Cyber

March 1, 2015
By George I. Seffers

U.S. Department of Homeland Security Science and Technology Directorate officials are helping other nations create cyber testbeds that can be linked, forming one large, international virtual laboratory for cyber systems. In addition, they already have in place bilateral agreements with a number of countries and are in discussions with France, Spain, Germany, Mexico and South Korea, which ultimately could expand international cooperation on cybersecurity research and development.

March 1, 2015
By Lt. Gen. Robert M. Shea, USMC (Ret.)

The topic of critical infrastructure protection has been around for decades. In May 1998, President Bill Clinton issued Presidential Decision Directive (PDD)-63 on the subject of critical infrastructure protection. This represented a decision formally recognizing that key elements of our national infrastructure were critical to national security, the economic vibrancy of the United States and the general well-being of our citizenry. The PDD further highlighted the necessary actions to preserve and ensure the continuity of these critical infrastructures. In the wake of the terrorist attacks of September 11, 2001, President George W.

March 1, 2015
By Sandra Jontz

The U.S. Department of Homeland Security’s Continuous Diagnostics and Mitigation program is beginning a new thrust in which it addresses a growing concern of cybersecurity: identity management. The program aims to drive the overhaul of cyber risk management across federal, state, local, tribal and territorial governments and to do so cost-effectively by leveraging the technology acquisition processes­—essentially buying in bulk.

February 25, 2015
By Sandra Jontz
Example of McAfee phishing quiz, determined to be among the most successful phishing email sample to compromise victims' computers through a malicious URL.

The European Union faces the same formidable increase in cyber attacks perpetrated by adversaries with improved scope and sophistication as the United States—but comes up against issues compounded by disparate national laws and cybersecurity expertise, experts say.

February 24, 2015
By Maryann Lawlor

The National Security Agency’s third annual Best Scientific Cybersecurity Paper competition is now open. Scientific papers must have been published during 2014.

The papers will be judged on scientific merit and the the strength and significance of the work reported. In addition, the paper must exemplify the performance and reporting of cybersecurity scientific research.

February 12, 2015
By Robert K. Ackerman

The three sea services are facing different challenges with cyber operations, but they are adopting some similar solutions as they wrestle with the newest warfighting domain. In some cases, the services are affected by events that are out of their physical areas of responsibility but omnipresent in cyberspace.

Three sea service leaders described their cyber issues during the Thursday luncheon panel at West 2015, being held in San Diego, February 10-12. All panelists emphasized the importance of their people in cyber, but they also offered different perspectives on how their services are addressing cyber.

February 12, 2015
By Sandra Jontz
NIST's Cybersecurity Framework of protective guidelines was released February 12, 2014.

The U.S. government-backed cybersecurity framework for the nation’s federal agencies and critical infrastructure sector—released one year ago today—has received a general thumbs up of approval from industry experts. The structured guideline, presented by the Department of Commerce’s National Institute of Standards and Technology (NIST), is proving a successful advent toward a better understanding of cyber risks and organizations’ vulnerabilities, and the development of security programs to protect networks.

February 12, 2015
By Robert K. Ackerman

The U.S. Navy is exploiting its own assets and other capabilities to defend and protect against cyberthreats. Some of these internal assets include automated triggers in networks as well as advanced intelligence sources.

Vice Adm. Jan Tighe, USN, commander, Fleet Cyber Command and commander, Tenth Fleet, described some of these measures to the Thursday morning audience at West 2015, being held in San Diego, February 10-12. These efforts are built around her vision, which is to conduct operations through cyberspace and the electromagnetic spectrum to guarantee Navy operations while denying the same to adversaries.

February 12, 2015
By Robert K. Ackerman

The U.S. Navy is facing new and better cyber adversaries as it expands its own cyber footprint. These threats face the fleet and the nation, and the Navy may be called upon to respond in both cases.

Vice Adm. Jan Tighe, USN, commander, Fleet Cyber Command and commander, Tenth Fleet, described her command’s challenges to a Thursday morning audience at West 2015, being held in San Diego, February 10-12. Adm. Tighe related that 2014 saw several criminal and destructive cyber attacks, and this trend is likely to grow in 2015.

February 12, 2015
By Robert K. Ackerman

The U.S. Navy is focusing on five long-term goals in its cyber operations that involve other service and national assets. Some concentrate directly on network operations, while others are at the heart of national security activities.

Vice Adm. Jan Tighe, USN, commander, Fleet Cyber Command and commander, 10th Fleet, outlined the five goals in her Thursday morning address at West 2015, being held in San Diego, February 10-12. Her first goal simply is to operate the network as a warfighting entity.

