Cyber

August 21, 2019
By Beverly M. Cooper
The AFCEA Women’s program convened a panel of cyber experts that included (r-l) moderator Col. Laurie Moe Buckhout, USA (Ret.), Corvus Group LLC; Gisele Bennett, Florida Institute of Technology;  DeEtte Gray, CACI International Inc.; Nancy Kreidler, director, cybersecurity and information, assurance, Army CIO/G-6; and Annette Redmond, acting deputy assistant secretary for intelligence policy and coordination, Bureau of Intelligence and Research, Department of State. Photo by Michael Carpenter

Data is a strategic asset, but the human factor is the greatest unsolved issue in cybersecurity. Much progress has been made in securing technology, but today, it is not just the technology but also how you factor in human behavior. Security is not just about protecting the widget or fixing the algorithm because you must factor in behavior and external sources as well.

A panel of five women, all whom have excelled in cyber-related careers, took on some of cyber’s most pressing issues at TechNet Augusta.

August 20, 2019
By Beverly M. Cooper
Lt. Gen. Stephen Fogarty, USA, commanding general, U.S. Army Cyber Command, sketches a graphic to detail his talk during AFCEA TechNet Augusta. Photo by Michael Carpenter

Today’s military operates in a congested and contested cyber environment, and to have the advantage over its adversaries, the military must be able to integrate a variety of cyber-connected elements. Keeping the advantage depends on the ability to balance the level of precision required, to operate with speed, to accept nonconventional means and to tolerate less-than-perfect solutions. In an environment just short of war, there is no place for bureaucracy.

August 20, 2019
By George I. Seffers
Air Commodore Elanor Boekholt-O’Sullivan, Royal Netherlands Air Force, speaks about the cyber work force during a panel at AFCEA TechNet Augusta. Photo by Michael Carpenter

Members of an international panel of cyber experts recommend recruiting personnel some might consider misfits in the cyber realm.

June 1, 2019
By Maj. Ryan Kenny, USA
Credit: Shuttersotck/metamorworks

In the cyber realm, organizations need the means to rapidly identify emerging threats, immediately respond to mitigate risk, and systematically learn from these encounters—just as the immune system responds to a virus.

A single tool, process or team cannot deliver true cybersecurity. Collecting, analyzing and disseminating intelligence requires a converged organization that fuses expertise across domains. As adversaries possessing sophisticated expertise and considerable resources target multiple attack vectors—cyber, electromagnetic and physical, for example—cyber leaders must develop teams and systematic processes to rapidly transform analysis into action.

August 9, 2019
By Travis Smith
MITRE’s ATT&CK Framework can be used for cyber defense training even though it wasn’t created for that purpose.  Credit: Stuart Miles/Shutterstock

When government agencies consider the MITRE ATT&CK Framework, most want to better understand and address adversary behavior. When it comes to combating an agency’s debilitating shortage of skilled cyber personnel, most are still looking for effective solutions. But, what if the MITRE ATT&CK Framework is as effective at enhancing cyber defense skills as it is at identifying the adversary’s antics?

July 17, 2019
Posted by George I. Seffers
U.S. Cyber Command officials recently released a list of tough technical challenges areas, for which solutions may not yet exist. Credit: DR MANAGER/Shutterstock

The U.S. Cyber Command has released a list of 39 challenge problems fitting under 12 categories: vulnerabilities, malware, analytics, implant, situational awareness, capability development, persona, hunt, mission management, attack, security and blockchain.

August 1, 2019
By Robert K. Ackerman
Soldiers analyze network data during a cyber academy class at Fort Bragg, North Carolina. The project manager, defensive cyber operations (PM DCO), is working to boost Army cyber capabilities while shortening the training time line to empower more soldiers for the cyber defense mission. U.S. Army photo

Speed is of the essence as the U.S. Army works earnestly with industry to equip the force with the latest tools to combat cyber attacks. Yet rapid acquisition must be weighed against wasteful haste as the service aims to deliver combat-effective capabilities without breaking stride.

