A new U.S. Army cyber-based task force hit the ground running this week to do a deep-dive, Army-wide review and strategically assess the service’s cyber needs, strengths, weaknesses and assets, officials say. Task Force Cyber Strong is one tangible outcome from a new cyber directorate created in July to spearhead the convergence of cybersecurity and electronic warfare.
Vetted computer security specialists from across the United States and select partner nations are invited to hack some of the U.S. Air Force’s key public websites. The initiative is part of the Cyber Secure campaign the service’s chief information officer is sponsoring to further operationalize the domain and leverage talent from inside and outside of the Defense Department. HackerOne Incorporated, a security consulting firm, is managing the contest.
The White House has created a council charged with tackling federal information technology services. President Donald Trump signed the executive order that stands up the American Technology Council, or ATC, to "transform and modernize" federal IT.
The U.S. government is racing to identify technologies that will resist the threat from quantum computers, which will render today’s encryption obsolete.
They do not necessarily match the hero stereotype, but computer scientists improving methods of generating random numbers just may save the day when it comes to cybersecurity.
Scientists at the University of Texas at Austin have delivered a mathematical revelation that could bring a number of benefits, but improved encryption tops the list. Cybersecurity, of course, depends on encryption, which relies on random data. Although the world is full of randomness—a roll of the dice, a flip of a coin, a lottery drawing—randomness is not always equal. When studied over time, air temperatures and stock market results, for example, actually produce predictable patterns.
You might think that homomorphic cryptography, obfuscation techniques and privacy concerns have nothing in common. You would be mistaken.
The Defense Advanced Research Projects Agency (DARPA), a division of the U.S. Defense Department that creates breakthrough technologies, is advancing these complex but intrinsically connected concepts in a series of efforts that could alter the art of making and breaking code.
U.S. adversaries know they can exploit cyber vulnerabilities and are getting away with it with ease and on the cheap. This reality is as befuddling to officials as it is enraging, and it has some experts calling on the federal government to embrace a new defense approach: Put up or shut up.
The need to secure data never has been greater, and that need is growing. Encrypting data is one of the main methods of securing information at the source, in storage and in transit. With data breaches becoming more common and more serious, organizations and individuals increasingly are encrypting information. This trend ultimately could lead to significant changes in the data security realm.
Fraud, theft and information corruption have become a way of life in cyberspace. Vital information such as health care data has joined financial and personal data as a prime target of hackers.
Entitled. Self-centered. Disaffected. These are just a few of the divisive and disparaging words used to describe millennials. The largest generation in U.S. history—an emerging consumer powerhouse—is making significant cultural changes centered around revolutionary, life-enhancing technologies. Tomorrow’s successes are sure to stem from millennials who are pushing the limits.
Perhaps fewer ecosystems can benefit more from this work force’s M.O. than cyberspace, experts shared during the recent debut of a Young AFCEAN panel at West 2017.
I’ve heard a lot of talk about cyberthreats over the past 15 years, yet I haven’t seen anyone offer a holistic way to address them. As I reflect on my own experiences and challenges in information and operational technology, the last problem of this magnitude that we had to face was the feared millennium bug, or Y2K. A mere 17 years later, the information technology landscape looks eerily the same. For many chief information officers (CIOs) and chief information security officers (CISOs), the size and scope of the millennium bug is about the same as today’s major security challenge: the cyber bug.
Though the U.S. Defense Department has spent much time and money to protect high-value network assets such as emails from cyber intruders, the systems remain vulnerable to attacks. So imagine the weaknesses to systems that haven’t garnered as much defense attention or reinforcements, a senior official said.
“We have spent a lot of time—and have been very successful at—protecting our email information,” said Daryl Haegley, program manager for Business Enterprise Integration (BEI) in the Office of the Assistant Secretary of Defense for Energy, Installations and Environment. “But what about the control systems, manufacturing systems, facilities networks, medical devices? What we’re finding is ‘not so much.’
The Department of Homeland Security’s Science and Technology Directorate (S&T) announced the transition of Hyperion, a malware detection technology, to the commercial marketplace.
Needing innovation for cybersecurity more than ever, NATO and its member nations still do not have a concrete plan to speed new capabilities into alliance and national systems. Intricate procurement processes compound the absence of cooperation among firms while cyber adversaries continue to improve their methods and broaden their capabilities.
Adversaries, and cyber criminal organizations in particular, are building tools and using techniques that are becoming so difficult to detect organizations are having a hard time knowing that intrusions are taking place. Passive techniques of watching for signs of intrusion are less and less effective. Environments are complicated, and no technology can find 100 percent of malicious activity, so humans have to “go on the hunt.”
Through its significant investment in networked systems and smart devices, the U.S. Defense Department has created an enormously effective—yet highly vulnerable—approach to national security. The department has begun investing more in the Internet of Things (IoT), which has gone a long way toward making ships, planes, tanks and other weapon systems far more lethal and effective. Unfortunately, the IoT's pervasive connectivity also has increased the vulnerability of defense networks and the potential for cyber attacks.
While we are all still in the early stages of a networked, always-on Internet of Things world, this is the precise time to develop crucial and effective cybersecurity solutions to combat growing threats. The developing ecosystem needs new ideas for bold government actions, particularly to reduce the risks of quantum computers.
Quantum Threats Looming
Just as free world militaries are moving toward a convergence of cyberspace, electronic warfare and signals intelligence, the dividing lines that define cyberthreats are disappearing as U.S. adversaries join forces against common targets. Nation-states now are cooperating with cyber criminals and hackers to pursue similar goals. Being motivated by either politics or profit is no drawback to the unholy alliance forming worldwide in cyberspace.
SDN, BYOA, VDI. This alphabet soup of technologies and approaches has complicated U.S. Defense Department networks.
Trends such as bring your own device (BYOD), bring your own application (BYOA), software-defined networking (SDN) and virtual desktop infrastructure (VDI) have dramatically increased network vulnerabilities, where failures, slowdowns or breaches can cause great damage. For the military, specifically, such occurrences can be serious and mission altering, exposing incredibly sensitive data.
Millions of student, staff and faculty email addresses and passwords from 300 of the largest universities in the United States have been stolen and are being circulated by cyber criminals on the dark web, according to a recent report.
Hacktivists, scam artists and even terrorists intend to sell, trade or just give away the addresses and passwords, said the Digital Citizens Alliance report.
The comment deadline is Monday for changes introduced to the National Institute of Standards and Technology (NIST) draft update to its Framework for Improving Critical Infrastructure Cybersecurity.
The proposed update aims to further develop voluntary guidelines for organizations to reduce cybersecurity risks. It provides details on managing cyber supply chain risks, clarifies key terms and introduces measurement methods for cybersecurity, the agency states.