October 1, 2015
By Lt. Gen. Robert M. Shea, USMC (Ret.)

A large portion of this issue of SIGNAL Magazine is devoted to its new quarterly special section—The Cyber Edge. The goal of The Cyber Edge is to do a better job of educating people across a broad spectrum in terms of the cyber threat, its implications, its technology issues and the policies that must be undertaken to solve the challenge.

Currently, from a cyber perspective, there is a dearth of information on what really is going on. Tales and stories abound, but no one goes into enough detail on what is behind those stories. Very few professional publications have properly framed the issues that must be dealt with from a cyber perspective.

October 1, 2015
By Andrew F. Coffey, Ph.D.

The Internet of Things, or IoT, encompasses an ecosystem of devices and algorithms that gather and share information via the Internet. It is the next wave of technology transforming everything from meteorology to agriculture to health care. Despite the buzz surrounding the IoT, conversation about likely effects on domestic intelligence in the United States has yet to take off.

October 1, 2015
By Nina Berry and William Prugh
This multidimensional reference model demonstrates the many entities required to provide a successful implementation of the conceptual framework to support social media extraction.

The typical all-source intelligence analyst must generate products that result from the fusion and correlation of structured and unstructured text reporting with sensor and imagery data sources. This process is complicated by the explosion of information on the Internet and the international community’s increasing use of social media to share ideas and coordinate activities, which has resulted in a larger data pool.

October 1, 2015
By Maj. John Chezem, USAFR
Students at the U.S. Air Force Network War Bridge Course learn modern cyber operations under the aegis of the Air Force Space Command. The Air Force risks losing the effectiveness, and the personnel, of its cyber force unless it addresses critical cultural issues in that domain.

As the U.S. Air Force develops its computer security forces, it finds itself caught in a web of ineffective policies and generational conflict. The arrival of people who have grown up in the information age exacerbates the 21st-century generation gap. Fortunately, a clear understanding of the root causes of problems illuminates sound models that can be evaluated and adopted to support the success of Air Force cyber.

The service has seen a mass exodus of talented cyber professionals over the past few years. Many leave because they are frustrated with Air Force cyber’s constraints and flawed policies. Although not typically the driving factor, pay for industry jobs is often better, further encouraging departure.

September 30, 2015
By George I. Seffers

The U.S. Defense Department’s Office of Small Business Programs (OSBP) has explored some options, such as online training videos, to integrate cybersecurity into its existing efforts, but as of July had not yet identified and disseminated cybersecurity resources in its outreach and education efforts to defense small businesses, according to a recent report by the U.S. Government Accountability Office (GAO).

September 16, 2015
By Sandra Jontz

As the Defense Department continues to forge closer relations with Silicon Valley, its leaders say they need more tools to improve automation of cyber basics, the department’s chief information officer (CIO) said. “At a certain point, I want to have some cyber defenses completely automated, where certain conditions occur and the system takes its own response,” said CIO Terry Halvorsen. “I think that is the only way we will keep up.” Automation would free up military and civilian cyber staff to concentrate on higher-level work.

September 9, 2015
By Robert K. Ackerman

Turning the tables on cyber marauders may be alluring as the ultimate cyber defense, but it is not without risk, according to panelists at the AFCEA/INSA Intelligence and National Security Summit being held in Washington, D.C., September 9-10. Commercial cybersecurity measures could reach beyond defense to offensive measures against cyber intruders to a limited degree, but companies must ensure they break no laws—nor rile their cyber adversaries too much.

September 2, 2015
By Sandra Jontz

Ransomware soared as the preferred malware of cybercriminals, with the number of new samples rising 58 percent over the second quarter of this year, and a whopping 127 percent over this time last year, according to a new analysis by Intel Security.

The firm released a retrospective report five years after acquiring McAfee. Its researchers compared what they thought would happen beginning in 2010 to what actually happened with hardware and software security threats, noting the boom in the number of devices connected to the Internet and a general lack of cyberhygiene contributed to the increase of malware intrusions and ransomware attacks.

August 28, 2015
By Robert B. Dix Jr.

It is important for Congress to pass meaningful legislation to improve cybersecurity information sharing and provide sufficient liability protection for entities that share sensitive information with the government, along with ensuring appropriate privacy protections. Yet, much more needs to be done quickly to address cybersecurity preparedness and resilience in the United States and around the world.

August 1, 2015
By Sandra Jontz

An unending quest for convenience and expedience has brought about a technology that connects billions of devices to people and to things and produces vast amounts of information. Wireless links now are permeating virtually every electronic device in society, but they bring with them the vulnerabilities and threats that characterize cyberspace today.

Joshua Corman calls it the bacon principle: the notion that no matter the food, bacon makes everything better. Manufacturers of medical devices, automobiles and home electronics seem to adhere to the same theory when it comes to the use of wireless capabilities.

August 4, 2015
By Sandra Jontz

As if cyber breaches of key federal networks haven’t been problematic enough for experts, hackers increasingly target smaller branch offices that present a weak link in cybersecurity. Wireless connectivity at remote locations leave networks vulnerable because they are not hardened with the latest firewall protections and traditionally do not have a lot of tech support, one expert says.

