Might the recurring data breaches plaguing one large retailer after another be a dress rehearsal for a catastrophic attack that could cripple, if not destroy, the United States and its critical infrastructure? The doomsday rhetoric presented by cybersecurity experts at an issue forum Thursday, while not so calamitous, served as a wake-up call to the enduring cybersecurity vulnerabilities.
The recent rash of cyber attacks on major U.S. companies has drawn renewed focus on network vulnerabilities, both in commercial and governmental sectors, and not just on external attackers but on potentially more ominous threats posed by insiders.
As the U.S. Navy modernizes information systems across the fleet, one organization is responsible for researching, developing and fielding the full range of technologies in the Asia-Pacific region, providing complete life cycle development and support for systems, from concept to fielded capability.
The Department of Homeland Security’s SAFETY Act is finding a new application as it may serve to protect against the potential for lawsuits arising from the National Institute of Standards and Technology Cybersecurity Framework. Lawyers are answering questions from clients about possible legal actions, and the department and institute are working together to ensure developers work with confidence.
There are no do-overs when it comes to safeguarding the U.S. military’s sensitive data. With that key, concise and blunt notion in mind, defense leaders say they are taking a slow, methodical, multipronged approach as the Defense Information Systems Agency develops a cloud security model for the whole of the Defense Department.
With current security controls too strict and limiting, agency personnel are sleuthing for the ideal balance that would let a greater number of commercial cloud service providers compete for billions in federal funding, while still safeguarding national security. Their goal is to determine what might be safe—and what might be safe enough.
The U.S. Army officially activated its Cyber Protection Brigade earlier this month, marking the first time the service has had such a unit. It falls under the Army’s Network Enterprise Technology Command, commonly called NETCOM. As the defensive operations enabled by the brigade ramp up, the Army now also has a cyber branch operating provisionally, which will change the way soldiers are assigned to cyber career fields.
AFCEA/INSA Intelligence and National Security Summit 2014
The SIGNAL Magazine Online Show Daily
Quote of the Day:
“The things we see today may be abominations, but they are not aberrations. They are the new normal.”—Brig. Gen. Michael Groen, USMC, director of intelligence, U.S. Marine Corps.
Budget cuts and rapidly improving information technology are forcing the U.S. Defense Department to confront increasing cybersecurity demands without commensurate increases in available resources. Cybersecurity costs are increasing with both the complexity of new technologies and the worsening threat picture. However, solutions to this challenge do exist—if the Defense Department opts for new approaches.
One way of characterizing the current Defense Department situation is to view it as an inability to meet rising demands for systems without having adequate funding for cyberdefenses. Meanwhile, the costs of cybersecurity are rising. The progress in meeting increased cyberthreats is lagging, which is not acceptable.
The U.S. Defense Department is primed to take a first step toward the realization of the colossal concept of connecting its entire network system under the Joint Information Environment (JIE).
For more than a year, the Defense Information Systems Agency (DISA), along with the Army, Air Force and defense contractor Lockheed Martin, has worked on the joint regional security stacks (JRSS), a key upgrade to streamline network operations and, officials say, improve security.
The U.S. government is adopting changes to the cloud computing certification program that will better protect against potential insider threats. The improvements include additional penetration testing, more thorough testing of mobile devices, tighter controls over systems being carried from a facility and more stringent scrutiny of systems connecting from outside the network.
As organizations migrate more data into public clouds, demands for a different type of security are emerging. A specialized option is available now for Amazon Web Services that aims to mitigate threats more quickly by finding them faster and suggesting methods of remediation.
Known as the Evident Security Platform for Amazon Web Services (ESP for AWS), the technology offers a solution expressly designed for the Amazon environment. It has a rapid deployment of five minutes or less and gives a dashboard view of identified threats. In the first week it launched, 50 companies of various sizes signed on for the platform, including several large, multinational corporations.
Revelations about the National Security Agency’s (NSA’s) monitoring practices created some fallout with the telecommunications industry and other nations, acknowledges Adm. Michael Rogers, USN, the agency’s new director, who also leads the U.S. Cyber Command. But the capabilities the agency provides eclipse the damage done.
“The majority of the relationships that we have around the world with nation states, with the corporate sector, remain as they were before this—the majority,” Adm. Rogers stresses. “That’s not to say it hasn’t had an impact, and no one should think otherwise.
The jury is still out in the corporate world as to whether the bring-your-own-device trend will gain a permanent foothold. While the movement creates security worries and extra work for information technology employees, it presents a few perks corporate leaders are reluctant to turn down: cost savings and increased employee productivity. Efforts for full implementation for both businesses and government entities are stymied much more by policy than by technology, or the lack thereof, experts say. While some technological shortcomings create some security risk, viable solutions are on the horizon.
The price of failure to provide adequate cybersecurity ultimately may be too high for any nation to tolerate. Yet, the cost of effective cybersecurity may be too much for a nation to afford. The consequences of a damaging cyberattack on a part of the critical infrastructure could be catastrophic, yet securing national capabilities from cyberattack will require more than just government or industry action. Both groups must work in concert to produce results that are greater than the sum of their parts, but no single approach to cybersecurity will work to protect the diverse government and commercial assets that are both extremely vulnerable and highly critical to a nation’s well-being.
Mining big data for salient information points presents a plethora of challenges, but in Europe a different issue with the action has emerged as a concern. Regulations prohibiting researchers and others from searching through the data in certain documents are putting countries on the continent at a competitive disadvantage in a number of fields, studies are revealing. With several economies there already in dire straits, the legal encumbrances could add to difficulties in improving financial situations.
The U.S. Army’s current tactical network delivers a wide range of capabilities for warfighters, including unprecedented communications on the move. But the complexity can overwhelm commanders who have countless critical tasks to complete and soldiers’ lives in their hands. Future tactical networks will automate many processes and may be smart enough to advise commanders, similar to JARVIS, Iron Man’s computerized assistant.
Technology innovations, new roles and expanding missions are shaping the move toward big data in the National Geospatial-Intelligence Agency. A mix of tradecraft and technology is ensuing as the agency evolves from an organization that always has worked with voluminous imagery files to one in which big data represents a goal that promises to change many aspects of intelligence.
The Department of Homeland Security’s (DHS) newly released strategic priorities for the next four years differ little from its vision in the Quadrennial Homeland Security Review (QHSR) of 2010, though officials recognize the need for tweaks to mission points as it works to address emerging threats to national security.
The department’s in-house assessment, mandated by Congress, spotlights its five security missions as combating threats of terrorism, both foreign and domestic; securing and managing U.S. borders; enforcing immigration laws; safeguarding cyberspace; and strengthening national preparedness and resiliency.
Companies Deep-Secure and Sweetwater s.r.l. signed a contract earlier this month that will extend cybersecurity measures in the Romanian market. The move should help address common cybercrime issues prevalent in former Eastern Bloc nations.
Virtualization and cloud implementation are critical components of information technology planning, acquisition and management going forward. Cloud implementations are important to security, efficiency, effectiveness, cost savings and more pervasive information sharing, particularly among enterprises. Cloud architectures also are extremely important for more effective use of mobile technologies. Mobility increasingly is important, particularly for the military, which needs a full range of information technology services while on the move. Yet increased movement to the cloud, along with traditional uses of spectrum, are putting unprecedented demands on every part of the spectrum.