The Cyber Edge

The Cyber Edge Home Page

April 6, 2021
Posted by: George I. Seffers
A newly formed industry advisory council will allow small and large businesses to provide feedback on the CMMC. Credit: Gorodenkoff/Shutterstock

The Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB), the sole authoritative source for operationalizing CMMC assessments and training by the U.S. Defense Department, has announced the formation of a cybersecurity Industry Advisory Council’s (IAC).

The CMMC-AB IAC mission is to provide a unified voice as representatives of organizations seeking certification to provide to the Defense Department and the accreditation board feedback, input and recommendations for implementing the CMMC.

April 1, 2021
By George I. Seffers
With the National Institute of Standards and Technology expected next year to select quantum-resistant algorithms for encryption and for digital signatures, an NSA official warns that departments and agencies should begin preparing now to protect national security systems in the quantum era. Credit: sakkmesterke/Shutterstock

The national security community needs to prepare now for the possibility that U.S. adversaries could develop and deploy quantum computers, which would render useless most conventional encryption algorithms, says Adrian Stanger, senior cryptographic authority, Cybersecurity Directorate, National Security Agency (NSA).

April 1, 2021
By Matt Toth and Richard Chitamitre
Training sessions, such as Cyber Shield 19, provide cybersecurity analysts opportunities to train, exchange best practices and test their cyber mettle. Credit: Army Staff Sgt. George B. Davis

The nature of military permanent change of station assignments can create gaps in the U.S. Defense Department’s protected posture to cyber assets. The current approach allows valuable institutional knowledge literally to walk out the door, often being replaced with inadequately prepared personnel walking in. This practice runs contrary to the Pentagon’s stated strategic goals that aim at building and maintaining a skilled workforce rather than solely acquiring new tools.

April 1, 2021
By Miroslav Nečas
The NATO Ministers of Defence meet in February to prepare for its summit later this year. Among the topics socially distanced attendees discussed were progress on burden sharing and missions in Afghanistan and Iraq. Credit: NATO

NATO is at risk of losing its technology edge because of emerging and disruptive technologies increasingly developed within the civil sector. The growth of peer competitors’ determination, especially China, and the decline of technology education in Western countries are eroding the advantage they once skillfully held.

To address this state of affairs, the organization’s defense ministers are examining a number of activities. As a part of this initiative, the NATO Industrial Advisory Group (NIAG) conducted a study to provide the industry view of the implications of emerging and disruptive technologies (EDTs) and Chinese advances in defense operations and military capability development.

February 1, 2021
By Mark S. Sincevich
Senior Airman Rose Li, USAF (l), and Airman 1st Class Eric Gardella, USAF, 86th Communications Squadron wing cyber readiness technicians, monitor malicious network activity during exercise Tacet Venari at Ramstein Air Base, Germany, in 2020 to prepare local cyber defenders in safeguarding critical technological infrastructures. U.S. Air Force photo by Staff Sgt. Devin Boyer

The federal government has been taking zero trust more seriously. Although a significant part of it has yet to be implemented, some initial work has been completed with zero trust network access, yet the outside-in approach to zero trust and complexity remains. But the more important aspect of zero trust relates to application and workload connections, which is what attackers care about and is not being protected today.

This “other side” of zero trust and a host-based micro-segmentation approach will lead to greater security and will stop the lateral movement of malware. Constituting multiple pilot projects is the best way forward in the inside-out approach to zero trust.

March 25, 2021
By Kimberly Underwood
Adversaries are no longer merely launching attacks from their part of the world, says Gen. Paul Nakasone, USA, commander, U.S. Cyber Command, testifying before Congress on March 25. “They can come in the United States and use our infrastructure, and there is a blind spot for us not being able to see them,” he warns.

The last year presented “unique challenges” to the military combatant command in charge of defending U.S. related interests in cyberspace. The three-year old U.S. Cyber Command, which plans and executes global cyberspace operations, activities and missions in regard to defending and advancing national interests, has spent the last year defending and mitigating against the continuing cyber threats from China, Russia, Iran and nonstate actors and criminals, reported Gen. Paul Nakasone, USA, commander, U.S. Cyber Command (CYBERCOM); director, National Security Agency (NSA); and chief, Central Security Service (CSS); in testimony before the Senate Armed Services Committee today.

