Cyber

July 9, 2015
By Sandra Jontz

Hackers behind cybersecurity attacks on the U.S. federal government through the Office of Personnel Management (OPM) pilfered personal information from a much more significant number of current and former employees than previously reported.

Thursday, investigators reported two breaches occurred, with data stolen from 21.5 million workers, far more than the 4 million officials originally disclosed in June.

Hackers managed to breach the computer systems of the OPM, stealing data including Social Security numbers, birth dates, home addresses, job assignments, performance reviews, insurance details and training certificates.

July 1, 2015
By Robert K. Ackerman
Part of the power grid is supported by electrical lines that carry power to customers through rugged terrain. Cybersecurity experts believe supervisory control and data acquisition (SCADA) systems may be the Achilles’ heels that allow malefactors to bring down such critical infrastructure via cyberspace.

A more diverse group of players is generating a growing threat toward all elements of the critical infrastructure through cyberspace. New capabilities have stocked the arsenals of cybermarauders, who now are displaying a greater variety of motives and desired effects as they target governments, power plants, financial services and other vulnerable sites.

But concerns come from not just evolving and future threats. Malware already in place throughout critical infrastructure elements around the world might be the vanguard of massive and physically destructive cyber attacks launched on the say-so of a single leader of a nation-state. Physical damage already has been wrought upon advanced Western industrial targets.

July 1, 2015
By Capt. Ryan Robinson, USA
Signaleers at Fort Gordon, Georgia, train to use satellite communications systems. With the entire force embracing cyberspace as a warfighting domain, these signaleers ultimately must impart their understanding of cyberspace and its technological capabilities to other soldiers in operational units.

Cyberspace is being accepted throughout the U.S. Army as a warfighting domain. However, many soldiers outside of the U.S. Army Signal Corps do not grasp the concept of cyberspace as an operational realm. Empowering them with that understanding is essential to operational success.

One of the primary tasks of Signal Corps members is to provide other leaders and soldiers with a clear understanding of the job of the corps and of cyberspace itself. As a military organization, the clearest means for the Signal Corps to communicate these concepts is through operational language. Many parallels exist between a battlefield’s physical landscape and what is done during offensive, defensive and support operations in cyberspace.

July 1, 2015
By Lt. Gen. Robert M. Shea, USMC (Ret.)

The recent hack, reportedly by Chinese sources, of the personnel files belonging to current and past U.S. government employees puts a face on the cyberthreat affecting everyone today—about 4 million faces, if Office of Personnel Management assessments are correct. Yet this hack is just one example of the looming cyberthreat, and while it offers valuable lessons to be learned, it should not serve as the exclusive template for securing networks and data.

July 1, 2015
By Master Sgt. Fordham “Jester” Terrill, USAF

The word disruptive typically does not conjure up cordial thoughts. In a forum such as this, thoughts might zero in on commercial endeavors—Facebook, Google, iThings—that can bring chaos into our everyday lives. That is quite the opposite of when industry and cyber professionals think about confronting adversaries. We want to cage opponents’ capabilities, actions and intentions and bring order to the chaos adversaries create.

July 1, 2015
By Robert K. Ackerman

The “2015 Verizon Data Breach Investigations Report,” released this spring, states that the top three industries affected by cybermarauders are public, information and financial services. This is unchanged from the annual report’s results last year. The report adds that the estimated financial loss from 700 million compromised records totals $400 million.

July 1, 2015
By George I. Seffers

A U.S. cybersecurity threat analysis center that allows financial institutions around the world to share cyber attack data and solutions is adopting an automated system that permits information to be disseminated more quickly and efficiently, enhancing protection for the financial segment of the critical infrastructure.  

July 1, 2015
By Sandra Jontz

Cyber attacks by foreign governments and criminals now threaten U.S. national and economic security more than terrorism, experts say, and the perils increasingly erode the country’s safety as well as its coffers. While eradicating cyberthreats is not a realistic option, developing cyber radar systems that predict and warn, with keen precision, of incoming attacks just might be.

June 30, 2015
By George I. Seffers

The FBI’s Internet Crime Complaint Center (IC3) on June 23 identified CryptoWall as the most current and significant ransomware threat targeting U.S. individuals and businesses. In the 14 months since the malicious software first appeared, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling more than $18 million, according to the FBI warning.

The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services and/or the purchase of credit monitoring services for employees or customers.

June 19, 2015
By Sandra Jontz
Speaking at Federal Forum 2015, Federal CIO Tony Scott says cybersecurity is the nation's 'most important mission.'

In what has become one of the White House’s highest priorities, the federal government is forming digital services teams to address the mounting number of cybersecurity breaches threatening the nation’s security and coffers, according to government’s top chief information officer (CIO).

The nascent teams, eventually residing within each of the federal agencies, will seek solutions to combat cyber vulnerabilities and rely heavily on the private sector for answers, Federal CIO Tony Scott told an audience at the Brocade-sponsored Federal Forum in Washington, D.C. “This is our most important mission today.”

