Did you know, in 2020, there were a staggering 36 billion records exposed as a result of data breaches, according to a recent report from Risk Based Security? COVID-19 was of course the catalyst for these infringements, as the pandemic gravely impacted industries all over the globe and opened the door for cyber criminals to attack.
By design, the DoD Data Strategy compels transformational change in the way data is collected, analyzed and leveraged. The mechanics may be different depending on domain or joint all-domain mission, but as referenced in a previous SIGNAL special interest editorial, the strategy’s endgame is to ensure that trusted information gets to the right destination at the right time. As the largest and oldest service at the tactical terrestrial layer of the joint force, the Army has enduring data imperatives: speed, scale and resilience. Executed diligently, these imperatives facilitate an information advantage for ground forces in garrison and in theater.
Connectivity is at the heart of today’s modern military operations. To conduct complex, distributed multidomain operations at speed and scale, U.S. and allied forces need seamless connectivity to enable real-time communications and high-fidelity data flows.
But the military services have wrestled for decades with the challenge of communicating and sharing data securely with each other, let alone with non-DoD partners and allies. To take a few examples:
To maintain America’s advantage over potential adversaries, the Department of Defense last year outlined a data strategy directing that military leaders must “recognize that data is a strategic asset that must be operationalized in order to provide a lethal and effective Joint Force that, combined with our network of allies and partners, sustains American influence and advances shared security and prosperity.”
“Decision dominance … is the ability for a commander to sense, understand, decide, act and assess faster and more effectively than any adversary,” Army Futures Command Commander Gen. John “Mike” Murray, USA, told the Association of the U.S. Army Global Force Next virtual conference in March.
In modern warfare, against near-peer adversaries, victory will no longer be guaranteed by strength of arms alone. Speed and accuracy of decision making will be more critical than ever, and in many circumstances, decisive.
Cyber attacks present an increasing threat to the United States across all sectors of government and commercial industry, from the battlefield to the factory floor, requiring a strong, holistic approach to cyber defense through active monitoring and modeling techniques.
Recent attacks, such as the Russian-backed espionage operation that compromised a server at software developer SolarWinds Inc., affecting its downstream customers—including half a dozen federal agencies—and the recent ransomware attack on Colonial Pipeline Company, which halted fuel shipments to much of the U.S. East Coast for over a week, represent a grave threat to national security.
This scenario is all too common of late: A service man teleworks from home, supporting his command’s logistics and connected to his government network via a Common Access Card (CAC). While the pandemic abates across the United States, he and many in the workforce will continue telecommuting as governments have committed significant resources toward cloud-based services and cybersecurity solutions for accessing cloud data.
A Zero Trust approach is imperative in a world where data and users are not co-located within the same perimeter, as indicated by the May 12 White House Executive Order #14028. Deploying strong authentication upfront as a foundation when building out a Zero Trust strategy is also key to successful missions.
“No Comms, No Bombs” is the mantra of Military Signals Divisions (Brigades or Corps), and they’re right: Communications is an integral part of any Army, Navy, Air or Space Force.
Luckily the reverse: Comms => Bombs, is not true and comms go far further in the modern military than providing time and location information for bombing. No Comms also means no search and rescue, no logistics support, no tactical awareness, ...
Examples of communications go:
The digital transformation is no longer simply an enabler—it’s the “trunk of the tree” that provides the foundational structure for everything we do, according to Gen. Stanley A. McChrystal, USA (Ret.). “It shapes what we are and how we operate.”
Across the globe, ministries of defense are continually challenged with meeting the demands of armed forces who need access to the right intelligence products to protect citizens, defend borders and support humanitarian missions.
While the need for rapid decision-making has never been greater, decision makers often lack the timely information required to inform their choices. In dynamic military environments, situations and plans change quickly and intelligence can become outdated. The problem becomes even more complex during joint and multinational operations.
The next-generation battlefield has gone digital. The United States Air Force (USAF) is taking a major defensive leap into that new reality with its Advanced Battle Management System (ABMS) initiative.
As if cyber vulnerabilities during the pre-pandemic years weren’t worrisome enough, now cyber warriors must contend with a slate of issues. A new concern is two-fold: How to shore up the creep of pervasive vulnerabilities introduced by a remote and hybrid workforce and how to harness and empower it with efficiencies, built-in security and ease-of-use solutions to help get the job done—at speed and scale.
A delayed focus on IT modernization could create a gap between frequent high-impact cyber breaches and the U.S. Department of the Navy’s preparedness to address them. From the SolarWinds hack to ransomware, new cyber threats emerge almost weekly. Advances in technology to help defend against such threats occur so quickly that current acquisition and infrastructure programs cannot keep pace.
The Defense Department (DoD) is continuing to build out a truly data-centric approach based on the DoD Data Strategy, presenting new opportunities for transforming the way data is collected, analyzed and leveraged.
