With an onslaught of new technologies ever present on the horizon, the U.S. Marine Corps (USMC) is working to make sense of what technologies will work for them, not only in the traditional warfighting domains, but also in cyber—the new domain. Right now, they have a long list of priorities associated with modernizing the network, meeting standards and mandates, and fielding new capabilities.
Researchers at the National Institute of Standards and Technology (NIST) have developed a method for generating numbers guaranteed to be random by quantum mechanics. Generating truly random numbers is one of the major challenges for quantum-based encryption and could mark a major leap in cybersecurity.
In a little more than four months, the U.S. Army has made significant progress in its thrust to modernize its network for the warfighter. Following “a lot of introspection,” the Army is undergoing ”a wholesale shift” that already has generated two real changes, declares Lt. Gen. Bruce T. Crawford, USA, Army G-6 and chief information officer (CIO).
When combatant commanders plan an attack on an enemy stronghold, they know exactly what to do, including which intelligence reports to consider, where to send the ground troops, when to call in an air strike and when to jam the enemy’s radar. But ask those same commanders to attack the enemy in cyberspace and the response will be far less defined.
Amid the political scuffles on Capitol Hill about immigration, health care and budget legislation to keep the federal government open, cybersecurity is not necessarily one of the highest policy-making priorities. This must change, some lawmakers say. Cyber attacks, already plentiful and disastrous, will only increase in frequency and scale over time. The United States needs more protections and measures, especially at the federal level, according to some legislators.
Last week, the Federal Communications Commission (FCC) approved the application of Space Exploration Holdings LLC’s proposal to provide broadband satellite services to the United States. The company, known as SpaceX will build, deploy and manage a nongeostationary orbit (NGSO) system of 4,425 satellites. SpaceX’s proposed global fixed-satellite service (FSS) was authorized to operate in the Ka (20/30 GHz) and Ku (11/14 GHz) frequency bands, according to an FCC statement.
Jack Finney’s science fiction classic Invasion of the Body Snatchers offered a frightening premise. In the novel, aliens in seed vessels descend to Earth, landing in a small California farming community. As the townsfolk sleep, these seeds replicate the earthlings and, by morning, replace them. The only discernible difference between the clones and their host bodies is that the clones lack emotion. In essence, the aliens have stolen the earthlings’ DNA, and the humans never saw it coming.
The idea of this happening is unimaginable—in the case of human bodies at least. However, one company replacing another company’s DNA then killing off the original entity is happening now in the invisible world of cyber.
The Internet of Things (IoT) has security issues. The fundamental weakness is that it adds to the number of devices behind a network firewall that can be compromised. Not only do we need to safeguard our computers and smartphones, now we must worry about protecting our homes, vehicles, appliances, wearables and other IoT devices.
Recent initiatives by the National Security Agency (NSA) have enabled alternatives to Type 1 security solutions by leveraging commercial technologies in a layered approach, thus saving time and money for classified programs. The Commercial Solutions for Classified (CSfC) Program provides solution level specifications called Capability Packages (CP) to deliver data security solutions using approved components from leaders in commercial technology. In the Data at Rest CP data protection can be accomplished by integrating an inner and outer layer of hardware and software encryption where a self-encrypting solid state drive is the inner layer and either a file encryption or software full disk encryption solution would be the outer layer.
NATO and the European Union are improving information sharing on the cyber threat and bolstering collaboration on potential solutions. The two organizations seek to increase the relevance of shared data and are discussing the potential for sharing classified information.
Amid stunning digital attacks that have not only rocked countries around the globe but also targeted alliance forces, NATO is sharpening its resolve to serve as a cyber protector. A forthcoming Cyber Operations Center will incorporate cyber warfare into NATO’s defense operations. In addition, NATO’s Cooperative Cyber Defence Centre of Excellence is boosting the organization’s cybersecurity-related research, exercises and instruction to meet the seemingly unending threats.
The U.S. Defense Department must move aggressively to better understand information warfare and its implications to national security. To propel the necessary next steps, the department must organize information resources not only to meet military cyberspace requirements but also to address how adversaries view U.S. cyber assets.
Although the nation has long dominated the communications and information systems landscape, past success makes it vulnerable in the future. Consequently, forces and the weapons platforms they rely on are increasingly susceptible to information attacks.
It goes without saying that technology plays a key role in military operations. The concern nowadays, however, is if technology is appropriately hardened from a cybersecurity standpoint. For the Army, this means taking a close look at supply chain management, according to one Army leader.
The government has to be a savvy consumer amid a risky cybersecurity atmosphere. And companies need to be able to back up the products that they are offering the government, Col. Bryan Stephens, USA, director, Cyber Focal, Army System of Systems Engineering and Integration, told SIGNAL Magazine in a recent interview.
Today, government and industry increasingly are on the wrong side of the cybersecurity spend.
Criminal groups, nation-states and individual hackers often force organizations to spend much more to defend against cyber attacks, or the threat of attacks, than attackers spend to carry them out. How do we slow down this trend and reverse the spend, forcing the attacker to pay a higher price?
Technology and a better-educated workforce will help, but these solutions may not really reduce the spend or increase the cost to the attacker.
The best way to do this is through significantly increased partnering as well as more timely and greater sharing of threat data and real-time attack information.
A new smart phone application is illustrating the devastation that war has on the smallest citizens of the world. Introduced last week by the Geneva, Switzerland-based International Committee of the Red Cross, the application, called Enter the Room, uses augmented reality to create an immersive experience for users to see how conflicts impact children. The organization claims that it is the first use of augmented reality in humanitarian aid.
After the success of the Defense Information Systems Agency’s bold step in 2013 to build an on-premise cloud platform called the milCloud 1.0 Cloud Service Offering based on commercial technology, the agency went for more with milCloud version 2.0, driven by extraordinary customer interest, cloud computing’s advantages and cost savings. Unlike milCloud 1.0, for which mission partners paid a monthly fee regardless of usage, version 2.0 is utility-based, and customers only pay for what they use. This allows military customers to scale usage up or down depending on operational requirements.
U.S. Army officials are applying a streamlined acquisition process known as an IT box to offensive cyber technologies.
The IT box acquisition concept includes four sides: developing the capabilities requirement, determining development costs, analyzing sustainment and operations costs, and providing oversight and management of the product.
Maj. Gen. John George, USA, force development director, Office of the Army Chief of Staff G-8, told the the AFCEA Army Signal Conference in Springfield, Virginia, that the Army is focusing on the IT box concept pretty heavily.
As enterprises mobilize business processes, more and more sensitive information passes through and resides on mobile devices. BlackBerry, a virtual grandfather in the handheld devices world, offers chief information officers (CIOs) an idea of what they’re up against when attempting to ensure the security of data flying through cyberspace.
Where some see challenges, others see opportunities. It sounds like a motivational poster, but that is exactly how researchers at the National Security Agency view the Internet of Things, or the IoT.
“We approach IoT a little differently than everybody else. Everybody’s talking about all the security problems. That’s certainly fair, but we look at IoT as an opportunity in terms of the security goals we can accomplish,” says George Coker, chief, Information Assurance Research Group, National Security Agency (NSA).
The military tackles many challenges in its cyber ecosystem—a diverse group of human users, processes and technologies and their interactions—by striving for uniformity across its hardware, software and operating systems. But standardization also can create large holes in the cyber environment, weakening defenses and contributing to successful cyber attacks. Coming at cybersecurity from a different angle could leverage differences in favor of network defenders.
Without a doubt, system consistency has its benefits. Using the same operating systems, applications, switches, routers and other components across networks reduces complexity and lowers the cost of equipment maintenance as well as defense.