A panel of cyber educators today encouraged subject matter experts in the military and industry to teach cybersecurity part time.
The panel enthusiastically embraced the suggestion from an audience member at the AFCEA Cyber Education Research and Training Symposium on May 11 in Augusta, Georgia.
The U.S. Army in the past 30 days kicked off 10 Junior Reserve Officers’ Training Corps focused specifically on students interested in cyber careers. The service also has offered the first direct commission to a lieutenant colonel in the cyber realm and will soon do the same for a full colonel.
Brig. Gen. Paul Craft, USA, commandant, U.S. Army Cyber School, told the audience at the AFCEA Cyber Education Research and Training Symposium (CERTS) in Augusta, Georgia, that the new Junior ROTC efforts are important for the Army and for the nation. “That’s a big thing for the U.S. We now have multiple focused Cyber Junior ROTC programs in our nation, and they will expand over time.”
Earlier this year, U.S. Cyber Command and the cyber components of each of the military services initiated an academic engagement network to reach out to students interested in potentially supporting military cyber missions. In the coming months, Cyber Command will invite network members to help solve hard problems in the cyber arena, including technical, policy and strategy challenges.
The United States needs to add computer skills to elementary education, and the military needs to broaden its cyber training. That was the gist of the message from Brig. Gen. Paul Stanton, USA, commander, U.S. Army Cyber Center of Excellence, during his opening remarks on the first day of the AFCEA Cyber Education, Research and Training Symposium (CERTS), May 9, in Augusta, Georgia.
The Office of the National Cyber Director (ONCD) is planning a cyber workforce development summit that could take place as early as June, and it could be accompanied by a White House strategy on cyber workforce development, reports Joyce Corell, senior technical advisor to the national cyber director.
The ONCD was formed on January 1 of last year under the National Defense Authorization Act for Fiscal Year 2021. It was initially recommended by the Cyberspace Solarium Commission, a panel authorized by Congress.
ONCD officials are working with the secretaries of labor, education and homeland security as well as congressional offices and other “government stakeholders” on the workforce development summit, Corell reported.
Cybersecurity officials from Australia, Canada, New Zealand, the United Kingdom and the United States issued an advisory April 27 disclosing the most common digital vulnerabilities and exposures routinely leveraged by cyber attackers in 2021. Of the top 15 software vulnerabilities identified across all of the countries, Microsoft products accounted for nine such issues.
The United States’ Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI collaborated with the Australian Cyber Security Centre, Canadian Centre for Cyber Security, New Zealand National Cyber Security Centre and United Kingdom’s National Cyber Security Centre to issue the advisory.
The application of explainable artificial intelligence to Internet of Behavior techniques may help provide a more trusted and understandable framework in changing human behaviors, researchers say. This combination of Internet of Things devices, artificial intelligence, data analytics and behavioral science can also achieve user and business benefits, according to a study.
Russia’s well-known cyber attacks on Western nations could be setting the country up for a powerful backlash, offers a retired U.S. Army expert formerly based in Moscow. After years of relentless penetrations and attacks on databases and infrastructure in U.S. and NATO countries, Russia now is finding itself as much—if not more—of a target of reciprocal cyber assault capabilities increasingly wielded by the West.
The U.S. Special Operations Command is developing an information technology architecture and operational plan that eventually may evolve into a template for overall U.S. Defense Department military operations. Many of the needs expressed by special operations forces are not unlike those experienced by elements of conventional service forces, and successful development and deployment of special operations digital systems can have a direct bearing on departmentwide military systems.
Who you are, or more importantly, who your IT network thinks you are and what it allows you to do, is a crucial part of cybersecurity.
One’s identity in cyberspace is key to accessing its resources, and it is part of an ongoing battle between security teams and criminal and nation state-backed hackers trying to get in, explains Christian Lees, chief technology officer, Resecurity Inc.
Identifying an identity-based threat not only helps individuals, but entire organizations as well. “If we can help fast track the detection of a threat, that’s our role,” Lees told SIGNAL Magazine Senior Editor Kimberly Underwood in an SIGNAL Media Executive Video discussion.
The U.S. government agency known as CISA, charged with helping the country manage and reduce the risks of cyber threats to digital and physical infrastructure, is pursuing several efforts to add cyber professionals to the workforce. Experts say there are almost 2.7 million unstaffed cyber positions globally, with almost 400,000 unfilled cyber jobs in the United States, according to a recent (ISC)² Cybersecurity Workforce Study. This year, CISA—the Cybersecurity and Infrastructure Security Agency—started several initiatives to grow the cyber professional workforce, reported David Mussington, executive assistant director for Infrastructure Security at the agency.
