Two years’ experience at the U.S. Cyber Command has shaped U.S. Coast Guard Rear Adm. Dermanelian’s perspective as he implements, as commander, the Coast Guard Cyber Command’s three main missions: (1) defending the Coast Guard’s portion of the Department of Defense Information Network, or DODIN; (2) protecting the maritime transportation sector; and (3) enabling cyber operations. The admiral is dual hatted as the assistant commandant for command, control, communications, computers and information technology/CG-6 as well as being the commander of the Coast Guard Cyber Command.
More than a year has passed since the Modernizing Government Technology (MGT) Act was signed into law, cementing the establishment of a capital fund for agencies to support their special IT projects. The MGT Act prompted defense and intelligence agencies to accelerate the replacement of legacy systems with innovative and automated technologies, especially as they explore new ways to mitigate security risks like those experienced all too often by their private sector counterparts.
The Defense Information Systems Agency (DISA) has reorganized its technology innovation efforts into a single organization designed both to work with outside research organizations and to operate across internal agency lines. The new organization, known as the Emerging Technologies (EM) Directorate, will tap legacy expertise but apply it in a new approach to incorporating innovation, according to DISA.
There is not enough skilled talent for the growing need of the cyber community. Based on a state-by-state analysis on cyberchair.org, there are currently 320,000 open cyber jobs in the United States. Projections get worse. According to a CISCO report, by 2020 there will be 1 million unfilled cyber positions worldwide.
“We need to make systemic changes to address that gap,” said Rob Joyce, senior cybersecurity strategy advisor to the director, National Security Agency (NSA), and former cybersecurity advisor to the president.
The United States faces a threat unlike any in its history. The cyber threat zips around the world at blinding speeds and continually transforms. It can neutralize billion-dollar weapon systems and leave entire cities in the dark. It also can be wielded by superpowers, smaller governments or criminal organizations. At the same time, however, legislation, strategies, policies, authorities and a vigorous spirit of cooperation across government and the international community are all aligning to meet that threat.
The federal government’s comfort level with the cloud improves, due in part to standards and more offerings from commercial cloud providers.
Although it is already ubiquitous in the private sector, cloud computing has had a slow adoption by the federal government. That trend is shifting, an expert says, as the federal government, as well as state and local governments, employ more cloud computing.
The U.S. Transportation Command was the first U.S. Defense Department organization to begin moving its cyber capabilities, along with command and control applications, to a commercial cloud environment. More than a year later, the unified command is making strides in transferring its unclassified systems and is sharing lessons learned that will make the path to cloud usage smoother for others to follow.
As data migrates to the cloud, it is spawning a new generation of capabilities that may trigger major changes throughout the information realm as well as in the economy itself. These advanced capabilities will allow greater business development in ways that otherwise might have been limited to resource-rich firms.
New iterations of software are being written to connect different devices via the cloud. This will affect networking concurrent with the growth of the Internet of Things (IoT) and the introduction of 5G wireless connectivity. And, the cloud is topping its own status by providing layered services that mimic the cloud itself.
Embedded systems are emerging as the latest challenge in the drive to secure deployed U.S. military technologies, including those residing within weapons and flight controllers. Because they are deeply entrenched inside critical hardware, these systems can be tricky to safeguard, so cybersecurity and cyber resiliency must be considered at the beginning of the design and architecture process. And although upgrades can boost embedded systems’ cybersecurity, system operators must determine when the potential pitfalls of doing so outweigh the benefits.
Up until the digital age, wars involved a limited number of combatants with clear identities battling within distinct boundaries visible on a map. These conflicts ended either with a victor or as a stalemate. But today’s information warfare does not fit this traditional model. Instead, it comprises an unlimited number of potential combatants, many with hidden identities and agendas.
Cyberspace is a theater of operations that is nowhere and everywhere. Within this domain, information warfare will not and in fact cannot come to any conclusion. This conflict closely resembles an incurable disease that can be managed so the patient can lead a productive life but is never completely cured.
Artificial intelligence can analyze vast amounts of information, identifying patterns and anomalies at a speed and scale beyond human capacity. To make it an invaluable part of defense, the goal will be to create cybersecurity systems that can anticipate national security threats. Once systems can automatically reconfigure themselves and their security controls to prevent any potential breaches, the next step will be to move to machines with the power to make their own decisions.
Cybersecurity in complex systems is a significant challenge for the federal government that must be addressed in the coming years. As shown in the recent Government Accountability Office report (GAO-19-128) on cybersecurity in major weapons systems, we are nowhere near solving this problem. At this critical juncture, I propose that we take a step back to analyze the performance and viability of the cybersecurity system before a significant effort is spent on emergency patches and system redesigns.
Today’s government missions and challenges are more complex and larger in scale than ever before, and they require informed, data-driven solutions, approaches and insights. DoD must be able to tap into the power of data to solve mission challenges, realize new degrees of operational efﬁciency and remain relevant in an information-rich world.
The U.S. defense industrial supply chain is vast, complex and vulnerable. Organic components, large-scale integrators, myriad commercial service providers, and tens of thousands of private companies sustain the Defense Department. According to the SANS Institute, the percentage of cyber breaches that originate in the supply chain could be as high as 80 percent.
Powered by recent advances in artificial intelligence and machine learning, long-hyped technologies such as facial recognition and behavioral biometrics are promising frictionless identity authentication. In the near future, people will be able prove who they are without even trying and sometimes without even knowing they’re doing it.
Threat researchers from McAfee Labs have released their 2019 cybersecurity threats predictions report. Unfortunately, cyber criminals are expected to become more sophisticated and collaborative as the “underworld” consolidates into stronger malware-as-a-service families actively working together.
Software and security teams will need to adapt as threats become more complex. McAfee predicts more attackers will be using artificial intelligence to avoid detection by security software. “In fact, an entire underground economy has emerged where criminals can now outsource products and dedicated services to aid their activities,” says Thomas Roccia, a researcher on the team.
Across the vast Indo-Pacific region, all roads lead to cyber, according to a panel of U.S. and foreign military and civilian experts. Speaking on the final day of AFCEA’s TechNet Asia-Pacific 2018, held November 14-16 in Honolulu, the panel discussed the need for interoperability amid growing cybersecurity concerns.
Technologies need to be less centralized and people need to be more informed if the Indo-Pacific region is to improve its cybersecurity, according to a panel of military and civilian experts. Speaking on the third and final day of AFCEA’s TechNet Asia-Pacific 2018, held November 14-16 in Honolulu, the experts explored security measures that begin with network architecture and end with individual practices.
Being able to conduct successful operations in the Indo-Pacific region will require top-notch intelligence, and information technologies hold the key to achieving that goal, said panelists discussing how to incorporate cyber into multidomain operations. Speaking on the second day of AFCEA’s TechNet Asia-Pacific 2018, held November 14-16 in Honolulu, the panelists discussed what is needed as well as how to succeed amid growing challenges.
The United States needs to take a multifaceted approach to cybersecurity to ameliorate problems affecting every sector of government and society, said experts in a panel comprising women in the cyber arena. Two officials each from industry and government described the broad scope of the challenges and potential solutions at AFCEA’s TechNet Asia-Pacific 2018, held November 14-16 in Honolulu.