The Cyber Edge

Germany, the United States and many other nations are facing a more diverse, complex, quickly evolving and demanding security environment than at any time since the end of the Cold War. The resulting challenges to national and international security and stability could be as harmful to societies, economies and institutions as conventional attacks.

The U.S. Army upped the tempo when Gen. Mark Milley, USA, fired off his first message to the force in August 2015 as the newly sworn-in Army Chief of Staff: “Readiness for ground combat is—and will remain—the U.S. Army’s No. 1 priority.” Today, Gen. Milley is the chairman, Joint Chiefs of Staff, and the Army has rebuilt its tactical readiness through a transformational process that it is now expanding to focus on strategic readiness.

December’s news of yet another highly sophisticated break into U.S. government agencies’ cyber systems didn’t come as a surprise to the Government Accountability Office. The government’s auditing agency investigates possible weaknesses or cybersecurity gaps and makes key recommendations to rectify problems. In some ways, it saw this coming.

Cyber attacks against the Defense Department and many other organizations have increased dramatically during the COVID-19 pandemic, but the integration of cyber threat intelligence has helped the department defend its networks, according to Col. David Violand, deputy director of intelligence, Joint Forces Headquarters-Department of Defense Information Network (DODIN).

Col. Violand made the comments during the AFCEA TechNet Cyber conference, a virtual event held December 1-3.

Massive amounts of sensitive information on U.S. citizens are being collected, created, shared, bought and sold, and in some cases used as a weapon by the country’s adversaries, according to a panel of experts speaking at the AFCEA TechNet Cyber conference, a virtual event held December 1-3.

The information is gathered and sold by companies such as Facebook and Google and the producers of a wide range of applications, programs and technologies. 

The U.S. Defense Department is developing a machine learning tool that can more quickly detect cyber intrusions and enable a more rapid response.

U.S. data protection and its relationship to national interests are swiftly evolving. One reason this trend will continue, cybersecurity specialists say, is that other nations see cyberspace differently than the United States and other democracies. Rather than incorporating technology into their societies as a tool, they use cybersecurity—both offensively and defensively—to support their different views and overall significantly challenge U.S. interests.

The U.S. military is rapidly pursuing Joint All-Domain Command and Control, known as JADC2, as a way to confront near-peer adversaries China, Russia and other nations. The effort requires innovative computing, software and advanced data processing; emerging technologies such as artificial intelligence, cloud and 5G communications; along with integration of the military’s existing legacy systems. Leaders have learned that to fully implement JADC2, they have to shed some of the military’s old practices.

Nanotechnology continues its march through the field of electronics, enabling faster and more energy-efficient computer processors, larger computer memory density and increased battery capacity. These ever-shrinking micro and nanodevices require advanced manufacturing methods to produce. Atomic-scale processing refers to a collection of these methods that may be used to deposit and remove material at the smallest scales, a single atomic layer at a time.

The recently completed Network Modernization Experiment (NetModX) included an army of autonomous agents unleashed in defense of the network and in some cases also protected other artificial intelligence (AI) technologies.

NetModX is a science and technology experiment held July 20-October 2 at Joint Base McGuire-Dix-Lakehurst, New Jersey. The science and technology experiment provides lessons learned for Army acquisition decisions, science and technology specifications, requirements and strategies necessary to modernize the force. Systems that performed well this year might ultimately end up in the Army’s arsenal as part of the capability sets to be fielded in 2023 and 2025.

While the world was facing the rapid and deadly spread of the severe acute respiratory syndrome coronavirus 2, most commonly known as COVID-19, malicious cyber attackers were also at work, increasing the number of attacks, switching methods, taking advantage of the boom in Internet, network and email users, and playing on fears during the uncertain time, cybersecurity experts say. Companies struggling to maintain operations are still leaving gaps in digital security, they warn.

The U.S. Navy is focusing on parallel development of its new digital assets and capabilities as it works to rush advanced information innovations to the fleet. With the need for better technologies increasing coincidental to the rapidly evolving threat picture, the Navy has opted for concurrence as its main tool for implementing both upgrades and innovations.

The two-factor authentication schema is often heralded as the silver bullet to safeguard online accounts and the way forward to relegate authentication attacks to the history books. However, news reports of a phishing attack targeting authentication data, defeating the benefits of the protection method, have weakened confidence in the approach. Furthermore, hackers have targeted account recovery systems to reset account settings, yet again mitigating its effectiveness. Facilitating additional layers of security is crucial to bolstering user account protection and privacy today and into the future.

