Cyber

December 1, 2014
By Sandra Jontz

The private and financial sectors are pressing for better governmental answers to the costly cybersecurity challenges still plaguing the nation. They want the White House to create, as a minimum first step, an interagency or oversight group to facilitate information sharing. This small step is seen as a critical link between industry and government to organizing the fragmented cybersecurity efforts needed to quash mounting attacks.

While federal efforts abound, they are coordinated haphazardly, with gaps and no overarching governance—in spite of a preponderance of existing documents, plans, regulations and actions, according to experts.

December 1, 2014
By Rita Boland
A tactical operations center monitors an NIE. Securing cyber capabilities, starting in the laboratory then extending to the field, is a priority for the U.S. Army.

Cyber is becoming more critical in battle every day, and the U.S. Army is adjusting its Network Integration Evaluation to reflect that reality. The service branch is introducing new digital features to the training event from the laboratory to the field.

December 1, 2014
By George I. Seffers
 Adm. Michael Rogers, USN, NSA director and commander, U.S. Cyber Command, predicts an attempted destructive attack affecting critical infrastructure networks during his tenure as commander.

Adm. Michael Rogers, USN, who leads both the National Security Agency and U.S. Cyber Command, predicts a damaging attack to critical infrastructure networks within the coming years. If an attack happens, the agency and Cyber Command will coordinate a response along with other government agencies and potentially the private sector organizations that own many of the networks.

November 3, 2014
By George I. Seffers

The U.S. Navy’s Task Force Cyber Awakening, which was established in July, is expected to deliver its first report to the service’s leadership this month, task force officials say. The report will include recommendations for improving the service’s cyber posture, both ashore and afloat.

December 1, 2014
By George I. Seffers

The U.S. Defense Information Systems Agency is being tasked with an operational role in the cyber domain, namely network defense. The new role creates a formal relationship between the agency, U.S. Cyber Command and the military services; integrates network operations and defense; and should ultimately improve security.

October 29, 2014
George I. Seffers

Terry Halvorsen, the Defense Department’s acting chief information officer, is expected very soon to release a new policy revising the role the Defense Information Systems Agency (DISA) plays in brokering cloud services. The changes are designed to speed cloud service acquisitions by preventing bottlenecks created by having only one agency act as broker. DISA no longer will be the sole acquisition agency, but it will continue to ensure network access to cloud service providers is secure and reliable, agency officials say.

October 16, 2014
By Sandra Jontz

Might the recurring data breaches plaguing one large retailer after another be a dress rehearsal for a catastrophic attack that could cripple, if not destroy, the United States and its critical infrastructure? The doomsday rhetoric presented by cybersecurity experts at an issue forum Thursday, while not so calamitous, served as a wake-up call to the enduring cybersecurity vulnerabilities.

October 10, 2014
By Sandra Jontz

The recent rash of cyber attacks on major U.S. companies has drawn renewed focus on network vulnerabilities, both in commercial and governmental sectors, and not just on external attackers but on potentially more ominous threats posed by insiders.

November 1, 2014
By George I. Seffers
SPAWAR Systems Center Pacific personnel and sailors from Explosive Ordnance Disposal Mobile Unit ONE retrieve an unmanned underwater vehicle deployed to detect mines and improvised explosives in shallow water environments.

As the U.S. Navy modernizes information systems across the fleet, one organization is responsible for researching, developing and fielding the full range of technologies in the Asia-Pacific region, providing complete life cycle development and support for systems, from concept to fielded capability.

November 1, 2014
By Rita Boland

The Department of Homeland Security’s SAFETY Act is finding a new application as it may serve to protect against the potential for lawsuits arising from the National Institute of Standards and Technology Cybersecurity Framework. Lawyers are answering questions from clients about possible legal actions, and the department and institute are working together to ensure developers work with confidence.

November 1, 2014
By Sandra Jontz
The Defense Information Systems Agency command center at Fort Meade, Maryland, in 2013.

There are no do-overs when it comes to safeguarding the U.S. military’s sensitive data. With that key, concise and blunt notion in mind, defense leaders say they are taking a slow, methodical, multipronged approach as the Defense Information Systems Agency develops a cloud security model for the whole of the Defense Department.

With current security controls too strict and limiting, agency personnel are sleuthing for the ideal balance that would let a greater number of commercial cloud service providers compete for billions in federal funding, while still safeguarding national security. Their goal is to determine what might be safe—and what might be safe enough.