The U.S. Army’s massive modernization effort requires rapid adaptability in the courses being taught in its cyber and signal schools. Efforts are underway to fundamentally change the approach to teaching and instituting courses for zero trust, cloud computing and other technology advances that will affect the future of combat.
While improved service delivery and return on investment are top-of-mind procurement objectives when choosing a Software as a Service (SaaS) partner, federal agencies must equally prioritize “security first” measures to ensure vulnerable legacy systems are protected in today’s digitally dominated climate.
The confluence of advanced digital tools, such as computer vision, along with Internet of Things devices, data science and knowledge of human nature, is enabling the greater ability to track, analyze and prompt human behavior. The use of this approach, referred to as Internet of Behaviors, is expected to skyrocket, with an estimated 40 percent of the global population’s activities by 2023 thought to be tracked digitally to influence behavior, according to Stamford, Connecticut, research firm Gartner.
February’s invasion of Ukraine by Vladimir Putin was a shock to geopolitical order. NATO and the United States acted quickly to aid Ukraine while avoiding entering a war against Russia and shoring up any threat to NATO and the United States. From their early observations of the war, U.S. officials from Congress, and the cyber and intelligence communities are looking closely to glean understanding and apply key knowledge to U.S. actions and defenses.
An evolving trend, the Internet of Behaviors, requires our attention. This growing field in the digital realm stems from the Internet of Things, the earlier wave of connected devices to the Internet and people, which also came with certain vulnerabilities. Not much has been published yet about Internet of Behaviors to help further guide our policies and actions. And with Internet of Behaviors presenting both positive and negative potential impacts, I would like to start a greater dialogue about it.
As the National Security Agency’s (NSA’s) cybersecurity director, Rob Joyce oversees the agency’s Cybersecurity Directorate, which was established to prevent and eradicate cyber threats to the Defense Department, national security systems and the defense industrial base. He has served in both the cybersecurity and signals intelligence missions at NSA since 1989 and worked as the cybersecurity coordinator and acting homeland security advisor at the White House.
What would you say are your—or your team’s—greatest achievements since you started this job?
One of the priorities that the U.S. Cyber Command is pursuing this year is defining and advancing the Joint Cyber Warfighting Architecture, which is designed to leverage data and cyber intelligence to provide situational awareness and battle management at strategic, operational and tactical cyber mission levels. The construct also includes an array of defensive and offensive cyber capabilities that need to be advanced and will help identify any capability gaps, thereby guiding cyber warfare capability acquisition.
The U.S. Defense Information Systems Agency (DISA) intends to double down on the security of its classified networks in the coming months as it experiments with the zero-trust prototype known as Thunderdome.
Julian Breyer, DISA’s senior enterprise and security architect, reported a change in priorities while discussing Thunderdome during a panel session at AFCEA’s TechNet Cyber conference in Baltimore, April 26.
By the end of 2022, leaders at the Defense Information Systems Agency (DISA) anticipate having a production decision as part of its zero-trust prototype officials call Thunderdome, Brian Hermann, director of the agency’s Cyber Security and Analytics Directorate, said during a micro-keynote session Tuesday during AFCEA’s annual TechNet Cyber conference, taking place April 26-28 in Baltimore.
The Army’s Unified Network, which will enable the service to deliver the strategic, operational and tactical effects that maneuver commanders need across joint and coalition operations, is advancing, said Lt. Gen. John Morrison, USA, deputy chief of staff and the Army G-6, speaking at AFCEA’s TechNet Cyber conference in Baltimore on April 26.
The electromagnetic spectrum may be the key to prevailing in cyberspace during a conflict, and many of the requisites that apply to other domains also are vital in that realm. Foremost among these is situational awareness, as forces may not be able to win the spectrum battle without effective understanding of its conditions in real time.
The importance of spectrum was discussed by a theater session panel at TechNet Cyber 2022, being held in Baltimore April 26-28. The three-day event offered a heavy representation from the Defense Information Systems Agency (DISA), and two of the five panelists discussion spectrum challenges were from the agency.
As part of its planned transformation into a data-centric enterprise, the Defense Information Systems Agency will leverage telemetry and other data collected from endpoints to improve user experience, DISA officials said during an AFCEA International webinar.
The U.S. Coast Guard is taking its place alongside the other national security services in cyberspace as it deals with a new mission menu. Its traditional taskings for search and rescue have expanded in scope and complexity, and it also is assuming new operations in an increasingly challenging maritime environment.
