Cyber

March 1, 2018
By Jonathan Hobbs
Photo Credit: and4me/Shutterstock

Artificial intelligence is one of the most influential forces in information technology. It can help drive cars, fly unmanned aircraft and protect networks. But artificial intelligence also can be a dark force, one that adversaries use to learn new ways to hack systems, shut down networks and deny access to crucial information.

February 28, 2018
By Beverly Cooper
Mike Engle of Bastille Networks, the winner of AFCEA DC Chapter’s shark tank, shows how everyday devices, such as remote controls, used at home or in business or government, could provide access points for hackers. Phoot Credit: Michael Carpenter

Many cybersecurity methods and products are available to protect wireless networks from intrusion, but security concerns go well beyond the risks to Wi-Fi. The combination of legacy wireless systems and Internet of Things vulnerabilities number in the hundreds, and all radio frequency protocols are at risk.  

February 20, 2018
By Maryann Lawlor
The volume and variety of information that adversaries are surreptitiously collecting and analyzing from U.S. information systems requires new ways to detect enemies. Credit: Shutterstock

The billions of bits and bytes that make government services, information sharing and even shopping easier also open the doors for adversaries to gather intelligence that aids their nefarious pursuits. AFCEA International’s Cyber Committee has published a white paper that describes several ways big data analytics can help cybersecurity analysts close those doors or at least shrink the gap and reduce vulnerabilities.

February 21, 2018
By Robert K. Ackerman
Photo Illustration. Credit: Shutterstock/Dmitri Ma

Five cyber technology firms will vie for top honors as a six-month series of shark tank competitions reaches its climax on February 27 in Arlington, Virginia. These efforts are part of an ongoing attempt by AFCEA to apply the principle of the popular venture capital television show to bring new technologies to the attention of government organizations seeking vital solutions. Following the cyber technology shark tank, AFCEA will host another shark tank at its Small Business Innovation Summit on May 1.

February 20, 2018
By Kimberly Underwood
Government mobile devices are still vulnerable to cyber attacks, a recent report says. Photo credit: Shutterstock/Georgejmclittle

Mobile devices used by federal employees continue to be susceptible to malicious cyber attacks. Email accounts, stored documents, microphones and cameras on the devices still present avenues of entry for bad actors.

Complicating the matter are conflicting governmental compliance policies, misconceptions of security measures and naivety about the exact risks, a recent survey concluded. Many agencies are still ill equipped to handle these incidents. Moreover, even if policies are in place, employees do not always follow them, and intrusions still happen, according to the report, "Policies and Misconceptions: How Government Agencies are Handling Mobile Security in the Age of Breaches," prepared by San Francisco-based Lookout Inc.

February 13, 2018
Posted By George I. Seffers

Russia, Iran and North Korea are testing more aggressive cyber attacks against the United States and partner nations, according to the annual Worldwide Threat Assessment of the U.S. Intelligence Community delivered to Congress today by Dan Coats, director of national intelligence.

“The use of cyber attacks as a foreign policy tool outside of military conflict has been mostly limited to sporadic lower-level attacks. Russia, Iran and North Korea, however, are testing more aggressive cyber attacks that pose growing threats to the United States and U.S. partners,” the report states.

February 1, 2018
By Nicola Whiting
Credit: Mopic/Issarawat Tattong/Shutterstock

Advances in automated cyber weapons are fueling the fires of war in cyberspace and enabling criminals and malicious nation-states to launch devastating attacks against thinly stretched human defenses. Allied forces must collaborate and deploy best-of-breed evaluation, validation and remediation technologies just to remain even in an escalating cyber arms race.

February 1, 2018
Posted by Kimberly Underwood
The Joint Force Headquarters Department of Defense Information Network is fully operational, DOD reports. The network defense headquarters spent three years improving capabilities and building capacity to be able to secure and defend the military’s global network. DOD U.S. Strategic Command photo by Adam Hartman, of Petty Officer 2nd Class Ryan Allshouse using an intrusion detection system aboard the USS Ronald Reagan.