“Small branch offices are becoming a greater point of attack,” says Paul Christman, executive director of federal sales for Dell Software. “We don’t need to storm the castle anymore to gain access to valuable information or access into the networks.”

August 1, 2015
By George I. Seffers
Making his last appearance at an AFCEA event as the director of the Defense Information Systems Agency, Lt. Gen. Ronnie D. Hawkins Jr., USAF, emphasizes that cyber is a weapon system.

While serving as the first luncheon keynote speaker at AFCEA’s Defensive Cyber Operations Symposium, Lt. Gen. Ronnie D. Hawkins Jr., USAF, outgoing director of the Defense Information Systems Agency (DISA), compared cyber and traditional weapons. “We have really, really been modernizing our weapon systems. When you juxtapose that, however, with what we’ve been doing in cyber, we are just now catching on to recognizing that cyber truly is a weapon system,” he said at the June 16-18 event held in Baltimore. “Truly, we are modernizing our weapon system when it comes to cyber right now.”

August 1, 2015
By Maj. William Smith, USMC

A conflict erupting on the Korean Peninsula could lead to any of a number of developments and outcomes, and its effects—including cyber operations—might not be limited to the Koreas and the U.N. forces involved there. By modeling a hypothetical conflict with North Korea, planners can examine different scenarios and validate assumptions to imagine a potential cyber situation on the peninsula that could have far-reaching implications that otherwise could go unrecognized.

August 1, 2015
By Karyn Richardson

The password is vanishing. The cumbersome, multicharacter, hard-to-remember bane of Internet usage finally is dying. As biometric and behavioral monitoring technologies evolve, solutions that embrace revolutionary new identity verification systems based on users’ behaviors at the keyboards promise to replace the expiring relic. And not a moment too soon.

An emerging identity verification system known as the “cognitive fingerprint” leverages existing technologies that can recognize patterns of computer users and creates a “behavioral fingerprint” to enable more secure authentication methods. The evolution in identity management undoubtedly will prove disruptive to the current authentication and user verification processes.

July 27, 2015
By Robert Clark

Be careful now, remain calm. The title can excite everyone, and having a conversation on cyber active defense over a few beers can turn fascinating in a heartbleed—I mean heartbeat.

This is a topic that covers computer network defense (cybersecurity/cyberdefense) by looking at the legal aspects of, yes, going farther than “passive defense” and into active defense. Various legal issues arise in each area, and I can offer two active defense case-histories to share and their legal ramifications. One includes the computer fraud and abuse act, CFAA, against the “active-defense” perpetrator.

July 22, 2015
By George I. Seffers

Alejandro Mayorkas, deputy secretary of homeland security, and Sarah R. Saldaña, director, U.S. Immigration and Customs Enforcement (ICE), on Thursday presided over the unveiling of an expanded ICE Cyber Crimes Center in Fairfax, Virginia.

The center, known as C3, will provide ICE’s Homeland Security Investigations (HSI) with enhanced operational and training capabilities to meet the growing cyber mission of the agency and increasing workload of criminal cases with a cyber nexus.

July 21, 2015
By Sandra Jontz

U.S. lawmakers launched a bipartisan bid to boost the Department of Homeland Security's powers to better oversee cybersecurity compliance by federal agencies and intervene when they might fail to safeguard their networks.  

The Senate bill would strengthen the department's ability to enforce cybersecurity standards governmentwide, and “in the event that a federal agency chooses not to do so, [the] DHS would have the authority to stand in … and prevent worse damages from occurring,” Sen. Susan Collins (R-ME) said in announcing her plans to submit the bill to the full Senate on Tuesday. 

July 2, 2015
By Robert Clark

I did it. We always hear it. And we all say it. People, humans, my employees, layer 8, the carbon layer—are the weakest link in cybersecurity.

Then I ran into a colleague speaking on cybersecurity/information assurance education at the FS-ISAC & BITS Annual Summit in Miami. And as we talked, and as she highlighted in her presentation, computer users are not the weakest link, as that conclusion is supported by an erroneous assumption.

July 14, 2015
Maryann Lawlor

Everyone who believes that what was dubbed “The Great Technical Glitch of July 8” was incontrovertibly a mere coincidence and not a coordinated cyber attack, raise your hands. Before you shake your head and stop reading, consider this: The institutions those IT mishaps shut down represent the economy (New York Stock Exchange), transportation (United Airlines) and communications or freedom of speech (The Wall Street Journal). Not to go all X Files on you or propose conspiracies around every corner, but dismissing the possibility that it was more than mere chance isn’t so far-fetched.

July 13, 2015
By Dr. Wesley Kaplow

We all have seen the news of the massive theft of information from the Office of Personnel Management (OPM). In a nutshell, with extremely high probability, just about anyone who does work for the government—or from one estimate, more than 21 million people, which includes yours truly—had very personal information stolen.