Domestic cybersecurity has some new potential vulnerabilities to defend, according to the Department of Homeland Security’s (DHS’s) 2018 Cybersecurity Strategy. In addition to conventional concerns such as the water and power grids and the financial sector, the burgeoning number of Internet-connected devices and the global supply chain have emerged as areas that must be protected against a growing threat from a variety of adversaries.
Gen. Michael Hayden, USAF (Ret.), principal, the Chertoff Group, shifted the weight of the conversation at the AFCEA/GMU Critical Issues in C4I Symposium from the direction of cyber narrowly defined to information broadly defined. Throughout his morning keynote he touched on Russian manipulation of the 2016 election, the U.S. moving into a post-truth culture and what cyber leaders can do in the future to help secure the nation.
Situational awareness is key to cybersecurity and using analytics can help create the situational awareness needed to defend the nation from adversaries. “Never before have we had the tools that we have today to understand the environment we’re in,” said Roberta “Bobbie” Stempfley, director, Carnegie Mellon University’s Software Engineering Institute, CERT Division, during her morning keynote at the AFCEA-GMU Critical Issues in C4I Symposium.
Providing an information network that enables warfighters to perform global missions is not easy given the network itself is besieged constantly by cyber attacks. All U.S. Defense Department organizations use the complex technical infrastructure known as the Department of Defense Information Network (DODIN), and the responsibility to protect it 24/7 falls squarely on the shoulders of Joint Force Headquarters–Department of Defense Information Network (JFHQ-DODIN).
A bug bounty program worth a total of $10 million aims at acquiring and developing active cyber-defense capabilities for some of the most popular software programs for Windows, MacOS, iOS and Android. The public program is offering payouts focusing on quality over quantity to identify and address some of the toughest problems.
A common thread in the issue of U.S. cybersecurity today is the need for talent. Everyone—including industry and government—is struggling to keep up.
Timothy Cochrane and the team at American Corporate Partners (ACP) have developed a secret sauce to help combat the shortage of cybersecurity workers. And they have the stats to back it up.
Founded in 2008, ACP is a national nonprofit assisting post-9/11 veterans in their transition from the military to the civilian workforce. ACP focuses on mentoring, career counseling and professional networking.
It goes without saying that technology plays a key role in military operations. The concern nowadays, however, is if technology is appropriately hardened from a cybersecurity standpoint. For the Army, this means taking a close look at supply chain management, according to one Army leader.
The government has to be a savvy consumer amid a risky cybersecurity atmosphere. And companies need to be able to back up the products that they are offering the government, Col. Bryan Stephens, USA, director, Cyber Focal, Army System of Systems Engineering and Integration, told SIGNAL Magazine in a recent interview.
In a $350 million deal, San Francisco, California-based Splunk Inc. will purchase Phantom Cyber Corporation, a Palo Alto, California-based cyber security firm specializing in security orchestration, automation and response, known as SOAR. Splunk will acquire Phantom using a combination of cash and stock. The transaction is expected to close during the first half of 2018, subject to customary closing conditions and regulatory reviews. Oliver Friedrichs, Founder and CEO, Phantom will report to Haiyan Song, senior vice president and general manager of security markets, Splunk.
Wakelight Technologies Inc.,* Honolulu, Hawaii, was awarded $9,628,561 for firm-fixed-price task order N3225318F3000 under previously awarded contract N00178-14-D-8039 for information technology and cybersecurity services for Pearl Harbor Naval Shipyard. This contract will provide the government with information technology and cybersecurity capabilities that enhance the effectiveness, efficiency, productivity, and compliance to Department of Defense, Department of the Navy, and Department of Energy regulatory requirements and the availability, integrity, and confidentiality of the Pearl Harbor Naval Shipyard and Intermediate Maintenance Facility systems.
Although GPS-enabled activity-tracking applications like Strava may help warfighters keep fit, the applications may also reveal important information about military bases or soldier locations. One application revealed a concentration of U.S military personnel at a base overseas when shared as social media postings.
Given the rising concerns, officials at the Pentagon announced at a January 29 press conference the DOD would be looking into the issue, according to a report from Jim Garamone of DOD News.
Europe is taking on several socio-technological initiatives, including developing a digital single market and tackling consumer financial services reform. Add the need to balance privacy concerns and safeguards across 28 member countries of the European Union, and it may seem like a tall order for policy makers to help strengthen information security.
