Given increasing threat levels, the Air Force is employing cybersecurity measures to protect its data, especially to safeguard information that is weather-related and feeds into military decision making. The service is applying mission defense teams, or specialized cybersecurity crews, to safeguard weather intelligence. The cyber mission defense team structure is in action at the 557th Weather Wing at Offutt Air Force Base in Omaha, Nebraska.
In the next month or so, the U.S. Air Force will be standing up its latest Numbered Air Force, the 16th Air Force, leaders report.
As part of the move, the Air Force selected Maj. Gen. (frocked) Timothy Haugh, USAF, to be the commander of the 16th Air Force, Air Combat Command, Joint Base San Antonio-Lackland, Texas.
Government agencies are working together much more effectively as they counter terrorism and state-sponsored attacks in cyberspace. But more remains to be done as adversaries introduce new tactics and capabilities.
A panel comprising the top U.S. intelligence officials reviewed these issues as they closed out the AFCEA/INSA Intelligence & National Security Summit on September 5. Their points ranged from foreign interference in U.S. elections to cooperation—or the lack thereof—from industry with the U.S. government.
The United States is now presenting cyber adversaries with a bill for their malevolent activities. Counter-cyber efforts have joined traditional defensive measures as the intelligence community confronts cybermarauders with greater detection, discovery and prevention.
Several high-ranking intelligence officials described this new tack in combating cyber threats during a panel discussion at the AFCEA/INSA Intelligence & National Security Summit on September 5. Their observations ranged from election meddling to a potential all-out cyber war.
The secret word is out and crypto is in as government and commercial experts lay the groundwork for the next generation of identity proving and authentication. Passwords are being abandoned in favor of a range of new methods that are more secure and, in some cases, more user friendly.
Biometrics are just part of the solution. They have been paired with public key cryptography in preliminary efforts. Ultimately, the solution may emerge from an entirely new concept of identity that applies across a broad spectrum of applications.
In four years, researchers funded by the U.S. military may develop a working prototype of a system that allows for a nonsurgical interface between the human brain and technology. Such a system could improve brain control of unmanned vehicles, robots, cybersecurity systems and mechanical prosthetics while also improving the interface between humans and artificial intelligence (AI) agents.
From the outer space environment of the moon to the virtual realm of cyberspace, technology challenges have the potential to vex the intelligence community. Many of the tools that the community is counting on to accomplish its future mission can be co-opted or adopted by adversaries well-schooled in basic scientific disciplines. So U.S. intelligence officials must move at warp speed to develop innovations that give them an advantage over adversaries while concurrently denying foes the use of the same innovations against the United States.
Trusted intelligence is needed in an era in which the United States is facing growing threats. The military and other entities in the intelligence community rely on the U.S. Defense Intelligence Agency to provide not only actionable intelligence but also the platforms or information technology systems that enable intelligence gathering, processing and analysis. To meet the increasing demand for intelligence, the Defense Intelligence Agency, known as the DIA, has distributed part of its workforce to the various U.S. military commands that it supports. This global deployment has altered the role of the DIA, explains Jean Schaffer, the agency’s chief information security officer (CISO) and chief of Cyber and Enterprise Operations.
Second of a two-part series.
Few if any topics cause more stress across the Defense Department than cybersecurity. As I noted in my last column, department leaders have taken many steps to address the problem. While most of these steps are helpful, we still see a lot of emphasis placed on setting and enforcing cyber standards across the department and its broader ecosystem of stakeholders.
The U.S. Army is enjoying a renaissance period for cyber and electronic warfare (EW) technologies and has a chance to lay a foundation of interoperability in cyber systems, says Col. Kevin Finch, USA, program manager for electronic warfare and cyber within the Program Executive Office-Intelligence, Electronic Warfare and Sensors.
Col. Finch made the comments on the final day of the AFCEA TechNet Augusta conference 2019 in Augusta, Georgia. AFCEA added an extra day to the annual conference to highlight procurement and acquisition.
Maj. Gen. Neil Hersey, USA, commander, of the U.S. Army Cyber Center of Excellence and Fort Gordon, said the center could potentially change its name, but that close cooperation among the centers of excellence essentially already provides the benefits of an information warfare center of excellence.
The change—if it happens—would follow the lead of the Army Cyber Command. Lt. Gen. Stephen Fogarty, USA, who leads Army Cyber Command, has been pushing to change the name to Army Information Warfare Operations Command. The service’s centers of excellence fall under the U.S. Army Training and Doctrine Command (TRADOC).
Brig. Gen. Anthony “Tony” Potts, program executive officer (PEO)-soldier, recently signed a new standard for 256-bit encryption for individual soldier systems. That is an increase from 128-bit encryption.
And since beginning the job about 18 months ago, he has stopped the once-common practice in the PEO-Soldier shop of signing cybersecurity waivers for the individual soldier equipment being developed. Furthermore, he is building a “robust capability” Risk Management Framework, which essentially specifies security controls for a system that involves organizational risk.
The Defense Information Systems Agency (DISA) continues to add capabilities available to warfighters and to the broader Defense Department community.
The agency has created a lot of buzz in recent months with a number of initiatives involving cloud capabilities, mobility and biometrics. Officials serving on a DISA panel continued that trend at the AFCEA TechNet Augusta 2019 conference in Augusta, Georgia.
Data is a strategic asset, but the human factor is the greatest unsolved issue in cybersecurity. Much progress has been made in securing technology, but today, it is not just the technology but also how you factor in human behavior. Security is not just about protecting the widget or fixing the algorithm because you must factor in behavior and external sources as well.
A panel of five women, all whom have excelled in cyber-related careers, took on some of cyber’s most pressing issues at TechNet Augusta.
Today’s military operates in a congested and contested cyber environment, and to have the advantage over its adversaries, the military must be able to integrate a variety of cyber-connected elements. Keeping the advantage depends on the ability to balance the level of precision required, to operate with speed, to accept nonconventional means and to tolerate less-than-perfect solutions. In an environment just short of war, there is no place for bureaucracy.
Members of an international panel of cyber experts recommend recruiting personnel some might consider misfits in the cyber realm.
In the cyber realm, organizations need the means to rapidly identify emerging threats, immediately respond to mitigate risk, and systematically learn from these encounters—just as the immune system responds to a virus.
A single tool, process or team cannot deliver true cybersecurity. Collecting, analyzing and disseminating intelligence requires a converged organization that fuses expertise across domains. As adversaries possessing sophisticated expertise and considerable resources target multiple attack vectors—cyber, electromagnetic and physical, for example—cyber leaders must develop teams and systematic processes to rapidly transform analysis into action.
When government agencies consider the MITRE ATT&CK Framework, most want to better understand and address adversary behavior. When it comes to combating an agency’s debilitating shortage of skilled cyber personnel, most are still looking for effective solutions. But, what if the MITRE ATT&CK Framework is as effective at enhancing cyber defense skills as it is at identifying the adversary’s antics?
The U.S. Cyber Command has released a list of 39 challenge problems fitting under 12 categories: vulnerabilities, malware, analytics, implant, situational awareness, capability development, persona, hunt, mission management, attack, security and blockchain.
Speed is of the essence as the U.S. Army works earnestly with industry to equip the force with the latest tools to combat cyber attacks. Yet rapid acquisition must be weighed against wasteful haste as the service aims to deliver combat-effective capabilities without breaking stride.
These capabilities include a revamped tool suite, a portable cyber defense system and advanced cyber situational awareness. At the forefront of these efforts is the project manager, defensive cyber operations (PM DCO), part of the Army’s Program Executive Office Enterprise Information Systems.