Cyber

November 14, 2018
By Robert K. Ackerman
Vice Adm. Nancy Norton, USN, director, DISA, and commander, JFHQ-DODIN, describes cybersecurity challenges at a TechNet Asia-Pacific panel.

The United States needs to take a multifaceted approach to cybersecurity to ameliorate problems affecting every sector of government and society, said experts in a panel comprising women in the cyber arena. Two officials each from industry and government described the broad scope of the challenges and potential solutions at AFCEA’s TechNet Asia-Pacific 2018, held November 14-16 in Honolulu.

November 14, 2018
By Robert K. Ackerman
Adm. Philip S. Davidson, USN, commander of the U.S. Indo-Pacific Command, describes the command's new cyber challenges and policy at TechNet Asia Pacific 2018 in Honolulu.

The U.S. Indo-Pacific Command (INDOPACOM) is seeking the capabilities and enabling technologies to conduct “full-spectrum cyber operations” in its vast region of responsibility, according to its commander. Adm. Philip S. Davidson, USN, commander of the U.S. Indo-Pacific Command, described this new cyber push at the keynote luncheon on the first day of AFCEA’s TechNet Asia-Pacific 2018, held November 14-16 in Honolulu.

November 1, 2018
By George I. Seffers

For three years, the U.S. Army has been asking questions about how to converge cyberspace operations, electronic warfare and spectrum management capabilities at the corps level and below to deny, degrade, destroy and manipulate enemy capabilities. Now, officials say, they are drawing closer to answers.

In 2015, the service created a pilot program known as Cyberspace Electromagnetic Activity (CEMA) Support to Corps and Below. The CEMA concept integrates elements from offensive and defensive cyber, electronic warfare, and intelligence into expeditionary teams that support tactical units.

November 1, 2018
By George I. Seffers
The HoneyBot, a robotic system acting as a honeypot to lure hackers, could be used to protect critical infrastructure facilities. Credit: Rob Felt

In the coming months, researchers from Georgia Tech will reveal the results of testing on a robot called the HoneyBot, designed to help detect, monitor, misdirect or even identify illegal network intruders. The device is built to attract cyber criminals targeting factories or other critical infrastructure facilities, and the underlying technology can be adapted to other types of systems, including the electric grid.

The HoneyBot represents a convergence of robotics with the cyber realm. The diminutive robot on four wheels essentially acts as a honeypot, or a decoy to lure criminal hackers and keep them busy long enough for cybersecurity experts to learn more about them, which ultimately could unmask the hackers.

November 1, 2018
By Robert K. Ackerman
Venera Salman/Shutterstock

One way of ensuring that attackers don’t access a network node or break into a device is to render its identification invisible. Cloaking the device’s address gives a hacker nothing to see, and it can be done on systems ranging from government networks to medical electronics implanted inside human beings.

October 20, 2018
By George I. Seffers
Credit: daniel_diaz_bardillo/Pixabay

Officials with the U.S. Defense Department and Department of Homeland Security recently signed a memorandum of understanding outlining a partnership that will allow the Defense Department to take a greater role in sharing intelligence and proactively defending the nation’s critical infrastructure, including next week’s mid-term election.

The Defense Department’s unique role in assessing foreign threats means that it often has information that could benefit the other departments and agencies, the defense industrial base and others with a role in defending the nation’s critical infrastructure.

October 30, 2018
By Kimberly Underwood
Experts at MILCOM consider the possibility of forecasting cyber attacks. Credit: Katie Helwig

Somewhere between “hype and hope,” experts posit that aspects of a cyber attack can be predicted. They caution that success so far has been limited. If it is possible, forecasting digital invasions in advance naturally could be an important capability.

The key is predicting with enough accuracy to be helpful and with sufficient lead time, experts shared at AFCEA International and the Institute of Electrical and Electronics Engineers’ (IEEE’s) MILCOM conference on October 29 in Los Angeles.

Malicious emails have been the more forecastable type of cyber attack, the experts said.

October 24, 2018
By Michael Carmack
Small and medium-sized defense contractors are increasingly targeted by malicious hackers seeking to steal intellectual property. Credit: GDJ/Pixabay

It comes as no surprise that U.S. adversaries continue to target and successfully exploit the security weaknesses of small-business contractors. A successful intrusion campaign can drastically reduce or even eliminate research, development, test and evaluation (RDT&E) costs for a foreign adversary. Digital espionage also levels the playing field for nation-states that do not have the resources of their more sophisticated competitors. To bypass the robust security controls that the government and large contractors have in place, malicious actors have put significant manpower into compromising small- and medium-sized businesses (SMBs).

