The Defense Information Systems Agency intends next month to award a contract for its Thunderdome zero-trust architecture and to begin implementing a prototype within six months. The new architecture is expected to enhance security, reduce complexity and save costs while replacing the current defense-in-depth approach to network security.
The software management firm SolarWinds is revising how it approaches security to develop better products and to help its customers and protect the supply chain they all rely on.
Cyber attacks on supply chains are a growing threat, something SolarWinds experienced in 2020 when Russian government-backed hackers breached the servers for one of the company’s software products and compromised the security of hundreds of customers including several dozen federal agencies.
Under its new CEO Sudhakar Ramakrishna, the company is changing how it operates internally and with its customers by adopting a security by design approach to its operations.
Booz Allen Hamilton Inc., McLean, Virginia, was awarded a $200,000,000 multiple award, indefinite-delivery/indefinite-quantity contract with cost-plus-fixed-fee task orders for research and development. This contract provides for innovative research and development in order to identify, mitigate and protect avionics systems against cyber‐attack, and prototype agile, next‐generation platform and system of systems architectures to enable rapid integration and fielding of enhanced mission system capability. The location of performance is Beavercreek, Ohio, and work is expected to be completed by August 23, 2028. This award is the result of a competitive acquisition and three offers were received.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, released two key documents meant to raise the cybersecurity practices of government agencies and organizations. The documents, the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model are open for public comment through September 30, the agency reported.
As the Air Force strives to become a digital force and embraces Chief Gen. C. Q. Brown’s vision of accelerating change, the service is streamlining its cyber and communications career fields. Headquarters Air Force leaders, National Guard and Reserve leaders and major command functional managers of the cyberspace support career field met at Sheppard Air Force Base, Texas, last week to discuss how to develop the adaptable, agile communications and cyber career fields needed to support future Air Force requirements, reported John Ingle from the 82nd Training Wing Public Affairs.
It’s time to abandon the dream of an open, federated, multiplayer identity-provider ecosystem and move on, one of the pioneers of the concept told AFCEA’s 2021 Federal Identity Forum and Expo Tuesday.
“This federation dream that we've been hanging on to a long time, this model of anybody can get a credential from dozens or hundreds of identity providers and use it everywhere, hasn't taken hold, and I don't think it's going to anytime soon,” Jeremy Grant, coordinator of the Better Identity Coalition, said.
Ransomware is a form of malicious software that infiltrates a computer or network and limits or restricts access to critical data by encrypting files until a ransom is paid.
Ransomware attacks are on the rise and continue to be a disruptive force in the cybersecurity industry, affecting everything from financial institutions to higher education. Due to the rise in remote work prompted by the pandemic, attacks are up 148%.
Essye Miller, retired Defense Department principal deputy chief information officer, has continued her commitment to growing the cybersecurity workforce and increasing representation of women in STEM careers.
“One of my post-government commitments was to continue my efforts to build the next generation of cyber talent, especially with underrepresented communities,” Miller said. The National Cyber Scholarship Foundation (NCSF) was created to help close the critical skills gap in cybersecurity. It offered me the perfect opportunity to stay engaged and follow up on my commitment.”
Five key lines of effort define the course that the Defense Information Systems Agency (DISA) is taking to ensure information superiority for the U.S. military as it moves forward against new adversarial challenges. These lines of effort are the framework for the agency’s new strategy that is being developed and implemented at DISA.
Defense Information Systems Agency (DISA) officials do not plan to try to force others in the Defense Department or military services to use its zero-trust solution known as Thunderdome.
Thunderdome is a fledgling program that offers a range of capabilities, including secure access service edge (SASE), software-defined area networking (SD-WAN), identity credential access management (ICAM) and virtual security stacks.
SASE, which is pronounced “sassy,” is a technology package that includes SD-WAN, firewall as a service and cloud access security broker. While SASE has been implemented across much of the commercial world, it has not yet been widely adopted by the government.
With the recent emergence of zero-trust architecture and the pivot to work from home because of the COVID-19 pandemic, cybersecurity has been top-of-mind for everyone in government and industry. Cyberspace must be protected; it must be kept open to all; and it must be able to address change as it occurs.
Enter AFCEA’s Cyber Committee, a volunteer group of public and private sector information technology professionals that oversees AFCEA's outreach and helps ensure open lines of communication between the government and industry.
The threat to the integrity of the U.S. and global financial system posed by the crisis in online identity is a national security issue, a senior Treasury Department official told the 2021 Federal Identity Forum and Expo Monday.
The U.S. Air Force is pursuing zero-trust architecture on a level not seen before with the lead command, the Air Combat Command, driving many initiatives with a comprehensive view to employ zero-trust architecture across the service’s bases, weapon systems and mission environments. Supporting the cyberspace and engineering side of the effort is the 16th Air Force’s 688th Cyberspace Wing.
