Every time federal information technology professionals think they’ve gotten in front of the cybersecurity risks posed by the Internet of Things (IoT), a new and unexpected challenge rears its head. Take, for instance, the heat maps used by GPS-enabled fitness tracking applications, which the U.S. Department of Defense (DOD) warned showed the location of military bases, or the infamous Mirai Botnet attack of 2016.
The Cyber Edge
U.S. military aircraft, ships, combat vehicles, radios and satellites remain vulnerable to relatively common cyber attacks, according to a report published Tuesday by the U.S. Government Accountability Office (GAO). The report does not specify which weapon systems were tested.
In one case, a two-person test team took just one hour to gain initial access to a weapon system and one day to gain full control of the system, the report says. Another assessment demonstrated that the weapon system “satisfactorily prevented unauthorized access by remote users, but not insiders and near-siders.”
The U.S. Army’s Cyber Blitz experimental exercise September 17-28 turned out to be an eye-opener for one maneuver officer regarding cyber’s capabilities on the battlefield.
Military leaders often describe the “speed of cyber” as being measured in milliseconds or microseconds, which means the operations tempo in the cyber realm is incredibly high and decisions are made rapidly. But an offensive cyber campaign can sometimes take much longer than maneuver commanders might expect. In a teleconference with reporters to discuss Cyber Blitz results, Lt. Col. John Newman, USA, deputy commanding officer, 3rd Brigade Combat Team, 10th Mountain Division, reports that the experiment proved to be a revelation.
By some measures, Dana Deasy, U.S. Defense Department chief information officer, has made a lot of progress in a little amount of time. He has developed an overarching digital modernization strategy, created a cyber working group, reviewed the department’s plans for implementing an enterprise-scale cloud computing architecture, and is leading an effort to establish a Joint Artificial Intelligence Center.
Multifaceted efforts that will work in concert with each other are at the heart of U.S. Navy cybersecurity programs. The sea service faces the dual challenge of incorporating new architectures and technologies such as the cloud, light-based communications, artificial intelligence and machine learning amid increasingly sophisticated adversaries. It is implementing new approaches that promise operational efficiency and better cybersecurity, but these approaches are complementary and must function together to realize their full potential.
Work is needed to improve temporal, spectral and information understanding within the layers of the cyber domain to facilitate useful cyber-spectral and information maneuver. These advances could be incorporated into tactics, techniques and procedures as well as tactical and operational systems to enhance the overall military commanders’ decision process to achieve information dominance.
Most of the tactical cyberspace domain is spectrum-dependent and administered solely at the physical layer. Currently, warfighters cannot comprehend, much less maneuver within, a space that is inaccessible to them because they are not in a dimensionality to understand it. They operate in a cyber-spectral flatland.
Technologies are spawning a revolutionary improvement in command and control that will have a transformative impact on how it is conducted at the operational level. These advancements, particularly artificial intelligence, are changing command and control functions such as sensing, processing, “sensemaking” and decision-making. Even greater changes lie ahead as innovation serves a larger role in defining both form and function.
Future U.S. Army regionally aligned forces will benefit from experiences—and solutions—discovered during last year’s integration with the U.S. Army Europe communications network. Although their communicators expected to hit the ground running when they arrived in theater, integrating tactical communications systems was more difficult than expected. Fortunately, new technology and soldiers’ know-how not only solved the immediate problems but also set the stage for easier communications integration in the future.
In the future, voice analysis of an intercepted phone call from an international terrorist to a crony could yield the caller’s age, gender, ethnicity, height, weight, health status, emotional state, educational level and socioeconomic class. Artificial intelligence-fueled voice forensics technology also may offer clues about location; room size; wall, ceiling and floor type; amount of clutter; kind of device, down to the specific model used to make the call; and possibly even facial characteristics of the caller.
Artificial intelligence, or AI, will become an integral warfighter for the U.S. Army if the service’s research arm has its way. Scientists at the Army Research Laboratory are pursuing several major goals in AI that, taken together, could revolutionize the composition of a warfighting force in the future.
The result of their diverse efforts may be a battlefield densely populated by intelligent devices cooperating with their human counterparts. This AI could be self-directing sensors, intelligent munitions, smart exoskeletons and physical machines, such as autonomous robots, or virtual agents controlling networks and waging defensive and offensive cyber war.
The federal government, building on existing identity management practices, is investigating how it can leverage passports and other state and federally issued ID cards to verify identity in the digital age. The need to validate a citizen’s identity in person and online is only going to grow across platforms, experts say. And absent a secure commercial solution, the government may have to provide verification of identity.
As billions more Internet of Things (IoT)-related devices come online, the barrage of cyber threats will not only continue but will target users in new ways. Moreover, the number of adversaries mounting attacks against the United States in cyberspace will continue to grow in the next year, as nation-states, terrorist groups, criminal organizations and others persist in the development of cyber warfare capabilities, Michael Moss, deputy director, Cyber Threat Intelligence Integration Center (CTIIC) warned during recent Congressional testimony.
Government IT professionals have clear concerns about the threats posed by careless and untrained insiders, foreign governments, criminal hackers and others. For the government, cyber attacks are a matter of life. We must deal with them as a common occurrence.
The U.S. Army is head and shoulders above the other services in the cyber arena, Rear Adm. William “Bill” Leigher, USN (Ret.), director of Department of Defense Cyber Warfare, Raytheon, stated.
“The Army is the example that I hold up to my fellow sailors. The Army doing is it exactly right,” Adm. Leigher said.
The John S. McCain National Defense Authorization Act for Fiscal Year 2019 (NDAA 2019), passed by Congress on August 1 and signed by President Trump yesterday, takes cybersecurity a step further, with language affirming DOD’s role in defending against attacks and operating in cyberspace, the fifth warfare domain.
Although past NDAA legislation has included some provisions on DOD’s cyber role, this year’s bill specifies that the Secretary of Defense has the authority to conduct military cyber activities or operations in cyberspace—including clandestine activities—to defend the United States and its allies.
The U.S. Army Cyber Command’s successful consolidation of capabilities from cyber, intelligence, electronic warfare and signal forces may be the deciding factor in whether sophisticated adversaries prevail in the future battlespace, says Lt. Gen. Stephen G. Fogarty, USA, leader of the command.
The U.S. Army’s major overhaul of its network may lead to a communications structure capable of conforming to an array of operational situations, including the possibility of providing offensive cyber and electronic warfare capabilities.
Millions of times every single day, antagonists search for entry into the U.S. Defense Department’s networks. They come from all over: Russia, China, North Korea, Iran. Some are sponsored by nation-states; others are terrorist groups.
The U.S. Office of Management and Budget released a report this spring showing the abysmal state of cybersecurity in the federal government. Three-quarters of the agencies assessed were found to be “at risk” or “at high risk,” highlighting the need for a cyber overhaul. The report also noted that many agencies lacked “standardized cybersecurity processes and IT capabilities,” which affected their ability to “gain visibility and effectively combat threats.”
Medical technologies such as electronic devices implanted or injected into the human body are the next growth area for hackers pursuing money or control of individual people. With nanotechnology implants already being used for some medical treatments, advances in their application could pose as great a cybersecurity threat as what faces the Internet of Things, experts say.