As the U.S. Department of Defense (DoD) drives forward on its cloud strategy, development teams and chief information officers alike are looking for faster ways to deploy new capabilities, proactively address cybersecurity challenges and take advantage of the resiliency of cloud operations.
The DoD has embraced the cloud to achieve speed, security and scale. The focus is now on clearing the blockers that have slowed deployment in order to accelerate the adoption of new services and unlock the transformational capabilities of cloud for the DoD enterprise and warfighters at the tactical edge.
As the Department of Defense migrates more mission-critical systems and software to cloud environments, it must also consider an innovative way for securing this new environment from potential cyber attack.
It is up to DoD organizations like the Defense Information Systems Agency (DISA) to work out the details of such efforts and ensure the military’s considerable inventory of legacy equipment and systems can continue to interoperate smoothly with the latest technologies. But integrating different technologies is never an easy process.
As U.S. intelligence agencies pivot from the war on terror to the new era of near-peer competition, the information landscape on which they operate is shifting dramatically, as detailed in the recently released report from the National Security Commission on Artificial Intelligence (AI).
For two decades, U.S. intelligence operated in an information poor environment—hunting its elusive adversaries through fleeting glimpses on surveillance video or wisps of cellphone traffic. And, thanks to the technical and operational excellence of U.S. collection, even that information poor environment often generated an overwhelming volume of data.
We live in a connected world. The ability to pass power, signals and data from one place to another is the lifeblood of that connection—the nervous system of our networked lives.
Although we tend to think of these networks as ethereal and invisible, in reality they all, at some point, need to be plugged in so they can be connected to the electricity that powers them, the information they carry or the signal they will broadcast. Coaxial copper wire, fiber optic cable, power lines: You name it, it all needs to be connected.
We might take those connections for granted, but without them, nothing would function.
To successfully overmatch near-peer adversaries in the 21st century, the U.S. military requires decision advantage. Multidomain operations coordinate and bring to bear assets across all five domains of land, air, sea, space, and cyberspace. Information dominance—getting the right information from the right sensors or systems to the right decision makers at the right time—is the key to victory on the multidomain battlefield of the future.
Joint All-Domain Command and Control, JADC2, is the path the Department of Defense has mapped out to achieve decision advantage.
Facing renewed challenges from peer and near-peer adversaries, the U.S. Department of Defense is returning to a command and control concept embracing joint and allied operations with the added domains of space and cyberspace adding to the mission space. But while this reorientation appears to revisit older Cold War-era strategies on the surface, it is the end result of careful analysis by the Pentagon to make up for operational deficiencies and neglected capabilities from two decades of counterinsurgency-oriented warfare.
In the peer adversary conflicts the U.S. military must prepare for in the 2020s, dominating the electromagnetic spectrum—from D.C. to daylight—will be as important, if not more, than dominating at sea, on land or in the air.
“Freedom of action in the electromagnetic spectrum, at the time, place, and parameters of our choosing, is a required precursor to the successful conduct of operations in all domains,” states the U.S. Defense Department’s Electromagnetic Spectrum Superiority Strategy, rolled out last fall.
There is a virulent plague spreading across the globe, Homeland Security Secretary Alejandro Mayorkas warned earlier this year. But he wasn’t talking about COVID-19. Instead, he was referring to what he called “an epidemic that is spreading through cyberspace: ransomware.”
As Mayorkas pointed out: “Ransomware is not new. It has been around for years. What is new is the evolution of attackers’ methods ... and the increased frequency of these attacks.”
Whether supporting missions downrange on the battlefield or supporting citizens down the street when a natural disaster hits, the U.S. government needs secure communications that are easy to deploy and easy to use. This is not a new need by the U.S. Government—and current solutions for field deployable voice communications fall short in several key areas.
The global race to roll out fifth-generation, or 5G, wireless networks and supporting technologies is poised to revolutionize commercial communications and networking and offers the U.S. military the potential for secure, high speed ubiquitous networking.
When the pandemic struck last year, the Department of Defense directed many employees to stay home to help prevent the spread of disease and protect its workforce. The scale and speed of the transformation to remote teleworking was breathtaking. DoD had to massively ramp up bandwidth and deploy collaboration tools to millions of users across its global network within weeks—it was an accelerated march to the cloud.
When it comes to insider threats, defense and intelligence agencies shouldn’t worry so much about the next Edward Snowden. The biggest internal attack vector is the spy in your pocket: “You may think of it as a smartphone,” warns Bill Anderson, president of CIS Mobile, “but it’s really a portable surveillance device.”
“Defense and intelligence agencies need a solution that puts them in charge of the smartphones their people are using,” says Anderson. “Their people need the chance to enjoy the productivity gains those smartphones can bring.”
As the U.S. government migrates to cloud-centric networks, the need to protect them from rapidly evolving cyber threats increases. Network encryption remains key to this, as it protects the integrity of classified and sensitive data and keeps defenses a step ahead of adversaries.
