The Cyber Edge

The Cyber Edge Home Page

October 1, 2020
By Robert Hoffman
Marines with Marine Corps Forces Cyberspace Command work in the cyber operations center at Lasswell Hall, Fort Meade, Maryland. MARFORCYBER Marines conduct offensive and defensive cyber operations in support of U.S. Cyber Command and operate, secure and defend the Marine Corps Enterprise Network. Credit: Staff Sgt. Jacob Osborne, USMC

Automation software tools are being under-utilized, especially in the U.S. Defense Department. While the department has purchased and used automated scanning tools for security and compliance, it has been slow to adopt automation for many other tasks that would benefit from the capability, such as easing software deployment and standardization and, once developed, increasing the speed of overall automation.

October 1, 2020
By Kimberly Underwood
As the deadly COVID-19 virus spread around the world, so did the attacks from malicious cyber actors, taking advantage of the unsure times, say experts from leading cybersecurity firms. Credit: Shutterstock/VK Studio

While the world was facing the rapid and deadly spread of the severe acute respiratory syndrome coronavirus 2, most commonly known as COVID-19, malicious cyber attackers were also at work, increasing the number of attacks, switching methods, taking advantage of the boom in Internet, network and email users, and playing on fears during the uncertain time, cybersecurity experts say. Companies struggling to maintain operations are still leaving gaps in digital security, they warn.

October 7, 2020
By Ray Rothrock
Just like basic personal hygiene during a pandemic, practicing cyber fundamentals comes down to the individual and consistency. Photo credit: vientocuatroestudio/Shutterstock

When it comes to nefarious deeds, the COVID-19 pandemic has been a gold mine for bad actors. In addition to wreaking havoc for individuals and healthcare organizations, federal agencies are also prime targets. Case in point: a portion of the Department of Health and Human Services’ (HHS) website was recently compromised, in what appears to be a part of an online COVID-19 disinformation campaign. 

In a time of heightened cyber risk and limited human and fiscal resources, how can agencies protect their networks from malicious actors by taking a page from the COVID playbook? They can diligently practice good (cyber) hygiene.

In fact, there is a direct correlation between personal and cyber hygiene.

October 1, 2020
By Robert K. Ackerman
A U.S. Navy operations specialist uses a radar system in a combat information center in the 7th Fleet area of operations. The U.S. Navy’s PEO C4I and Space Systems is focusing on parallel development of digital assets and capabilities to speed innovation to the fleet. Credit: U.S. Navy

The U.S. Navy is focusing on parallel development of its new digital assets and capabilities as it works to rush advanced information innovations to the fleet. With the need for better technologies increasing coincidental to the rapidly evolving threat picture, the Navy has opted for concurrence as its main tool for implementing both upgrades and innovations.

October 1, 2020
By Joseph Mitola III
Senior Airman Daniel M. Davis, USAF, 9th Communications Squadron information system security officer, looks at a computer in the cybersecurity office on Beale Air Force Base. Cybersecurity airmen must manage more than 1,100 controls to maintain the risk management framework. Credit: U.S. Air Force photo by Airman Jason W. Cochran

Users need to transition all networked computing from the commercial central processing unit addiction to pure dataflow for architecturally safe voting machines, online banking, websites, electric power grids, tactical radios and nuclear bombs. Systems engineering pure dataflow into communications and electronic systems can protect them. The solutions to this challenge are in the users’ hands but are slipping through their fingers. Instead, they should grab the opportunity to zeroize network attack surfaces.

October 1, 2020
By Dirk W. Olliges
Leslie Bryant, civilian personnel office staffing chief, demonstrates how to give fingerprints to Jayme Alexander, Airmen and Family Readiness Center casualty assistance representative selectee. Although requiring fingerprints to access information is better than single-factor identification verification, it should be part of a multifactor authentication approach. Credit: 2nd Lt. Benjamin Aronson, USAF

The two-factor authentication schema is often heralded as the silver bullet to safeguard online accounts and the way forward to relegate authentication attacks to the history books. However, news reports of a phishing attack targeting authentication data, defeating the benefits of the protection method, have weakened confidence in the approach. Furthermore, hackers have targeted account recovery systems to reset account settings, yet again mitigating its effectiveness. Facilitating additional layers of security is crucial to bolstering user account protection and privacy today and into the future.

