The U.S. Cyber Command’s Cyber Mission Force must keep pace with a threat landscape that is evolving at an unprecedented tempo. Cyberthreats are constantly growing in volume, velocity and sophistication, and the force needs a warfighting platform that will allow it to get ahead of attackers. That platform should enable continuous improvement through iterative development at the speed and scale of military operations.
No longer a curiosity, the Internet of Things has emerged as a highly sought-after technology advantage for organizations worldwide. The federal government has stepped up as an innovator within this space, generating profound advancements with seemingly unlimited promise to support national security missions. Those in doubt need look no further than research from the Center for Data Innovation, a nonprofit, nonpartisan institute, which reveals a broad range of eclectic, real-life implementations.
Modern information and networking technologies bring exciting functionalities to everyone, everywhere, all the time. Manufacturers, service providers and users alike welcome the advancements because they boost business opportunities and enable new and better computing capabilities that offer convenience, increase independence and save time.
Plainly, innovations are appealing, but important security aspects are being pushed into the background. Security adds complexity and limitations to functionality. It requires more resources and seems to slow innovation and increase cost. In a military environment, these hurdles can seriously affect mission success.
In 2016, big data software company Splunk promised to donate a minimum of $100 million in software licenses, training, support and education to nonprofit organizations and educational institutions over the next 10 years. The company’s Splunk4Good initiative supports nonprofit organizations, academic research and social improvements.
There’s a new National Institute of Standards and Technology (NIST) cybersecurity framework that’s going against the grain. The Department of Defense has mandated that contractors comply with the guidance laid out in NIST special publication 800-171, which aims to strengthen the protection of controlled unclassified information. Why focus contractors’ limited resources on protecting information that is not top secret? Even if information is not top secret it still can be sensitive. For example, social security numbers, contact information, bank account details and other personal information about U.S.
In the federal government space, the machines have risen, but they’re not here to threaten us. Instead, agencies are turning to artificial intelligence (AI) and machine learning to bolster the U.S.’s cybersecurity posture.
There are many reasons for this emergent interest. Agencies are dealing with enormous amounts of data and network traffic from many different sources, including on premises and from hosted infrastructures—and sometimes a combination of both. It’s impossible for humans to sift through this massive amount of information, which makes managing security a task that cannot be exclusively handled manually.
The cloud and data security go hand-in-hand. While cloud computing provides valuable IT architectures and solutions for government agencies, it also requires them to relinquish data security to public cloud service providers.
A lightning strike last year delivered a new way for Marianne Bailey, the National Security Agency’s new deputy national manager for national security systems, to illuminate the cybersecurity threat.
The bolt burned Bailey’s house, and the burglar alarm was one of the last items she replaced. “The poor burglar alarm guy was telling me about all this great capability where I can get this thing on my smartphone, and I can turn it on and turn it off,” she relates.
Her response: “I want the dumb one that’s not connected to Wi-Fi.”
By 2025, an estimated 75 billion or more devices will be connected via the Internet. While the ability to access data on any device from any device multiplies productivity exponentially, it also creates unforeseeable vulnerabilities that organizations are only beginning to understand.
Last year’s Mirai botnet distributed denial-of-service attack, which infected millions of devices, demonstrates the multifaceted challenges federal agencies and private-sector companies face when securing their devices and networks. These challenges will only continue to grow both inside and outside of these domains.
A civilian reserve cyber corps deserves strong consideration as a way to add more capacity to the cyber work force, which the nation has struggled to do for a number of years. The Civil Reserve Air Fleet (CRAF) could serve as a model for the corps and ultimately help the U.S. government and the Defense Department shore up their shortfall of cyber resources.
After analyzing lessons learned from a delay-riddled transition to Networx, where a 33-month long process resulted in a costly overrun of about $395 million, the General Services Administration (GSA) came well prepared to make the Enterprise Infrastructure Solutions (EIS) contract transition a much smoother process.
The worldwide cyber conflict is only going to increase and the risks and devastating economic impacts will continue to mount. The United States and other "like-minded" countries must spring into action, increase their cyber warfare capabilities, put in place national cyber policies and promulgate stronger international cyber laws to fend off aggressive cyber actors, warned experts at the CyConUS 2017 conference in Washington, D.C., on November 7. The event was co-hosted by the Army Cyber Institute, West Point and the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), Tallinn, Estonia.
The Department of Defense (DOD) Operational Test and Evaluation Fiscal Year 2016 Annual Report indicates that while there has been significant cybersecurity progress over the past few years, network defense as a warfighting function continues to be undervalued.
Despite the department’s concerted and progressive network modernization efforts, many networks are built on outdated legacy architectures that were never designed to address the challenges posed by continually evolving threat vectors. Neither agile nor flexible enough to be able to adjust, they are vulnerable to the security risks posed by increasingly intelligent, nimble and enterprising hackers.
The Department of Homeland Security’s (DHS’) Office of Inspector General (OIG) says the department needs to improve how it facilitates cyberthreat information sharing between federal government agencies and the private sector. Although the OIG acknowledges DHS’ progress in enabling sharing among government entities, the department’s system still focuses on volume, velocity and timeliness of information but does not provide the quality, contextual data needed for the private sector to effectively defend against ever-evolving threats.
The government’s effort to balance cybersecurity with continued innovation was underscored last year with the publication of the Commission on Enhancing National Cybersecurity’s Report on Securing and Growing the Digital Economy. The report included key recommendations for cybersecurity enhancements, while also serving as a sobering reminder that “many organizations and individuals still fail to do the basics” when it comes to security.
The United States should not underestimate the ability of terrorist organizations such as ISIS to mount cyber attacks against the homeland, says John Mulligan, former deputy director of the National Counterterrorism Center. As the nation works to shrink territorial control of the caliphate in Iraq and Syria, the battlefront extends virtually to the cyber domain, and America must be prepared.
It is essential to learn from cyber attacks conducted by state and nonstate actors to define resilience for cybersecurity or cyber terrorism. "We need to develop a threat model for cyber resilience. We have to be prudent to distinguish between cyber warfare and cyber terrorism," said Anita T. Abbott, Ph.D., director, adjunct professor, Global Partnership and Development Ltd., during the TechNet Asia-Pacific conference.
Data, in the world of Terry Halvorsen, is more like milk than wine. It does not get better with age, and if you leave it out too long, it will spoil. Halvorsen is chief information officer and executive vice president IT and Mobile Communication B2B Business, Samsung Electronics. “We are keeping and storing vast amounts of data that does not do anything for us," he explained during his keynote address at AFCEA TechNet Asia-Pacific.
You often hear that storage is cheap, but all that stored data has an impact on the speed of the data you want. It makes it harder to find the data you want or to aggregate it in a meaningful way.
The U.S. Defense Information Systems Agency (DISA) has awarded a $163 million task order to SRA International, a subsidiary of CSRA Inc. The award directs CSRA to support DISA’s endpoint security solution integrator support effort under the General Services Administration’s Alliant Government-wide Acquisition Contract, the company announced.
Electronic warfare (EW) is one of the most complex, least understood and difficult operating environments we face. U.S. forces in Southwest Asia did not encounter a consistently serious EW challenge, and in some ways, EW has become a forgotten capability. Since the end of the Cold War, when we concentrated on defending and waging EW against the Soviets, attention has turned elsewhere. Now the Soviet heirs in Russia, as well as other adversaries, have refined and sharpened their EW skills. If we engage in a higher level of conflict than we have faced in the recent past, then we will likely confront a foe wielding a vastly improved EW capability that could threaten the success of our operations.