Following the distressing headlines that cataloged repeated cyber breaches of U.S. federal computer networks—some that compromised the personal data of millions of people—government officials have implemented a patchwork of safeguards to shore up vulnerabilities, including the identification of high value assets.
The military cyberspace environment of the future will build on the existing realm, but aspects such as adversarial activities and acquisition processes ultimately will be among its greatest influences. And both presently are outside the reach of planners and implementers.
A panel on building that environment dominated the afternoon session at TechNet Asia-Pacific 2015, being held in Honolulu, November 17-19. The conference theme of Fight to Communicate: Operating in a Communications-Degraded Environment, brought the cyber realm front and center in this broad-ranging discussion.
Automobiles, appliances, GPSs and medical record-keeping are just a few of the portals through which hackers may penetrate networks and wreak havoc among individuals and organizations. These situations likely will worsen as the Internet of Things (IoT) becomes more pervasive throughout society.
Speaking at TechNet Asia-Pacific 2015, being held in Honolulu, November 17-19, Jodi-Ann Ito, information security officer, University of Hawaii, described some of the emerging threats. With a theme of Fight to Communicate: Operating in a Communications-Degraded Environment, the conference began by examining many security issues in Ito’s morning keynote address.
Cybermarauders are maintaining the lead in the battle over cybersecurity, but network experts are narrowing the gap as they implement new measures designed to prevent hackers from carrying out unmitigated attacks. Many of these measures involve basic cyber hygiene practices, while others take advantage of new technology capabilities.
The cyber attack into a key unclassified email server of the U.S. Joint Chiefs in August helped indoctrinate and shape missions at the new centralized office erected to defend the Defense Department’s cyber networks, said Lt. Gen. Alan Lynn, USA, commander of Joint Force Headquarters–Department of Defense Information Networks (DODIN).
The nation-state-sponsored attack was a bit of a shock in its aggressiveness, said Gen. Lynn, who also serves as the director of the Defense Information Systems Agency (DISA). “For three weeks, we went after this cyber event and worked it to figure out how we now work as this new command.”
The annual focus of National Cybersecurity Awareness Month during October each year reminds us clearly that cybersecurity protection and resilience is a team sport. Only through partnership and collaboration can we improve our national and global capability to address the evolving risk in cyberspace.
Information security professionals are being taught all the varied skills of the field—including how to be a hacker or a spy intruding on a network—in the same manner as runners who supplement their training with swimming and cycling to build flexibility and endurance. The cross-training philosophy is that exposing security professionals to all aspects of network defense and offense gives them a clearer understanding of the diverse elements of cybersecurity. It also embraces the concept of “it takes one to know one” by teaching them the cyber intruders’ kill chain.
In 2011, then-U.S. Chief Information Officer Vivek Kundra set the stage for federal agencies to take full advantage of cloud computing benefits through the Cloud First initiative, which mandates that agencies evaluate cloud options before making any new information technology investments. Since then, several agencies, including the General Services Administration, Department of the Interior, Department of Agriculture and NASA, have embraced the cloud.
Will cyberwarriors no longer need the Internet?
The answer might be yes—in the future. For now, warfighters can stealthily wipe out an adversary and cause no physical destruction, thanks to electronic warfare (EW). EW has emerged as a warfighting domain where covert adversaries battle for the advantage. It is a powerful tool in the U.S. military’s arsenal that could prove a critical asset to win conflicts and become the weapon of choice for warfare in general. And technological improvements on the horizon could provide capabilities once reserved for science-fiction movies.
Only those who fully comprehend EW’s capabilities will control the battlespace of the future.
The overwhelming consensus among cyber professionals is that the labor pool significantly lacks qualified experts, let alone the ability to meet demand in the coming years. Hoping to entice new generations to enter the field, government agencies and nonprofit groups are placing added focus and dollars on training youths in computer science and cybersecurity.
Securing the cyberspace will get worse before it gets any better, warned Adm. Michael Rogers, USN, director of the National Security Agency (NSA) and commander of U.S. Cyber Command.
“The very technical foundation of the world we’ve created with the Internet of Things is going to exacerbate [security vulnerabilities], not make it easier,” he said. Now, it’s not that the Internet of Things is bad, he pointed out. “As a private citizen, I love the convenience. But I also acknowledge it brings inherent challenges when we’re trying to defend something.”
The U.S. Senate passed the controversial Cybersecurity Information Sharing Act (CISA) on Tuesday, paving the way for private companies to share cyberthreat information not just with each other, but with the government.
A salient point of the measure, S. 754, centers on the freedom companies would have to share what they deem to be cyber intelligence without fear of lawsuits. But a vocal opposition to the measure took to social media during the Senate’s debate, calling on lawmakers to defeat the bill because it will tantamount to sanctioned government spying on citizens.
Small businesses doing work for the U.S. Defense Department pose serious cybersecurity concerns, in part because of their limited resources to invest in technical and practiced security measures, according to a congressional oversight agency’s assessment.
U.S. President Barack Obama and Chinese President Xi Jinping have agreed that neither country will “support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors,” according to a White House announcement released today.
Most cyber practitioners and many users agree that assessing and managing the risk attributed to cybersecurity and critical infrastructure protection is a shared responsibility between and across a wide array of stakeholders—including government, industry, academia, the nonprofit community and individual citizens.
The U.S. Army is converging many of its communications, electronics and intelligence disciplines to combat a cyberthreat that already has eroded much of the competitive advantage the U.S. military has possessed in recent years. Countering this threat virtually mandates that cyber operations move into the realm of fully integrated operations.
Security products are like crack to security professionals—they just cannot get enough. These products appear to be the panacea practitioners are seeking, but they often are not what they seem. They do not always solve problems, and they leave security experts continually looking for yet more new products, solutions and techniques for managing cyber risk. This raises the question: Why do enterprises and government organizations find protecting themselves from cyber crime so difficult?
A large portion of this issue of SIGNAL Magazine is devoted to its new quarterly special section—The Cyber Edge. The goal of The Cyber Edge is to do a better job of educating people across a broad spectrum in terms of the cyber threat, its implications, its technology issues and the policies that must be undertaken to solve the challenge.
Currently, from a cyber perspective, there is a dearth of information on what really is going on. Tales and stories abound, but no one goes into enough detail on what is behind those stories. Very few professional publications have properly framed the issues that must be dealt with from a cyber perspective.
The Internet of Things, or IoT, encompasses an ecosystem of devices and algorithms that gather and share information via the Internet. It is the next wave of technology transforming everything from meteorology to agriculture to health care. Despite the buzz surrounding the IoT, conversation about likely effects on domestic intelligence in the United States has yet to take off.
The typical all-source intelligence analyst must generate products that result from the fusion and correlation of structured and unstructured text reporting with sensor and imagery data sources. This process is complicated by the explosion of information on the Internet and the international community’s increasing use of social media to share ideas and coordinate activities, which has resulted in a larger data pool.