September 25, 2020
By Maryann Lawlor
Enterprisewide Risk Management (ERM) consists of the formal identification of major risks to the organization’s mission.

Cybersecurity is now a significant area of focus and concern for senior leaders who have witnessed cyber events that have resulted in significant financial and reputational damage. However, for many organizations, data defense continues to be a technology-focused effort managed by the technical “wizards.” Board of director discussions often zero in on describing the latest cyber threats rather than taking a long-range approach.

But cybersecurity is more than a technical challenge. Enterprise risk management (ERM) is an effective tool to assess risks, including those with cyber origins, but few businesses or agencies use the technique for this purpose, cyber experts assert.

September 4, 2020
By Robert K. Ackerman
The U.S. Government Accountability Office (GAO) is exploring the ramifications of a number of emerging disruptive technologies. Credit: GAO file photo

The future of U.S. technology likely will be cyber-heavy with innovative breakthroughs erupting from several areas such as telecommunications and digital ledger capabilities. Many of these disruptive technologies have policy ramifications either in their development or their implementation. The federal government must consider aspects such as regulatory issues, privacy, economic competitiveness and security requirements.

September 1, 2020
By George I. Seffers
Unmanned aircraft have proved immensely valuable to the military and to intelligence agencies, but they are sometimes too noisy for stealthy reconnaissance. The Intelligence Advanced Research Projects Activity is developing a silent and miniature aerial drone known as the Little Horned Owl. Credit: U.S. Defense Department photo by Petty Officer 3rd Class Jeffrey S. Viano, U.S. Navy

The cloud computing infrastructure at the Intelligence Advanced Research Projects Activity allowed the organization to pivot to a new teleworking norm during the pandemic that’s not much different than the old norm. The organization has conducted business as usual, hiring program managers, adding office directors, creating and killing programs, and continuing to meet the intelligence community’s technology needs.

Catherine Marsh, director of the Intelligence Advanced Research Projects Activity, known as IARPA, was told on March 12 to “lean forward,” and she did, allowing almost the entire staff to telecommute beginning the next day. Even contractors work from home legally, securely and effectively.

September 1, 2020
By Kimberly Underwood
The increase in the remote workforce due to the pandemic has highlighted calls for increased digital identity management. Credit: Shuterstock/Enzozo

Today’s identity management is fragmented and decentralized, relying on a lot of different systems to authenticate people and manage identities. Organizations use a variety of disjointed tools from passwords and smart cards to biometrics. Instead, organizations should pursue a more holistic approach.

September 1, 2020
By Robert K. Ackerman
Credit: Shutterstock/FOTOGRIN

China’s global moves to gain technological hegemony over 5G and reshape the Internet to suit its own needs offer the potential to give the Middle Kingdom control over the telecommunications market and information itself. At the very least, it would achieve market dominance. But at most, it would control both the nature of the Internet and the information that flows through it, say Internet experts.

September 1, 2020
By Shaun Waterman
As part of the nine-day Cyber Guard exercise, participants work through a training scenario. Credit: Navy Petty Officer 2nd Class Jesse A. Hyatt, USN

Second of a two-part report.

The Cyber Solarium Commission, a congressionally chartered panel of expert policymakers, was created to tackle cyber conflict in the same way its Truman-era predecessor addressed the Cold War confrontation between the United States and the Soviet Union. An article in SIGNAL Magazine’s August issue (“Leaders Seek a Grand Strategy for Cybersecurity") explored the commission’s theory of deterrence by denial and how it embraced the concept of resilience.

September 1, 2020
By George I. Seffers
Conceptually, soldiers wearing the tactical identification and authentication tokens could simply approach a system to log in and be recognized by that system, which prompts them to enter a personal identification number or to use a biometric as a second authentication factor. They also may be automatically logged out when they walk away. Credit: U.S. Army

The U.S. Army’s wearable authentication tokens intended for the tactical environment could be used for nontactical purposes, such as accessing strategic-level systems, enterprise networks and medical systems, researchers say.