March 1, 2021
By Maryann Lawlor
China’s consolidated control its political mechanisms enables a unity of effort difficult to achieve in democracies. Credit: Shutterstock/Poring Studio

The rise of the People’s Republic China as a peer competitor vying for superpower status has emerged as an important challenge for the United States. To confront this competition, policy and decision makers must preserve and extend U.S. global interests to deter China if necessary and work in the international system in which the United States plays a vital role.

March 1, 2021
By Robert K. Ackerman
Credit: DHS

The entire nation must engage in an informed debate about cybersecurity and how to stop the damage being inflicted by adversaries through cyberspace, says the director of intelligence for the U.S. Cyber Command. Brig. Gen. Matteo Martemucci, USAF, J-2 for the U.S. Cyber Command, says this debate must explore whether the roles played in cyber defense stay the way they are or change.

March 1, 2021
By George I. Seffers
The DARPA OPS-5G program has set some ambitious goals, including adoption of the technology by a mobile carrier near a military base and machine translation of open source standards. Credit: ZinetroN/Shutterstock

If all goes as planned, a major mobile cellphone carrier will ultimately adopt technology developed under the Defense Advanced Research Project’s Agency’s Open, Programmable, Secure 5G program. Doing so will allow the open-source, secure technology to proliferate as so-called Internet of Things technologies become more ubiquitous.

March 1, 2021
By George I. Seffers
A signal support system specialist prepares a radio system used to allow soldiers and airmen to keep in constant communications with one another during their missions. Graphic illustration by Regina Ali, U.S. Defense Department

The U.S. Defense Department already is looking beyond its massive $600 million investment in 5G experiments announced in October. Plans include a second round of experiments and the potential for expanding efforts with other government agencies and with international partners.

March 1, 2021
By Kimberly Underwood
One of the key challenges about 6G will be operating in ultra-high frequencies—in terahertz—and AT&T has started internal corporate development and external research at 60 U.S. universities to shape solutions for the next generation of wireless communication. Credit: Shutterstock/Den Rise

The telecommunications industry is currently rolling out the fifth-generation wireless network known as 5G, which is bringing more bandwidth, lower latency, high-speed throughput, improved reliability and increased connectivity to mobile communications. Off of that advancing communications point will come 6G, the sixth iteration of the wireless network.

March 1, 2021
By Jörg Eschweiler
Coalition Warrior Interoperability Exercise 2019 (CWIX 2019) hosted at the NATO Joint Force Training Centre in Bydgoszcz, Poland, showcased military interoperability between NATO personnel, processes and technologies. Credit: Dawn Stankus, NATO

As a lead nation, Germany has been successfully designing and implementing the Federated Service Management and Control capability as part of the development of the NATO Federated Mission Network. Throughout the joint approach, NATO member states, partner nations Austria and Switzerland, the NATO Communications and Information Agency, the Allied Command Transformation and Supreme Headquarters Allied Powers Europe, which are both NATO strategic commands, as well as Allied Command Operations have been continuously involved in its design and incremental implementation.

February 24, 2021
By George I. Seffers
U.S. intelligence community personnel may be more vulnerable while telecommuting during the pandemic, but so are U.S. adversaries, experts point out. Credit: enzozo/Shutterstock

Like the rest of the world, the U.S. intelligence community has been forced to telework during the COVID-19 pandemic, which offers opportunities, but then again, U.S. adversaries are working from home as well, which may offer opportunities, intelligence experts pointed out during a February 23 AFCEA Intelligence Committee webinar.

The online event included Melissa Planert, director, Tradecraft and Technology Group, Analysis Directorate, National Geospatial-Intelligence Agency, and Reid D, an innovator in secure government in the United Kingdom who did not want to be fully identified.

February 1, 2021
By Maj. Brian Kerg, USMC
Credit: Shutterstock/Potential Filmmaker

The Defense Department has an information warfare (IW) problem. While the information environment continues to grow exponentially in importance and ubiquity, rapidly transforming the character of competition and war, there is no organization within the department that directs, synchronizes and coordinates IW planning and operations.

U.S. Cyber Command serves this very purpose for cyber operations, as do its service components. But this necessarily anchors the focus of American IW on a single information related capability (IRC), at the expense of the many other IRCs and their ability to generate military advantage.