February 11, 2015
By Sandra Jontz

The White House this week announced that it is creating a federal agency to keep tabs on and counter cybersecurity threats against the United States. The Cyber Threat Intelligence Integration Center will be the clearinghouse for collaborative offensive and defensive work performed by the FBI, the National Security Agency and the Department of Homeland Security.

February 1, 2015
By Robert K. Ackerman
A sonar technician onboard the guided missile destroyer USS Mustin stands watch in the ship’s sonar center. With cyberspace being a warfighting domain, the U.S. Navy’s information networks are a major target that must be protected and defended proactively.

Sea states are giving way to cyberthreats as the biggest variable affecting U.S. Navy operations. While the Navy is working with the other services and the U.S. Cyber Command to protect and defend its networks, it also is shaping its own cyberforce to deal with digital challenges outside of its normal purview.

February 1, 2015
By Capt. Robert M. Lee, USAF

The U.S. Air Force cyber community is failing, but not all is lost. While some aspects are in dire need of repair or replacement, effective solutions potentially are within reach—if leadership is up to the task.

February 1, 2015
By James C. Bussert

While infocentric nations and military forces focus on the threat to their systems from malware-wielding cyber attackers, a significant danger to cyberspace may come from outer space in the form of kinetic weapons that attack vital satellites. A great number of the tactical and strategic military systems that all major, and many minor, powers use 24 hours a day rely on satellites for vital input data. Also, nearly all satellites have dual civilian and military modes, and all nations and businesses would be impacted by any loss of the vital satellites.

January 30, 2015
By Sandra Jontz
John Hickey, program manager for Defense Department Mobility at DISA, talks about security assessment and risk acceptance for DOD migration to commercial cloud.

The Defense Department’s slow migration of much of its unclassified and nonsensitive data, along with the unclassified side of its email, to a hybrid cloud solution is taking longer than hoped but is going to happen, promised Defense Department Acting Chief Information Officer Terry Halvorsen.

“The sound of money is what’s driving this,” Halvorsen told industry members attending the Defense Department’s Cloud Industry Day held Thursday in Washington, D.C. “How do we use the cloud and modern technologies to reduce the cost and drive it into the other part, the warfighting part, of our business?”

January 29, 2015
By Maryann Lawlor

A survey of 200 federal government, military and intelligence information technology and information technology security professionals shows that staff members pose a larger threat to computer systems than external threats. Respondents also noted that while most agencies increased their investment in addressing malicious external threats during the past two years, less than half added funding to address malicious or accidental insider threats. In some cases, investments in battling insider threats have decreased.

April 1, 2013
By Rita Boland
The U.S. Marine Corps is developing a private cloud computing environment to provide better information services to the tactical edge. Here, communicators set up a Support Wide Area Network System during a training exercise.

As they put the necessary pieces in place, Marines are mindful of tight resources and are seeking help from industry.

For the past year, U.S. Marine Corps technical personnel have been implementing a strategy to develop a private cloud. The initiative supports the vision of the commandant while seeking to offer better services to troops in disadvantaged areas of the battlefield.

January 12, 2015
By Sandra Jontz
Screen shot of CENTCOM's Twitter page, which had been hacked January 12, 2015.

Update: As of January 14, the Twitter and YouTube accounts for CENTCOM are back online.

The Twitter and YouTube accounts for the U.S. Central Command, the Defense Department branch responsible for operations in the Middle East and Afghanistan, were hacked Monday by sympathizers of the Islamic State militant group, prompting U.S. officials to suspend the accounts and launch yet another round of investigations into a cybersecurity breach.

CENTCOM’s Twitter feed included an ominous post that read: “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS.”

January 13, 2015
By Maryann Lawlor

While cybersecurity is getting big play in the news these days—as it well should—three topics require just as much attention but have not yet hit the big time. Acquisition, spectrum and interoperability may not have the headline-grabbing charm of the hack into the U.S. Central Command’s Twitter account, but they are issues that need the same serious attention.

For years, industry and government personnel have agreed that the system for purchasing information technology systems needs change—serious change. The complicated acquisition process not only puts out-of-date technology in warfighters’ hands, it puts lives in danger.

January 12, 2015

Editor, SIGNAL:

I read Adm. Stravidis’ thoughtful piece on “Cyber Attacks” with great interest, for I directed the Tallinn Manual project to which he referred. Unfortunately, the admiral misstates the position taken by the “International Group of Experts” that prepared the manual during a three-year project sponsored by the NATO Cooperative Cyber Defence Center of Excellence.

Pages