September 23, 2014
By Rita Boland

The U.S. Army officially activated its Cyber Protection Brigade earlier this month, marking the first time the service has had such a unit. It falls under the Army’s Network Enterprise Technology Command, commonly called NETCOM. As the defensive operations enabled by the brigade ramp up, the Army now also has a cyber branch operating provisionally, which will change the way soldiers are assigned to cyber career fields.

September 22, 2014
By Robert K. Ackerman
Rep. Mike Rogers (R-MI), chairman of the House Permanent Select Committee on Intelligence (l), and Rep. Dutch Ruppersberger (D-MD), ranking member of the committee, discuss intelligence oversight issues at the AFCEA/INSA Intelligence and National Security Summit 2014.

AFCEA/INSA Intelligence and National Security Summit 2014

The SIGNAL Magazine Online Show Daily

Day 2

Quote of the Day:

“The things we see today may be abominations, but they are not aberrations. They are the new normal.”—Brig. Gen. Michael Groen, USMC, director of intelligence, U.S. Marine Corps.

 

October 1, 2014
By Paul A. Strassmann

Budget cuts and rapidly improving information technology are forcing the U.S. Defense Department to confront increasing cybersecurity demands without commensurate increases in available resources. Cybersecurity costs are increasing with both the complexity of new technologies and the worsening threat picture. However, solutions to this challenge do exist—if the Defense Department opts for new approaches.

One way of characterizing the current Defense Department situation is to view it as an inability to meet rising demands for systems without having adequate funding for cyberdefenses. Meanwhile, the costs of cybersecurity are rising. The progress in meeting increased cyberthreats is lagging, which is not acceptable.

September 9, 2014
By Sandra Jontz

The U.S. Defense Department is primed to take a first step toward the realization of the colossal concept of connecting its entire network system under the Joint Information Environment (JIE).

For more than a year, the Defense Information Systems Agency (DISA), along with the Army, Air Force and defense contractor Lockheed Martin, has worked on the joint regional security stacks (JRSS), a key upgrade to streamline network operations and, officials say, improve security.

October 1, 2014
By George I. Seffers

The U.S. government is adopting changes to the cloud computing certification program that will better protect against potential insider threats. The improvements include additional penetration testing, more thorough testing of mobile devices, tighter controls over systems being carried from a facility and more stringent scrutiny of systems connecting from outside the network.

October 1, 2014
By Rita Boland

As organizations migrate more data into public clouds, demands for a different type of security are emerging. A specialized option is available now for Amazon Web Services that aims to mitigate threats more quickly by finding them faster and suggesting methods of remediation.

Known as the Evident Security Platform for Amazon Web Services (ESP for AWS), the technology offers a solution expressly designed for the Amazon environment. It has a rapid deployment of five minutes or less and gives a dashboard view of identified threats. In the first week it launched, 50 companies of various sizes signed on for the platform, including several large, multinational corporations.

August 28, 2014
By George I. Seffers

Revelations about the National Security Agency’s (NSA’s) monitoring practices created some fallout with the telecommunications industry and other nations, acknowledges Adm. Michael Rogers, USN, the agency’s new director, who also leads the U.S. Cyber Command. But the capabilities the agency provides eclipse the damage done.

“The majority of the relationships that we have around the world with nation states, with the corporate sector, remain as they were before this—the majority,” Adm. Rogers stresses. “That’s not to say it hasn’t had an impact, and no one should think otherwise. 

September 1, 2014
By Sandra Jontz
A U.S. Marine experiments with Lighthouse software on a mobile device.

The jury is still out in the corporate world as to whether the bring-your-own-device trend will gain a permanent foothold. While the movement creates security worries and extra work for information technology employees, it presents a few perks corporate leaders are reluctant to turn down: cost savings and increased employee productivity. Efforts for full implementation for both businesses and government entities are stymied much more by policy than by technology, or the lack thereof, experts say. While some technological shortcomings create some security risk, viable solutions are on the horizon.

August 1, 2014
By Robert K. Ackerman

The price of failure to provide adequate cybersecurity ultimately may be too high for any nation to tolerate. Yet, the cost of effective cybersecurity may be too much for a nation to afford. The consequences of a damaging cyberattack on a part of the critical infrastructure could be catastrophic, yet securing national capabilities from cyberattack will require more than just government or industry action. Both groups must work in concert to produce results that are greater than the sum of their parts, but no single approach to cybersecurity will work to protect the diverse government and commercial assets that are both extremely vulnerable and highly critical to a nation’s well-being.

Pages