Cyber

May 18, 2020
By Kimberly Underwood
The Defense Information Systems Agency’s Cyberspace Operations Directorate is relying on a so-called battle drill concept, pulling in teams of experts to troubleshoot and fix hard-to-solve communications challenges. Credit: Shutterstock/Gorodenkoff

The Cyberspace Operations Directorate within the Defense Information Systems Agency is employing a so-called battle drill concept to ensure communications and data are available to the combatant commanders, senior leaders or other key officials when required. The directorate is responsible for the global flow of information, especially in support of the U.S. military’s 11 combatant commands and other key Defense Department operations. The battle drill model collectively pulls together the resources needed to tackle complex communication and data issues.

May 15, 2020
By Rear Adm. Michael Brown, USN (Ret.)
End-to-end encryption will help the defense industrial base meet the requirements of the Cybersecurity Maturity Model Certification program, according to Rear Adm. Michael Brown, USN (Ret.). Credit: Jan Alexander/Pixabay

The Department of Defense (DOD) is dramatically increasing its digital security expectations for defense contractors and subcontractors. Having been on both sides of the partnership between government and the public sector, I am happy to see DOD is not only raising the bar on cybersecurity but also providing guidance on the implementation of cybersecurity best practices within the defense industrial base.

May 13, 2020
By Julianne Simpson
Credit: Shutterstock/metamorworks

By using multiple lines of effort, including college and university engagement, social media, virtual events, military outreach and partnerships, the Defense Information Systems Agency is taking a multidimensional approach to the development and growth of its cybersecurity workforce.

According to the (ISC)² 2019 Cybersecurity Workforce Study, the global cybersecurity workforce needs to grow by 145 percent to meet the demand for skilled cybersecurity talent. In the United States, it needs to grow by 62 percent. “It’s a big task,” the report said.

May 4, 2020
By 1st Lt. Cory Mullikin, USA
Army soldiers check the setup up of an antenna for voice and data tactical communications in Port-au-Prince, Haiti. While the responsibilities between the Cyber and Signal branches are still evolving, a seven-layer model may be helpful in defining the divide. U.S. Navy photo by Chief Petty Officer Robert J. Fluegel

The rising prominence of the Cyber branch in the U.S. military, and namely the Army, begs the question “What will the Cyber branch be used for?” Citing the Defense Department’s plan for the Cyber branch, as well as the Signal branch’s shifting roles in the realm of cyberspace, the responsibilities of both branches are becoming clear. It is evident that as time goes on, the Cyber branch will become focused mainly on the defense of the military domain and cyberspace.

May 4, 2020
By Kimberly Underwood
Four U.S. Air Force F-22 Raptors from the 1rst Fighter Wing line up before takeoff to conduct an adversary training sortie at Joint Base Langley-Eustis, Virginia on April 10. The Air Combat Command, which is responsible for the service's cyber mission, is examining the Air Force's cyber stance closely during the COVID-19 pandemic. Credit: U.S. Air Force photo by Nicholas De La Pena

Helping to meet the teleworking needs of the U.S. Air Force during the COVID-19 pandemic has been no small feat over the last six weeks. At the same time, the service is working to maintain the security of Air Force networks and communication tools in order to continue daily operations and critical mission functions, explained Brig. Gen. Chad D. Raduege, USAF, director of Cyberspace and Information Dominance and chief information officer, Headquarters Air Combat Command, Joint Base Langley-Eustis, Virginia. 

Gen. Raduege, whose role is also known as the A-6, was AFCEA Tidewater’s luncheon speaker during a virtual monthly meeting last week.

May 1, 2020
By Robert K. Ackerman
Members of the NATO Military Committee are briefed at the NATO Joint Warfare Centre in Norway. The Atlantic alliance is broadening its activities in cybersecurity amid more diverse threats and growing new technologies. Credit: NATO

NATO is doubling down on cyberspace defense with increased partnerships and new technology thrusts. Information exchanges on threats and solutions, coupled with research into exotic capabilities such as artificial intelligence, are part of alliance efforts to secure its own networks and aid allies in the cybersecurity fight.

The threats the alliance networks face constitute relatively the same ones confronting other organizations. NATO faces the double challenge of securing its own networks and information assets, as well as helping its member nations improve their own national cyber resilience.

