Cyber attacks increasingly target the U.S. military and other federal departments, causing these agencies to rely on technology to accomplish their goals, which also increases the size of their attack surface. It’s a Catch-22, and staying one step ahead of hackers trying to infiltrate an IT environment is challenging. It can be nearly impossible if those tasked with protecting that environment don’t have visibility across all of the systems and infrastructure components.
The federal government cautioned its agencies and federal contractors of a network vulnerability that could let hackers access systems. The scurry to inform agencies and instruct them to patch for vulnerabilities occurred after the discovery of unauthorized code during a review of Juniper Networks software.
Juniper is one of the largest providers of firewalls and network software, and the Defense Department is one of its larger federal customers. The revelation prompted federal oversight into the incident, including by officials from the Pentagon and the Department of Homeland Security, amid fears that the hack could permit spying of users' networks.
The season to hunt white-tailed deer draws to a close, and being an avid hunter, I’m already planning for the next season using information gleaned from this go-around in addition to maps, data from trail cameras, temperature input, moon phase and the movement patterns of game. While planning tools are plentiful, they mean little without automation on the back end to make sense of it all.
Deer hunting can be much like cyber hunting, the methodology organizations use when traditional security solutions fail to keep out intruders.
Complying with federal cybersecurity standards, though essential for the defense industrial base and national security at large, presents immense fiscal challenges for smaller businesses that struggle every day to meet the demanding requirements—without breaking the bank.
If not addressed soon, small business noncompliance with the standards spelled out in the Defense Federal Acquisition Regulation Supplement, or DFARS, could have the unintended consequence of severely diminishing the sector’s role in defense contracting, exacerbating concerns about bringing the entire industrial base into compliance. It is a responsibility shared by all businesses doing work for the Defense Department—small, medium and large.
A burgeoning breed of combatants fights in a convoluted new domain where no one has blazed a trail, where no history books offer lessons or guidance. These warriors sometimes use untested offensive and defensive network maneuvers to secure cyberspace, the increasingly important and congested battleground rapidly becoming the attack venue of choice.
The technology to succeed in this ongoing fight actually already exists, as does the well-trained work force, experts say. The question now hovers over what ethical guidelines the United States will employ to carry out cyber warfare—where dynamic real-world events shape the malleable rules of engagement.
The exciting advent of nanotechnology that has inspired disruptive and lifesaving medical advances is plagued by cybersecurity issues that could result in the deaths of people that these very same breakthroughs seek to heal. Unfortunately, nanorobotic technology has suffered from the same security oversights that afflict most other research and development programs. Nanorobots, or small machines, are vulnerable to exploitation just like other devices.
But the others are not implanted in human bodies.
The phenomenal transformation of computer networks from limited and simple to vast and complex has contributed to such great advances. Great but susceptible advances.
The U.S. Army and its Cyber Command are building momentum to create the institutional and operational structure required to conduct and support missions in the cyber domain. Now is the time to seriously address the challenges of attracting and retaining soldiers with the talent needed to take on the enemy. As Lt. Gen. Edward C. Cardon, USA, commanding general of Army Cyber Command, often states: Technology, as significant as it is in the rapidly changing face of warfare, will not be the deciding factor in who will dominate in this domain. It’s the people.
On October 1, U.S. financial institutions implemented their latest cybersecurity strategy to stop in-store point-of-sale fraud: the insertion of EMV technology-based chips into credit cards. EMV stands for Europay, MasterCard and Visa and represents the three companies that established the technology protocol. However, many merchants and consumers are not aware that implementing this chip may have inadvertently opened the door to increased cyber crime in a key e-commerce area.
Leadership and accountability are required to move our nation forward in our collective efforts to improve the national capability to detect, prevent, mitigate, respond and recover from cyber events that may have national or even global consequence. This is such an important arrow in our quiver of national preparedness and resilience that it demands priority attention.
If you thought 2015 was a grueling cybersecurity year, hang on.
“It’s the nightmare waiting to be dreamt,” Bob Hansmann, director of security analysis and strategy for Raytheon-Websense Security Labs says of the next 12 months.