Starting from the first recorded raid on the monastery of Lindisfarne in 793, Viking raids presented European rulers with an unprecedented challenge. Fast, sleek longships could stealthily deploy alongside the coasts of early medieval England and France, striking at wealthy, isolated targets and departing before local authorities could mount a response.
With information operations (IO) in the world stage spotlight, the U.S. Air Force sees a growing need for experts in the field and is taking steps to expand training opportunities with the 39th Information Operations Squadron (IOS).
The 39th IOS, located at Hurlburt Field, Florida, trains Air Force personnel in information and cyber operations, including both offensive and defensive cyber skills. The unit conducts qualification and advanced training to provide mission-ready information and cyber warfare operators for all Air Force major commands.
With the creation of its first Chief Data Office, the U.S. Defense Information Systems Agency is stepping into a more data-centric vision. The need for enhanced data management, technologies and policies is necessary to support greater ventures of agency operations and improved decision making and operability for warfighters, explained Caroline Kuharske, acting chief data officer, Defense Information Systems Agency.
From the back office to the front lines, technical tools the Defense Information Systems Agency is exploring will facilitate military-industry communications and collaboration.
By enhancing the U.S. Department-industry relationship, future capabilities will expand how cloud technologies are deployed and employed and will improve warfighter readiness, bringing the latest tactics for open communications to mission owners.
The battle for cyberspace may hinge on outer space as experts expand the digital frontier. The leading U.S. military communications organization is working with partners in NATO to exploit and dominate space communication systems with an eye to hurling defense systems into an advanced technology future.
In today’s cyber environment, the attack surface grows exponentially day after day with no sign of slowing. With the near-geometric growth of applications, the signal-to-noise ratio has been amplified into the stratosphere. The result: The hunt for timely and important context in system and network telemetry is like trying to find a particular needle in a sea of needles.
Equally challenging is the “dwell time” of attacks—the period between initial penetration and the point of detection/eradication. In 2020, the average global dwell time was 56 days. That means that an attacker had nearly two months inside a network on average before being discovered.
Today, more than ever, combatant commands, joint task forces, service components and supporting agencies need the mission partner environment to deliver the same capabilities envisioned for the U.S. Defense Department’s Joint All-Domain Command and Control concept. With two near-peer competitors dominating the defense strategy, the need for an enterprise-level mission partner environment has never been greater for promoting security cooperation while maintaining military readiness. As Cliff Fegert, former director of the Mission Partner Capabilities Office noted, “With two near peers, we do not have the luxury of preparation time, and we must have allies/partners to deter or win.”
Thunderdome, the Defense Information Systems Agency’s zero-trust solution, may enhance cybersecurity while also transforming the way the agency does business.
The history of air power theory and practice offers considerations for those preparing to defend against cyber warfare. Most early air power advocates emphasized strategic bombing and its potential to quickly compel an enemy to sue for peace.
Gen. Curtis LeMay, U.S. Army Air Corps, who oversaw the shift to strategic bombing, said following World War II, “I suppose if I had lost the war, I would have been tried as a war criminal.”
Leaders of the agency serving the services’ technology needs aims to balance cybersecurity and ease of use. Development of current and future capabilities focus on simplifying access as well as facilitating data and network protection.
As a lead up to Technet Cyber 2022, key Defense Information Systems Agency (DISA) directors are sharing their insights during weekly webinars to preview their priorities for attendees and exhibitors alike. The conference takes place next month in Baltimore.
There’s a wind of change blowing through federal cybersecurity policy. The new SEC proposal for mandatory disclosure of cybersecurity incidents by publicly traded companies is one straw in that wind. The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) is another. But it’s a pretty hefty straw.
The United States and other NATO nations have been very careful not to go to war against Russia following Putin’s invasion of Ukraine. The nations, however, have moved to arm Ukraine, along with providing financial support and humanitarian assistance, and setting considerable sanctions against Russia. The U.S. Senate’s top military budget leader sees these steps as an initial success and identifies lessons learned or to be learned from observing the war, as well as several priorities.
In times of global crises such as the COVID-19 pandemic and the war in Ukraine, the Defense Information Systems Agency (DISA) is working to make sure the U.S. Defense Department’s communications networks are running securely to provide leaders and warfighters with the information they need.
A key aspect of this is velocity of action, using innovation and initiative to gain an advantage over adversaries, DISA officials told SIGNAL Magazine Editor in Chief Robert Ackerman during the first of a series of TechNet Cyber 2022 webinars.