June 19, 2015
By Robert Clark

“Many authors and pundits boldly masquerade legal innovations as accepted understandings of IHL [international humanitarian law]. Even more troubling is the fact that many scholars lacking the appropriate education or experiential background have responded to the fact that IHL is a topic au courant by claiming IHL expert status. Their work product misstates basic principles and rules with distressing frequency, and they are too often set forth in an ad hominem manner. All of these contributions, from the superb to the sub-standard, exert informal but real pressure on the shape of IHL.”

June 18, 2015
By George I. Seffers

Defensive Cyber Operations Symposium 2015

The SIGNAL Magazine Online Show Daily

Day 3

Quote of the Day: “I absolutely love these conferences. It’s like vendor speed dating.”
—David Stickley, services executive, Defense Information Systems Agency.

On the final day of the AFCEA Defensive Cyber Operations Symposium in Baltimore, Defense Information Systems Agency (DISA) officials wooed industry, stressing the need for cooperation and partnership to tackle the toughest problems faced by today’s warfighters.

June 17, 2015
By George I. Seffers
Lt. Gen. James McLaughlin, USAF, deputy commander, U.S. Cyber Command, kicked off the second day of the AFCEA Defensive Cyber Operations Symposium in Baltimore, during which military officials highlighted the importance of command and control in defending cyberspace.

Defensive Cyber Operations Symposium 2015

The SIGNAL Magazine Online Show Daily

Day 2

Quote of the Day: “JIE is a good thing, because it allows us to bring a more centralized capability to bear and that is a lot of security capability.”
--John Hickey, DISA cybersecurity risk management authorizing official executive.

June 16, 2015
By George I. Seffers
Lt. Gen. Ronnie Hawkins Jr., USAF, director, Defense Information Systems Agency (DISA), releases an updated strategic plan for the agency.

Defensive Cyber Operations Symposium 2015

The SIGNAL Magazine Online Show Daily

Day 1

Quote of the Day: “Write that down, everybody. Security is the business case.”
--Dave Mihelcic, chief technology officer, DISA.

June 5, 2015
By Sandra Jontz

The significant federal government cyberbreach that let hackers swipe the personal data of more than 4 million current and former federal employees has all the trappings of a targeted nation-state attack aimed at gleaning critical information on federal workers; and current cyber protection methods might not be enough to prevent future attacks, one expert says.

Hackers breached computer systems of the Office of Personnel Management (OPM) in December, stealing data including Social Security numbers, job assignments, performance reviews, insurance details and training certificates. Officials detected the breach in April.

June 9, 2015
By Brian Roach
The U.S. Navy Enterprise Data Center in San Diego at SPAWAR Systems Center Pacific provides a centrally managed and secure application hosting environment for Navy customers.

The increased dependence on interconnected networks propelled the Defense Department to seek viable solutions to not just counter the upsurge of cyberthreats, but to do so at much quicker speeds.

“The cyberthreat is also growing and evolving, driving us to move faster to increase our cyber resilience,” says Lt. Gen. Mark Bowman, USA, director of command, control, communications and computers/cyber for the Joint Chiefs of Staff.

June 3, 2015
By Glenn Kesselman

Have you received an email from a friend, family member or colleague that just doesn’t look right? That happens all too often. Most of us are getting smarter about clicking on dubious email links. The questionable email may be followed by an apologetic email, warning us to ignore the bogus email.

Many of us understand why the sender’s address book was hacked: the use of a weak or repeated password. The technology exists to prevent this, but slack user behavior enables cyber predators. If someone does not have the inclination toward cyber discipline, then this function should be outsourced to a personal or business “cyber concierge.”

May 29, 2015
By Robert B. Dix Jr.

With the increasingly complex, dangerous and sophisticated cyber risk environment confronting the public and private sector today, responding to a significant cyber event with an ad hoc approach could result in a confusing and disjointed effort generating a potentially damaging outcome. It is imperative to have clarity and predictability around the various roles and responsibilities necessary to address any cyber event that may reach a level of national consequence or even trigger a national defense response.

May 18, 2015
By Tim McMillan

Having had the pleasure of watching the television show ”The Weakest Link,” I was always taken aback when the host would so crudely point out to contestants they were the weakest link. The curtness of the delivery caused an involuntary reaction because no one talks like that—do they? Should they?

May 14, 2015
By Sandra Jontz

The U.S. government is just as vulnerable to cyberthreats—if not more so—compared to two years ago, according to a new survey of federal information security professionals. Nearly half of approximately 1,800 respondents indicated that security has not improved in the federal space; while another 17 percent stated their organization’s security posture is actually worse off, primarily due to an inability to keep pace with threats, a poor understanding of risk management, inadequate funding and not enough qualified professionals.

Pages