Let’s begin with the 2016 presidential race, which experts predict will launch a slew of new lures and malware intent on defrauding, deceiving and debunking contributors and the candidates and their campaign coffers.
“Candidates and others, even news agencies covering [the race], may be involved as victims targeted by organizations like the Syrian Electronic Army or hacktivists or anyone else with a counter political agenda,” Hansmann warns.
Following the distressing headlines that cataloged repeated cyber breaches of U.S. federal computer networks—some that compromised the personal data of millions of people—government officials have implemented a patchwork of safeguards to shore up vulnerabilities, including the identification of high value assets.
The military cyberspace environment of the future will build on the existing realm, but aspects such as adversarial activities and acquisition processes ultimately will be among its greatest influences. And both presently are outside the reach of planners and implementers.
A panel on building that environment dominated the afternoon session at TechNet Asia-Pacific 2015, being held in Honolulu, November 17-19. The conference theme of Fight to Communicate: Operating in a Communications-Degraded Environment, brought the cyber realm front and center in this broad-ranging discussion.
Automobiles, appliances, GPSs and medical record-keeping are just a few of the portals through which hackers may penetrate networks and wreak havoc among individuals and organizations. These situations likely will worsen as the Internet of Things (IoT) becomes more pervasive throughout society.
Speaking at TechNet Asia-Pacific 2015, being held in Honolulu, November 17-19, Jodi-Ann Ito, information security officer, University of Hawaii, described some of the emerging threats. With a theme of Fight to Communicate: Operating in a Communications-Degraded Environment, the conference began by examining many security issues in Ito’s morning keynote address.
Cybermarauders are maintaining the lead in the battle over cybersecurity, but network experts are narrowing the gap as they implement new measures designed to prevent hackers from carrying out unmitigated attacks. Many of these measures involve basic cyber hygiene practices, while others take advantage of new technology capabilities.
The cyber attack into a key unclassified email server of the U.S. Joint Chiefs in August helped indoctrinate and shape missions at the new centralized office erected to defend the Defense Department’s cyber networks, said Lt. Gen. Alan Lynn, USA, commander of Joint Force Headquarters–Department of Defense Information Networks (DODIN).
The nation-state-sponsored attack was a bit of a shock in its aggressiveness, said Gen. Lynn, who also serves as the director of the Defense Information Systems Agency (DISA). “For three weeks, we went after this cyber event and worked it to figure out how we now work as this new command.”
The annual focus of National Cybersecurity Awareness Month during October each year reminds us clearly that cybersecurity protection and resilience is a team sport. Only through partnership and collaboration can we improve our national and global capability to address the evolving risk in cyberspace.
Information security professionals are being taught all the varied skills of the field—including how to be a hacker or a spy intruding on a network—in the same manner as runners who supplement their training with swimming and cycling to build flexibility and endurance. The cross-training philosophy is that exposing security professionals to all aspects of network defense and offense gives them a clearer understanding of the diverse elements of cybersecurity. It also embraces the concept of “it takes one to know one” by teaching them the cyber intruders’ kill chain.
In 2011, then-U.S. Chief Information Officer Vivek Kundra set the stage for federal agencies to take full advantage of cloud computing benefits through the Cloud First initiative, which mandates that agencies evaluate cloud options before making any new information technology investments. Since then, several agencies, including the General Services Administration, Department of the Interior, Department of Agriculture and NASA, have embraced the cloud.
Will cyberwarriors no longer need the Internet?
The answer might be yes—in the future. For now, warfighters can stealthily wipe out an adversary and cause no physical destruction, thanks to electronic warfare (EW). EW has emerged as a warfighting domain where covert adversaries battle for the advantage. It is a powerful tool in the U.S. military’s arsenal that could prove a critical asset to win conflicts and become the weapon of choice for warfare in general. And technological improvements on the horizon could provide capabilities once reserved for science-fiction movies.
Only those who fully comprehend EW’s capabilities will control the battlespace of the future.
The overwhelming consensus among cyber professionals is that the labor pool significantly lacks qualified experts, let alone the ability to meet demand in the coming years. Hoping to entice new generations to enter the field, government agencies and nonprofit groups are placing added focus and dollars on training youths in computer science and cybersecurity.