May 1, 2020
By Shaun Waterman
A SpaceX Falcon 9 rocket launches the first of the new generation of modernized, harder-to-hack GPS block III satellites in December 2018. GPS is one of the space-based functions that’s increasingly vital to the functioning of the U.S. economy. Credit: GPS.gov

Amid growing fears that U.S. military reliance on civilian space infrastructure might prove a weak point, two organizations are seeking to improve cybersecurity in the burgeoning satellite industry. The Orbital Security Alliance has published a detailed set of cybersecurity guidelines for commercial satellite operators, which aims specifically at smaller, newer companies in the fast-growing “minisat” sector.

May 1, 2020
By Travis Johnson
Citizens must be confident that their votes are counted as they are cast. Following the example of the NIST SP 800-53 Revision 4 Control Families list would be one way to ensure the information technology piece of voting machines is protected from threats and vulnerabilities. Credit: Shutterstock/Burlingham

To truly ensure the principle of one person, one vote, the American electoral infrastructure should adopt security protocols similar to those used in the cybersecurity industry. Electoral management should be conducted using variations on the techniques employed for financial systems and national security data. Unfortunately, today’s U.S. voting mechanisms at all levels as well as national policy would not pass even the most rudimentary information assurance audit.

May 1, 2020
By Kimberly Underwood
Through four use cases, including one that applies to street light operations, the city of Syracuse, New York, is evaluating a secure cloud architecture designed to provide cyber attack protections. Credit: Shutterstock/Debra Millet

Digital structures are needed to protect government information and operations. A group participating in a National Institute of Standards of Technology challenge is offering a secure cloud-based platform that can improve the digital and actual health of a city and protect its information.

May 1, 2020
By Robert K. Ackerman
Credit: Shutterstock/Blackboard

As cloud computing gains greater numbers of adherents, their increasing demands are straining security measures designed to guard operations. This problem is going to worsen dramatically when applications such as artificial intelligence development assume a significant presence in the cloud.

Yet those same complications offer opportunities. The new types of security that will need to be applied to the cloud can be used for other forms of cyberspace operations. Solutions to the difficulties of cloud security could help protect data elsewhere commensurate with the enhanced role played by the cloud.

April 23, 2019
By Robert K. Ackerman
Panelists participate in a remote panel discussion hosted by AFCEA’s Virtual CMMC Symposium.

Companies should not be intimidated by the multitiered Cybersecurity Maturity Model Certification (CMMC), says a panel of experts. The new system is geared for companies to approach it methodically as they learn more about its implementation and requirements.

In a remote session hosted by AFCEA’s Virtual CMMC Symposium, the panelists encouraged companies to proceed through its steps and seek advice from others, particularly prime contractors. Janey Nodeen, president, Burke Consortium Inc., said, “There is a path to success. It’s not as hard as you think, and at the end of the day it’s very, very valuable to your company.

“It is very much a crawl-walk-run approach, and don’t overthink it,” she added.

April 23, 2019
By Robert K. Ackerman

“The time is now” for companies to begin implementation of Cybersecurity Maturity Model Certification (CMMC) measures, said the chief information security officer for defense acquisition. Katie Arrington, speaking at AFCEA’s Virtual CMMC Symposium, told participants that many CMMC tenets constitute good practices that can—and should—be implemented even before the CMMC is formalized.

“Let’s not wait until it’s required; let’s do it now,” Arrington said. “The time is now.” She added that the country loses $600 billion a year to adversaries, and practicing basic cyber hygiene methods that will be part of CMMC level 1 standards will help companies immensely.

April 22, 2020
By George I. Seffers
Richard Chitamitre's Navy propsects were looking bleak until he got an opportunity to train for a cybersecurity career. Credit: Julia Kopacheva/Shutterstock

At one point in his 10-year Navy career, Richard “Chit” Chitamitre, a former machinist mate, was concerned he might be kicked out. But an opportunity to cross train in the cyber field transformed his career.

Chitamitre, who is now a federal technology evangelist with Corelight Inc., joined the Navy in 2007, enlisting as a machinist mate in the nuclear program. Nuclear power machinist mates operate and maintain naval nuclear propulsion plants and associated equipment and supervise and administer nuclear propulsion plant operations, according to a Navy website.

