Cyber

Cybersecurity program managers are facing the dilemma of appropriately balancing compliance with threat tracking and mitigation. Today, amidst the ever-growing problem of data breaches, organizations are investing in protection. But simply complying with security and privacy standards seldom means systems and data are automatically secure.

The personnel within the Realities Lab at the Army Cyber Institute located at West Point explore every aspect of extended reality technologies, developing new tools, conducting studies and asking the hard questions.

The Realities Lab is dedicated to research in what is becoming known as extended reality, or XR, a term that includes augmented, virtual and mixed reality. Extended reality technologies offer a wide range of military uses, including realistic training available virtually anywhere, modeling and simulation for weapon system development, and actual situational awareness on the battlefield.

As the U.S. Department of Defense (DoD) drives forward on its cloud strategy, development teams and chief information officers alike are looking for faster ways to deploy new capabilities, proactively address cybersecurity challenges and take advantage of the resiliency of cloud operations.

The DoD has embraced the cloud to achieve speed, security and scale. The focus is now on clearing the blockers that have slowed deployment in order to accelerate the adoption of new services and unlock the transformational capabilities of cloud for the DoD enterprise and warfighters at the tactical edge.      

The U.S. Cyber Command, at the invitation of foreign governments, sends teams of cyber warriors overseas to aid in the search for, analysis of and protection against adversaries conducting cyber warfare.

While U.S. forces frequently deploy overseas, this is a different kind of military support. Instead of taking tanks, helicopters and ships, the U.S. military sends its cyber warriors, armed with their adroit offensive and defensive skills and digital tools.

Recent cyber attacks against critical infrastructure such as the attack on Colonial Pipeline Co. has put cybersecurity in the spotlight.

But combating cyber adversaries is a broad area requiring significant amounts of human intelligence and a deep technical expertise to identify them, Gene Yoo, CEO of Resecurity Inc., told SIGNAL Magazine Editor-in-Chief Robert K. Ackerman during a SIGNAL Media Executive Video interview.

Adversaries come in different types, he added, noting that these range from part-time hacktivists to skilled professionals working for criminal organizations or state intelligence agencies.

The U.S. Air Force’s 67th Cyberspace Wing has been busy. The wing operationally acts as the execution arm of Air Forces Cyber, performing comprehensive cyber operations on a service and nation level. The wing has successfully proven its ability to operationalize on top of its duties to organize, train and equip, reported Col. Jeffrey Phillips, USAF, wing commander. The wing took action against Russia’s information warfare campaign over the last year, responded to the SolarWinds compromise and helped ensure the digital security of the 2020 election, Col. Phillips said during a May 18 presentation to the AFCEA Alamo Chapter.

The U.S. Army is creating a pilot program for a limited number of Signal Warrant Officers to build certain skills that the service is identifying as being crucial for the future digital battlefield. The program, currently being developed by the Army’s Cyber Center of Excellence (CCoE) at Fort Gordon, Georgia, will feature an online training platform for soldiers to access on-demand education when needed to support future signal, cyber and electronic warfare operations.

Every cyber warrior can be a cyber recruiter, according to panelists at the AFCEA TechNet Augusta Virtual Event Series.
 
The United States faces a severe shortage in cyber personnel and in students willing to enter the cyber workforce. That shortage is even more acute in the government and the military, where talented personnel are often recruited by industry for higher pay and other incentives.
 

Development of a new federal service academy, established to educate a robust digital civil servant workforce, is the recommendation of the AFCEA Cyber Committee in a recent white paper “Establishing a Federal Digital Service Academy.” In echoing the sentiments of various commissions and thought leaders over the past four years, the committee is calling on President Biden to sign an executive order and begin the process

Coordination among allied militaries is one of the world’s oldest problems. In the future, U.S. forces will likely operate in increasingly complex environments alongside diverse multinational forces to address emerging threats. Coalition command structures will require warfighting capabilities built on interoperability and a secure environment for communication and collaboration among trusted coalition forces at operational and tactical levels.

Public safety agencies are seeking ways to reliably grant mission-critical information access to authorized users while also ensuring security and data integrity. Technical pilot projects sponsored by the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency demonstrated cross-domain federated identity, credential and access management for secure information sharing for first responders in Texas and Tennessee.

Before 1957, man had never placed a single object in space. Soon, tens of thousands of new artificial satellites will circle the Earth. Beyond a change in the sheer volume of satellites in space, the actors at center stage today are fundamentally different: a shift from humans and hardware to software and shoebox satellites.

A new space race is dawning. Luckily, the United States has an edge against competitors like China and Russia if it can keep it.