Enter the European Union Agency for Network and Information Security, the European Union’s cybersecurity agency known as ENISA. The agency, founded in 2004, equips the European Union (EU) to prevent, detect and respond to cybersecurity problems.
Although universities can be part of larger cyber attacks as unwitting victims like any other organization or enterprise, the institutions are distinguished by a collegial nature that renders them vulnerable. Academia has a more open atmosphere and a mindset of research and collaboration, making universities an enticing cyber target even for adversaries such as nation-states
Decisive Analytics Corp.,* Arlington, Virginia, is being awarded a $59,463,490 competitive cost-plus-fixed-fee contract for advisory and assistance services for cybersecurity compliance and risk management in support of technical, engineering, advisory and management support. The contract covers improved independent verification and validation analysis and reporting of the Ballistic Missile Defense System and Enterprise cybersecurity controls, and will expand information cybersecurity knowledge improving the system architecture, system life cycles, and authorization decisions for the Missile Defense Agency. The work will be performed in Colorado Springs, Colorado; and Huntsville, Alabama, with an estimated completion date of April 2023.
During the afternoon of the first day of AFCEA’s Cyber Education, Research and Training Symposium (CERTS), leaders from all five branches of the armed forces shared their perspectives on cyber education and training. Though all five laid out slightly different strategies and goals for their individual services, they all agreed they should leverage each other’s expertise and work together to figure out a way forward.
Col. Andrew O. Hall, USA, director, Army Cyber Institute, opened AFCEA’s first Cyber Education, Research and Training Symposium (CERTS) with a cyberthreat update.
“How can we make security effective and intuitive, yet usable?” Col. Hall asked attendees at the sold out conference. “Efficiency is an area of weakness and easy to hack,” he added. But it’s necessary to perform missions.
The emerging threats to cybersecurity are growing. Col. Hall focused on the global supply chain, artificial intelligence (AI) weapons factories, information warfare and critical infrastructure.
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded 418 Intelligence Corporation of Herndon, Virginia $350,000 to develop a forecasting platform that will help critical infrastructure owners and system operators share and keep abreast of the latest developments in cybersecurity protection. The award was made through the S&T Cyber Security Division’s (CSD) Cyber Risk Economics (CYRIE) project. CSD is part of the Homeland Security Advanced Projects Agency. CYRIE supports measurement and modeling of the business, legal, technical and behavioral aspects of the economics of cyber-threats, vulnerabilities and controls.
No longer a curiosity, the Internet of Things has emerged as a highly sought-after technology advantage for organizations worldwide. The federal government has stepped up as an innovator within this space, generating profound advancements with seemingly unlimited promise to support national security missions. Those in doubt need look no further than research from the Center for Data Innovation, a nonprofit, nonpartisan institute, which reveals a broad range of eclectic, real-life implementations.
SiCore Technologies Incorporated, Farmingdale, New York, has been awarded a $47,900,000 modification (P00002) to a previously awarded contract (FA8650-16-D-1712) for research and development, to provide the investigation and development of methodologies, tools, techniques, and innovative solutions to identify susceptibilities and mitigate vulnerabilities in Air Force weapon systems, and protect those systems against cyber-attack. Work will be performed at Wright-Patterson Air Force Base, Ohio, with an expected completion date of March 29, 2023. This contract was a competitive acquisition and 23 offers were received. Air Force Research Laboratory, Wright-Patterson Air Force Base, Ohio, is the contracting activity.
More and more, U.S. federal agencies are seeing inappropriate Internet access breaches, rogue devices and denial of service attacks. A key reason why: federal agencies are hindered by budget constraints that prevent information technology (IT) improvements. Agencies also have to juggle competing priorities, complex internal environments and poor top-level decision-making when it comes to cyber management, asserts a recent study from Herndon, Virginia-based SolarWinds Worldwide. The company conducted a survey of 200 federal government IT professionals in July to assess their cybersecurity challenges during the past 12 months.
A team at the U.S. Army Research Laboratory has created four generalized linear models to predict the number of cyber intrusions a company or government will experience on its network. To design the models, the team used empirical data about successful cyber intrusions committed against a number of different organizations obtained from a cyber defense services provider that defended the organizations’ networks.