January 29, 2020
By Kimberly Underwood
The FBI is examining how zero trust architecture could apply to its cybersecurity measures. Credit: Shutterstock/Kristi Blokhin

The Federal Bureau of Investigation (FBI) has a unique role as a federal law enforcement agency as well as a national security department. Its vast information technology enterprise must support its functionality in carrying out these roles, which have different rules of engagement. And when adding new tools, processes or software, the bureau has to consider solutions carefully. With zero trust architecture—a method that combines user authentication, authorization and monitoring; visibility and analytics; automation and orchestration; end user device activity; applications and workload; network and other infrastructure measures; and data tenants to provide more advanced cybersecurity—gaining use in the U.S.

January 22, 2021
By Maryann Lawlor
While many cybersecurity recommendations have focused on the activities of the federal government, AFCEA Cyber Committee members recognize the role of state and local authorities in information security. Credit: Shutterstock/ESB Professional

The cybersecurity of civil government, critical infrastructure and business infrastructure remains uneven. Worrying reports of ransomware affecting city and county governments as well as local health care organizations have put leaders and administrators, and infrastructure operators on edge.

January 13, 2021
By Kimberly Underwood
Cybersecurity experts warn of possible growing cyber risks from domestic unrest. Credit: Shutterstock/Sergey Nivens

Officials in U.S. federal and state governments need to consider and address the possible cyber risks stemming from the current civilian unrest, cyber experts advise. Until now, the federal government, especially, has had a foreign intelligence focus, said Adm. Michael Rogers, USN (Ret.).

January 1, 2021
By Kimberly Underwood
When the GAO performs cybersecurity-related audits and reports its findings, the watchdog provides key recommendations to agencies to improve their networks and information technology from risks. The GAO also follows up to see how an agency implemented those recommendations. Credit: Illustration by Chris D’Elia based on images from GAO Reports and lurri Motov/Shutterstock

It is no secret that the U.S. government is grappling with cybersecurity issues across its organizations and agencies. The good news is that the government has an auditing agency that investigates possible weaknesses or cybersecurity gaps and makes key recommendations to rectify problems: the U.S. Government Accountability Office, known as GAO.

January 1, 2021
By Lt. Col. (G.S.) Stefan Eisinger
Military and civilian personnel work hand in hand to tackle challenges in cyberspace. Credit: Bundeswehr

Germany, the United States and many other nations are facing a more diverse, complex, quickly evolving and demanding security environment than at any time since the end of the Cold War. The resulting challenges to national and international security and stability could be as harmful to societies, economies and institutions as conventional attacks.

December 30, 2020
By George I. Seffers
Army Sgt. Evan Tosunian (l) and Sgt. Allan Sosa, both assigned to the California Army National Guard’s 224th Sustainment Brigade, install single-channel ground and airborne radio systems in a Humvee at the National Guard armory in Long Beach, California, in May. The Army’s standardized, reprogrammable encryption chip known as RESCUE will help secure communications for radios, computers, unmanned vehicles and other systems. Credit: Army Staff Sgt. Matthew Ramelb, California Army National Guard

The U.S. Army’s universal, reprogrammable encryption chip is in final testing and may be destined for the service’s next-generation encryption fill device, other military services or possibly even the commercial sector.

The REprogrammable Single Chip Universal Encryptor (RESCUE) technology was developed to be a government-owned, general-purpose cryptographic module and architecture that is highly tailorable to counter emerging cryptographic threats. It uses standardized encryption algorithms designed by the National Security Agency (NSA) and the National Institute for Standards and Technology.

January 1, 2021
By Jennifer Zbozny
Roderick Wilson performs a scan to ensure all computer equipment on the installation has the proper operating system and software patches installed at Anniston Army Depot. Credit: Jennifer Bacchus

The U.S. Army upped the tempo when Gen. Mark Milley, USA, fired off his first message to the force in August 2015 as the newly sworn-in Army Chief of Staff: “Readiness for ground combat is—and will remain—the U.S. Army’s No. 1 priority.” Today, Gen. Milley is the chairman, Joint Chiefs of Staff, and the Army has rebuilt its tactical readiness through a transformational process that it is now expanding to focus on strategic readiness.

January 1, 2021
By M.D. Miller
When people around the world are communicating, they must use precise terms to ensure they are referring to the same topics, problems, results and solutions. Credit: Shutterstock/Rawpixel.com

Emerging technology, state actors such as Russia and China, and nonstate actors including ISIS, are often quoted as some of the greatest threats to computer and network security. But before the United States can engage with these threats effectively, the war against words must take place.