The future of U.S. technology likely will be cyber-heavy with innovative breakthroughs erupting from several areas such as telecommunications and digital ledger capabilities. Many of these disruptive technologies have policy ramifications either in their development or their implementation. The federal government must consider aspects such as regulatory issues, privacy, economic competitiveness and security requirements.

Today’s identity management is fragmented and decentralized, relying on a lot of different systems to authenticate people and manage identities. Organizations use a variety of disjointed tools from passwords and smart cards to biometrics. Instead, organizations should pursue a more holistic approach.

Second of a two-part report.

The Cyber Solarium Commission, a congressionally chartered panel of expert policymakers, was created to tackle cyber conflict in the same way its Truman-era predecessor addressed the Cold War confrontation between the United States and the Soviet Union. An article in SIGNAL Magazine’s August issue (“Leaders Seek a Grand Strategy for Cybersecurity") explored the commission’s theory of deterrence by denial and how it embraced the concept of resilience.

The U.S. Army’s technology assessment experiment known as Cyber Blitz has grown beyond its cyber roots. Beginning next year, when it will be held in the Indo-Pacific region, the exercise will be known as Multi-Domain Operations (MDO) Live.

Less than a year old, the San Antonio-based LevelUp Code Works Software Factory is succeeding in starting to “break the mold” of Defense Department software development. The factory, which had its grand opening last December, is providing key cyber-related products to U.S. military cyber organizations, says Lt. Col. John Priestly, program manager and materiel leader, Unified Platform Program; and director, LevelUp Code Works Software Factory.

The U.S. Army is attacking defensive cyber operations from the laboratory. It is focusing new research efforts, including autonomous network agents, on ensuring cyber resiliency in the battlespace.

Some of this work builds on related efforts long underway at the Combat Capabilities Development Command Army Research Laboratory (ARL). Other thrusts aim at exploiting capabilities that are within reach but not yet ready to field. Still more are areas of research that have been given greater emphasis reflecting the more urgent need for cyber resilience.

When the first Solarium Commission convened in 1953, it had the task of helping Former President Dwight D. Eisenhower and his cabinet colleagues assess the threat from the Soviet Union after the death of Joseph Stalin and agree on a strategic U.S. response. Three teams of policy experts put together three competing policy models: containment, confrontation and roll-back. Former President Eisenhower famously chose containment, a strategy based on the deterrence of Soviet military power and a norms-based alliance with Western Europe.

The COVID-19 pandemic brings with it a new set of cyber vulnerabilities built around lifestyle changes throughout society, and these vulnerabilities cry out for new means of cyber resiliency. “It’s quite possible that historians will remember COVID-19 as one of the very important civilizational turning points,” says Alexander Kott, chief scientist of the Army Research Laboratory and Army ST for cyber resilience. “COVID-19 is acting as a forcing function. It forces us to accelerate the transition to a more virtual society than we were before, and it is accelerating the trend that was occurring before COVID-19 but was happening more slowly and less noticeably.”

Next week, the U.S. Army’s 101st Airborne Division will begin testing a software repository that allows the downloading of up-to-date software systems and patches. The effort is one of thee major initiatives to resolve the service’s challenges in updating and securing systems to enhance operational readiness.

Maj. Gen. Mitchell Kilgo, USA, commanding general, Army Communications-Electronics Command (CECOM), reported the effort during the final day of the virtual Army’s 2020 Signal Conference, which is hosted by AFCEA.

The U.S. Defense Department by the end of the calendar year will release an initial zero trust architecture to improve cybersecurity across the department, says Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency, and commander, Joint Force Headquarters-Department of Defense Information Network.

Norton’s agency, commonly known as DISA, is working with the National Security Agency, the Department of Defense (DOD) chief information officer and others on what she calls an initial “reference” architecture for zero trust, which essentially ensures every person wanting to use the DOD Information Network, or DODIN, is identified and every device trying to connect is authenticated.

Network data collection, analysis and sharing are core to cyber defense, and Tinisha McMillan is on a mission to improve all three.

As division chief for the Cyber Situational Awareness and NetOps Division within the Defense Information Systems Agency (DISA), McMillan is responsible for building and providing cyber analytics and tools to enhance the department’s cyber information sharing to protect the Department of Defense Information Network (DODIN).