Understanding the cyber kill chain and disrupting it could effectively defend against the most recent generation of cyber attacks. By scrutinizing the time and effort hackers invest in scoping out potential targets, network defenders can take advantage of several opportunities to block system access or, at the very least, drive up the cost, making attempts unappealing.
A new project headed by Lawrence Livermore National Laboratory aims to use microgrid resources to boost the electric grid’s ability to bounce back more rapidly from blackouts or cascading outages, such as those following major storms or earthquakes.
In less than three years, researchers will attempt to demonstrate the potential of distributed energy resources, including the energy produced by solar panels on homes, to help restore power to the grid from scratch, an effort commonly known as a black start. The black start process is now done manually using special generators that can provide power to slowly bring other generators back online.
The Defense Information Systems Agency (DISA) now offers service product packages to mission-partner authorizing officials to provide a holistic view of their information systems risk posture. The packages help ensure compliance for mission partners who have programs and systems hosted within the DISA computing ecosystem.
Control Correlation Identifiers (CCIs) within the service packages allow high-level policy framework requirements to be decomposed and associated with low-level security settings to determine compliance with the objectives of that specific security control.
The Army issued a contract to Lockheed Martin Missiles and Fire Control, Orlando, Florida, to help boost national cyber range capability, by allowing potentially virulent code to be introduced and studied on the range without compromising the range. The award is a $33,916,629 modification (P00036) to contract W900KK-14-C-0020. Work will be performed in Orlando, Florida, with an estimated completion date of May 25, 2019. Fiscal year 2017 and 2018 research, development, test and evaluation funds in the amount of $33,916,629 were obligated at the time of the award. U.S. Army Contracting Command, Redstone Arsenal, Alabama, is the contracting activity.
“The only way our nation is going to succeed in cyber is through public-private partnerships,” stated Major Gen. John B. Morrison, USA, commanding general, Army Cyber Center of Excellence and Fort Gordon, during an informal question and answer session over lunch at AFCEA’s Cyber Education, Research and Training Symposium.
Educators and industry leaders echoed the sentiment during afternoon panels on the second day of the conference.
A cyber training environment is essential to collective training proficiency and educational agility in the face of rapidly evolving threats. During a morning workshop focused on research and development supporting the cyber training environment and tools, attendees at the Cyber Education, Research and Training Symposium (CERTS) explored possible solutions in this environment, and offered thoughts and insights on the work ahead.
Assured Information Security Inc.,* Rome, New York, has been awarded a $47,974,580 cost-plus-fixed-fee contract for investigation of next-generation network operations and vulnerability assessment technology (INNOVATE). The objective of the INNOVATE effort is to provide new cyber assessment tools for high-priority, emerging or existing telecommunications technologies. Work will be performed in Rome, New York, and is expected to be complete by Jan. 10, 2020. This award is the result of a competitive acquisition and two offers were received. Fiscal 2018 research, development, test and evaluation funds in the amount of $4,000,876 are being obligated at the time of award.
During the afternoon of the first day of AFCEA’s Cyber Education, Research and Training Symposium (CERTS), leaders from all five branches of the armed forces shared their perspectives on cyber education and training. Though all five laid out slightly different strategies and goals for their individual services, they all agreed they should leverage each other’s expertise and work together to figure out a way forward.
Col. Andrew O. Hall, USA, director, Army Cyber Institute, opened AFCEA’s first Cyber Education, Research and Training Symposium (CERTS) with a cyberthreat update.
“How can we make security effective and intuitive, yet usable?” Col. Hall asked attendees at the sold out conference. “Efficiency is an area of weakness and easy to hack,” he added. But it’s necessary to perform missions.
The emerging threats to cybersecurity are growing. Col. Hall focused on the global supply chain, artificial intelligence (AI) weapons factories, information warfare and critical infrastructure.
AFCEA will host its first Cyber Education, Research and Training Symposium January 17-18 in Augusta, Georgia. The much-anticipated event, also known as CERTS, will connect military and agency stakeholders with solution providers from academia, business and research centers.
