A year or two ago, I wrote an article proposing a Hart-Rudman Commission for the 21st Century, referring to a neglected effort from the 1990s to review America’s national security. (I’m happy to share the article, along with its rejection letters.) More recently I have advocated at several events for a strategic review of intelligence, more than a decade after the post-9/11 “reforms.” Its focus should be a study of the environments U.S. intelligence could face in 2030 or 2040. The consequences of such a study should be a rigorous evaluation of existing structures and processes, presumably reaffirming some while altering or eliminating others.
We all appreciate and value the opportunities to hear from government. The AFCEA Homeland Security Conference afforded industry and government officials alike the chance to talk and share ideas. One topic of conversation piqued my interest that I think will resonate with both industry and government.
Cyber attacks originate from the outside or the inside. Is there "low hanging fruit" that you can harvest to reduce an insider attack?
You can reduce the probability of an attack from a disgruntled employee by becoming more mindful of your command climate or employee attitudes and by making a commitment to spend more time with your employees/members of your command. Take an employee to lunch and learn about his or her world. Schedule a breakfast with a subordinate and listen to his or her concerns.
With fewer government workers and contractors attending conferences and events, companies that do decide to exhibit at a conference need to maximize their investments. Here are some tips to take advantage of, and capitalize on, the lead generation and thought leadership opportunities that exhibiting provides.
Several years back, my tech savvy college student son, Michael, was helping me to set up my new (at that time) iPhone 4. When he was done, he had downloaded several applications (apps) that he thought I would want to have such as BBC News, his Radford University app, Pandora, etc. But instead of being an appreciative mother, the paranoid career intelligence professional screamed inside: What did he put on my phone (that I use for work and my entire personal life)? I have no clue what these apps could do to the privacy and security of my data and all my communications.
While it has always been important to strive for interoperability among and across systems within the U.S. military branches and other Defense Department (DOD) agencies, the need now is more critical than ever for the oldest and largest government agency in the United States.
Why now? One primary driving force for a refocus on interoperability is the creation of the U.S. Cyber Command (CYBERCOM). Formally established in May 2010, CYBERCOM’s focus, among other things, is to “lead day-to-day defense and protection of DOD information networks,” according to the agency’s mission statement.
The changing nature of threats and diversity of adversaries bring unique challenges to maintaining a strong national security posture. This trend will continue in 2015, as nation-states, extremist groups and individual actors bring a distinctive set of intelligence challenges. By making the best use of our intelligence, surveillance and reconnaissance (ISR) technological capabilities, coupled with innovative commercial information technology, we can equip our military leaders with an integrated ISR enterprise to evaluate and anticipate threats so they more fully and quickly understand proper courses of action, whether on a battlefield or at home.
Outside the world of government, video traffic is mostly about watching clips on YouTube and streaming a favorite Netflix series. Within the government, particularly the U.S. Defense Department, video traffic—more specifically videoconference calling—often is far more mission critical.
When a mission-critical application experiences an outage or severe performance degradation, the pressure on the agency and its information technology (IT) contractors to find and fix the problem quickly can be immense. Limited holistic visibility into the status of the underlying IT infrastructure in a high-stakes situation can result in interdepartmental finger-pointing and delay in resolution, so narrowing down the root cause of the problem wherever it exists within the application stack (appstack) and enabling the appropriate IT specialists to quickly address the underlying problem is essential.
Network modernization is becoming a priority for defense agencies—and for good reason. Much of our defense network infrastructure was conceived 20 years ago and put into place almost a decade ago.
While the networks remain the same, the technologies that depend on them have advanced, and innovation can no longer be supported by outdated and ineffective infrastructure. Near real-time access to data enabled by the latest technologies and Internet-connected sensors can improve situational awareness for warfighters. They also build the foundation for more advanced communication and intelligent tactical networks that are crucial to the missions of our military.
When your personal applications are slow, there’s no doubt it’s frustrating. The news clip buffers, the song won’t download, a game takes ages to start up, etc. But when apps perform slowly for military, intelligence or other critical government entities, national security might, in fact, be at risk.
“There's an app for that” is truer than ever these days. As bring-your-own-device (BYOD) and bring-your-own-app (BYOA) concepts are increasingly infiltrating government agencies, public sector information technology departments must consider the impact these apps and devices have on their own environments. In this blog post, we’ll look at two security strategies in use at agencies today and how to balance security and flexibility in today’s mobile environment.
Security Strategy 1: Pure Separation
Innovation comes in many forms. From gradual evolution or through disruptive processes; as a result of revolutionary thinking or from a confluence of ideas from different entities that share a common goal. Today, we’re seeing more and more innovation blossoming from partnerships among seemingly disparate groups all looking for similar outcomes, whether they concern peace, productivity or profit.
Thousands of military information technology security personnel probably sat down at their computers this morning and opened a spreadsheet listing hundreds of rules for Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) compliance. They then might have spent hours logging onto information technology devices, looking at configurations and laboriously going through them line by line to ensure each setting matched the rules in that spreadsheet.
In six months, they’ll do it all over again.
It is impossible to protect a network you don’t even know exists. Identifying and protecting networks are a few of the many challenges the U.S. military faces today. Thousands of small networks exist across the Army alone—just one of the organizations attempting to consolidate, eliminate and standardize its service while following the evolving Joint Information Environment (JIE) standards. Ongoing changes in the tactical networks—the mobile battlefield—should provide the U.S. Cyber Command (USCYBERCOM) with an increased ability to discover and address vulnerabilities in these networks.
Ongoing budget cuts place the Defense Department in a challenging situation, tasked with continually supporting warfighters on an increasingly tight budget. The most direct route for the department to accomplish mission goals and support warfighters is through information technology innovation. And so to quote Gen. William L. Shelton, USAF: “If there was ever a time for innovation, this is it.”
When it comes to large federal organizations, tension always exists between local and central personnel who have different priorities, available resources and levels of control. In the case of complex computer networks such as those of the U.S. Defense Department, that tension is especially apparent between the information technology (IT) professionals who keep the systems running at the local level and the folks at headquarters who oversee all of an agency’s operations.
Whether a well-established company or one just getting started with cybersecurity risk management programs, those in the industry often can use a little help navigating the cumbersome and technical systems. This snapshot features pointers to clarify existing guidance and help organizations manage cybersecurity risk.
Recently at the AFCEA International Cyber Security Summit in Bethesda, MD, Army Maj. Gen. John A. Davis, Senior Military Advisor for Cyber to the Under Secretary of Defense, said “Cyber partnerships such as those with the National Security Agency and the Defense Intelligence Agency and external partnerships such as those with industry, international allies and academia represent a transformation in the way DOD approaches cybersecurity.”
For years, the U.S. Defense Department, not surprisingly, took a “do it alone” posture when it came to sharing information and protecting its networks and communication infrastructures from security attacks.
The latest Incoming column from Lt. Ben Kohlmann, USN, titled “Link Warfighters to Technologists at the Lowest Possible Level” (SIGNAL Magazine, April 2013), resonated with observations I’ve made and conclusions I’ve reached over the years. I’ve been involved with the research and development and acquisition communities for a long time, including serving as the Air Force chief scientist from 1999 to 2001. Perhaps my adding to Lt. Kohlmann’s advice will help it gain additional traction, and stimulate further discussion and activity.