June 16, 2015
By George I. Seffers
Lt. Gen. Ronnie Hawkins Jr., USAF, director, Defense Information Systems Agency (DISA), releases an updated strategic plan for the agency.

Defensive Cyber Operations Symposium 2015

The SIGNAL Magazine Online Show Daily

Day 1

Quote of the Day: “Write that down, everybody. Security is the business case.”
--Dave Mihelcic, chief technology officer, DISA.

June 5, 2015
By Sandra Jontz

The significant federal government cyberbreach that let hackers swipe the personal data of more than 4 million current and former federal employees has all the trappings of a targeted nation-state attack aimed at gleaning critical information on federal workers; and current cyber protection methods might not be enough to prevent future attacks, one expert says.

Hackers breached computer systems of the Office of Personnel Management (OPM) in December, stealing data including Social Security numbers, job assignments, performance reviews, insurance details and training certificates. Officials detected the breach in April.

June 9, 2015
By Brian Roach
The U.S. Navy Enterprise Data Center in San Diego at SPAWAR Systems Center Pacific provides a centrally managed and secure application hosting environment for Navy customers.

The increased dependence on interconnected networks propelled the Defense Department to seek viable solutions to not just counter the upsurge of cyberthreats, but to do so at much quicker speeds.

“The cyberthreat is also growing and evolving, driving us to move faster to increase our cyber resilience,” says Lt. Gen. Mark Bowman, USA, director of command, control, communications and computers/cyber for the Joint Chiefs of Staff.

June 3, 2015
By Glenn Kesselman

Have you received an email from a friend, family member or colleague that just doesn’t look right? That happens all too often. Most of us are getting smarter about clicking on dubious email links. The questionable email may be followed by an apologetic email, warning us to ignore the bogus email.

Many of us understand why the sender’s address book was hacked: the use of a weak or repeated password. The technology exists to prevent this, but slack user behavior enables cyber predators. If someone does not have the inclination toward cyber discipline, then this function should be outsourced to a personal or business “cyber concierge.”

May 29, 2015
By Robert B. Dix Jr.

With the increasingly complex, dangerous and sophisticated cyber risk environment confronting the public and private sector today, responding to a significant cyber event with an ad hoc approach could result in a confusing and disjointed effort generating a potentially damaging outcome. It is imperative to have clarity and predictability around the various roles and responsibilities necessary to address any cyber event that may reach a level of national consequence or even trigger a national defense response.

May 18, 2015
By Tim McMillan

Having had the pleasure of watching the television show ”The Weakest Link,” I was always taken aback when the host would so crudely point out to contestants they were the weakest link. The curtness of the delivery caused an involuntary reaction because no one talks like that—do they? Should they?

May 14, 2015
By Sandra Jontz

The U.S. government is just as vulnerable to cyberthreats—if not more so—compared to two years ago, according to a new survey of federal information security professionals. Nearly half of approximately 1,800 respondents indicated that security has not improved in the federal space; while another 17 percent stated their organization’s security posture is actually worse off, primarily due to an inability to keep pace with threats, a poor understanding of risk management, inadequate funding and not enough qualified professionals.

May 7, 2015
By Sandra Jontz
Intel Security's World Password Day website

If the confession of evil works is the beginning of good works, as Saint Augustine is quoted as saying, today might prove quite cathartic. It’s world password day!

And Intel Security wants people to share their bad, funny or embarrassing password stories on social media, to “get a #PasswordConfession off your chest.” For real.

May 2, 2015
By Sandra Jontz

Key challenges continue to plague U.S. federal agencies and contractors in the area of cybersecurity, particularly for civilian agencies that trail the robust cyberdefense efforts of the Defense Department and intelligence community, according to a congressional investigative office tasked with summarizing the volatile situation for lawmakers.

May 12, 2015
By George I. Seffers

A new study from Juniper Research, Hampshire, United Kingdom, suggests that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, almost four times the estimated cost of breaches in 2015.

May 11, 2015
By Dr. Wesley Kaplow

We are passing rapidly from the information technology dark ages of less than seven decades ago to what I call the "Uncharted Territory Age." Combined, the two critical ages through which we currently are moving may yield the largest explosion of cyber risks yet. The first age is the well-known, and hyped, Internet of Things (IoT), or now Internet of Everything. The second is the big data age. Both may have a synergistic effect on the growing cyberthreat.