Facing an unprecedented malicious cyber event, the Defense Information Systems Agency, known as DISA, and the Joint Force Headquarters Department of Defense Information Network, or JFHQ-DODIN, sprang into action, leaning on their respective round-the-clock operations, their supply chain management postures, and relying on its industry, Defense Department and government partnerships, leaders say.

Cybersecurity in the federal government, especially for the Department of Defense, is a complex dance between agencies and commercial partners. To get things right, companies working with the government need to be adaptable and resilient in helping government customers meet their mission goals, said Dana Barnes, senior vice president of public sector at Palo Alto Networks.

The Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB), the sole authoritative source for operationalizing CMMC assessments and training by the U.S. Defense Department, has announced the formation of a cybersecurity Industry Advisory Council’s (IAC).

The CMMC-AB IAC mission is to provide a unified voice as representatives of organizations seeking certification to provide to the Defense Department and the accreditation board feedback, input and recommendations for implementing the CMMC.

Working from home or remotely has always been a significant challenge for our federal workforce. The obstacles are not so much technical, rather it is the sensitivity of the data and communications that must traverse the network, and the sophistication, resources and determination of the adversarial powers that seek to disrupt or compromise them.

Unlike the commercial marketplace where a security breech might result in lost revenue, stolen IP or a fine, in the federal mission space the cost of failure could be the loss of critical infrastructure or even loss of life.

NATO is at risk of losing its technology edge because of emerging and disruptive technologies increasingly developed within the civil sector. The growth of peer competitors’ determination, especially China, and the decline of technology education in Western countries are eroding the advantage they once skillfully held.

To address this state of affairs, the organization’s defense ministers are examining a number of activities. As a part of this initiative, the NATO Industrial Advisory Group (NIAG) conducted a study to provide the industry view of the implications of emerging and disruptive technologies (EDTs) and Chinese advances in defense operations and military capability development.

The federal government has been taking zero trust more seriously. Although a significant part of it has yet to be implemented, some initial work has been completed with zero trust network access, yet the outside-in approach to zero trust and complexity remains. But the more important aspect of zero trust relates to application and workload connections, which is what attackers care about and is not being protected today.

This “other side” of zero trust and a host-based micro-segmentation approach will lead to greater security and will stop the lateral movement of malware. Constituting multiple pilot projects is the best way forward in the inside-out approach to zero trust.

With ransomware and malware attacks on the rise across the globe, leaders need to be positioned for incident response before a breach occurs. Most businesses are not prepared for the earth-splitting impact a ransomware attack will present to their organization. Many organizations are deploying the “HOPE” strategy against ransomware. They hope every day that they aren’t targeted, because they know a ransomware attack will present a monumental financial and organizational challenge. Commercial businesses have paid hundreds of millions of dollars to black hat hackers for the rights to the decryption key to restore their network. Ransomware can shut down computers and lock out users until they pay hackers a ransom.

Recent actions by cybermarauders have illustrated the importance of the Cybersecurity Maturity Model Certification (CMMC) thrust by the Defense Department, and new assessment guides can help lay the groundwork for companies to meet CMMC requirements, according to government officials.These and other key points were presented at the AFCEA CMMC Lunch and Learn session held on March 19. The last of a series of CMMC lunch presentations, this session focused on requirements for the National Institute of Standards and Technology (NIST). But, government experts addressed several other key issues related to CMMC implementation.

In the ever-growing and complexifying ecosystem of the Internet of Things (IoT), demand for connectivity is stronger than ever and only bound to intensify. Statista predicts that by 2025, there will be 38.6 billion devices connected to the internet, which will put even more pressure on organizations to monitor their infrastructures.

For system administrators, there are several obstacles to keeping pathways clear and the flow of data smooth. Here are a few of the most common roadblocks when it comes to IoT monitoring, as well as a few ways to overcome them.

Roadblock #1: Managing different interfaces for different devices

The rise of the People’s Republic China as a peer competitor vying for superpower status has emerged as an important challenge for the United States. To confront this competition, policy and decision makers must preserve and extend U.S. global interests to deter China if necessary and work in the international system in which the United States plays a vital role.

If all goes as planned, a major mobile cellphone carrier will ultimately adopt technology developed under the Defense Advanced Research Project’s Agency’s Open, Programmable, Secure 5G program. Doing so will allow the open-source, secure technology to proliferate as so-called Internet of Things technologies become more ubiquitous.

The telecommunications industry is currently rolling out the fifth-generation wireless network known as 5G, which is bringing more bandwidth, lower latency, high-speed throughput, improved reliability and increased connectivity to mobile communications. Off of that advancing communications point will come 6G, the sixth iteration of the wireless network.