Cyber

August 1, 2015
By Karyn Richardson

The password is vanishing. The cumbersome, multicharacter, hard-to-remember bane of Internet usage finally is dying. As biometric and behavioral monitoring technologies evolve, solutions that embrace revolutionary new identity verification systems based on users’ behaviors at the keyboards promise to replace the expiring relic. And not a moment too soon.

An emerging identity verification system known as the “cognitive fingerprint” leverages existing technologies that can recognize patterns of computer users and creates a “behavioral fingerprint” to enable more secure authentication methods. The evolution in identity management undoubtedly will prove disruptive to the current authentication and user verification processes.

July 27, 2015
By Robert Clark

Be careful now, remain calm. The title can excite everyone, and having a conversation on cyber active defense over a few beers can turn fascinating in a heartbleed—I mean heartbeat.

This is a topic that covers computer network defense (cybersecurity/cyberdefense) by looking at the legal aspects of, yes, going farther than “passive defense” and into active defense. Various legal issues arise in each area, and I can offer two active defense case-histories to share and their legal ramifications. One includes the computer fraud and abuse act, CFAA, against the “active-defense” perpetrator.

July 22, 2015
By George I. Seffers

Alejandro Mayorkas, deputy secretary of homeland security, and Sarah R. Saldaña, director, U.S. Immigration and Customs Enforcement (ICE), on Thursday presided over the unveiling of an expanded ICE Cyber Crimes Center in Fairfax, Virginia.

The center, known as C3, will provide ICE’s Homeland Security Investigations (HSI) with enhanced operational and training capabilities to meet the growing cyber mission of the agency and increasing workload of criminal cases with a cyber nexus.

July 21, 2015
By Sandra Jontz

U.S. lawmakers launched a bipartisan bid to boost the Department of Homeland Security's powers to better oversee cybersecurity compliance by federal agencies and intervene when they might fail to safeguard their networks.  

The Senate bill would strengthen the department's ability to enforce cybersecurity standards governmentwide, and “in the event that a federal agency chooses not to do so, [the] DHS would have the authority to stand in … and prevent worse damages from occurring,” Sen. Susan Collins (R-ME) said in announcing her plans to submit the bill to the full Senate on Tuesday. 

July 2, 2015
By Robert Clark

I did it. We always hear it. And we all say it. People, humans, my employees, layer 8, the carbon layer—are the weakest link in cybersecurity.

Then I ran into a colleague speaking on cybersecurity/information assurance education at the FS-ISAC & BITS Annual Summit in Miami. And as we talked, and as she highlighted in her presentation, computer users are not the weakest link, as that conclusion is supported by an erroneous assumption.

July 14, 2015
Maryann Lawlor

Everyone who believes that what was dubbed “The Great Technical Glitch of July 8” was incontrovertibly a mere coincidence and not a coordinated cyber attack, raise your hands. Before you shake your head and stop reading, consider this: The institutions those IT mishaps shut down represent the economy (New York Stock Exchange), transportation (United Airlines) and communications or freedom of speech (The Wall Street Journal). Not to go all X Files on you or propose conspiracies around every corner, but dismissing the possibility that it was more than mere chance isn’t so far-fetched.

July 13, 2015
By Dr. Wesley Kaplow

We all have seen the news of the massive theft of information from the Office of Personnel Management (OPM). In a nutshell, with extremely high probability, just about anyone who does work for the government—or from one estimate, more than 21 million people, which includes yours truly—had very personal information stolen.

July 9, 2015
By Sandra Jontz

Hackers behind cybersecurity attacks on the U.S. federal government through the Office of Personnel Management (OPM) pilfered personal information from a much more significant number of current and former employees than previously reported.

Thursday, investigators reported two breaches occurred, with data stolen from 21.5 million workers, far more than the 4 million officials originally disclosed in June.

Hackers managed to breach the computer systems of the OPM, stealing data including Social Security numbers, birth dates, home addresses, job assignments, performance reviews, insurance details and training certificates.

July 1, 2015
By Robert K. Ackerman
Part of the power grid is supported by electrical lines that carry power to customers through rugged terrain. Cybersecurity experts believe supervisory control and data acquisition (SCADA) systems may be the Achilles’ heels that allow malefactors to bring down such critical infrastructure via cyberspace.

A more diverse group of players is generating a growing threat toward all elements of the critical infrastructure through cyberspace. New capabilities have stocked the arsenals of cybermarauders, who now are displaying a greater variety of motives and desired effects as they target governments, power plants, financial services and other vulnerable sites.

But concerns come from not just evolving and future threats. Malware already in place throughout critical infrastructure elements around the world might be the vanguard of massive and physically destructive cyber attacks launched on the say-so of a single leader of a nation-state. Physical damage already has been wrought upon advanced Western industrial targets.

July 1, 2015
By Capt. Ryan Robinson, USA
Signaleers at Fort Gordon, Georgia, train to use satellite communications systems. With the entire force embracing cyberspace as a warfighting domain, these signaleers ultimately must impart their understanding of cyberspace and its technological capabilities to other soldiers in operational units.