October 22, 2018
By Mike Lloyd
Artificial intelligence is still too easily fooled to secure networks without human assistance. Credit: geralt/Pixabay

Artificial intelligence can be surprisingly fragile. This is especially true in cybersecurity, where AI is touted as the solution to our chronic staffing shortage.

It seems logical. Cybersecurity is awash in data, as our sensors pump facts into our data lakes at staggering rates, while wily adversaries have learned how to hide in plain sight. We have to filter the signal from all that noise. Security has the trifecta of too few people, too much data and a need to find things in that vast data lake. This sounds ideal for AI.

October 15, 2018
By Paul Parker
Technical, physical, and departmental silos could undermine the government’s Internet of Things security efforts. Credit: methodshop/Pixabay

Every time federal information technology professionals think they’ve gotten in front of the cybersecurity risks posed by the Internet of Things (IoT), a new and unexpected challenge rears its head. Take, for instance, the heat maps used by GPS-enabled fitness tracking applications, which the U.S. Department of Defense (DOD) warned showed the location of military bases, or the infamous Mirai Botnet attack of 2016.

October 9, 2018
By George I. Seffers
With stealth technology, advanced sensors, weapons capacity and range, the F-35 can collect, analyze and share data. A U.S. Government Accountability Office report—which did not specify any particular weapon system—says a number of cybersecurity tests prove U.S. military weapon systems to be vulnerable to cyber attacks. Photo: Lockheed Martin

U.S. military aircraft, ships, combat vehicles, radios and satellites remain vulnerable to relatively common cyber attacks, according to a report published Tuesday by the U.S. Government Accountability Office (GAO). The report does not specify which weapon systems were tested.

In one case, a two-person test team took just one hour to gain initial access to a weapon system and one day to gain full control of the system, the report says. Another assessment demonstrated that the weapon system “satisfactorily prevented unauthorized access by remote users, but not insiders and near-siders.”

October 1, 2018
By George I. Seffers
Soldiers from the 25th Infantry Division in Hawaii and from U.S. Army Training and Doctrine Command Centers of Excellence participate in the Army's Cyber Blitz in April 2016 at Joint Base McGuire-Dix-Lakehurst, New Jersey. Cyber Blitz provides the Army a way to learn about cyber and electromagnetic activity. U.S. Army CERDEC photo by Kristen Kushiyama

The U.S. Army’s Cyber Blitz experimental exercise September 17-28 turned out to be an eye-opener for one maneuver officer regarding cyber’s capabilities on the battlefield.

Military leaders often describe the “speed of cyber” as being measured in milliseconds or microseconds, which means the operations tempo in the cyber realm is incredibly high and decisions are made rapidly. But an offensive cyber campaign can sometimes take much longer than maneuver commanders might expect. In a teleconference with reporters to discuss Cyber Blitz results, Lt. Col. John Newman, USA, deputy commanding officer, 3rd Brigade Combat Team, 10th Mountain Division, reports that the experiment proved to be a revelation.

October 1, 2018
By George I. Seffers
After getting a call from the White House, Dana Deasy came out of retirement to become the chief information officer for the U.S. Department of Defense.

By some measures, Dana Deasy, U.S. Defense Department chief information officer, has made a lot of progress in a little amount of time. He has developed an overarching digital modernization strategy, created a cyber working group, reviewed the department’s plans for implementing an enterprise-scale cloud computing architecture, and is leading an effort to establish a Joint Artificial Intelligence Center.

October 1, 2018
By Lt. Col. Federico Clemente, ESP A, and Cmdr. Stephen Gray, USN
Maj. Matthew Bailey, USA, executive officer, 3rd Squadron, 2d Cavalry Regiment (3/2CR), and 1st Lt. Trevor Rubel, USA, battle captain for the tactical command post, 3/2CR, review an operational overlay on a Nett Warrior device in preparation for an airfield seizure during the NATO Saber Strike 18 exercise in Kazlu Ruda, Lithuania. U.S. Army photo by 1st Lt. Joshua Snell

Technologies are spawning a revolutionary improvement in command and control that will have a transformative impact on how it is conducted at the operational level. These advancements, particularly artificial intelligence, are changing command and control functions such as sensing, processing, “sensemaking” and decision-making. Even greater changes lie ahead as innovation serves a larger role in defining both form and function.

