Cyber

September 25, 2020
By Maryann Lawlor
Enterprisewide Risk Management (ERM) consists of the formal identification of major risks to the organization’s mission.

Cybersecurity is now a significant area of focus and concern for senior leaders who have witnessed cyber events that have resulted in significant financial and reputational damage. However, for many organizations, data defense continues to be a technology-focused effort managed by the technical “wizards.” Board of director discussions often zero in on describing the latest cyber threats rather than taking a long-range approach.

But cybersecurity is more than a technical challenge. Enterprise risk management (ERM) is an effective tool to assess risks, including those with cyber origins, but few businesses or agencies use the technique for this purpose, cyber experts assert.

September 21, 2020
By Kimberly Underwood
The Defense Information Systems Agency is finishing its zero trust architecture to bring advances in security and data availability to warfighters. Credit: DISA

Over the last few months, the Defense Information Systems Agency, known as DISA, has been working with the National Security Agency, the Department of Defense (DoD) chief information officer and others to finalize an initial reference architecture for zero trust. The construct, according to DISA’s director, Vice Adm. Nancy Norton, USN, and commander, Joint Force Headquarters-Department of Defense Information Network, will ensure every person wanting to use the DoD Information Network, or DODIN, is identified and every device trying to connect is authenticated.

September 11, 2020
By Kimberly Underwood
Once more of an operational and end-user experience tool, identity management has evolved to be a core aspect of cybersecurity, especially as part of zero trust architecture, say panelists Wednesday at the FedID conference.

The need to move away from a perimeter-based cybersecurity model—the moat and castle approach—to a cloud-enabled zero trust architecture—an underlying framework that essentially is like placing a security door in front of each and every application—is apparent. Similarly, identity, once mostly an operational and user experience-driven technology, has evolved to be a core aspect of cybersecurity, verifying a user in a network or activity, said Frank Briguglio, strategist, Global Public Sector, SailPoint.

September 9, 2020
 

Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment.

At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.

September 9, 2020
By Kimberly Underwood
Credit: Shutterstock/MONOPOLY919

The accuracy of machines relative to human performance in facial recognition has naturally increased with the computational abilities of machines and employment of advanced algorithms, compared to 10 years ago, according to Alice O'Toole, professor at the School of Behavioral and Brain Sciences at The University of Texas at Dallas (UT Dallas).

September 4, 2020
By Robert K. Ackerman
The U.S. Government Accountability Office (GAO) is exploring the ramifications of a number of emerging disruptive technologies. Credit: GAO file photo

The future of U.S. technology likely will be cyber-heavy with innovative breakthroughs erupting from several areas such as telecommunications and digital ledger capabilities. Many of these disruptive technologies have policy ramifications either in their development or their implementation. The federal government must consider aspects such as regulatory issues, privacy, economic competitiveness and security requirements.

September 1, 2020
Posted by Kimberly Underwood
The Five Eyes nations, including Australia, Canada, New Zealand, the United Kingdom and the United States, conducted extensive joint research on cyber breeches, culminating in an incident response playbook for the extended community of partners and network administrators. Credit: Shutterstock/Metamorworks

The cybersecurity representatives of the so-called Five Eyes intelligence partners are working together to improve cyber event incident response across the extended community of the countries of Australia, Canada, New Zealand, United Kingdom and the United States. 

September 1, 2020
By Kimberly Underwood
The increase in the remote workforce due to the pandemic has highlighted calls for increased digital identity management. Credit: Shuterstock/Enzozo

Today’s identity management is fragmented and decentralized, relying on a lot of different systems to authenticate people and manage identities. Organizations use a variety of disjointed tools from passwords and smart cards to biometrics. Instead, organizations should pursue a more holistic approach.

September 1, 2020
By Robert K. Ackerman
Credit: Shutterstock/FOTOGRIN

China’s global moves to gain technological hegemony over 5G and reshape the Internet to suit its own needs offer the potential to give the Middle Kingdom control over the telecommunications market and information itself. At the very least, it would achieve market dominance. But at most, it would control both the nature of the Internet and the information that flows through it, say Internet experts.

September 1, 2020
By Shaun Waterman
As part of the nine-day Cyber Guard exercise, participants work through a training scenario. Credit: Navy Petty Officer 2nd Class Jesse A. Hyatt, USN

Second of a two-part report.

The Cyber Solarium Commission, a congressionally chartered panel of expert policymakers, was created to tackle cyber conflict in the same way its Truman-era predecessor addressed the Cold War confrontation between the United States and the Soviet Union. An article in SIGNAL Magazine’s August issue (“Leaders Seek a Grand Strategy for Cybersecurity") explored the commission’s theory of deterrence by denial and how it embraced the concept of resilience.

September 1, 2020
By George I. Seffers
Conceptually, soldiers wearing the tactical identification and authentication tokens could simply approach a system to log in and be recognized by that system, which prompts them to enter a personal identification number or to use a biometric as a second authentication factor. They also may be automatically logged out when they walk away. Credit: U.S. Army

The U.S. Army’s wearable authentication tokens intended for the tactical environment could be used for nontactical purposes, such as accessing strategic-level systems, enterprise networks and medical systems, researchers say.

