Last year was a banner year for cyber fraud. In just the first six months of 2019, more than 3,800 breaches exposed 4.1 billion records, with 3.2 billion of those records exposed by just eight breaches. The scale of last year’s data breaches underscores the fact that identity has become the currency of the digital world and data is the fuel that powers the digital economy. What’s also clear looking back on 2019 is that digital identities are continually being compromised on multiple levels.
The U.S. Defense Department is providing the strategic template for cyber progress, which the military services must implement according to their own priorities and requirements. However, not all the parameters are sharply defined, and the department is responsible to Congress for ensuring that money is spent wisely and goals are met.
The department must determine “adequacy” as it reviews individual service cyber plans, and it is up to the department to explain to Congress where there is an inadequacy and why. This issue was described by Maj. Gen. Dennis A. Crall, USMC, deputy principal cyber advisor and senior military advisor for cyber policy, to an audience at an AFCEA NOVA Chapter luncheon on January 9.
There are certainly similarities between network resilience and cyber resilience. The foundation for both is the ability to maintain business or mission capabilities during an event, such as a backhoe cutting your fiber cables or a nation-state actively exploiting your network. But there are also significant differences.
Mobile technology is not always available to military or government personnel in all environments. Operating in a secure facility requires cellular phones or other mobile devices to be stowed outside the door. Companies are preparing solutions to enable the use of mobile devices in such accredited facilities in ways not seen before.
“The Defense Department deals with very sophisticated adversaries, and as a result, those devices are banned in many places and need to be controlled,” says Mike Fong, founder and CEO of Privoro.
The U.S. military relies heavily on companies to research, develop and manufacture innovative technologies to support missions. This hasn’t always been the case. A century ago, it was often the armed services that conceived and created the latest solutions. But when the world goes to war, it’s all hands on deck.
With unlimited resources, delving into fantastical technical solutions is easy. However, in the real world, the government and the private sector must solve real-life problems with realistic budgets. And today, both funds and available expertise are at a premium. Consequently, agencies must rely on companies they trust, and corporations only thrive when they invest in solutions likely to flourish in the future.
The FBI is increasing its cooperative efforts with U.S. government agencies and overseas allies as it wages an unending battle against growing cyber adversaries with escalating capabilities. Joining four major nation-states on the cyber threat list are terrorists and criminal organizations that constitute a mounting threat to U.S. national security, including the economy. The FBI faces the challenge of keeping up with these enemies, while knowing that they are relentless in their pursuit of cyber supremacy to achieve their goals.
To remain relevant, the Army National Guard must completely divest GuardNet, its information technology network, and converge with the Army’s Department of Defense Information Network. This step will prevent the Guard from reverting to a strategic reserve and enable full-time staffing of tactical communication system readiness to completely participate in dynamic force employment as an operational reserve. It also will repurpose the resources allocated to managing this nondeployable network so tactical units can meet the faster deployment time lines needed in the new security environment.
The rapid pace of technology adoption has leveled the playing field in global competition and opened new warfare domains in the space and cyber realms. To maintain their competitive advantage, U.S. warfighters must find ways to simplify and streamline technology upgrades and fixes in the field, as well as develop processes to onboard new technology solutions faster. Open architecture and modular systems present compelling solutions to achieve this goal.
Cyber insurance can protect organizations from losing more than data, but choosing a cyber insurer and policy comes with its own caveats. The purchase decision maker must consider an individual company’s circumstances, such as revenue, risk tolerance, board guidance and regulatory environment relative to protected categories of information. In addition, every purchase decision must be critically reviewed, particularly regarding the extent of coverage exclusions in each policy.
Long before the federal government charged two defendants in 2018 for ransomware attacks on municipal computer systems—including Atlanta’s—cities found ways to make do during these outages. Police wrote reports by hand, traffic tickets were paid in person and social media kept everyone informed in a way that showcased a city’s resiliency.
As 2019 comes to a close, SIGNAL looks back at the top 10 most viewed articles of the year.
1. Army Cyber To Become an Information Warfare Command
March 14, 2019
The shift reflects the importance of integrated capabilities, above and beyond cyber.
2. China Drops All Camouflage About Its Aggression
November 20, 2019
Intelligence officers cite both hard and soft power on the march toward a global takeover.
The U.S. Army envisions future robotic vehicles that are easy for soldiers to operate while proving difficult for enemy forces to detect, jam or hack. Researchers at one of the service’s premier research and development centers are racing to build the sensors, communications links and software needed to make that vision a reality.
Fiber is booming as telecommunications customers seek more services both in the cloud and at the network’s edge. The most important part of society’s information infrastructure, it is relatively secure in the face of attempts to wreak devastating harm to the nation, experts say. But that security is not absolute, and potential vulnerabilities could open up optical fiber to damaging attacks. Damage to this infrastructure, which serves as the backbone of the Internet and all the e-commerce that travels over it, could bring about an unprecedented economic upheaval.
A new report on the commoditization of cyber weapons suggests that the easy availability of inexpensive offensive cyber tools is reshaping the cyber threat landscape. The report is being briefed to officials across the federal government, including elements of the Department of Defense, Department of Homeland Security (DHS), FBI, Senate Cyber Caucus and the Secret Service.
Over the next year, U.S. government officials intend to develop an initial conformance framework to ultimately improve resilience for systems that provide positioning, navigation and timing for a wide variety of users. That initial framework will focus on timing, and lessons learned will be used to develop more comprehensive versions.
The top five U.S. cybersecurity workforce positions in demand today are information systems security developer, information systems security manager, systems developer, research and development specialist, and software developer. To fill these posts, entry-level positions must be developed in the areas of systems administrators, network operations and cyber operator specialists. All of this demand requires a steady supply of training.
Widespread changes among the military services are leading to a return to core missions complemented by a greater emphasis on new technology realms. As a result, back to basics is flavored by space and cyber domains that pose challenges of their own.
A panel of -6s from U.S. Indo-Pacific Command (INDOPACOM) organizations outlined these challenges on the third day of TechNet Indo-Pacific 2019, held November 19-21 in Honolulu. Led by the INDOPACOM J-6, Maj. Gen. Robert J. Skinner, USAF, the panelists addressed a number of challenges facing their organizations and the U.S. military at large.
All the involved parties concerned about cybersecurity must find new ways of cooperation to meet the changing threat picture, experts say. These efforts ought to begin in elementary school, where children should be introduced to cyber and encouraged to stay out of trouble that would prevent them from pursuing a career in cybersecurity.
Less than two months on the job, Lt. Gen. Timothy Haugh, USAF, commander of the 16th Air Force (Air Forces Cyber), is already shaping the structure of the service’s new information warfare Numbered Air Force (NAF). Stood up in October, the NAF combines the service’s cyber operations; intelligence, surveillance and reconnaissance (ISR) capabilities; electronic warfare and information operations, including capabilities folded in from the 24th and 25th Air Forces.
Greater concentration on separate physical security and cybersecurity has led to a major loophole characterized by the insider threat. Combining the two disciplines holds the key to protecting against devastating data breaches.
Cybersecurity protects from the inside-out, but a major loophole enables insider threats.—Robert Bauman, Trusted Systems Inc. #AFCEATechNet
— Bob Ackerman (@rkackerman) November 20, 2019