CERTS will feature keynote speakers, panels and breakout sessions promoting discussion between operators and supporting professionals. Featured speakers include Col. Andrew O. Hall, USA, director, Army Cyber Institute; Michael Hudson, deputy director, J-7, U.S. Cyber Command; and Lt. Gen. Paul Nakasone, USA, commanding general, Army Cyber Command.
Leadership starts with cultivating your core with a healthy and strong mind, body and soul.
Computer core processors using a "speculative execution" have a "serious security flaw," according to researchers from Google's Project Zero. The speculative execution functionality is "a technique used by most modern processors (CPUs) to optimize performance," according to Google’s Matt Linton, senior security engineer, and Matthew O'Connor, Office of the Chief Technology Officer. The flaws, dubbed "Spectre" and "Meltdown," make aspects of the computer memory vulnerable to cyber attacks.
Millions of hits result from searching Google for the phrase “how cognitive computing will change the world,” reflecting the public’s big appetite for information about the emerging technology. But some experts foresee a time when the extraordinary is ordinary.
The federal government has invested billions of dollars on Internet of Things (IoT) technologies over the past few years, but it may be compromising its security posture for better information. Certainly being able to share and access the information derived from connected sensors is vital to the protection of the United States and instrumental to military success. However, connected devices present enticing targets, as evidenced by the 2016 Mirai Botnet attack, which originated through vulnerable IoT devices.
The U.S. Army is narrowing the gap between policy and operations as it confronts new threats in cyberspace. Field reports are having greater and faster influence on the issuance of directives, and intelligence is now a major player in determining cyber policy.
“Aligning cybersecurity directly with our operations to achieve readiness is the key to succeeding and moving forward,” says Carol Assi, division chief for cybersecurity policy and governance in the Army Chief Information Officer (CIO)/G-6 office. “And shrinking the gap between operation and policy, having continuous dialogue and working hand in hand, addressing issues in a collaborative environment, [are essential] to that. We no longer can afford to work in silos.”
The U.S. Cyber Command’s Cyber Mission Force must keep pace with a threat landscape that is evolving at an unprecedented tempo. Cyberthreats are constantly growing in volume, velocity and sophistication, and the force needs a warfighting platform that will allow it to get ahead of attackers. That platform should enable continuous improvement through iterative development at the speed and scale of military operations.
No longer a curiosity, the Internet of Things has emerged as a highly sought-after technology advantage for organizations worldwide. The federal government has stepped up as an innovator within this space, generating profound advancements with seemingly unlimited promise to support national security missions. Those in doubt need look no further than research from the Center for Data Innovation, a nonprofit, nonpartisan institute, which reveals a broad range of eclectic, real-life implementations.
Modern information and networking technologies bring exciting functionalities to everyone, everywhere, all the time. Manufacturers, service providers and users alike welcome the advancements because they boost business opportunities and enable new and better computing capabilities that offer convenience, increase independence and save time.
Plainly, innovations are appealing, but important security aspects are being pushed into the background. Security adds complexity and limitations to functionality. It requires more resources and seems to slow innovation and increase cost. In a military environment, these hurdles can seriously affect mission success.
There’s a new National Institute of Standards and Technology (NIST) cybersecurity framework that’s going against the grain. The Department of Defense has mandated that contractors comply with the guidance laid out in NIST special publication 800-171, which aims to strengthen the protection of controlled unclassified information. Why focus contractors’ limited resources on protecting information that is not top secret? Even if information is not top secret it still can be sensitive. For example, social security numbers, contact information, bank account details and other personal information about U.S.
In the federal government space, the machines have risen, but they’re not here to threaten us. Instead, agencies are turning to artificial intelligence (AI) and machine learning to bolster the U.S.’s cybersecurity posture.
There are many reasons for this emergent interest. Agencies are dealing with enormous amounts of data and network traffic from many different sources, including on premises and from hosted infrastructures—and sometimes a combination of both. It’s impossible for humans to sift through this massive amount of information, which makes managing security a task that cannot be exclusively handled manually.