The U.S. Army needs to conduct five essential tasks to achieve the kind of information advantage that will allow commanders to make faster, more effective decisions than their adversaries. Those tasks are to enable decision making, protect friendly information, inform and educate domestic audiences, inform and influence international audiences and conduct information warfare.
The tasks were approved as part of a larger “logic map” during a February forum of one-, two- and three-star generals, according to Brig. Gen. Paul Craft, USA, commandant, U.S. Army Cyber School. Gen. Craft moderated a panel during the AFCEA TechNet Augusta conference in Augusta, Georgia.
In order to make the unified network vision a reality, the Army will need to adopt an array of technical capabilities, including 5G, zero trust cybersecurity, software-defined networks and data fabric.
It may take a village to raise a child, as the saying goes, but it can take a whole society to keep a country secure.
The term “whole-of-government” has been popular since at least the early 2000s to describe a multidepartment, multiagency effort to gain an advantage or keep the nation secure. The term has been used, for example, to describe counterterrorism efforts.
MGySgt Scott Stalker, USMC, command senior enlisted leader, U.S. Space Command: It's not just multi-domain operations. It's all domains.#AFCEATechNet
The U.S. is in the final stages of developing its unified network plans, according to Lt. Gen. John Morrison, USA, deputy chief of staff, G-6.
The Defense Information Systems Agency, known as DISA, is expanding its artificial intelligence (AI) efforts through a research agreement and a new pilot program. While both efforts are in the beginning stages, the agency is considering how to possibly apply the so-called AI capabilities to network defense—among other areas the agency is separately pursuing—as it conducts its daily 24/7 mission of protecting the Department of Defense Information Network, or DODIN.
The agency entered into a Cooperative Research and Development Agreement, or CRADA, with Vienna, Virginia-based software company NT Concepts to apply machine learning (ML) to defensive cyber operations.
The small business sector must seize the day and immediately begin taking the steps necessary to implement tools for cyber resilience and cyber readiness. Scaling cybersecurity services, education and training are crucial to national security.
Regarding the cyber warfare landscape for 2021, the most critical group to secure is the small and midsize business sector (SMBs), particularly following the pandemic. When working with tech-specific organizations and the military, process management and a sense of purpose can overcome inertia and apathy until a financial loss appears.
Earlier this year, Defense Secretary Lloyd Austin signed off on the U.S. Defense Department’s first-ever strategy for Joint All-Domain Command and Control, or JADC2, giving his imprimatur to an ambitious vision of a fully networked U.S. military.
JADC2 aims to provide rear-echelon commanders with continuous connectivity to front-line sensors, providing real-time data and offering an unassailable decision advantage to U.S. forces.
On the digitally managed battlefield envisaged by JADC2, autonomous vehicles and networked weapons would be remotely controlled via cloud-based AI-enabled software, so that a coordinated attack by land, sea, air and cyber forces can be launched with the swipe of a finger.
As China continues to threaten U.S. national security through a whole-of-society warfare strategy, a government-private sector partnership must be a fundamental component of the U.S. government’s approach to information advantage and countering China’s attacks.
“Never Trust, Always Verify”: that’s the essence of Zero Trust security. But to be effective, agencies need to validate more than just their users. Tanium can help you validate devices too.
With Tanium’s comprehensive endpoint visibility and control, you can collect real-time data to authenticate devices within zero-trust models. This will help close vulnerabilities, improve cyber hygiene and raise the barrier to entry into your network.
Tanium is the ideal partner for your Zero Trust journey. Visit Tanium.com to learn more.
The novel 2034 by James Stavridis and Elliot Ackerman perpetuates a fundamental misunderstanding of how technology should be employed and managed in future conflicts.
The continuing narrative is that we should purposely degrade our systems in a conflict with a peer competitor because of the possibility of a degraded spectrum, cyber attacks, space-based detection and jamming. But if we preemptively degrade our technology in a peer conflict, we will lose.
In the novel, after a conflict with the Chinese Navy in which the U.S. technical systems were incapacitated, U.S. ships preemptively disabled “any interface with a computer, a GPS or [any interface] that could conceivably be accessed online.”
Led by the Air Combat Command, the U.S. Air Force is pursuing zero-trust architecture on a level not seen before. One of the service’s first main use cases applies the cybersecurity measure to the agile combat employment (ACE). ACE operations provide a more lean, agile and lethal force that can generate airpower from multiple locations. ACE requires a different kind of command and control (C2) environment, as well as advanced planning concepts and logistical supply line support.
The U.S. Navy is moving ahead at full speed to equip its assets with effective cybersecurity. However, the diverse nature of those assets—some are city-size ships while others are small but vital systems—confound planners seeking to ensure interoperable security measures.
