The Cyberspace Operations Directorate within the Defense Information Systems Agency is employing a so-called battle drill concept to ensure communications and data are available to the combatant commanders, senior leaders or other key officials when required. The directorate is responsible for the global flow of information, especially in support of the U.S. military’s 11 combatant commands and other key Defense Department operations. The battle drill model collectively pulls together the resources needed to tackle complex communication and data issues.
The Department of Defense (DOD) is dramatically increasing its digital security expectations for defense contractors and subcontractors. Having been on both sides of the partnership between government and the public sector, I am happy to see DOD is not only raising the bar on cybersecurity but also providing guidance on the implementation of cybersecurity best practices within the defense industrial base.
By using multiple lines of effort, including college and university engagement, social media, virtual events, military outreach and partnerships, the Defense Information Systems Agency is taking a multidimensional approach to the development and growth of its cybersecurity workforce.
According to the (ISC)² 2019 Cybersecurity Workforce Study, the global cybersecurity workforce needs to grow by 145 percent to meet the demand for skilled cybersecurity talent. In the United States, it needs to grow by 62 percent. “It’s a big task,” the report said.
The rising prominence of the Cyber branch in the U.S. military, and namely the Army, begs the question “What will the Cyber branch be used for?” Citing the Defense Department’s plan for the Cyber branch, as well as the Signal branch’s shifting roles in the realm of cyberspace, the responsibilities of both branches are becoming clear. It is evident that as time goes on, the Cyber branch will become focused mainly on the defense of the military domain and cyberspace.
Helping to meet the teleworking needs of the U.S. Air Force during the COVID-19 pandemic has been no small feat over the last six weeks. At the same time, the service is working to maintain the security of Air Force networks and communication tools in order to continue daily operations and critical mission functions, explained Brig. Gen. Chad D. Raduege, USAF, director of Cyberspace and Information Dominance and chief information officer, Headquarters Air Combat Command, Joint Base Langley-Eustis, Virginia.
Gen. Raduege, whose role is also known as the A-6, was AFCEA Tidewater’s luncheon speaker during a virtual monthly meeting last week.
NATO is doubling down on cyberspace defense with increased partnerships and new technology thrusts. Information exchanges on threats and solutions, coupled with research into exotic capabilities such as artificial intelligence, are part of alliance efforts to secure its own networks and aid allies in the cybersecurity fight.
The threats the alliance networks face constitute relatively the same ones confronting other organizations. NATO faces the double challenge of securing its own networks and information assets, as well as helping its member nations improve their own national cyber resilience.
Amid growing fears that U.S. military reliance on civilian space infrastructure might prove a weak point, two organizations are seeking to improve cybersecurity in the burgeoning satellite industry. The Orbital Security Alliance has published a detailed set of cybersecurity guidelines for commercial satellite operators, which aims specifically at smaller, newer companies in the fast-growing “minisat” sector.
To truly ensure the principle of one person, one vote, the American electoral infrastructure should adopt security protocols similar to those used in the cybersecurity industry. Electoral management should be conducted using variations on the techniques employed for financial systems and national security data. Unfortunately, today’s U.S. voting mechanisms at all levels as well as national policy would not pass even the most rudimentary information assurance audit.
Digital structures are needed to protect government information and operations. A group participating in a National Institute of Standards of Technology challenge is offering a secure cloud-based platform that can improve the digital and actual health of a city and protect its information.
As cloud computing gains greater numbers of adherents, their increasing demands are straining security measures designed to guard operations. This problem is going to worsen dramatically when applications such as artificial intelligence development assume a significant presence in the cloud.
Yet those same complications offer opportunities. The new types of security that will need to be applied to the cloud can be used for other forms of cyberspace operations. Solutions to the difficulties of cloud security could help protect data elsewhere commensurate with the enhanced role played by the cloud.
Companies should not be intimidated by the multitiered Cybersecurity Maturity Model Certification (CMMC), says a panel of experts. The new system is geared for companies to approach it methodically as they learn more about its implementation and requirements.
