Personnel working in cyber must continually look for opportunities to learn, say cyber professionals from across government.
During a morning panel discussion on the final day of the AFCEA TechNet Cyber conference in Baltimore, high-ranking officials from the Defense Department, Department of Homeland Security and National Security Agency discussed a wide range of issues concerning the cyber workforce today and tomorrow.
In an effort to secure the digital supply chain for the United States, President Trump issued a policy on May 15 prohibiting the trade of information and communications technology or services designed, developed, manufactured or supplied by adversaries.
The Executive Order on Securing the Information and Communications Technology and Services Supply Chain states that the risk of using such technology and services constitutes a national emergency.
The Defense Information Systems Agency (DISA) is acquiring an array of cutting-edge technologies using rapid development processes and could begin fielding some of those technologies within the next two years.
Discussions about data may need to become as integral to military operational planning as kinetic weapons and physical targets, say two of the top cyber leaders in the U.S. Defense Department.
Gen. Paul Nakasone, USA, director of the National Security Agency and commander of U.S. Cyber Command, and Dana Deasy, Defense Department chief information officer, stressed the importance of data during a fireside chat on the first day of the AFCEA TechNet Cyber conference in Baltimore.
The Defense Information Systems Agency (DISA) is challenged with a significant personnel shortage, including information technology, spectrum and cybersecurity experts.
Vice Adm. Nancy A. Norton, DISA director and commander of the Joint Forces Headquarters-Department of Defense Information Network (JFHQ-DODIN), told the audience at the AFCEA TechNet Cyber 2019 conference in Baltimore that the agency is seeking to hire personnel in a number of areas.
Legislators on Capitol Hill have formed the Cyberspace Solarium Commission, known as the CSC, which will put together a comprehensive U.S. cyber policy. Sen. Angus King (I-Maine), who is co-chairing the new organization with Rep. Michael Gallagher (R-Wisc.), announced the formation of the Geneva Convention-type commission in a call with reporters on May 13. The establishment of the commission was outlined in last year’s National Defense Authorization Act (NDAA), Sen. King said.
As the need for more sensor processing and embedded security continues to grow in defense applications such as unmanned systems and munitions, the footprint for these mission-critical systems continues to shrink. A fundamental shift in microelectronics design and packaging is required to address the needs of the modern threat environment where non-invasive attacks are imminent.
Defense Department network defenders are under persistent engagement and constantly look for quicker, more agile ways to preempt and respond to cyber attacks. The challenge to secure, operate and defend the Department of Defense Information Network (DODIN) is the scope, scale and complexity of the DODIN. Its daily operations are conducted in an operational environment of continuous competition against determined adversaries. The Defense Department’s mission assurance depends on the success of this mission area.
The cybersecurity workforce gap is real, and it’s growing. Based on a state-by-state analysis on CompTIA’s cyberstates.org, there are currently 320,000 open cyber jobs in the United States. By 2022, the projected shortage of cybersecurity professionals worldwide will reach 1.8 million, according to the Center for Cyber Safety and Education.
Schooling at an early age, an appeal to patriotism and a government program that trades tuition support for public sector work may be necessary to produce the skilled cyber professionals so badly needed across the spectrum of technology jobs in the United States. While the current number of cyber workers is woefully insufficient, the demand increases. For government, the cyber threat escalates daily. For industry, cyber applications proliferate constantly.
Recruiting and maintaining a cybersecurity workforce is a complicated challenge for the government. According to the Information System Security Certification Consortium, 85 percent of cybersecurity professionals would consider leaving their current jobs. Information technologists do not need to search for positions that are exciting, respect their expertise, help them become more marketable and pay well because as many as 18 percent of non-active job seekers are contacted daily by employers seeking them out.
Some military and civilian experts are calling on the United States to create a civilian cyber corps to help fill the gap in cybersecurity expertise in times of need. Such a corps could enhance state and local emergency response efforts, help protect Defense Department networks and other critical infrastructure or combat social media information warfare campaigns.
Thirty years after the Morris Worm, networks face a long and growing list of potential attack vectors employed by an almost limitless number of threat sources, including criminals, hacktivists and nation-state actors. In response to threats, the U.S. Defense Department has taken prudent measures to shore up vulnerable systems and networks. In accordance with the well-established practice of concentric rings of security, the most sensitive department data exists on its most secure and isolated networks.
When operating one of the most complex and critical networks on the planet, risk is a given. That risk comes in two forms, technical and operational, and managing both is a matter of balance.
Roger Greenwell, Defense Information Systems Agency (DISA) risk management executive and authorizing official, is responsible for maintaining that balance on the Defense Information Systems Network (DISN), a global enterprise network that enables information superiority and critical communications. The DISN is the core of the Department of Defense Information Network, a worldwide conglomeration of military networks.
Both the economy and education are national security issues. A nation cannot be strong militarily if it is not strong economically. Nor can a nation expect to prevail against adversaries over the long term if it does not continuously generate a trained and educated populace.
One of the biggest challenges facing industry, government and academia is the ability to recruit, develop and maintain a skilled and effective cybersecurity workforce. Businesses in the information technology realm must add skilled cyber and information technology workers to generate innovation.
Within the last year and a half, an exciting development has taken place at the Defense Department: It has turned the corner on cloud.
For years, the department had followed a cautious, even wary, approach toward cloud adoption. But after reading the 2018 National Defense Strategy and the department’s new artificial intelligence (AI) and cloud strategies, one can only conclude that top defense leaders now view cloud as the cornerstone of our future military readiness.
Singapore, in terms of size, is akin to an ant versus an elephant, said David Koh, commissioner of cybersecurity; chief executive, Cyber Security Agency, Singapore’s Prime Minister’s Office; and Defense Cyber Chief, Ministry of Defense of the Republic of Singapore. Nevertheless, the republic has put cybersecurity front and center. Even with only a population of about 5.9 million people—similar to the number of citizens in the Washington, D.C., area—Singapore is one the world’s most digitally connected cities, averaging two cellphones per citizen.
The Navy’s new Combat to Connect in 24 Hours (C2C24) is an ambitious program that has the potential to change naval warfare as we know it.
The program is designed to improve operational efficiency by automating the Navy’s risk management framework (RMF) efforts; providing sailors with near real-time access to critical data; and accelerating the Navy’s ability to deploy new applications in 24 hours rather than the typical 18 months.
The United States is falling short of badly needed cyber professionals in industry and the military, and the solution may require government incentives to rebuild this critical workforce. This effort must begin at the earliest levels of education and ramp up after secondary school, experts offer.
The Defense Department is employing a new design for its Next Generation (NEXTGEN) cybersecurity inspection that links the inspection to an organization’s operational mission. In an era of persistent engagement in cyberspace, the goal of these new mission-based, threat-focused cyber inspections contributes to increasing the security and resilience of the Department of Defense Information Network (DODIN). These inspections simultaneously give commanders and directors a deeper understanding of their cyberspace operating environment and associated risks to their mission.