Cyberspace is being accepted throughout the U.S. Army as a warfighting domain. However, many soldiers outside of the U.S. Army Signal Corps do not grasp the concept of cyberspace as an operational realm. Empowering them with that understanding is essential to operational success.

One of the primary tasks of Signal Corps members is to provide other leaders and soldiers with a clear understanding of the job of the corps and of cyberspace itself. As a military organization, the clearest means for the Signal Corps to communicate these concepts is through operational language. Many parallels exist between a battlefield’s physical landscape and what is done during offensive, defensive and support operations in cyberspace.

July 1, 2015
By Lt. Gen. Robert M. Shea, USMC (Ret.)

The recent hack, reportedly by Chinese sources, of the personnel files belonging to current and past U.S. government employees puts a face on the cyberthreat affecting everyone today—about 4 million faces, if Office of Personnel Management assessments are correct. Yet this hack is just one example of the looming cyberthreat, and while it offers valuable lessons to be learned, it should not serve as the exclusive template for securing networks and data.

July 1, 2015
By Master Sgt. Fordham “Jester” Terrill, USAF

The word disruptive typically does not conjure up cordial thoughts. In a forum such as this, thoughts might zero in on commercial endeavors—Facebook, Google, iThings—that can bring chaos into our everyday lives. That is quite the opposite of when industry and cyber professionals think about confronting adversaries. We want to cage opponents’ capabilities, actions and intentions and bring order to the chaos adversaries create.

July 1, 2015
By Robert K. Ackerman

The “2015 Verizon Data Breach Investigations Report,” released this spring, states that the top three industries affected by cybermarauders are public, information and financial services. This is unchanged from the annual report’s results last year. The report adds that the estimated financial loss from 700 million compromised records totals $400 million.

July 1, 2015
By George I. Seffers

A U.S. cybersecurity threat analysis center that allows financial institutions around the world to share cyber attack data and solutions is adopting an automated system that permits information to be disseminated more quickly and efficiently, enhancing protection for the financial segment of the critical infrastructure.  

July 1, 2015
By Sandra Jontz

Cyber attacks by foreign governments and criminals now threaten U.S. national and economic security more than terrorism, experts say, and the perils increasingly erode the country’s safety as well as its coffers. While eradicating cyberthreats is not a realistic option, developing cyber radar systems that predict and warn, with keen precision, of incoming attacks just might be.

June 30, 2015
By George I. Seffers

The FBI’s Internet Crime Complaint Center (IC3) on June 23 identified CryptoWall as the most current and significant ransomware threat targeting U.S. individuals and businesses. In the 14 months since the malicious software first appeared, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling more than $18 million, according to the FBI warning.

The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services and/or the purchase of credit monitoring services for employees or customers.

June 19, 2015
By Sandra Jontz
Speaking at Federal Forum 2015, Federal CIO Tony Scott says cybersecurity is the nation's 'most important mission.'

In what has become one of the White House’s highest priorities, the federal government is forming digital services teams to address the mounting number of cybersecurity breaches threatening the nation’s security and coffers, according to government’s top chief information officer (CIO).

The nascent teams, eventually residing within each of the federal agencies, will seek solutions to combat cyber vulnerabilities and rely heavily on the private sector for answers, Federal CIO Tony Scott told an audience at the Brocade-sponsored Federal Forum in Washington, D.C. “This is our most important mission today.”

June 19, 2015
By Robert Clark

“Many authors and pundits boldly masquerade legal innovations as accepted understandings of IHL [international humanitarian law]. Even more troubling is the fact that many scholars lacking the appropriate education or experiential background have responded to the fact that IHL is a topic au courant by claiming IHL expert status. Their work product misstates basic principles and rules with distressing frequency, and they are too often set forth in an ad hominem manner. All of these contributions, from the superb to the sub-standard, exert informal but real pressure on the shape of IHL.”

June 18, 2015
By George I. Seffers

Defensive Cyber Operations Symposium 2015

The SIGNAL Magazine Online Show Daily

Day 3

Quote of the Day: “I absolutely love these conferences. It’s like vendor speed dating.”
—David Stickley, services executive, Defense Information Systems Agency.

On the final day of the AFCEA Defensive Cyber Operations Symposium in Baltimore, Defense Information Systems Agency (DISA) officials wooed industry, stressing the need for cooperation and partnership to tackle the toughest problems faced by today’s warfighters.

June 17, 2015
By George I. Seffers
Lt. Gen. James McLaughlin, USAF, deputy commander, U.S. Cyber Command, kicked off the second day of the AFCEA Defensive Cyber Operations Symposium in Baltimore, during which military officials highlighted the importance of command and control in defending cyberspace.

Defensive Cyber Operations Symposium 2015

The SIGNAL Magazine Online Show Daily

Day 2

Quote of the Day: “JIE is a good thing, because it allows us to bring a more centralized capability to bear and that is a lot of security capability.”
--John Hickey, DISA cybersecurity risk management authorizing official executive.

Pages