In a remote session hosted by AFCEA’s Virtual CMMC Symposium, the panelists encouraged companies to proceed through its steps and seek advice from others, particularly prime contractors. Janey Nodeen, president, Burke Consortium Inc., said, “There is a path to success. It’s not as hard as you think, and at the end of the day it’s very, very valuable to your company.
“It is very much a crawl-walk-run approach, and don’t overthink it,” she added.
“The time is now” for companies to begin implementation of Cybersecurity Maturity Model Certification (CMMC) measures, said the chief information security officer for defense acquisition. Katie Arrington, speaking at AFCEA’s Virtual CMMC Symposium, told participants that many CMMC tenets constitute good practices that can—and should—be implemented even before the CMMC is formalized.
“Let’s not wait until it’s required; let’s do it now,” Arrington said. “The time is now.” She added that the country loses $600 billion a year to adversaries, and practicing basic cyber hygiene methods that will be part of CMMC level 1 standards will help companies immensely.
At one point in his 10-year Navy career, Richard “Chit” Chitamitre, a former machinist mate, was concerned he might be kicked out. But an opportunity to cross train in the cyber field transformed his career.
Chitamitre, who is now a federal technology evangelist with Corelight Inc., joined the Navy in 2007, enlisting as a machinist mate in the nuclear program. Nuclear power machinist mates operate and maintain naval nuclear propulsion plants and associated equipment and supervise and administer nuclear propulsion plant operations, according to a Navy website.
The U.S. Air Force’s new information warfare Numbered Air Force (NAF), the 16th Air Force, stood up in October, reached full operating capability yesterday, reported its commander, Lt. Gen. Timothy Haugh, USAF. The 16th Air Force (Air Forces Cyber), which includes 10 wings, is the center of the Air Force’s cyber operations; intelligence, surveillance and reconnaissance (ISR) capabilities; electronic warfare and information operations.
The U.S. Federal Bureau of Investigation, and the State, Treasury and Homeland Security departments issued a detailed 12-page advisory on April 15 alerting the nation to an increased threat of malicious cyber activity by North Korea. The U.S. government’s advisory warned financial entities in particular of aggressive action by North Korea intended to harm the financial system, as well as threats to critical infrastructure.
Managing an enterprise cybersecurity and information assurance program in any company today is a complex balancing act. It resembles an unending three-dimensional chess match entwining business risk, profit and loss, pitting a company’s very survival against myriad global threat actors. An organization’s cybersecurity stance also involves a combination of technology and solid decision making at an organization’s highest levels.
The concern of machine ethics and laws spills into the everyday workings of society, not just the domain of defense. Many concepts revolve around the law of armed conflict, societal law, ethical dilemmas, psychological concepts and artificially intelligent cyber systems, as well as their relationships among each other. In addition to the delineation of machine ethic guidelines, an ethical life cycle is necessary to account for changes over time in national circumstances and personal beliefs. Just recently, the Defense Innovation Board, which serves as an advisory board to the Pentagon, met and published ethical guidelines in designing and implementing artificially intelligent weapons.
Security is among the single greatest concern government agencies have about moving their systems to the cloud. Although it offers significant benefits, cloud computing continues to raise questions about data and system protection. Regardless, the Office of Management and Budget via its Cloud Smart Strategy and the previous Cloud First policy mandates government agencies move to the cloud.
As people around the world practice self-isolation in an effort to reduce exposure and spreading of the COVID-19 virus, the need to maintain a strong cybersecurity posture arguably has never been higher. Millions of people have shifted their daily lives to an environment relying on telework, distance learning, Internet-enabled social engagement, streaming news and entertainment and other activities.
This “new normal” is facilitated by the robust capabilities of the Internet. Yet it presents a significant cyber risk. During the COVID-19 crisis, we’ve seen bad actors stepping up their game with increased incidents of phishing, disinformation, watering hole attacks and other criminal activity.
How the U.S. government responded to the vulnerabilities created by anti-virus software and other products from Russia’s AO Kaspersky Laboratories is an important demarcation point in the growing awareness of and need for supply chain trust and assurance. Before that, conversations regarding supply chain risk management “were sort of siloed off to the side,” explains Daniel Kroese, acting deputy assistant director for the Cybersecurity and Infrastructure Security Agency’s National Risk Management Center at the Department of Homeland Security.