One place to start is by eliminating the word “cyber” as a descriptor. The term has been used and overused, manipulated and exploited so many times and in so many places, it has become meaningless. What individuals or organizations mean or want when they use it is impossible to say. It’s time to scrap the word altogether and instead specify technical concepts at a more granular level.

December 30, 2020
By Kimberly Underwood
When the GAO performs cybersecurity-related audits and reports its findings, it provides key recommendations to agencies to improve their networks and information technology from risks. Illustration by Chris D’Elia based on images from GAO Reports and lurri Motov/Shutterstock

December’s news of yet another highly sophisticated break into U.S. government agencies’ cyber systems didn’t come as a surprise to the Government Accountability Office. The government’s auditing agency investigates possible weaknesses or cybersecurity gaps and makes key recommendations to rectify problems. In some ways, it saw this coming.

December 17, 2020
Posted by: George I. Seffers
The European Union's new Cybersecurity Strategy aims to safeguard a global and open Internet, while at the same time offering safeguards, according to a published announcement. Credit: mixmagic/Shutterstock

The European Union has released a new EU Cybersecurity Strategy designed to bolster Europe's collective resilience against cyber threats and help to ensure that all citizens and businesses can fully benefit from trustworthy and reliable services and digital tools, according to a published announcement.

December 2, 2020
By George I. Seffers
Joint Force Headquarters-Department of Defense Information Network officials use threat intelligence to bolster the defense of the network against a surge of attacks during the pandemic. Source: Rafal Olechowski/Shutterstock

Cyber attacks against the Defense Department and many other organizations have increased dramatically during the COVID-19 pandemic, but the integration of cyber threat intelligence has helped the department defend its networks, according to Col. David Violand, deputy director of intelligence, Joint Forces Headquarters-Department of Defense Information Network (DODIN).

Col. Violand made the comments during the AFCEA TechNet Cyber conference, a virtual event held December 1-3.

December 4, 2020
By George I. Seffers
With U.S. adversaries expected to be using quantum computing technologies in the next several years, officials at the Defense Information Systems Agency are exploring quantum-resistant technologies.Credit: metamorworks/Shutterstock

Because U.S. adversaries likely will be able to use quantum computers within the next several years, Defense Information Systems Agency (DISA) officials are beginning to explore quantum-resistant technologies and the role the agency might play in developing or deploying those technologies.

December 2, 2020
By George I. Seffers
The vast troves of personal data on U.S. citizens are now being weaponized by foreign adversaries, panelists warn.at TechNet Cyber. Credit: Meranna/Shutterstock

Massive amounts of sensitive information on U.S. citizens are being collected, created, shared, bought and sold, and in some cases used as a weapon by the country’s adversaries, according to a panel of experts speaking at the AFCEA TechNet Cyber conference, a virtual event held December 1-3.

The information is gathered and sold by companies such as Facebook and Google and the producers of a wide range of applications, programs and technologies. 

December 1, 2020
By George I. Seffers
While human cyborgs may still be the stuff of science fiction, the science may be a little closer to reality following breakthroughs in materials used for neural links and other implants that offer a wide array of benefits, including potential medical advances. Credit: Ociacia/Shutterstock

Electronic implants in the brain or other parts of the body may be more efficient and effective due to a recent breakthrough by researchers at the University of Delaware. The advance potentially offers a wide array of biotechnology benefits and could also allow humans to control unmanned vehicles and other technologies with the brain.

December 1, 2020
By George I. Seffers
The Defense Information Systems Agency and the Joint Artificial Intelligence Center are collaborating on an artificial intelligence tool to enhance cybersecurity for the Defense Department. Credit: Titima Ongkantong/Shutterstock

The U.S. Defense Department is developing a machine learning tool that can more quickly detect cyber intrusions and enable a more rapid response.

December 1, 2020
By Robert K. Ackerman
A U.S. Army infantryman radios his situation report during an exercise. Future defense communications systems are likely to be smaller and more comprehensive as the military and industry collaborate on new information technology capabilities that help the warfighter in the battlespace. Credit: Capt. Lindsay Roman, USA

Speed will be the order of the day for military information systems as new technologies incorporate breakthrough innovations. Hardware also will transform as capabilities grow in influence. But above all, the entire defense information system community is undergoing major cultural changes spawned by a combination of innovation and disease.