August 24, 2020
By George I. Seffers
In recent years, the Army's Cyber Blitz experiment evolved well beyond just cyber, allowing the service to define the integration of cyberspace, electronic warfare, intelligence, space and information operations. Beginning next year, the experiment will be known as Multi-Domain Operations Live. Photo by Spc. Marcus Gresham, USA

The U.S. Army’s technology assessment experiment known as Cyber Blitz has grown beyond its cyber roots. Beginning next year, when it will be held in the Indo-Pacific region, the exercise will be known as Multi-Domain Operations (MDO) Live.

August 19, 2020
By George I. Seffers
Lori Ramirez, DISA’s director, workforce services and development, discusses the agency's efforts to recruit talented personnel by using virtual meeting and information sharing tools during the pandemic and beyond.

The Defense Information Systems Agency is searching for talented personnel in a broad array of career fields, including information technology, science and engineering, program and project management, contracting and acquisition and human resources—and the effort to recruit those personnel virtually is gaining steam.

August 19, 2020
By Kimberly Underwood
Speaking at a virtual luncheon of AFCEA's Alamo Chapter on August 19, Lt. Col. John Priestly, USAF, program director and material leader, Unified Platform Program; and director, LevelUp CodeWorks Software Factory, San Antonio, shares that he is seeing initial success at the cyber software factory, which is less than a year old.

Less than a year old, the San Antonio-based LevelUp Code Works Software Factory is succeeding in starting to “break the mold” of Defense Department software development. The factory, which had its grand opening last December, is providing key cyber-related products to U.S. military cyber organizations, says Lt. Col. John Priestly, program manager and materiel leader, Unified Platform Program; and director, LevelUp Code Works Software Factory.

August 10, 2020
By Maryann Lawlor
Ransomware attacks affect computers by encrypting all of the information on the device. The hackers then demand a ransom, usually paid in the form of crypto currency in return for the decryption key. U.S. Air Force Graphic by Adam Butterick

The state of the U.S. cybersecurity industrial base is robust, including for numerous start-up companies exploring new and, in some cases, pioneering cybersecurity technologies. Members of the AFCEA International Cyber Committee say the infusion of cybersecurity technologies and innovations originating in friendly countries and allies such as Israel, the United Kingdom and Australia certainly support this strength.

August 1, 2020
By Robert K. Ackerman
Credit: Shutterstock/Gorodenkoff

The U.S. Army is attacking defensive cyber operations from the laboratory. It is focusing new research efforts, including autonomous network agents, on ensuring cyber resiliency in the battlespace.

Some of this work builds on related efforts long underway at the Combat Capabilities Development Command Army Research Laboratory (ARL). Other thrusts aim at exploiting capabilities that are within reach but not yet ready to field. Still more are areas of research that have been given greater emphasis reflecting the more urgent need for cyber resilience.

August 1, 2020
By Kimberly Underwood
The Army is integrating Joint All Domain Command and Control capability as part of its tactical network modernization efforts. Credit: U.S. Army

The U.S. Army has spent the last two years pursuing a modernized integrated tactical network, or ITN, that supports increased mobility, resiliency and capabilities. Now, the service has a focus toward making sure that the modernization of that network can enable joint all-domain command and control, or the concept of JADC2. The service is preparing to fight seamlessly across the sea, land, air, space and cyberspace, or multidomain operations, by 2028.

August 1, 2020
By Shaun Waterman
Former NSA hacker Dave Aitel speaks at the S4 security conference in Miami. Photo by courtesy of S4

When the first Solarium Commission convened in 1953, it had the task of helping Former President Dwight D. Eisenhower and his cabinet colleagues assess the threat from the Soviet Union after the death of Joseph Stalin and agree on a strategic U.S. response. Three teams of policy experts put together three competing policy models: containment, confrontation and roll-back. Former President Eisenhower famously chose containment, a strategy based on the deterrence of Soviet military power and a norms-based alliance with Western Europe.

Pages