This is the first of a four-part series, based on interviews with private sector cybersecurity experts, on the vulnerability of U.S. elections to cyberspace intrusion. The next three parts will focus on voting machines, vote tabulation and potential solutions to existing and future challenges.
Defense and intelligence agencies need more than security tools and solutions to guard against the increasing number of cyber threats. They must create a culture to ensure that the nation’s cyber borders are secure. As highlighted in last week’s blog, it takes just one negligent worker to open the door and throw out the welcome mat to a malicious attacker.
The U.S. Army is fighting fire with cyber fire, applying an “incredible focus” on attacking a primary terrorist threat by creating a task force to concentrate on a single targeted mission, says Lt. Gen. Edward Cardon, USA, commanding general of Army Cyber Command.
Responding to a rebuke by Defense Department Secretary Ash Carter that the cyber war against the Islamic State of Iraq and the Levant (ISIL) was progressing too slowly, the U.S. Cyber Command launched a unit with the sole task of going after the militant group’s online activity and put Gen. Cardon in charge of that effort.
Naval Information Forces has developed a website for the Navy Cyber IT and Cybersecurity Workforce (Cyber IT/CSWF) Qualification Program. Pertinent ALCOMS, the Navy cyber IT and cybersecurity qualification matrix, designation and appointment letter templates, program checklists and much more can be found on the new site.
The first week of National Cyber Security Awareness Month focuses on promoting cybersecurity for individuals. However, organizations of all types and sizes, especially small businesses, must be aware of the devastating consequences of a cyber domain attack.
October is National Cyber Security Awareness Month (NCSAM) and the U.S. Department of Homeland Security hopes to use the month-long campaign to inform everyone—individuals, nonprofits, the military, private industries, educational institutions and governments—about cybersecurity.
With cyberspace emerging as a critical warfare domain, U.S. military leaders have been forced to dump both old habits and doctrine in the name of network security. These arduous tasks are part of adapting to the new normal of the digital age, which can include contorting Army policies and actions to win modern wars and address global crises, says Essye Miller, the Army’s director of cybersecurity.
Some U.S. Marine Corps cyber warriors are playing their way toward proficiency. The Corps’ Delta Company, Communication Training Battalion, has turned to gamification to foster a new cyber instruction method that is becoming much more than fun and games. Retooling teaching techniques gave rise to what is dubbed “2-3-6 training” to integrate the intelligence directorate with operations and communications, which in military parlance are designated by the numerals 2, 3 and 6.
A defense-in-depth architecture built around a dual-data model reduces the risk of supervisory control and data acquisition networks being hacked or their data being stolen. The dual-data approach makes connecting various sensors and legacy systems easy, and initial tests show that adding a defense-in-depth architecture provides a degree of security not found in many of these networks, which often lack effective protection against intruders.
The vaunted technology edge enjoyed by Western nations risks fading into history because of espionage by nation-states. National competitors and potential adversaries are saving years of research and development and billions of dollars in related expenses by extricating secrets through cyberspace. Both military and commercial organizations are suffering what could amount to devastating losses from opportunistic enemies, and communications and information technologies top the list of desirable targets.
Cyber capabilities have dramatically transformed the battlefield and how conflicts are resolved. Traditionally, battles were fought in conventional domains—land, air, sea, space—using kinetic, psychological and economic means to defeat opponents. In the cyber realm, anything goes. There are no rules. And adversaries are developing advanced cyber capabilities just as quickly as the United States, threatening critical infrastructure and other systems. So-called cyber-to-physical attacks, when hackers target physical buildings, networks and sites, demonstrate the potentially catastrophic results of a successful campaign against power, water and transportation services.
The 80-page summary of China’s recently published five-year plan (5YP) establishes information and communications technology (ICT) as the country’s highest priority. China presents a well-thought-out plan to close the technology gap with the United States and ultimately surpass it. The published text also conveys a sense of urgency. In view of rapid developments in China, attention to its 5YP is well-warranted.
Sixth in an ongoing series of articles
The intelligence community recently has directed activity toward creating common resources to increase collaboration and speed up the delivery of information technology tools for the government. The need for modern and cost-effective information technology solutions is paramount. However, complex, paper-heavy, time-consuming information-assurance processes steal capital required to modernize. This unproductive cycle affects both U.S. government systems and the industrial base that develops mission systems for the government.
The U.S. Army aims to move sophisticated offensive and defensive cyber operations out of a headquarters environment to the front lines as it prepares its mission force to adapt to and prevail in the critical cyber warfighting domain.
The Office of Personnel Management (OPM) is launching its new background investigation service following a White House directive to address shortcomings and cyber vulnerabilities that have plagued the agency. Charles Phalen Jr., a former CIA director of security, will be the director of the National Background Investigations Bureau (NBIB) starting October 1.
When it comes to cybersecurity, I have heard many people express consternation and wonderment as to why the government cannot protect the Internet. It boils down to two things: No authorization, and officials only have visibility into a scant number of networks under their control.
Yahoo Inc. released a statement Thursday informing customers that at least 500 million user accounts were stolen from its network in 2014 by what company officials labeled a "state-sponsored actor."
The hacked account information might have included customer names, email addresses, telephone numbers, birth dates, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers, according to a company statement. The release does not identify the nation officials believe are behind the hack.
Cybersecurity will remain as much of a challenge for the next administration as it has been for the current White House, especially in light of the constant barrage of cyber attacks from nation states, Director of National Intelligence James Clapper said Wednesday.
“The Russians hack our systems all the time, not just government but corporate and personal systems,” Clapper said on the inaugural day of at the Intelligence & National Security Summit (INSS) in Washington, D.C. The two-day conference, sponsored by AFCEA International and the Intelligence and National Security Alliance (INSA), runs through Thursday.
Fifth in an ongoing series of articles
The U.S. government must bring its key software providers into the secure environment and use them as trusted partners in delivering and supporting their products. In many cases, these providers are not only the best sources of trusted software but also the only sources. Holding them contractually liable for certifying their products and delivering them directly to the end system may be the only way to reduce the time to furnish baseline systems, streamline costs and maintain product integrity and security.
The U.S. Defense Department and the federal government could piggyback on the recent blockbuster popularity of Pokemon Go, the location-based augmented reality game that catapulted some couch potatoes from their sofas to the great outdoors, to transform cyber training. The mobile app, an overnight international sensation, combines the virtual world of Pokemon with the real world in which people live.
The gaming craze offers insights on how to excite people to partake in—and really learn from—cybersecurity training.