who have achieved expertise in their given fields before the age of 40. The group discussed AI in the cyber realm.

Starting from the first recorded raid on the monastery of Lindisfarne in 793, Viking raids presented European rulers with an unprecedented challenge. Fast, sleek longships could stealthily deploy alongside the coasts of early medieval England and France, striking at wealthy, isolated targets and departing before local authorities could mount a response.

With the creation of its first Chief Data Office, the U.S. Defense Information Systems Agency is stepping into a more data-centric vision. The need for enhanced data management, technologies and policies is necessary to support greater ventures of agency operations and improved decision making and operability for warfighters, explained Caroline Kuharske, acting chief data officer, Defense Information Systems Agency.

In today’s cyber environment, the attack surface grows exponentially day after day with no sign of slowing. With the near-geometric growth of applications, the signal-to-noise ratio has been amplified into the stratosphere. The result: The hunt for timely and important context in system and network telemetry is like trying to find a particular needle in a sea of needles.

Equally challenging is the “dwell time” of attacks—the period between initial penetration and the point of detection/eradication. In 2020, the average global dwell time was 56 days. That means that an attacker had nearly two months inside a network on average before being discovered.  

Today, more than ever, combatant commands, joint task forces, service components and supporting agencies need the mission partner environment to deliver the same capabilities envisioned for the U.S. Defense Department’s Joint All-Domain Command and Control concept. With two near-peer competitors dominating the defense strategy, the need for an enterprise-level mission partner environment has never been greater for promoting security cooperation while maintaining military readiness. As Cliff Fegert, former director of the Mission Partner Capabilities Office noted, “With two near peers, we do not have the luxury of preparation time, and we must have allies/partners to deter or win.”

In times of global crises such as the COVID-19 pandemic and the war in Ukraine, the Defense Information Systems Agency (DISA) is working to make sure the U.S. Defense Department’s communications networks are running securely to provide leaders and warfighters with the information they need.

A key aspect of this is velocity of action, using innovation and initiative to gain an advantage over adversaries, DISA officials told SIGNAL Magazine Editor in Chief Robert Ackerman during the first of a series of TechNet Cyber 2022 webinars.

An effort to help Ukraine protect its critical infrastructure from cyber attacks has succeeded at least initially. Steps taken by various governmental agencies and private industry before Russia invaded Ukraine on February 24 have strengthened its cybersecurity, said Gen. Paul Nakasone, USA, commander of U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service, testifying before the U.S. Senate Select Committee on Intelligence last Thursday.

The Department of Homeland Security Science and Technology Directorate could release its artificial intelligence and machine learning strategy implementation plan as early as this month and is growing a community of interest to foster the adoption of the technologies across the department.