May 7, 2015
By George I. Seffers

Officials with the Transition to Practice (TTP) program followed the commercialization of the Quantum Secured Communications system with the transition of Hyperion, a malware forensics and software assurance technology, to R&K Cyber Solutions LLC, an application development and cyber solution company based in Manassas, Virginia.

May 5, 2015
By Glenn Kesselman

If you have a credit card, an account with a health care provider or your personal identifiable information (PII) stored with a vendor, your PII probably has been compromised. What if there was another way to allow commerce and government to use your PII without storing it?

May 1, 2015
By Robert K. Ackerman
Two Vermont Army National Guard computer network defense team members participate in a 2014 Cyber Shield exercise. The command and control of defensive cyber operations now is centralized in the Defense Department’s Joint Force Headquarters (JFHQ) Department of Defense Information Network (DODIN).

The Defense Department, facing an increase in defensive cyber operations, now has the command and control it needs to wage those actions on its information network. The Joint Force Headquarters Department of Defense Information Network consolidates efforts that previously were dispersed among the services and organizations.

By Lt. Gen. Robert M. Shea, USMC (Ret.)

My hope is that the general public at last is beginning to develop a basic understanding of the vulnerabilities the nation faces in cybersecurity. My fear is that, while these vulnerabilities affect the public at large, this developing understanding has not yet integrated itself into the culture and broad practice of cybersecurity. People still tend to view cyber attacks and scams as isolated incidents with little impact. They don’t seem to grasp the pervasiveness of the threat and its accompanying short- and long-term consequences. The result is a continuation of a cavalier attitude toward cyber hygiene on the part of many individuals as well as government, industry and academia.

May 1, 2015
By Robert K. Ackerman
Personnel with the 618th Tanker Airlift Control Center coordinate global operations from Scott Air Force Base, Illinois. The U.S. Transportation Command (TRANSCOM) finds itself amid battles in cyberspace as intrusions on networks owned by its commercial partners pose a significant threat to U.S. military operations.

The U.S. Transportation Command, in charge of providing land, sea and air mobility to U.S. forces worldwide, now finds itself tasked with its own form of conflict in the cyber domain. Its use of commercial assets has opened it to foreign cyber intrusions that could potentially threaten U.S. military operations in a time of conflict as they depend heavily on mobility for force projection and logistics support.

April 29, 2015
By Robert B. Dix Jr.

Much to their credit, Congress and the president are on the verge of passing and enacting legislation that will facilitate improved sharing of cyberthreat information between government and industry. The question becomes … what is next?

April 28, 2015
By Maryann Lawlor

Although cybersecurity has been getting a lot of well-deserved attention lately, 90 percent of companies recently surveyed admit that their organizations have invested in a security technology that was ultimately discontinued or scrapped before or soon after deployment. The survey also revealed that the most important metrics are the least reliable. For example, although 70 percent of respondents said return on investment and total cost of ownership are critical metrics for investment and measurement of a technology’s economic benefits, the same number said it is difficult to calculate these metrics.

April 27, 2015
By Robert Clark

No less than five pieces of cyber legislation recently have been proposed in Congress. Yet, if history is any judge, none is likely to be signed into law. The only legislation that seems to make it over the hurdles are safe acts that do not break new ground but instead reinforce existing policy.

April 23, 2015
By Sandra Jontz
Defense Secretary Ash Carter delivers a lecture, "Rewiring the Pentagon: Charting a New Path on Innovation and Cybersecurity," at Stanford University in California on Thursday. The lecture highlights the Pentagon's new cyber strategy and innovation initiatives.

The Pentagon’s new cybersecurity strategy for the first time publicly addresses the department’s option to resort to offensive cyberwarfare tactics as a means to safeguard the military’s information networks.

The Department of Defense Cyber Strategy, the second in four years, guides the development of the military’s cyber forces toward a strengthened cyber defense and cyber deterrence posture—and plans to hold in its arsenal offensive cyber capabilities.