October 1, 2018
By Chief Warrant Officer 2 Juan Muralles, USA; Chief Warrant Officer 2 Wavell Williams Jr., USA; Maj. Nicolas Beck, USA; and Maj. Daniel Canchola, USA
The worldwide regional hub nodes, including in the Pacific, are the largest satellite transport nodes of the Army’s tactical communications network, Warfighter Information Network-Tactical (WIN-T), enabling robust network communication exchange in, out and within theater. U.S. Army photo by Liana Mayo, PAO 311th Signal Command

Future U.S. Army regionally aligned forces will benefit from experiences—and solutions—discovered during last year’s integration with the U.S. Army Europe communications network. Although their communicators expected to hit the ground running when they arrived in theater, integrating tactical communications systems was more difficult than expected. Fortunately, new technology and soldiers’ know-how not only solved the immediate problems but also set the stage for easier communications integration in the future.

October 1, 2018
By Robert K. Ackerman
The USS Carney transits the Mediterranean Sea on patrol. The diverse nature of U.S. Navy ship systems presents a service-unique challenge to cybersecurity efforts as the Navy modernizes its information technologies. Credit: U.S. Navy photography by Mass Communications Spec. 1st Class Ryan U. Kledzik, USN

Multifaceted efforts that will work in concert with each other are at the heart of U.S. Navy cybersecurity programs. The sea service faces the dual challenge of incorporating new architectures and technologies such as the cloud, light-based communications, artificial intelligence and machine learning amid increasingly sophisticated adversaries. It is implementing new approaches that promise operational efficiency and better cybersecurity, but these approaches are complementary and must function together to realize their full potential.

October 1, 2018
By Dustan Hellwig
Staff Sgt. Kristoffer Perez, USA, Cyber Electromagnetic Activities section, 1st Armored Brigade Combat Team, 1st Infantry Division, carries a dismounted electronic warfare kit that allows him to work in concert with the rest of his section. To get inside an enemy’s OODA loop, commanders will need a way to see how electronic warfare is affecting the battlespace. Photo by Sgt. Michael C. Roach, 19th Public Affairs Detachment

Work is needed to improve temporal, spectral and information understanding within the layers of the cyber domain to facilitate useful cyber-spectral and information maneuver. These advances could be incorporated into tactics, techniques and procedures as well as tactical and operational systems to enhance the overall military commanders’ decision process to achieve information dominance.

Most of the tactical cyberspace domain is spectrum-dependent and administered solely at the physical layer. Currently, warfighters cannot comprehend, much less maneuver within, a space that is inaccessible to them because they are not in a dimensionality to understand it. They operate in a cyber-spectral flatland.

September 27, 2018
By Shaun Waterman
Credit: Shutterstock/Blazej Lyjak

The growth in a new kind of identity theft highlights the need for the federal government to step up and help the private sector verify citizens’ identity, experts and officials said at the AFCEA Federal ID Summit Thursday.

Synthetic identity fraud happens when a genuine social security number is used alongside a false name and date of birth to get credit or some other monetary benefit, Allison Lefrak, an attorney with the Federal Trade Commission's’ Division of Privacy and Identity Protection, told a session on identity theft.

“It’s on the rise,” she said.

September 27, 2018
Posted by Kimberly Underwood
President Donald Trump departs from the South Lawn of the White House on September 6.  With the issuance of the new National Cyber Strategy, the president promises his administration "will act to further enable the Department of Homeland Security (DHS) to secure federal department and agency networks.” Credit: Shealah Craighead

With the United States engaged in a “long-term strategic competition” with China and Russia, which are mounting persistent cyber attack campaigns that pose long-term risks to America, the U.S. military will act to deter aggression, cyber or otherwise, according to a new policy, known as the Department of Defense Cyber Strategy, from the U.S. Department of Defense.

September 24, 2018
Posted by Kimberly Underwood
A recent report from the U.S. Government Accountability Office (GAO) finds federal government actions related to cybersecurity lagging, posing a threat to the nation’s critical infrastructure and federal agencies. Photo credit: Shutterstock/Mark Van Scyoc

The U.S. government has not established a comprehensive cybersecurity strategy, nor has it performed effective oversight of cybersecurity as called for by federal law and policy, the U.S. Government Accountability Office (GAO) concluded in a stark report on the state of the nation’s cybersecurity.

Because of the cybersecurity policy lag and related action, federal agencies and U.S. critical infrastructure—including energy, transportation systems, communications and financial services—are vulnerable. And these cybersecurity risks are increasing as security threats evolve and become more sophisticated, GAO, the government’s watchdog agency, reported.

Pages