The U.S. Navy’s Naval Information Warfare Center Atlantic Palmetto Tech Bridge is seeking industry solutions for cyberspace defense in denied, degraded and disconnected environments. The effort is open to any U.S. company, academia or other organization and accepted proposals will be evaluated at the Cyber Advanced Naval Technology Exercise that starts September 6, 2022, and runs for two weeks.
An effort to help Ukraine protect its critical infrastructure from cyber attacks has succeeded at least initially. Steps taken by various governmental agencies and private industry before Russia invaded Ukraine on February 24 have strengthened its cybersecurity, said Gen. Paul Nakasone, USA, commander of U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service, testifying before the U.S. Senate Select Committee on Intelligence last Thursday.
This article is part of a series that explores zero trust, cyber resiliency and similar topics.
Over the past year or so, I’ve discovered the secret weapon that IT leaders of various U.S. government entities have deployed as they implement zero trust architectures. Their first step has been to create a comprehensive educational pathway for their workers. This is because no one can implement zero trust alone.
Zero trust: Only education can move you forward
The Naval Information Warfare Systems Command is addressing human-technology synergy by empowering its workforce to both adapt new technologies and adapt to new technologies. The command’s personnel are working with people in its industry partners on efforts that will affect operations across the entire Navy.
In the rush to implement national security use cases for artificial intelligence and machine learning, policymakers need to ensure they are properly weighing the risks, say experts in the field.
Like all software, artificial intelligence (AI)/machine learning (ML) is vulnerable to hacking. But because of the way it has to be trained, AI/ML is even more susceptible than most software—it can be successfully attacked even without access to the computer network it runs on.
The Defense Department must break from the Working Capital Fund model and make a strategic investment to build up new capabilities at cyber research and development commands. Failure to overcome the barriers generated by that model to improve the efficiency of these organizations would surely hand the technical advantage to adversaries who can innovate faster.
Artificial intelligence (AI), and its companion discipline, machine learning (ML), have emerged as the key to future high technology innovation and exploitation. We as a nation must recognize the value of an AI environment and promote its advancement as it increases its influence on all aspects of our lives. Failure to seize the initiative with AI could leave us at the mercy of foreign rivals or even AI itself.
AI is not new. Mathematicians and computer scientists have been exploring it since the 1950s. Interest in it waxes and wanes. But over these past six decades, it has changed. Now, AI is here to stay and is part of our technology roster. The question facing us is how we use AI.
The Defense Information Systems Agency (DISA) is striving to diversify its workforce by working both within and without. Its efforts include querying existing workers for information about the work environment and laying the groundwork for bringing in new people from nontraditional sources.
These activities are coming from the newly created DISA Diversity Office. Damien J. Terry, chief diversity officer for DISA, explains that the office is pursuing a multifaceted approach to improving diversity at the agency. This includes tapping existing expertise among DISA employees and establishing mechanisms for future hires—effectively, a detailed program for recruitment and retention.
The establishment of the Cyber Defense Correlation Cell for Space, or CDCCS, by the U.S. Space Force has created an important secondary layer of cyber protections, said, Lt. Gen. Stephen Whiting, USSF, commander, Space Operations Command, U.S. Space Force.
The general discussed the service’s and the Space Operations Command’s most recent cyber defense advancements yesterday at the AFCEA Rocky Mountain Chapter’s annual Cyberspace Symposium, held February 21-24, in Colorado Springs, Colorado.
In today’s complex operating environment, airmen specializing in networking, communications and cyberspace operations need a more robust training regimen throughout their careers. The U.S. Air Force is not doing enough to prepare these specialists for future roles as chief operating officers or as so-called A-6s, officers in charge of preparing for or conducting communication and information operations. The service needs to do a much better job, according to a panel of A-6 leaders from several Air Force major commands.
In the cyber protection industry, a common mantra of having to successfully defend networks and information technology environments all of the time misses the point, according to one cyber leader. Instead, cyber warriors should identify clear, desired outcomes in regard to cyber operations.
This article is part of a series that explores zero trust, cyber resiliency and similar topics.
The recently released federal zero-trust strategy from the Office and Management and Budget (OMB) and the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) has one action area that has raised a few eyebrows within the zero trust community: Go ahead and open your applications to the Internet. Wait… what?
More than just a technology focus, zero trust (ZT) is an invitation for all of us to think differently about cybersecurity. We are losing on the cybersecurity battlefield, and continued investment in more advanced versions of the same architecture patterns will not change that.