April 22, 2020
By Kimberly Underwood
Lt. Gen. Timothy Haugh, USAF, reports that the 16th Air Force reached full operational capability on April 21, during a virtual AFCEA Alamo luncheon event the same day. The general also spoke at the chapter’s ACE event in November.

The U.S. Air Force’s new information warfare Numbered Air Force (NAF), the 16th Air Force, stood up in October, reached full operating capability yesterday, reported its commander, Lt. Gen. Timothy Haugh, USAF. The 16th Air Force (Air Forces Cyber), which includes 10 wings, is the center of the Air Force’s cyber operations; intelligence, surveillance and reconnaissance (ISR) capabilities; electronic warfare and information operations.

April 15, 2020
Posted by Kimberly Underwood
North Korea's sponsored malicious cyber operations are an attempt to raise funds for weapons of mass destruction and ballistic missiles, the U.S. government warns. Credit: Shutterstock/hotsum

The U.S. Federal Bureau of Investigation, and the State, Treasury and Homeland Security departments issued a detailed 12-page advisory on April 15 alerting the nation to an increased threat of malicious cyber activity by North Korea. The U.S. government’s advisory warned financial entities in particular of aggressive action by North Korea intended to harm the financial system, as well as threats to critical infrastructure.

April 1, 2020
By Mark A. Spangler
Navigating today’s cyber battlespace without a robust understanding of organizational risk, mission essential functions and critical cyber terrain can cause even the most seasoned manager to feel digitally adrift. Credit: Original image is a composite of at least nine images and graphics that TriSept’s, Axel Edling, created.

Managing an enterprise cybersecurity and information assurance program in any company today is a complex balancing act. It resembles an unending three-dimensional chess match entwining business risk, profit and loss, pitting a company’s very survival against myriad global threat actors. An organization’s cybersecurity stance also involves a combination of technology and solid decision making at an organization’s highest levels.

April 1, 2020
By Michael M. Hanna
Shutterstock/kentoh

The concern of machine ethics and laws spills into the everyday workings of society, not just the domain of defense. Many concepts revolve around the law of armed conflict, societal law, ethical dilemmas, psychological concepts and artificially intelligent cyber systems, as well as their relationships among each other. In addition to the delineation of machine ethic guidelines, an ethical life cycle is necessary to account for changes over time in national circumstances and personal beliefs. Just recently, the Defense Innovation Board, which serves as an advisory board to the Pentagon, met and published ethical guidelines in designing and implementing artificially intelligent weapons.

April 1, 2020
By Sarbari Gupta, Ph.D.
Overspending on cyber tools and appliances placed in the wrong location or configured poorly can be equally bad if not worse than under-resourcing. 2,500 years before the advent of digital networking, military strategist Sun Tzu’s advice is still applicable: You must know your enemy and know yourself to be victorious. Credit: Pexels/meo

Security is among the single greatest concern government agencies have about moving their systems to the cloud. Although it offers significant benefits, cloud computing continues to raise questions about data and system protection. Regardless, the Office of Management and Budget via its Cloud Smart Strategy and the previous Cloud First policy mandates government agencies move to the cloud.

March 23, 2020
By Greg Touhill
With the Coronavirus driving more people to work or study from home, it is more important than ever for private individuals and families to secure their home networks. Credit: Manolines/Shutterstock

As people around the world practice self-isolation in an effort to reduce exposure and spreading of the COVID-19 virus, the need to maintain a strong cybersecurity posture arguably has never been higher. Millions of people have shifted their daily lives to an environment relying on telework, distance learning, Internet-enabled social engagement, streaming news and entertainment and other activities.

This “new normal” is facilitated by the robust capabilities of the Internet. Yet it presents a significant cyber risk. During the COVID-19 crisis, we’ve seen bad actors stepping up their game with increased incidents of phishing, disinformation, watering hole attacks and other criminal activity.

March 25, 2020
By Kimberly Underwood
Credit: Shutterstock

How the U.S. government responded to the vulnerabilities created by anti-virus software and other products from Russia’s AO Kaspersky Laboratories is an important demarcation point in the growing awareness of and need for supply chain trust and assurance. Before that, conversations regarding supply chain risk management “were sort of siloed off to the side,” explains Daniel Kroese, acting deputy assistant director for the Cybersecurity and Infrastructure Security Agency’s National Risk Management Center at the Department of Homeland Security.

Pages