Small businesses doing work for the U.S. Defense Department pose serious cybersecurity concerns, in part because of their limited resources to invest in technical and practiced security measures, according to a congressional oversight agency’s assessment.
U.S. President Barack Obama and Chinese President Xi Jinping have agreed that neither country will “support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors,” according to a White House announcement released today.
Most cyber practitioners and many users agree that assessing and managing the risk attributed to cybersecurity and critical infrastructure protection is a shared responsibility between and across a wide array of stakeholders—including government, industry, academia, the nonprofit community and individual citizens.
The U.S. Army is converging many of its communications, electronics and intelligence disciplines to combat a cyberthreat that already has eroded much of the competitive advantage the U.S. military has possessed in recent years. Countering this threat virtually mandates that cyber operations move into the realm of fully integrated operations.
Security products are like crack to security professionals—they just cannot get enough. These products appear to be the panacea practitioners are seeking, but they often are not what they seem. They do not always solve problems, and they leave security experts continually looking for yet more new products, solutions and techniques for managing cyber risk. This raises the question: Why do enterprises and government organizations find protecting themselves from cyber crime so difficult?
A large portion of this issue of SIGNAL Magazine is devoted to its new quarterly special section—The Cyber Edge. The goal of The Cyber Edge is to do a better job of educating people across a broad spectrum in terms of the cyber threat, its implications, its technology issues and the policies that must be undertaken to solve the challenge.
Currently, from a cyber perspective, there is a dearth of information on what really is going on. Tales and stories abound, but no one goes into enough detail on what is behind those stories. Very few professional publications have properly framed the issues that must be dealt with from a cyber perspective.
The Internet of Things, or IoT, encompasses an ecosystem of devices and algorithms that gather and share information via the Internet. It is the next wave of technology transforming everything from meteorology to agriculture to health care. Despite the buzz surrounding the IoT, conversation about likely effects on domestic intelligence in the United States has yet to take off.
The typical all-source intelligence analyst must generate products that result from the fusion and correlation of structured and unstructured text reporting with sensor and imagery data sources. This process is complicated by the explosion of information on the Internet and the international community’s increasing use of social media to share ideas and coordinate activities, which has resulted in a larger data pool.
As the U.S. Air Force develops its computer security forces, it finds itself caught in a web of ineffective policies and generational conflict. The arrival of people who have grown up in the information age exacerbates the 21st-century generation gap. Fortunately, a clear understanding of the root causes of problems illuminates sound models that can be evaluated and adopted to support the success of Air Force cyber.
The service has seen a mass exodus of talented cyber professionals over the past few years. Many leave because they are frustrated with Air Force cyber’s constraints and flawed policies. Although not typically the driving factor, pay for industry jobs is often better, further encouraging departure.
The U.S. Defense Department’s Office of Small Business Programs (OSBP) has explored some options, such as online training videos, to integrate cybersecurity into its existing efforts, but as of July had not yet identified and disseminated cybersecurity resources in its outreach and education efforts to defense small businesses, according to a recent report by the U.S. Government Accountability Office (GAO).
As the Defense Department continues to forge closer relations with Silicon Valley, its leaders say they need more tools to improve automation of cyber basics, the department’s chief information officer (CIO) said. “At a certain point, I want to have some cyber defenses completely automated, where certain conditions occur and the system takes its own response,” said CIO Terry Halvorsen. “I think that is the only way we will keep up.” Automation would free up military and civilian cyber staff to concentrate on higher-level work.
Turning the tables on cyber marauders may be alluring as the ultimate cyber defense, but it is not without risk, according to panelists at the AFCEA/INSA Intelligence and National Security Summit being held in Washington, D.C., September 9-10. Commercial cybersecurity measures could reach beyond defense to offensive measures against cyber intruders to a limited degree, but companies must ensure they break no laws—nor rile their cyber adversaries too much.
Ransomware soared as the preferred malware of cybercriminals, with the number of new samples rising 58 percent over the second quarter of this year, and a whopping 127 percent over this time last year, according to a new analysis by Intel Security.
The firm released a retrospective report five years after acquiring McAfee. Its researchers compared what they thought would happen beginning in 2010 to what actually happened with hardware and software security threats, noting the boom in the number of devices connected to the Internet and a general lack of cyberhygiene contributed to the increase of malware intrusions and ransomware attacks.
It is important for Congress to pass meaningful legislation to improve cybersecurity information sharing and provide sufficient liability protection for entities that share sensitive information with the government, along with ensuring appropriate privacy protections. Yet, much more needs to be done quickly to address cybersecurity preparedness and resilience in the United States and around the world.
An unending quest for convenience and expedience has brought about a technology that connects billions of devices to people and to things and produces vast amounts of information. Wireless links now are permeating virtually every electronic device in society, but they bring with them the vulnerabilities and threats that characterize cyberspace today.
Joshua Corman calls it the bacon principle: the notion that no matter the food, bacon makes everything better. Manufacturers of medical devices, automobiles and home electronics seem to adhere to the same theory when it comes to the use of wireless capabilities.
As if cyber breaches of key federal networks haven’t been problematic enough for experts, hackers increasingly target smaller branch offices that present a weak link in cybersecurity. Wireless connectivity at remote locations leave networks vulnerable because they are not hardened with the latest firewall protections and traditionally do not have a lot of tech support, one expert says.
“Small branch offices are becoming a greater point of attack,” says Paul Christman, executive director of federal sales for Dell Software. “We don’t need to storm the castle anymore to gain access to valuable information or access into the networks.”
While serving as the first luncheon keynote speaker at AFCEA’s Defensive Cyber Operations Symposium, Lt. Gen. Ronnie D. Hawkins Jr., USAF, outgoing director of the Defense Information Systems Agency (DISA), compared cyber and traditional weapons. “We have really, really been modernizing our weapon systems. When you juxtapose that, however, with what we’ve been doing in cyber, we are just now catching on to recognizing that cyber truly is a weapon system,” he said at the June 16-18 event held in Baltimore. “Truly, we are modernizing our weapon system when it comes to cyber right now.”
A conflict erupting on the Korean Peninsula could lead to any of a number of developments and outcomes, and its effects—including cyber operations—might not be limited to the Koreas and the U.N. forces involved there. By modeling a hypothetical conflict with North Korea, planners can examine different scenarios and validate assumptions to imagine a potential cyber situation on the peninsula that could have far-reaching implications that otherwise could go unrecognized.
The password is vanishing. The cumbersome, multicharacter, hard-to-remember bane of Internet usage finally is dying. As biometric and behavioral monitoring technologies evolve, solutions that embrace revolutionary new identity verification systems based on users’ behaviors at the keyboards promise to replace the expiring relic. And not a moment too soon.
An emerging identity verification system known as the “cognitive fingerprint” leverages existing technologies that can recognize patterns of computer users and creates a “behavioral fingerprint” to enable more secure authentication methods. The evolution in identity management undoubtedly will prove disruptive to the current authentication and user verification processes.
Be careful now, remain calm. The title can excite everyone, and having a conversation on cyber active defense over a few beers can turn fascinating in a heartbleed—I mean heartbeat.
This is a topic that covers computer network defense (cybersecurity/cyberdefense) by looking at the legal aspects of, yes, going farther than “passive defense” and into active defense. Various legal issues arise in each area, and I can offer two active defense case-histories to share and their legal ramifications. One includes the computer fraud and abuse act, CFAA, against the “active-defense” perpetrator.