In the U.S. Cyber Command, the part of the cyber force that defends Defense Department networks, systems and vital information is fully up and running, the DOD reported.

The Joint Force Headquarters (JFHQ) Department of Defense Information Network (DODIN) reached readiness after three years of building its capacity and capabilities to secure, operate and defend the DODIN, according to a DOD statement. To achieve full operational capability, JFHQ-DODIN participated in a number combatant command exercises and managed daily network operations to address and counter “significant” cyber threats, DOD said. The unit also deployed its six cyber protection teams to support high-priority military operations.

January 31, 2018
By Kimberly Underwood
Army soldiers from the 3rd Infantry Division participate in a 4-mile division run at Fort Stewart, Georgia. The use of fitness trackers by some soldiers is inadvertently revealing their location and outline of military bases. Army photo by Sgt. Caitlyn Smoyer

Although GPS-enabled activity-tracking applications like Strava may help warfighters keep fit, the applications may also reveal important information about military bases or soldier locations. One application revealed a concentration of U.S military personnel at a base overseas when shared as social media postings.

Given the rising concerns, officials at the Pentagon announced at a January 29 press conference the DOD would be looking into the issue, according to a report from Jim Garamone of DOD News.

February 1, 2018
By James R. Rutherford and Gregory B. White
A proposed new cyber kill chain model modifies the previous one by adding an intelligence-gathering step as well as a step for execution of an attack and exfiltration of information. Credit: Denis Semenchenko/Shutterstock

Understanding the cyber kill chain and disrupting it could effectively defend against the most recent generation of cyber attacks. By scrutinizing the time and effort hackers invest in scoping out potential targets, network defenders can take advantage of several opportunities to block system access or, at the very least, drive up the cost, making attempts unappealing.

January 24, 2018
By Kimberly Underwood
Transatlantic communication cable systems such as the TAT-14, which connects the United States to France, the Netherlands, Germany, Denmark and the United Kingdom, are susceptible to attack, according to a recent report. Photo: Sprint Corp.

Undersea fiber optic communications cables are minimally protected and have locations that are public knowledge. This puts these vital communication links at risk of nation-state and terrorist attacks that could cause immense harm.

January 18, 2018
By Julianne Simpson
Lt. Gen. Rhett Hernandez, USA (Ret.) (far r), AWest Point chair to the Army Cyber Institute and former commander of the U.S Army Cyber Command, moderates the "Cyber Educator Perspective & Priorities" panel alongside (l-r) Jim Yacone, director of federal operations, SANS Technology Institute; Michael Moniz, Circadence Corporation; David Snow, University System of Georgia; and Robert Quinn, St. Leo University.

“The only way our nation is going to succeed in cyber is through public-private partnerships,” stated Major Gen. John B. Morrison, USA, commanding general, Army Cyber Center of Excellence and Fort Gordon, during an informal question and answer session over lunch at AFCEA’s Cyber Education, Research and Training Symposium.

Educators and industry leaders echoed the sentiment during afternoon panels on the second day of the conference.

January 18, 2018
By Julianne Simpson
ol. Paul Stanton, USA, commander, Cyber Protection Brigade, leads his subgroup during a workshop on research and development supporting the cyber training environment and tools at the Cyber Education, Research and Training Symposium.

A cyber training environment is essential to collective training proficiency and educational agility in the face of rapidly evolving threats. During a morning workshop focused on research and development supporting the cyber training environment and tools, attendees at the Cyber Education, Research and Training Symposium (CERTS) explored possible solutions in this environment, and offered thoughts and insights on the work ahead.

January 18, 2018
Kimberly Underwood
Photo courtesy of Proofpoint

Only half of federal civilian agencies are complying with federal regulations addressing email security, including email spoofing, according to a recent report from Sunnyvale, California-based Proofpoint.

In October, the Department of Homeland Security issued its domain-based message authentication reporting and conformance (DMARC) standard, Binding Operational Directive (BOD) 18-01, to improve the security of digital messages sent by federal agencies or from federal websites, explained Robert Holmes, author of the report.