November 13, 2020
By Maryann Lawlor
The United States is preparing to enter a period when its infrastructure goes beyond being connected to or depending on cyberspace but instead will reside in cyberspace. Credit: Shutterstock/Gorodenkoff

U.S. data protection and its relationship to national interests are swiftly evolving. One reason this trend will continue, cybersecurity specialists say, is that other nations see cyberspace differently than the United States and other democracies. Rather than incorporating technology into their societies as a tool, they use cybersecurity—both offensively and defensively—to support their different views and overall significantly challenge U.S. interests.

November 9, 2020
By George I. Seffers
Leaders help their teams turn big ideas into diamonds, says Vice Adm. Nancy Norton, USN, DISA director and commander, JFHQ-DODIN. Credit: CoreDESIGN/Shutterstock

It is not necessary for a leader to be the most brilliant person in an organization but to foster innovation and ensure those with big ideas are given opportunities to succeed, according to Vice Adm. Nancy Norton, USN, the Defense Information Systems Agency (DISA) director and the commander for the Joint Forces Headquarters-Department of Defense Information Network (JFHQ-DODIN).

November 1, 2020
By Kimberly Underwood
U.S. Air Force airmen monitor computers in support of the Advanced Battle Management System Onramp 2 exercise in September at Joint Base Andrews, Maryland. The military held multiple exercises this fall that proved some of the initial concepts of joint warfighting across all domains. Credit: Air Force photo by Senior Airman Daniel Hernandez

The U.S. military is rapidly pursuing Joint All-Domain Command and Control, known as JADC2, as a way to confront near-peer adversaries China, Russia and other nations. The effort requires innovative computing, software and advanced data processing; emerging technologies such as artificial intelligence, cloud and 5G communications; along with integration of the military’s existing legacy systems. Leaders have learned that to fully implement JADC2, they have to shed some of the military’s old practices.

November 1, 2020
By George I. Seffers
Soldiers assigned to 1st Stryker Brigade Combat Team use satellite communication systems at the National Training Center, Fort Irwin, California, in March. Next summer, the Army intends to take its premier command, control, communications, cyber, intelligence, surveillance and reconnaissance experiment to the Indo-Pacific theater. It will mark the service’s first full-sized technology development experiment in a combat theater. Credit: U.S. Army/Pfc. Rosio Najera

When the U.S. Army conducts its Multi-Domain Operations Live experiment in the Indo-Pacific region next year, it will mark the first time the service has undertaken a full-scale technology development experiment in a combat theater. The goal is to assess technologies under the same conditions they will face in times of war, rather than in a stateside setting.

November 1, 2020
By Nicholas A. Strnad and Lt. Col. Elizabeth Agapios, USA
Army scientists explore materials at the nanolevel with the goal of finding stronger or more heat-resistant properties to support the Army of the future. Credit: U.S. Army photo by David McNallyArmy scientists explore materials at the nanolevel with the goal of finding stronger or more heat-resistant properties to support the Army of the future. Credit: U.S. Army photo by David McNally

Nanotechnology continues its march through the field of electronics, enabling faster and more energy-efficient computer processors, larger computer memory density and increased battery capacity. These ever-shrinking micro and nanodevices require advanced manufacturing methods to produce. Atomic-scale processing refers to a collection of these methods that may be used to deposit and remove material at the smallest scales, a single atomic layer at a time.

October 27, 2020
By George I. Seffers
Staff Sgt. Keila Peters, USA, an embedded noncommissioned officer within the Army C5ISR Center, conducts testing on equipment for the command post survivability effort during Network Modernization Experiment 20 at Joint Base McGuire-Dix-Lakehurst, New Jersey, July 27, 2020. The Army's new deputy chief of staff for G6 has laid out three pillars for his restructured office that include cyber, signal, electronic warfare and networking priorities. Credit: U.S. Army C5ISR Center photo/Jasmyne Douglas

During an October 27 telephonic roundtable discussion with reporters, Lt. Gen. John Morrison, USA, Army Deputy Chief of Staff, G-6, revealed four pillars for the restructured office. They include building a unified network; posturing signal, cyber and electronic warfare forces for multidomain operations; reforming and operationalizing cybersecurity processes; and driving effective and efficient network and cyber investments.

October 23, 2020
By George I. Seffers
C5ISR Center electronics engineer Michelle Moore studies vehicle positions while evaluating the Blue Force Tracking Resiliency effort during Network Modernization Experiment 20 at Joint Base McGuire-Dix-Lakehurst, New Jersey, September 29. The experiment also included autonomous agents monitoring the network. Credit: U.S. Army C5ISR Center photo/Jenna Mozeyko

The recently completed Network Modernization Experiment (NetModX) included an army of autonomous agents unleashed in defense of the network and in some cases also protected other artificial intelligence (AI) technologies.