These capabilities include a revamped tool suite, a portable cyber defense system and advanced cyber situational awareness. At the forefront of these efforts is the project manager, defensive cyber operations (PM DCO), part of the Army’s Program Executive Office Enterprise Information Systems.

August 1, 2019
By Robert K. Ackerman
The amphibious assault ship USS Boxer anchors off the coast of Phuket, Thailand. The U.S. Indo-Pacific Command is advancing the quality of technology in multinational training exercises, so allies and partners can interoperate in cyber the way they might have to in regional operations. U.S. Navy photo

The U.S. Indo-Pacific Command is incorporating new cyber technologies and standards as it strives for greater interoperability among a growing number of allies and potential partners. This increased reliance on cyber is viewed by command leadership as essential for maintaining effective military capabilities in the face of a growing kinetic and cyber presence by diverse adversaries.

August 1, 2019
By Lt. Gen. Susan Lawrence, USA (Ret.)

Part one of a two-part series.

Nothing keeps Defense Department leaders up at night more than today’s cyber threat. This heightened concern was clearly reflected in the September 2018 DoD Cyber Strategy, which noted that “competitors deterred from engaging the United States and our allies in an armed conflict are using cyberspace operations to steal our technology, disrupt our government and commerce, challenge our democratic processes, and threaten our critical infrastructure.”

July 18, 2019
By Kimberly Underwood
After five years in use, the Federal Risk and Authorization Management Program, known as FedRAMP, offers benefits to federal governmental agencies, as well as some challenges, experts tell Congress. Credit Shutterstock/Blackboard

Officials from several federal agencies testified on Wednesday as to the effectiveness of the government’s cloud accreditation process, the Federal Risk and Authorization Management Program, with mixed reviews. Most witnesses before the U.S. House of Representatives Committee on Oversight and Reform’s Subcommittee on Government Operations hearing, entitled To the Cloud! The Cloudy Role of FedRAMP in IT Modernization, confirmed the positive benefits of the program.

July 15, 2019
By Kimberly Underwood
The U.S. House of Representatives, led by Democrats, passes its version of the annual defense spending authorization bill, which will have to be ironed out with the Republican-led Senate. Credit: Shutterstock/Turtix

On Friday, the U.S. House of Representatives passed their version of the National Defense Authorization Act for Fiscal Year 2020, H.R. 2500, by a vote of 220-197. Known as the NDAA, the annual legislation authorizes policy measures for the Defense Department. It varies from the Senate’s bill, S. 1790—passed on June 28—which the two legislative bodies will have to reconcile before sending a final NDAA to the president.

July 15, 2019
By Noah Schiffman
The National Security Agency is not to blame for the recent ransomware attack on the city of Baltimore, says Noah Schiffman, KRB chief technology adviser. Credit: Shutterstock/Stephen Finn

The May 7th ransomware attack against Baltimore has crippled much of the local government’s IT infrastructure while holding its network hostage. Not since the March 2018 attacks against Atlanta has a major U.S. city been so digitally impaired.

The subsequent media coverage of Baltimore’s struggle has generated some misplaced criticism of the U.S. government. Initial news reports erroneously claimed that the ransomware leveraged an NSA-developed exploit to compromise Baltimore’s municipal systems. Unfortunately, this snowballed into numerous sources placing blame on the NSA, claiming that they mismanaged their cyber weaponry. 

This is grossly incorrect.

July 15, 2019
 
Source: Proofpoint, 2019 State of the Phish Report

Meta: We examined the simulated phishing data of our federal customers and identified three tips program administrators and decision-makers in these organizations can use to strengthen their security awareness training efforts. 

U.S. federal government agencies face ongoing scrutiny from virtually all angles, but cybersecurity has leapt to the forefront in recent years. From safeguarding elections to defending against nation-state attacks, federal organizations (and their workers) face many sophisticated and high-profile threats—in addition to day-to-day issues that impact data and system security. 

July 10, 2019
Posted by Kimberly Underwood
Advanced digital tools, accessed through as-a-service models, offer benefits to the military, a study from Frost &Sullivan says. Credit: Shutterstock/Titina Ongkantong

The military and the government in the United Kingdom are employing cloud computing, big data, data analytics, Internet of Things devices, artificial intelligence, augmented reality and blockchain more often, according to recent study from London-based Frost & Sullivan, entitled Digitalization in Defense.