September 1, 2020
By Henry S. Kenyon

The COVID-19 pandemic has forced federal agencies and private businesses around the world to adapt to a new reality, one where most of their employees now work remotely and communicate virtually. This “new normal” imposes changes on how organizations protect and manage their networks, making chief information officers (CIOs) and chief information security officers (CISOs) adapt procedures
to operate in this new reality.

The “new normal” caused by the stay-at-home orders imposed during the COVID-19 pandemic reflects the current state of remote work and its security requirements, says Rob Carey, vice president and general manager for Public Sector at RSA.

August 24, 2020
By George I. Seffers
In recent years, the Army's Cyber Blitz experiment evolved well beyond just cyber, allowing the service to define the integration of cyberspace, electronic warfare, intelligence, space and information operations. Beginning next year, the experiment will be known as Multi-Domain Operations Live. Photo by Spc. Marcus Gresham, USA

The U.S. Army’s technology assessment experiment known as Cyber Blitz has grown beyond its cyber roots. Beginning next year, when it will be held in the Indo-Pacific region, the exercise will be known as Multi-Domain Operations (MDO) Live.

August 19, 2020
By George I. Seffers
Lori Ramirez, DISA’s director, workforce services and development, discusses the agency's efforts to recruit talented personnel by using virtual meeting and information sharing tools during the pandemic and beyond.

The Defense Information Systems Agency is searching for talented personnel in a broad array of career fields, including information technology, science and engineering, program and project management, contracting and acquisition and human resources—and the effort to recruit those personnel virtually is gaining steam.

August 19, 2020
By Kimberly Underwood
Speaking at a virtual luncheon of AFCEA's Alamo Chapter on August 19, Lt. Col. John Priestly, USAF, program director and material leader, Unified Platform Program; and director, LevelUp CodeWorks Software Factory, San Antonio, shares that he is seeing initial success at the cyber software factory, which is less than a year old.

Less than a year old, the San Antonio-based LevelUp Code Works Software Factory is succeeding in starting to “break the mold” of Defense Department software development. The factory, which had its grand opening last December, is providing key cyber-related products to U.S. military cyber organizations, says Lt. Col. John Priestly, program manager and materiel leader, Unified Platform Program; and director, LevelUp Code Works Software Factory.

August 10, 2020
By Maryann Lawlor
Ransomware attacks affect computers by encrypting all of the information on the device. The hackers then demand a ransom, usually paid in the form of crypto currency in return for the decryption key. U.S. Air Force Graphic by Adam Butterick

The state of the U.S. cybersecurity industrial base is robust, including for numerous start-up companies exploring new and, in some cases, pioneering cybersecurity technologies. Members of the AFCEA International Cyber Committee say the infusion of cybersecurity technologies and innovations originating in friendly countries and allies such as Israel, the United Kingdom and Australia certainly support this strength.

August 1, 2020
By Robert K. Ackerman
Credit: Shutterstock/Gorodenkoff

The U.S. Army is attacking defensive cyber operations from the laboratory. It is focusing new research efforts, including autonomous network agents, on ensuring cyber resiliency in the battlespace.

Some of this work builds on related efforts long underway at the Combat Capabilities Development Command Army Research Laboratory (ARL). Other thrusts aim at exploiting capabilities that are within reach but not yet ready to field. Still more are areas of research that have been given greater emphasis reflecting the more urgent need for cyber resilience.

August 1, 2020
By Kimberly Underwood
The Army is integrating Joint All Domain Command and Control capability as part of its tactical network modernization efforts. Credit: U.S. Army

The U.S. Army has spent the last two years pursuing a modernized integrated tactical network, or ITN, that supports increased mobility, resiliency and capabilities. Now, the service has a focus toward making sure that the modernization of that network can enable joint all-domain command and control, or the concept of JADC2. The service is preparing to fight seamlessly across the sea, land, air, space and cyberspace, or multidomain operations, by 2028.

August 1, 2020
By Shaun Waterman
Former NSA hacker Dave Aitel speaks at the S4 security conference in Miami. Photo by courtesy of S4

When the first Solarium Commission convened in 1953, it had the task of helping Former President Dwight D. Eisenhower and his cabinet colleagues assess the threat from the Soviet Union after the death of Joseph Stalin and agree on a strategic U.S. response. Three teams of policy experts put together three competing policy models: containment, confrontation and roll-back. Former President Eisenhower famously chose containment, a strategy based on the deterrence of Soviet military power and a norms-based alliance with Western Europe.

August 1, 2020
Lt. Gen. Robert M. Shea, USMC (Ret.)
The COVID-19 pandemic has dramatically increased the need for online telework and has expanded the cyber attack vectors. U.S. Army Photo by Sgt. 1st Class Marco Baldovin

For many, the issue of cyber resilience conjures up thoughts of conducting military operations in a denied environment. But the COVID-19 pandemic has added another dimension. The importance of cyber resilience to everyday activities has been illustrated through the changes wrought by the coronavirus. As the need for online telework and related efforts continues to expand, so do the attack vectors leveraged by cyber marauders.

Pages