NetModX is a science and technology experiment held July 20-October 2 at Joint Base McGuire-Dix-Lakehurst, New Jersey. The science and technology experiment provides lessons learned for Army acquisition decisions, science and technology specifications, requirements and strategies necessary to modernize the force. Systems that performed well this year might ultimately end up in the Army’s arsenal as part of the capability sets to be fielded in 2023 and 2025.

October 1, 2020
By Robert Hoffman
Marines with Marine Corps Forces Cyberspace Command work in the cyber operations center at Lasswell Hall, Fort Meade, Maryland. MARFORCYBER Marines conduct offensive and defensive cyber operations in support of U.S. Cyber Command and operate, secure and defend the Marine Corps Enterprise Network. Credit: Staff Sgt. Jacob Osborne, USMC

Automation software tools are being under-utilized, especially in the U.S. Defense Department. While the department has purchased and used automated scanning tools for security and compliance, it has been slow to adopt automation for many other tasks that would benefit from the capability, such as easing software deployment and standardization and, once developed, increasing the speed of overall automation.

October 1, 2020
By Kimberly Underwood
As the deadly COVID-19 virus spread around the world, so did the attacks from malicious cyber actors, taking advantage of the unsure times, say experts from leading cybersecurity firms. Credit: Shutterstock/VK Studio

While the world was facing the rapid and deadly spread of the severe acute respiratory syndrome coronavirus 2, most commonly known as COVID-19, malicious cyber attackers were also at work, increasing the number of attacks, switching methods, taking advantage of the boom in Internet, network and email users, and playing on fears during the uncertain time, cybersecurity experts say. Companies struggling to maintain operations are still leaving gaps in digital security, they warn.

October 7, 2020
By Ray Rothrock
Just like basic personal hygiene during a pandemic, practicing cyber fundamentals comes down to the individual and consistency. Photo credit: vientocuatroestudio/Shutterstock

When it comes to nefarious deeds, the COVID-19 pandemic has been a gold mine for bad actors. In addition to wreaking havoc for individuals and healthcare organizations, federal agencies are also prime targets. Case in point: a portion of the Department of Health and Human Services’ (HHS) website was recently compromised, in what appears to be a part of an online COVID-19 disinformation campaign. 

In a time of heightened cyber risk and limited human and fiscal resources, how can agencies protect their networks from malicious actors by taking a page from the COVID playbook? They can diligently practice good (cyber) hygiene.

In fact, there is a direct correlation between personal and cyber hygiene.

October 1, 2020
By Robert K. Ackerman
A U.S. Navy operations specialist uses a radar system in a combat information center in the 7th Fleet area of operations. The U.S. Navy’s PEO C4I and Space Systems is focusing on parallel development of digital assets and capabilities to speed innovation to the fleet. Credit: U.S. Navy

The U.S. Navy is focusing on parallel development of its new digital assets and capabilities as it works to rush advanced information innovations to the fleet. With the need for better technologies increasing coincidental to the rapidly evolving threat picture, the Navy has opted for concurrence as its main tool for implementing both upgrades and innovations.

October 1, 2020
By Joseph Mitola III
Senior Airman Daniel M. Davis, USAF, 9th Communications Squadron information system security officer, looks at a computer in the cybersecurity office on Beale Air Force Base. Cybersecurity airmen must manage more than 1,100 controls to maintain the risk management framework. Credit: U.S. Air Force photo by Airman Jason W. Cochran

Users need to transition all networked computing from the commercial central processing unit addiction to pure dataflow for architecturally safe voting machines, online banking, websites, electric power grids, tactical radios and nuclear bombs. Systems engineering pure dataflow into communications and electronic systems can protect them. The solutions to this challenge are in the users’ hands but are slipping through their fingers. Instead, they should grab the opportunity to zeroize network attack surfaces.

