October 1, 2015
By Maj. John Chezem, USAFR
Students at the U.S. Air Force Network War Bridge Course learn modern cyber operations under the aegis of the Air Force Space Command. The Air Force risks losing the effectiveness, and the personnel, of its cyber force unless it addresses critical cultural issues in that domain.

As the U.S. Air Force develops its computer security forces, it finds itself caught in a web of ineffective policies and generational conflict. The arrival of people who have grown up in the information age exacerbates the 21st-century generation gap. Fortunately, a clear understanding of the root causes of problems illuminates sound models that can be evaluated and adopted to support the success of Air Force cyber.

The service has seen a mass exodus of talented cyber professionals over the past few years. Many leave because they are frustrated with Air Force cyber’s constraints and flawed policies. Although not typically the driving factor, pay for industry jobs is often better, further encouraging departure.

September 30, 2015
By George I. Seffers

The U.S. Defense Department’s Office of Small Business Programs (OSBP) has explored some options, such as online training videos, to integrate cybersecurity into its existing efforts, but as of July had not yet identified and disseminated cybersecurity resources in its outreach and education efforts to defense small businesses, according to a recent report by the U.S. Government Accountability Office (GAO).

September 16, 2015
By Sandra Jontz

As the Defense Department continues to forge closer relations with Silicon Valley, its leaders say they need more tools to improve automation of cyber basics, the department’s chief information officer (CIO) said. “At a certain point, I want to have some cyber defenses completely automated, where certain conditions occur and the system takes its own response,” said CIO Terry Halvorsen. “I think that is the only way we will keep up.” Automation would free up military and civilian cyber staff to concentrate on higher-level work.

September 9, 2015
By Robert K. Ackerman

Turning the tables on cyber marauders may be alluring as the ultimate cyber defense, but it is not without risk, according to panelists at the AFCEA/INSA Intelligence and National Security Summit being held in Washington, D.C., September 9-10. Commercial cybersecurity measures could reach beyond defense to offensive measures against cyber intruders to a limited degree, but companies must ensure they break no laws—nor rile their cyber adversaries too much.

September 2, 2015
By Sandra Jontz

Ransomware soared as the preferred malware of cybercriminals, with the number of new samples rising 58 percent over the second quarter of this year, and a whopping 127 percent over this time last year, according to a new analysis by Intel Security.

The firm released a retrospective report five years after acquiring McAfee. Its researchers compared what they thought would happen beginning in 2010 to what actually happened with hardware and software security threats, noting the boom in the number of devices connected to the Internet and a general lack of cyberhygiene contributed to the increase of malware intrusions and ransomware attacks.

August 28, 2015
By Robert B. Dix Jr.

It is important for Congress to pass meaningful legislation to improve cybersecurity information sharing and provide sufficient liability protection for entities that share sensitive information with the government, along with ensuring appropriate privacy protections. Yet, much more needs to be done quickly to address cybersecurity preparedness and resilience in the United States and around the world.

August 1, 2015
By Sandra Jontz

An unending quest for convenience and expedience has brought about a technology that connects billions of devices to people and to things and produces vast amounts of information. Wireless links now are permeating virtually every electronic device in society, but they bring with them the vulnerabilities and threats that characterize cyberspace today.

Joshua Corman calls it the bacon principle: the notion that no matter the food, bacon makes everything better. Manufacturers of medical devices, automobiles and home electronics seem to adhere to the same theory when it comes to the use of wireless capabilities.

August 4, 2015
By Sandra Jontz

As if cyber breaches of key federal networks haven’t been problematic enough for experts, hackers increasingly target smaller branch offices that present a weak link in cybersecurity. Wireless connectivity at remote locations leave networks vulnerable because they are not hardened with the latest firewall protections and traditionally do not have a lot of tech support, one expert says.

“Small branch offices are becoming a greater point of attack,” says Paul Christman, executive director of federal sales for Dell Software. “We don’t need to storm the castle anymore to gain access to valuable information or access into the networks.”

August 1, 2015
By George I. Seffers
Making his last appearance at an AFCEA event as the director of the Defense Information Systems Agency, Lt. Gen. Ronnie D. Hawkins Jr., USAF, emphasizes that cyber is a weapon system.

While serving as the first luncheon keynote speaker at AFCEA’s Defensive Cyber Operations Symposium, Lt. Gen. Ronnie D. Hawkins Jr., USAF, outgoing director of the Defense Information Systems Agency (DISA), compared cyber and traditional weapons. “We have really, really been modernizing our weapon systems. When you juxtapose that, however, with what we’ve been doing in cyber, we are just now catching on to recognizing that cyber truly is a weapon system,” he said at the June 16-18 event held in Baltimore. “Truly, we are modernizing our weapon system when it comes to cyber right now.”

August 1, 2015
By Maj. William Smith, USMC

A conflict erupting on the Korean Peninsula could lead to any of a number of developments and outcomes, and its effects—including cyber operations—might not be limited to the Koreas and the U.N. forces involved there. By modeling a hypothetical conflict with North Korea, planners can examine different scenarios and validate assumptions to imagine a potential cyber situation on the peninsula that could have far-reaching implications that otherwise could go unrecognized.

August 1, 2015
By Karyn Richardson

The password is vanishing. The cumbersome, multicharacter, hard-to-remember bane of Internet usage finally is dying. As biometric and behavioral monitoring technologies evolve, solutions that embrace revolutionary new identity verification systems based on users’ behaviors at the keyboards promise to replace the expiring relic. And not a moment too soon.

