Adversaries, and cyber criminal organizations in particular, are building tools and using techniques that are becoming so difficult to detect organizations are having a hard time knowing that intrusions are taking place. Passive techniques of watching for signs of intrusion are less and less effective. Environments are complicated, and no technology can find 100 percent of malicious activity, so humans have to “go on the hunt.”
Through its significant investment in networked systems and smart devices, the U.S. Defense Department has created an enormously effective—yet highly vulnerable—approach to national security. The department has begun investing more in the Internet of Things (IoT), which has gone a long way toward making ships, planes, tanks and other weapon systems far more lethal and effective. Unfortunately, the IoT's pervasive connectivity also has increased the vulnerability of defense networks and the potential for cyber attacks.
While we are all still in the early stages of a networked, always-on Internet of Things world, this is the precise time to develop crucial and effective cybersecurity solutions to combat growing threats. The developing ecosystem needs new ideas for bold government actions, particularly to reduce the risks of quantum computers.
Quantum Threats Looming
Just as free world militaries are moving toward a convergence of cyberspace, electronic warfare and signals intelligence, the dividing lines that define cyberthreats are disappearing as U.S. adversaries join forces against common targets. Nation-states now are cooperating with cyber criminals and hackers to pursue similar goals. Being motivated by either politics or profit is no drawback to the unholy alliance forming worldwide in cyberspace.
SDN, BYOA, VDI. This alphabet soup of technologies and approaches has complicated U.S. Defense Department networks.
Trends such as bring your own device (BYOD), bring your own application (BYOA), software-defined networking (SDN) and virtual desktop infrastructure (VDI) have dramatically increased network vulnerabilities, where failures, slowdowns or breaches can cause great damage. For the military, specifically, such occurrences can be serious and mission altering, exposing incredibly sensitive data.
Millions of student, staff and faculty email addresses and passwords from 300 of the largest universities in the United States have been stolen and are being circulated by cyber criminals on the dark web, according to a recent report.
Hacktivists, scam artists and even terrorists intend to sell, trade or just give away the addresses and passwords, said the Digital Citizens Alliance report.
The comment deadline is Monday for changes introduced to the National Institute of Standards and Technology (NIST) draft update to its Framework for Improving Critical Infrastructure Cybersecurity.
The proposed update aims to further develop voluntary guidelines for organizations to reduce cybersecurity risks. It provides details on managing cyber supply chain risks, clarifies key terms and introduces measurement methods for cybersecurity, the agency states.
The Northrop Grumman Foundation awarded $50,000 in scholarships to high school teams that excelled at the CyberPatriot IX National Finals Competition this week in Baltimore.
The CyberPatriot IX finals featured 28 high school and middle school teams that defended virtual networks and mobile devices from a professional aggressor team. The competition drew a record 4,404 teams, a 30 percent increase over last year, according to a press release.
Women comprise just 11 percent of the information security work force, and despite being more educated than men in the field, hold fewer senior-level positions and earn less money, new research shows. Female representation in the industry also has remained unchanged since 2013, according to the Center for Cyber Safety and Education’s Women in Cybersecurity report.
As the Internet of Things, or IoT, steadily migrates from fantasy to reality, the accompanying cybersecurity challenges posed by billions of connected devices have become not only evident, but a leading concern for federal technologists.
The lack of IoT security tops a list of critical concerns for surveyed professionals wrestling to address the challenges increasingly front and center as the sheer number of connected devices and sensors grows, according to results of a recent Brocade survey.
The U.S. government took a vital tangible step toward clearly defining rules of cyber war when the Department of Justice unsealed an indictment on March 15 accusing two operatives of Russia’s Federal Security Service (FSB) and two hired computer hackers of being behind last year's massive cyber breach of Yahoo.
Emerging technologies such as artificial intelligence and cognitive computing soon could be setting sail to aid the U.S. Navy in its battle to conquer cyberspace. Such capabilities could hold the key to improving cyber defense, while other approaches are making their way into offensive cyber operations, says the Navy’s top cyber officer.
Some technologies the Navy seeks are dual-use in the sense that they can be employed by defenders as well as attackers. Automation, for example, is being used by nation-states to probe and prey upon large blocks of Internet protocol (IP) space in both the military and commercial realms. Yet defenders also may rely on automation to help detect and respond to cyberthreats early in an attack.
The increase in cyberthreats from both internal and external sources has put the onus on government agencies, particularly at the federal level, to implement strong cybersecurity architectures. While encryption is an essential component, without careful implementation, criminals easily can exploit its weaknesses, and the emerging power of quantum computing could compound the problem.
An offshoot of social media, crowdsourcing could hold solutions to some of the biggest cybersecurity problems the U.S. Defense Department faces. The burgeoning field could find fixes for thorny legacy problems as well as emerging cyberthreats. This is exactly what is taking root at the Joint Forces Staff College in a course offered to service members and their Defense Department civilian equivalents learning cyber concepts in joint, interagency and multinational environments.
If you have been living in a cave, Malaysia’s Borneo rainforest or the 1950s, then you might be among the few people unfamiliar with the power of crowdsourcing.
The term, a convenient meshing of the words crowd and outsourcing, refers to tapping a group of people with similar skills or interests and offering them a venue through which they compete or collaborate to accomplish a particular task, job or goal. Typically, crowdsourcing is carried out by leveraging the ubiquitous connectivity of the Internet. (For more, see “Crowdsourcing Confronts Cyber Challenges.”)
Internet protocol (IP) networks achieve functionality through a layering process analogous to the fabrication of their enabling semiconductor chips. But that complex process introduces complications along with capabilities.
In the information security sector, the same problems and misconceptions about cybersecurity crop up again and again. Specifically, federal government leaders believe that security is purely a technology problem. But that is not the case. Cybersecurity vulnerabilities in both industry and government are regularly the result of human behavior and not solely an information technology or system error. And this human threat often is not malicious. So how are government officials to manage this type of insider risk?
A new way of configuring networks eliminates security vulnerabilities that date back to the Internet’s origins. Instead of building multilayered protocols that act like flashing lights to alert hackers to their presence, network managers apply a single layer that is virtually invisible to cybermarauders. The result is a nearly hack-proof network that could bolster security for users fed up with phishing scams and countless other problems.
For all the talk about how hard it is to crack the cybersecurity code, what if the dialogue shifted?
What if technologists were given the right economic incentives to solve the problem? What if, instead of droning on about poor cyber hygiene practices, users weren’t treated like they are the problem but the solution?
The AFCEA Cyber Committee, which is made up of more than 40 experts in the field, has released a white paper identifying key concerns in the cyber realm and offering recommendations for the incoming administration.
The report, Key Cyber Issues and Recommendations: A Way Forward, identifies three needs in the cyber arena. The first is that the United States must approach cyber in a strategic and international context that incorporates diplomatic, information, military and economic elements of national power.