The digital transformation is no longer simply an enabler—it’s the “trunk of the tree” that provides the foundational structure for everything we do, according to Gen. Stanley A. McChrystal, USA (Ret.). “It shapes what we are and how we operate.”
Winner of The Cyber Edge 2021 Writing Contest
Convincing senior defense decision makers to significantly invest in artificial intelligence capabilities that would add more value to the United States’ already digitized operational capabilities—particularly in the cyber domain—needs more than pronouncements that “AI can save the taxpayers money.” It requires a logical progression of defining the objective, identifying the need, demonstrating specific results, conducting comprehensive cost analysis and, particularly in the case of applications in the cyber domain, thoughtfully discussing resilience and deception.
2nd Place in The Cyber Edge 2021 Writing Contest
The United States stands on the cusp of a future defined by great power competitions that will undoubtedly be characterized by broad, deep and subtle cyber warfare strategies and tactics. The nation must make a deliberate decision to defend the digital human attack surface effectively by blurring traditional battle lines and creating a combined homeland and external battlespace.
3rd Place in The Cyber Edge 2021 Writing Contest
A military-age male left home and traveled through the city, unaware he was being surveilled. Those watching him knew his patterns and preferences. They collected his point of departure, route and destination to predict when he would be most vulnerable for attack. Arriving at a marketplace, he meandered through a few high-traffic areas. Passing down a quiet corridor, he finally provided a clear shot. His smartphone buzzed and its screen flashed: “Two-for-one sale at the nearby pretzel shop!” He was struck by a precision-guided advertisement.
Lessons learned in combating terrorist organizations such as ISIS have proved valuable to tailoring national defense techniques to use against cyber attacks from near-peer adversaries, including China and Russia. Speaking at West 2021, Gen. Paul M. Nakasone, USA, said recent experience demonstrates that the threats to data and networks has changed dramatically in scope, scale and sophistication.
The U.S. Navy Special Warfare Command seeks to conduct missions no one else can, and officials expect artificial intelligence and machine learning capabilities to assist in that effort, Rear Adm. Hugh Wyman Howard III, USN, the organization’s commander, told the audience today during the 2021 WEST virtual conference.
The U.S. Air Force’s Air Combat Command and the 16th Air Force are taking further steps to advance the service’s information warfare operations. Championed by Air Combat Command’s (ACC’s) so-called A2-6 leaders, the “accelerate information warfare” approach requires the correct data management strategy, the right teams and problem-centric operations, officers say.
NATO is increasing the amount of joint work on command and control (C2) systems as a result of increases in common funding, according to the alliance’s secretary general. Jens Stoltenberg told a media roundtable that “We are on the right track” as the allies are stepping up to meet changing challenges. These efforts include developing an offensive cyber capability and establishing a unified approach to China.
The U.S. military is using open architecture platforms on a greater scale, deploying interchangeable hardware and software systems to its major weapon programs. In particular, the Navy’s Naval Air Systems Command, known as NAVAIR, and its Program Executive Office, Aviation Common Systems and Commercial Services, are increasingly using flexible “systems of systems” in many of its major aviation programs. The application of open architecture is allowing the Navy—and the Defense Department—to consolidate common resources, decrease risk, reuse software, enhance maintenance abilities, reduce costs and increase tactical options.
A delayed focus on IT modernization could create a gap between frequent high-impact cyber breaches and the U.S. Department of the Navy’s preparedness to address them. From the SolarWinds hack to ransomware, new cyber threats emerge almost weekly. Advances in technology to help defend against such threats occur so quickly that current acquisition and infrastructure programs cannot keep pace.
There’s little doubt that thanks to the influx of new government regulations around privacy and data security, requirements have become the primary area of focus for many defense industrial base and General Services Administration contractors.
Cybersecurity program managers are facing the dilemma of appropriately balancing compliance with threat tracking and mitigation. Today, amidst the ever-growing problem of data breaches, organizations are investing in protection. But simply complying with security and privacy standards seldom means systems and data are automatically secure.
The 35th annual AFCEA TechNet Indo-Pacific conference featured a panel with top female leaders addressing cybersecurity workforce issues. Having ever-present cybersecurity training, reaching a younger audience on their level and leveraging women who may be seeking a second career are all ways to close the cybersecurity workforce gaps, the leaders said.
The personnel within the Realities Lab at the Army Cyber Institute located at West Point explore every aspect of extended reality technologies, developing new tools, conducting studies and asking the hard questions.
The Realities Lab is dedicated to research in what is becoming known as extended reality, or XR, a term that includes augmented, virtual and mixed reality. Extended reality technologies offer a wide range of military uses, including realistic training available virtually anywhere, modeling and simulation for weapon system development, and actual situational awareness on the battlefield.