An emerging identity verification system known as the “cognitive fingerprint” leverages existing technologies that can recognize patterns of computer users and creates a “behavioral fingerprint” to enable more secure authentication methods. The evolution in identity management undoubtedly will prove disruptive to the current authentication and user verification processes.

July 27, 2015
By Robert Clark

Be careful now, remain calm. The title can excite everyone, and having a conversation on cyber active defense over a few beers can turn fascinating in a heartbleed—I mean heartbeat.

This is a topic that covers computer network defense (cybersecurity/cyberdefense) by looking at the legal aspects of, yes, going farther than “passive defense” and into active defense. Various legal issues arise in each area, and I can offer two active defense case-histories to share and their legal ramifications. One includes the computer fraud and abuse act, CFAA, against the “active-defense” perpetrator.

July 22, 2015
By George I. Seffers

Alejandro Mayorkas, deputy secretary of homeland security, and Sarah R. Saldaña, director, U.S. Immigration and Customs Enforcement (ICE), on Thursday presided over the unveiling of an expanded ICE Cyber Crimes Center in Fairfax, Virginia.

The center, known as C3, will provide ICE’s Homeland Security Investigations (HSI) with enhanced operational and training capabilities to meet the growing cyber mission of the agency and increasing workload of criminal cases with a cyber nexus.

July 21, 2015
By Sandra Jontz

U.S. lawmakers launched a bipartisan bid to boost the Department of Homeland Security's powers to better oversee cybersecurity compliance by federal agencies and intervene when they might fail to safeguard their networks.  

The Senate bill would strengthen the department's ability to enforce cybersecurity standards governmentwide, and “in the event that a federal agency chooses not to do so, [the] DHS would have the authority to stand in … and prevent worse damages from occurring,” Sen. Susan Collins (R-ME) said in announcing her plans to submit the bill to the full Senate on Tuesday. 

July 2, 2015
By Robert Clark

I did it. We always hear it. And we all say it. People, humans, my employees, layer 8, the carbon layer—are the weakest link in cybersecurity.

Then I ran into a colleague speaking on cybersecurity/information assurance education at the FS-ISAC & BITS Annual Summit in Miami. And as we talked, and as she highlighted in her presentation, computer users are not the weakest link, as that conclusion is supported by an erroneous assumption.

July 14, 2015
Maryann Lawlor

Everyone who believes that what was dubbed “The Great Technical Glitch of July 8” was incontrovertibly a mere coincidence and not a coordinated cyber attack, raise your hands. Before you shake your head and stop reading, consider this: The institutions those IT mishaps shut down represent the economy (New York Stock Exchange), transportation (United Airlines) and communications or freedom of speech (The Wall Street Journal). Not to go all X Files on you or propose conspiracies around every corner, but dismissing the possibility that it was more than mere chance isn’t so far-fetched.

July 13, 2015
By Dr. Wesley Kaplow

We all have seen the news of the massive theft of information from the Office of Personnel Management (OPM). In a nutshell, with extremely high probability, just about anyone who does work for the government—or from one estimate, more than 21 million people, which includes yours truly—had very personal information stolen.

July 9, 2015
By Sandra Jontz

Hackers behind cybersecurity attacks on the U.S. federal government through the Office of Personnel Management (OPM) pilfered personal information from a much more significant number of current and former employees than previously reported.

Thursday, investigators reported two breaches occurred, with data stolen from 21.5 million workers, far more than the 4 million officials originally disclosed in June.

Hackers managed to breach the computer systems of the OPM, stealing data including Social Security numbers, birth dates, home addresses, job assignments, performance reviews, insurance details and training certificates.

July 1, 2015
By Robert K. Ackerman
Part of the power grid is supported by electrical lines that carry power to customers through rugged terrain. Cybersecurity experts believe supervisory control and data acquisition (SCADA) systems may be the Achilles’ heels that allow malefactors to bring down such critical infrastructure via cyberspace.

A more diverse group of players is generating a growing threat toward all elements of the critical infrastructure through cyberspace. New capabilities have stocked the arsenals of cybermarauders, who now are displaying a greater variety of motives and desired effects as they target governments, power plants, financial services and other vulnerable sites.

But concerns come from not just evolving and future threats. Malware already in place throughout critical infrastructure elements around the world might be the vanguard of massive and physically destructive cyber attacks launched on the say-so of a single leader of a nation-state. Physical damage already has been wrought upon advanced Western industrial targets.

July 1, 2015
By Capt. Ryan Robinson, USA
Signaleers at Fort Gordon, Georgia, train to use satellite communications systems. With the entire force embracing cyberspace as a warfighting domain, these signaleers ultimately must impart their understanding of cyberspace and its technological capabilities to other soldiers in operational units.

Cyberspace is being accepted throughout the U.S. Army as a warfighting domain. However, many soldiers outside of the U.S. Army Signal Corps do not grasp the concept of cyberspace as an operational realm. Empowering them with that understanding is essential to operational success.

One of the primary tasks of Signal Corps members is to provide other leaders and soldiers with a clear understanding of the job of the corps and of cyberspace itself. As a military organization, the clearest means for the Signal Corps to communicate these concepts is through operational language. Many parallels exist between a battlefield’s physical landscape and what is done during offensive, defensive and support operations in cyberspace.