January 17, 2018
By Julianne Simpson
Cyber operators (l-r) Lt. Col. Barian Woodward, USMC; Lt. Col. Angela Waters, USAF; Lt. Col. Benjamin A. Ring, Ph.D., USA; Lt. Jr. Clovis Guevara, USCG; and Col. Paul T. Stanton, USA, panel moderator, address attendees at AFCEA's first Cyber Education, Research and Training Symposium.

During the afternoon of the first day of AFCEA’s Cyber Education, Research and Training Symposium (CERTS), leaders from all five branches of the armed forces shared their perspectives on cyber education and training. Though all five laid out slightly different strategies and goals for their individual services, they all agreed they should leverage each other’s expertise and work together to figure out a way forward.

January 17, 2018
By Julianne Simpson
“How can we make security effective and intuitive, yet usable?" Col. Andrew O. Hall, USA, director, Army Cyber Institute, asked attendees at AFCEA's first Cyber Education, Research and Training Symposium.

Col. Andrew O. Hall, USA, director, Army Cyber Institute, opened AFCEA’s first Cyber Education, Research and Training Symposium (CERTS) with a cyberthreat update.

“How can we make security effective and intuitive, yet usable?” Col. Hall asked attendees at the sold out conference. “Efficiency is an area of weakness and easy to hack,” he added. But it’s necessary to perform missions.

The emerging threats to cybersecurity are growing. Col. Hall focused on the global supply chain, artificial intelligence (AI) weapons factories, information warfare and critical infrastructure.

November 30, 2017
By Julianne Simpson

AFCEA will host its first Cyber Education, Research and Training Symposium January 17-18 in Augusta, Georgia. The much-anticipated event, also known as CERTS, will connect military and agency stakeholders with solution providers from academia, business and research centers.

CERTS will feature keynote speakers, panels and breakout sessions promoting discussion between operators and supporting professionals. Featured speakers include Col. Andrew O. Hall, USA, director, Army Cyber Institute; Michael Hudson, deputy director, J-7, U.S. Cyber Command; and Lt. Gen. Paul Nakasone, USA, commanding general, Army Cyber Command.

January 8, 2018
By Kimberly Underwood

Computer core processors using a "speculative execution" have a "serious security flaw," according to researchers from Google's Project Zero. The speculative execution functionality is "a technique used by most modern processors (CPUs) to optimize performance," according to Google’s Matt Linton, senior security engineer, and Matthew O'Connor, Office of the Chief Technology Officer. The flaws, dubbed "Spectre" and "Meltdown," make aspects of the computer memory vulnerable to cyber attacks.

December 28, 2017
By David Mihelcic
Former DISA official David Mihelcic stresses the need to balance IoT convenience and benefits with cybersecurity needs. Credit: PIRO4D/Pixabay

The federal government has invested billions of dollars on Internet of Things (IoT) technologies over the past few years, but it may be compromising its security posture for better information. Certainly being able to share and access the information derived from connected sensors is vital to the protection of the United States and instrumental to military success. However, connected devices present enticing targets, as evidenced by the 2016 Mirai Botnet attack, which originated through vulnerable IoT devices.

January 1, 2018
By Robert K. Ackerman
A soldier with the U.S. Army’s 780th Military Intelligence Brigade sets up deployable cyber tools at the National Training Center in Fort Irwin, California. The Army’s Chief Information Officer (CIO)/G-6 office is working to bring operations, intelligence and policy making closer together in its cybersecurity efforts. Credit: U.S. Cyber Command

The U.S. Army is narrowing the gap between policy and operations as it confronts new threats in cyberspace. Field reports are having greater and faster influence on the issuance of directives, and intelligence is now a major player in determining cyber policy.

“Aligning cybersecurity directly with our operations to achieve readiness is the key to succeeding and moving forward,” says Carol Assi, division chief for cybersecurity policy and governance in the Army Chief Information Officer (CIO)/G-6 office. “And shrinking the gap between operation and policy, having continuous dialogue and working hand in hand, addressing issues in a collaborative environment, [are essential] to that. We no longer can afford to work in silos.”

Pages