Cyber

October 16, 2020
By Robert K. Ackerman
Credit: Shutterstock/Aleksandar Malivuk

In addition to institutions such as NATO and the European Union (EU), one of the biggest players in North Atlantic defense is data, say European experts. Yet, nations often overlook the lessons generated by the private sector and not always pursuing effective investments in military information technology.

Those points were discussed at the AFCEA Europe Joint Support and Enabling Command (JSEC) virtual event in late September. Maj. Gen. Erich Staudacher, GEAF (Ret.), AFCEA Europe general manager, offered that data increasingly sprawls into military mobility. He recited an old Latin saying that navigation is necessary, all the more in this sea of data.

October 9, 2020
By Robert K. Ackerman
Credit: Shutterstock/Blue Planet Studio

As the military girds for a battlespace environment flush with big data, the COVID-19 coronavirus is forcing governments to adopt actions that can be applied to that requirement. Efforts underway to combat the virus are showing the way to data networking that can serve burgeoning civilian and military needs.

Just how these efforts constitute an exercise in synchronicity was explained by Terry Halvorsen, CIO/EVP, IT Mobile with Samsung Electronics. Speaking at the AFCEA Europe Joint Support and Enabling Command (JSEC) virtual event in late September, Halvorsen described how combating the coronavirus has taken on warlike aspects that can be extended across the information technology spectrum.

October 1, 2020
By Robert Hoffman
Marines with Marine Corps Forces Cyberspace Command work in the cyber operations center at Lasswell Hall, Fort Meade, Maryland. MARFORCYBER Marines conduct offensive and defensive cyber operations in support of U.S. Cyber Command and operate, secure and defend the Marine Corps Enterprise Network. Credit: Staff Sgt. Jacob Osborne, USMC

Automation software tools are being under-utilized, especially in the U.S. Defense Department. While the department has purchased and used automated scanning tools for security and compliance, it has been slow to adopt automation for many other tasks that would benefit from the capability, such as easing software deployment and standardization and, once developed, increasing the speed of overall automation.

October 1, 2020
By Kimberly Underwood
As the deadly COVID-19 virus spread around the world, so did the attacks from malicious cyber actors, taking advantage of the unsure times, say experts from leading cybersecurity firms. Credit: Shutterstock/VK Studio

While the world was facing the rapid and deadly spread of the severe acute respiratory syndrome coronavirus 2, most commonly known as COVID-19, malicious cyber attackers were also at work, increasing the number of attacks, switching methods, taking advantage of the boom in Internet, network and email users, and playing on fears during the uncertain time, cybersecurity experts say. Companies struggling to maintain operations are still leaving gaps in digital security, they warn.

October 7, 2020
By Ray Rothrock
Just like basic personal hygiene during a pandemic, practicing cyber fundamentals comes down to the individual and consistency. Photo credit: vientocuatroestudio/Shutterstock

When it comes to nefarious deeds, the COVID-19 pandemic has been a gold mine for bad actors. In addition to wreaking havoc for individuals and healthcare organizations, federal agencies are also prime targets. Case in point: a portion of the Department of Health and Human Services’ (HHS) website was recently compromised, in what appears to be a part of an online COVID-19 disinformation campaign. 

In a time of heightened cyber risk and limited human and fiscal resources, how can agencies protect their networks from malicious actors by taking a page from the COVID playbook? They can diligently practice good (cyber) hygiene.

In fact, there is a direct correlation between personal and cyber hygiene.

October 1, 2020
By Robert K. Ackerman
The U.S. Government Accountability Office (GAO) is exploring the ramifications of a number of emerging disruptive technologies. One common thread running through all of them is cyber. Credit: GAO file photo

The future of U.S. technology, if the federal government has its way, likely will be cyber-heavy with innovative breakthroughs erupting from several areas, according to the office charged by Congress with assessing things to come. These areas include seemingly mundane concerns such as telecommunications and digital ledger capabilities, along with more advanced issues such as artificial intelligence and quantum systems.

Many of these disruptive technologies have policy ramifications either in their development or their implementation. The federal government must consider aspects such as regulatory issues, privacy, economic competitiveness and security requirements.

October 1, 2020
By Robert K. Ackerman
A U.S. Navy operations specialist uses a radar system in a combat information center in the 7th Fleet area of operations. The U.S. Navy’s PEO C4I and Space Systems is focusing on parallel development of digital assets and capabilities to speed innovation to the fleet. Credit: U.S. Navy

The U.S. Navy is focusing on parallel development of its new digital assets and capabilities as it works to rush advanced information innovations to the fleet. With the need for better technologies increasing coincidental to the rapidly evolving threat picture, the Navy has opted for concurrence as its main tool for implementing both upgrades and innovations.

October 1, 2020
By Shaun Waterman

To deal with the coronavirus pandemic lockdown this year, the Department of Defense had to massively and immediately ramp up remote teleworking capacity all across its global network. This forced march to the cloud—unprecedented in speed and scale—makes it imperative that the department also move to implement a new generation security architecture. Without it, the cyber attack surface will expand as the remote workforce and the tools they use become new vectors for adversaries.

October 1, 2020
By Joseph Mitola III
Senior Airman Daniel M. Davis, USAF, 9th Communications Squadron information system security officer, looks at a computer in the cybersecurity office on Beale Air Force Base. Cybersecurity airmen must manage more than 1,100 controls to maintain the risk management framework. Credit: U.S. Air Force photo by Airman Jason W. Cochran

Users need to transition all networked computing from the commercial central processing unit addiction to pure dataflow for architecturally safe voting machines, online banking, websites, electric power grids, tactical radios and nuclear bombs. Systems engineering pure dataflow into communications and electronic systems can protect them. The solutions to this challenge are in the users’ hands but are slipping through their fingers. Instead, they should grab the opportunity to zeroize network attack surfaces.