The U.S. Cyber Command, at the invitation of foreign governments, sends teams of cyber warriors overseas to aid in the search for, analysis of and protection against adversaries conducting cyber warfare.
While U.S. forces frequently deploy overseas, this is a different kind of military support. Instead of taking tanks, helicopters and ships, the U.S. military sends its cyber warriors, armed with their adroit offensive and defensive skills and digital tools.
Stood up last October—the Analysis and Resilience Center for Systemic Risk (ARC), a nonprofit, Arlington-Virginia-based organization—helps to protect the nation’s infrastructure by assessing the endemic cybersecurity risks to the critical energy, financial and other private sectors. A 2013 executive order identified some assets—on which the U.S. government relies but reside in the private sector—that if compromised by cyber attack could have a catastrophic impact on national security.
Recent cyber attacks against critical infrastructure such as the attack on Colonial Pipeline Co. has put cybersecurity in the spotlight.
But combating cyber adversaries is a broad area requiring significant amounts of human intelligence and a deep technical expertise to identify them, Gene Yoo, CEO of Resecurity Inc., told SIGNAL Magazine Editor-in-Chief Robert K. Ackerman during a SIGNAL Media Executive Video interview.
Adversaries come in different types, he added, noting that these range from part-time hacktivists to skilled professionals working for criminal organizations or state intelligence agencies.
Cyber education and training should begin not in college, not in secondary school, not in middle school, not in elementary school, but at home as soon as children are able to view or use social media, say some experts. This training is important not just to lay the groundwork for future cybersecurity professionals in a field starved for expertise, but also to instill good cyber hygiene habits that can be passed on to other family members.
The U.S. Air Force’s 67th Cyberspace Wing has been busy. The wing operationally acts as the execution arm of Air Forces Cyber, performing comprehensive cyber operations on a service and nation level. The wing has successfully proven its ability to operationalize on top of its duties to organize, train and equip, reported Col. Jeffrey Phillips, USAF, wing commander. The wing took action against Russia’s information warfare campaign over the last year, responded to the SolarWinds compromise and helped ensure the digital security of the 2020 election, Col. Phillips said during a May 18 presentation to the AFCEA Alamo Chapter.
As more federal agencies and businesses move to the cloud, managing their security needs in this new environment becomes critical. One way to do this is to implement zero-trust architectures as part of an identity cloud environment, said Sean Frazier, federal chief security officer at Okta Inc.
Zero-trust architecture, where it is assumed that the network is or will be compromised, is the latest phase of security development. This is important as the Defense Department modernizes its cloud-based systems under constant pressure from foreign cyber attacks.
The U.S. Navy and Marines Corps are harnessing virtual platforms and advanced methods to teach cyber and communications skills. In some cases, the services are looking to a “blended model” of instruction from both industry and military cyber experts that produces multitudes of trained personnel for a single investment. Additionally, to create a powerful cyber force, technical training needs to be as realistic as possible, with high-fidelity cyber training ranges that can meet high standards for mission rehearsals and training on a daily basis and can be accessed anywhere in the world.
The U.S. Army is creating a pilot program for a limited number of Signal Warrant Officers to build certain skills that the service is identifying as being crucial for the future digital battlefield. The program, currently being developed by the Army’s Cyber Center of Excellence (CCoE) at Fort Gordon, Georgia, will feature an online training platform for soldiers to access on-demand education when needed to support future signal, cyber and electronic warfare operations.
The U.S. Army is girding for battle in cyberspace by assembling a skilled force that it hopes will make the difference in the event of a conflict, its cyber commander stated. This force aims to be the decisive factor in any conflict in that domain.
The Army cyber workforce was the focus of the opening session for episode three of the TechNet Augusta Virtual Solutions Series, being held May 18-19. Delivering the opening keynote was Lt. Gen. Stephen G. Fogarty, USA, commander, U.S. Army Cyber Command, who wasted no words in describing the importance of the human factor in cyber operations.
Every cyber warrior can be a cyber recruiter, according to panelists at the AFCEA TechNet Augusta Virtual Event Series.
The United States faces a severe shortage in cyber personnel and in students willing to enter the cyber workforce. That shortage is even more acute in the government and the military, where talented personnel are often recruited by industry for higher pay and other incentives.
The Cybersecurity and Infrastructure Security Agency, or CISA, the nation’s lead federal agency for protecting government networks and critical infrastructure against cybersecurity threats, reminded agencies and the private sector not to succumb to paying ransoms in cyber attacks and to take much greater steps to shore up any vulnerabilities. “As last week’s ransomware attack against the Colonial Pipeline and recent intrusions impacting federal agencies demonstrate, our nation faces constant cyber threats from nation states and criminal groups alike,” said Brandon Wales, CISA’s acting director in a May 13 statement.