October 1, 2020
By Dirk W. Olliges
Leslie Bryant, civilian personnel office staffing chief, demonstrates how to give fingerprints to Jayme Alexander, Airmen and Family Readiness Center casualty assistance representative selectee. Although requiring fingerprints to access information is better than single-factor identification verification, it should be part of a multifactor authentication approach. Credit: 2nd Lt. Benjamin Aronson, USAF

The two-factor authentication schema is often heralded as the silver bullet to safeguard online accounts and the way forward to relegate authentication attacks to the history books. However, news reports of a phishing attack targeting authentication data, defeating the benefits of the protection method, have weakened confidence in the approach. Furthermore, hackers have targeted account recovery systems to reset account settings, yet again mitigating its effectiveness. Facilitating additional layers of security is crucial to bolstering user account protection and privacy today and into the future.

September 25, 2020
By Maryann Lawlor
Enterprisewide Risk Management (ERM) consists of the formal identification of major risks to the organization’s mission.

Cybersecurity is now a significant area of focus and concern for senior leaders who have witnessed cyber events that have resulted in significant financial and reputational damage. However, for many organizations, data defense continues to be a technology-focused effort managed by the technical “wizards.” Board of director discussions often zero in on describing the latest cyber threats rather than taking a long-range approach.

But cybersecurity is more than a technical challenge. Enterprise risk management (ERM) is an effective tool to assess risks, including those with cyber origins, but few businesses or agencies use the technique for this purpose, cyber experts assert.

September 4, 2020
By Robert K. Ackerman
The U.S. Government Accountability Office (GAO) is exploring the ramifications of a number of emerging disruptive technologies. Credit: GAO file photo

The future of U.S. technology likely will be cyber-heavy with innovative breakthroughs erupting from several areas such as telecommunications and digital ledger capabilities. Many of these disruptive technologies have policy ramifications either in their development or their implementation. The federal government must consider aspects such as regulatory issues, privacy, economic competitiveness and security requirements.

September 1, 2020
By George I. Seffers
Unmanned aircraft have proved immensely valuable to the military and to intelligence agencies, but they are sometimes too noisy for stealthy reconnaissance. The Intelligence Advanced Research Projects Activity is developing a silent and miniature aerial drone known as the Little Horned Owl. Credit: U.S. Defense Department photo by Petty Officer 3rd Class Jeffrey S. Viano, U.S. Navy

The cloud computing infrastructure at the Intelligence Advanced Research Projects Activity allowed the organization to pivot to a new teleworking norm during the pandemic that’s not much different than the old norm. The organization has conducted business as usual, hiring program managers, adding office directors, creating and killing programs, and continuing to meet the intelligence community’s technology needs.

Catherine Marsh, director of the Intelligence Advanced Research Projects Activity, known as IARPA, was told on March 12 to “lean forward,” and she did, allowing almost the entire staff to telecommute beginning the next day. Even contractors work from home legally, securely and effectively.

September 1, 2020
By Kimberly Underwood
The increase in the remote workforce due to the pandemic has highlighted calls for increased digital identity management. Credit: Shuterstock/Enzozo

Today’s identity management is fragmented and decentralized, relying on a lot of different systems to authenticate people and manage identities. Organizations use a variety of disjointed tools from passwords and smart cards to biometrics. Instead, organizations should pursue a more holistic approach.

September 1, 2020
By Robert K. Ackerman
Credit: Shutterstock/FOTOGRIN

China’s global moves to gain technological hegemony over 5G and reshape the Internet to suit its own needs offer the potential to give the Middle Kingdom control over the telecommunications market and information itself. At the very least, it would achieve market dominance. But at most, it would control both the nature of the Internet and the information that flows through it, say Internet experts.

September 1, 2020
By Shaun Waterman
As part of the nine-day Cyber Guard exercise, participants work through a training scenario. Credit: Navy Petty Officer 2nd Class Jesse A. Hyatt, USN

Second of a two-part report.

The Cyber Solarium Commission, a congressionally chartered panel of expert policymakers, was created to tackle cyber conflict in the same way its Truman-era predecessor addressed the Cold War confrontation between the United States and the Soviet Union. An article in SIGNAL Magazine’s August issue (“Leaders Seek a Grand Strategy for Cybersecurity") explored the commission’s theory of deterrence by denial and how it embraced the concept of resilience.

September 1, 2020
By George I. Seffers
Conceptually, soldiers wearing the tactical identification and authentication tokens could simply approach a system to log in and be recognized by that system, which prompts them to enter a personal identification number or to use a biometric as a second authentication factor. They also may be automatically logged out when they walk away. Credit: U.S. Army

The U.S. Army’s wearable authentication tokens intended for the tactical environment could be used for nontactical purposes, such as accessing strategic-level systems, enterprise networks and medical systems, researchers say.