The result improves the continuity of operations and brings the military to a higher level of combat readiness, said Alix Leboulanger, senior industry analyst of defense at Frost & Sullivan.

July 1, 2019
By Robert K. Ackerman
Servicemen participate in a cyber warrior exercise overseas. The U.S. Army’s program executive officer for enterprise information systems (PEO EIS) is striving to speed new software into cyber systems while maintaining effective operations. U.S. Army Reserve photo

The U.S. Army is building a tighter relationship with industry to tap commercial expertise and avoid long procurement delays that often render new information technologies obsolete before they are fielded.

At the heart of this effort is Cherie A. Smith, program executive officer for enterprise information systems (PEO EIS), U.S. Army. After she assumed her position last year, Smith relates, she focused on making promises and seeking help. Since then, she has emphasized a shared relationship with industry.

July 1, 2019
By Kyle Aldrich
Looking Glass stock

Global, asymmetrical threats now dominate attacks on nations and businesses alike, and the enemy is not always immediately knowable, identifiable or even seen. These realities are forcing leaders to invest more resources into analytics, as well as intelligence, surveillance, reconnaissance and other 21st century responses to cyber bombardments today.

July 1, 2019
By Chris Nissen
Bill Bickert, assistant commander for supply chain management policy and performance, Naval Supply Systems Command, visits the command’s Fleet Logistics Center–Jacksonville, Florida, headquarters. Supply chain monitoring software is useful; however, ensuring suppliers are providing clean components is crucially important as well. Photo by Carol Williams

Adversaries are exploiting the inherent vulnerabilities of U.S. military supply chains that involve tens of thousands of private sector providers from all over the globe. Attack operations include stealing valuable technical data; striking critical infrastructure, manufacturing and weapon systems control systems; corrupting the quality and assurance across a broad range of product types and categories; and manipulating software to access connected systems and to degrade systems operation integrity.

June 19, 2019
By George I. Seffers
The Missouri Cyber Team, a part of the National Guard, developed RockNSM an open source cybersecurity system. Now, they are building a nonprofit organization to help share that system with others. Credit: Missouri National Guard Cyber Team

Members of the Missouri National Guard Cyber Team are launching a nonprofit organization to share RockNSM, a system initially built by cyber warriors for cyber warriors.

RockNSM is a network security monitoring platform that uses open source technologies, such as CentOS, which is an operating system derived from the RedHat enterprise-level open source system. RockNSM formed the basis for a Task Force Echo network anomaly detection system used for real-world cyber operations.

June 6, 2019
By Kimberly Underwood
The DevSecOps software platform being deployed by the DOD Enterprise DevSecOps Enterprise Initiative will enable software fixes in minutes and automate testing and security, among other capabilities, says Nicolas Chaillan, chief software officer, U.S. Air Force, co-lead of the Initiative.

The Defense Department is pursuing an aggressive software development program, called the DOD Enterprise DevSecOps Initiative. The effort is focused on bringing automated software tools, services and standards to DOD programs so that warfighters can create, deploy and operate software applications in a secure, flexible and interoperable manner, explained Nicolas Chaillan, chief software officer, U.S. Air Force, co-lead of the DOD Enterprise DevSecOps Initiative. The program is a joint effort of the DOD’s Chief Information Officer, Office of the Undersecretary of Defense for Acquisition and Sustainment and the services, he said.

May 31, 2109
By Maryann Lawlor
Artificial intelligence and machine learning are still technically in their infancy. Both show promise in the military and government arenas, but experts still have many questions.

Artificial intelligence and machine learning techniques could help information and network defenders recognize patterns of potential attackers so their next moves can be proactively blocked. In addition, cyber tools enhanced with these capabilities could provide a much more detailed picture of the cyber battlefield and increase the potential of success in a cyber campaign. This knowledge would complement the kinetic battlefield and could permit war planners to choose the appropriate mix of cyber and kinetic operations.

Pages