October 1, 2020
By Dirk W. Olliges
Leslie Bryant, civilian personnel office staffing chief, demonstrates how to give fingerprints to Jayme Alexander, Airmen and Family Readiness Center casualty assistance representative selectee. Although requiring fingerprints to access information is better than single-factor identification verification, it should be part of a multifactor authentication approach. Credit: 2nd Lt. Benjamin Aronson, USAF

The two-factor authentication schema is often heralded as the silver bullet to safeguard online accounts and the way forward to relegate authentication attacks to the history books. However, news reports of a phishing attack targeting authentication data, defeating the benefits of the protection method, have weakened confidence in the approach. Furthermore, hackers have targeted account recovery systems to reset account settings, yet again mitigating its effectiveness. Facilitating additional layers of security is crucial to bolstering user account protection and privacy today and into the future.

September 29, 2020
 

The ability to perform data science at the edge is growing increasingly important for organizations across the public sector. From smart traffic cameras to hospitals using data processing for faster diagnosis and warfighters leveraging data in theater, the need to derive actionable intelligence at the edge has never been greater.

Gartner researchers predict that by 2025 three quarters of enterprise-generated data will be created and processed at the edge, outside of a traditional data center or cloud. Fulfilling the promise of real-time edge data processing and analysis requires significant intelligence and computational horsepower that’s close to the action.

September 29, 2020
By Ned Miller, Chief Technical Strategist, McAfee U.S. Public Sector

Over the last few months, Zero Trust Architecture (ZTA) conversations have been top-of-mind across the DoD. We have been hearing the chatter during industry events all while sharing conflicting interpretations and using various definitions. In a sense, there is an uncertainty around how the security model can and should work. From the chatter, one thing is clear—we need more time. Time to settle in on just how quickly mission owners can classify a comprehensive and all-inclusive acceptable definition of Zero Trust Architecture.

September 25, 2020
By Maryann Lawlor
Enterprisewide Risk Management (ERM) consists of the formal identification of major risks to the organization’s mission.

Cybersecurity is now a significant area of focus and concern for senior leaders who have witnessed cyber events that have resulted in significant financial and reputational damage. However, for many organizations, data defense continues to be a technology-focused effort managed by the technical “wizards.” Board of director discussions often zero in on describing the latest cyber threats rather than taking a long-range approach.

But cybersecurity is more than a technical challenge. Enterprise risk management (ERM) is an effective tool to assess risks, including those with cyber origins, but few businesses or agencies use the technique for this purpose, cyber experts assert.

September 21, 2020
By Kimberly Underwood
The Defense Information Systems Agency is finishing its zero trust architecture to bring advances in security and data availability to warfighters. Credit: DISA

Over the last few months, the Defense Information Systems Agency, known as DISA, has been working with the National Security Agency, the Department of Defense (DoD) chief information officer and others to finalize an initial reference architecture for zero trust. The construct, according to DISA’s director, Vice Adm. Nancy Norton, USN, and commander, Joint Force Headquarters-Department of Defense Information Network, will ensure every person wanting to use the DoD Information Network, or DODIN, is identified and every device trying to connect is authenticated.

September 11, 2020
By Kimberly Underwood
Once more of an operational and end-user experience tool, identity management has evolved to be a core aspect of cybersecurity, especially as part of zero trust architecture, say panelists Wednesday at the FedID conference.

The need to move away from a perimeter-based cybersecurity model—the moat and castle approach—to a cloud-enabled zero trust architecture—an underlying framework that essentially is like placing a security door in front of each and every application—is apparent. Similarly, identity, once mostly an operational and user experience-driven technology, has evolved to be a core aspect of cybersecurity, verifying a user in a network or activity, said Frank Briguglio, strategist, Global Public Sector, SailPoint.

September 9, 2020
 

Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment.

At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.

September 9, 2020
By Kimberly Underwood
Credit: Shutterstock/MONOPOLY919

The accuracy of machines relative to human performance in facial recognition has naturally increased with the computational abilities of machines and employment of advanced algorithms, compared to 10 years ago, according to Alice O'Toole, professor at the School of Behavioral and Brain Sciences at The University of Texas at Dallas (UT Dallas).

September 4, 2020
By Robert K. Ackerman
The U.S. Government Accountability Office (GAO) is exploring the ramifications of a number of emerging disruptive technologies. Credit: GAO file photo

The future of U.S. technology likely will be cyber-heavy with innovative breakthroughs erupting from several areas such as telecommunications and digital ledger capabilities. Many of these disruptive technologies have policy ramifications either in their development or their implementation. The federal government must consider aspects such as regulatory issues, privacy, economic competitiveness and security requirements.

September 1, 2020
Posted by Kimberly Underwood
The Five Eyes nations, including Australia, Canada, New Zealand, the United Kingdom and the United States, conducted extensive joint research on cyber breeches, culminating in an incident response playbook for the extended community of partners and network administrators. Credit: Shutterstock/Metamorworks

The cybersecurity representatives of the so-called Five Eyes intelligence partners are working together to improve cyber event incident response across the extended community of the countries of Australia, Canada, New Zealand, United Kingdom and the United States. 

September 1, 2020
By Kimberly Underwood
The increase in the remote workforce due to the pandemic has highlighted calls for increased digital identity management. Credit: Shuterstock/Enzozo

Today’s identity management is fragmented and decentralized, relying on a lot of different systems to authenticate people and manage identities. Organizations use a variety of disjointed tools from passwords and smart cards to biometrics. Instead, organizations should pursue a more holistic approach.

Pages