As cybersecurity threats become more sophisticated, organizations need a way to quickly detect and stop an attack or track and analyze its after-effects for clues. One important tool available to cybersecurity analysts is deep packet analysis.
Deep packet analysis, or packet sniffing, is a data processing technique that allows organizations to monitor network traffic for signs of intrusion, and to block or reroute it if an attack is detected. But its most important feature is the ability to record data traffic, allowing analysts to conduct detailed investigations into the nature of a cyber incident.
Experts have issued fresh warnings to U.S. citizens over the enormous amount of sensitive, personal information being routinely captured and commoditized, and that this same information is being weaponized by the country’s adversaries. A panel at the recent AFCEA TechNet Cyber conference highlighted that data gathering by Facebook, WhatsApp and Google presents a significant risk to both individuals and the nation.
Over the last two decades, unmanned systems have evolved from relatively simple surveillance and reconnaissance to sophisticated and increasingly autonomous system-of-systems that are a key part of U.S. military strategy and tactics.
In what seemed like science fiction only a few years ago, artificial intelligence empowered unmanned systems teaming with manned platforms are shaping up as the path for future operations. The evolution of smarter sensors coupled with automated processing tasks now being performed right at the point of interest are also essential to this growth, which is now mature enough to allow more coordinated teamwork between manned and unmanned systems on the battlefield.
We live in perilous times. The COVID-19 pandemic has precipitated an unprecedented international economic contraction. A World Bank report in June called the COVID-caused global recession the most far reaching since 1870.
In particular, the defense sector faces an uncertain future. The pandemic is threatening to change the way Americans think about security and raise questions about U.S. defense spending—which significantly exceeds the combined defense budgets of all its adversaries.
Information management is an integral part of any military operation, and in today’s operations, technology is a common tool used to facilitate a shared understanding of intel. A growing trend for military bases is to install large format direct-view LED video walls in locations like command centers, control rooms and briefing rooms to show an integrated big picture of data feeds and video feeds critical to decision-making during the mission. As global cyber threats increase and the Department of Defense ramps up expectations for cybersecurity, the manufacturing location for any technology systems which send and receive signals is a forefront concern for equipment installations for the military and government.
To deal with the coronavirus pandemic lockdown this year, the Department of Defense had to massively and immediately ramp up remote teleworking capacity all across its global network. This forced march to the cloud—unprecedented in speed and scale—makes it imperative that the department also move to implement a new generation security architecture. Without it, the cyber attack surface will expand as the remote workforce and the tools they use become new vectors for adversaries.
Identity drives everything across the federal space, from the PIV-CAC cards staffers carry to massive defense projects involving huge budgets and diverse players. The federal identity landscape has evolved rapidly in recent years, with the rise of public and private clouds, DevSecOps and zero trust. But underlying architectures have not kept pace with these advances. Established agencies are still grappling with aging investments made over successive waves of innovation, going from one authoritative directory behind a firewall to a growing collection of attributes scattered across diverse repositories.
The COVID-19 pandemic has forced federal agencies and private businesses around the world to adapt to a new reality, one where most of their employees now work remotely and communicate virtually. This “new normal” imposes changes on how organizations protect and manage their networks, making chief information officers (CIOs) and chief information security officers (CISOs) adapt procedures
to operate in this new reality.
The “new normal” caused by the stay-at-home orders imposed during the COVID-19 pandemic reflects the current state of remote work and its security requirements, says Rob Carey, vice president and general manager for Public Sector at RSA.
Mapping and location finding technologies common to every smartphone are making their way to 911 emergency calls, letting first responders know exactly where to go and saving precious time that can be used to save lives.
These capabilities are emerging in what’s known as Next Generation 911, or NG911. They represent a fusion of mobile device applications and services that are being overlaid or built into these new emergency telecommunications systems that let police, paramedics and firefighters get to exactly where they need to be.
Intelligence community and government personnel who work with classified or sensitive information often use multiple computers on their desks, each one connected to a separate network based on the security level of the information being accessed.
This can create a variety of IT and logistical challenges for workers onsite, but as ongoing COVID-19 pandemic and other circumstances force more people to work remotely, managing all of this equipment and their security requirements from a private home can be difficult or nearly impossible without multilevel secure systems capable of doing the job of multiple desktops in a single secure station.
As the Department of Defense (DOD) continues its digital transformation efforts with systems upgrades and emerging technology, it needs to consider the foundational piece—the network infrastructure. Network infrastructure—including fiber and copper cabling, antennas, wireless access points and switches—is the backbone for all current and future devices that run on the network.
The Department of Defense is rethinking how it approaches software and systems development in its technology programs by using more flexible methods to streamline the process and to improve cybersecurity from the start.
Because traditional DOD program development processes don’t have the speed and flexibility to keep up with rapid technological changes or fast-paced modern adversaries, new methodologies are being considered. One approach gaining traction in many parts of the DOD is Development, Security and Operations, or DevSecOps.
There’s no question that 2020 is going to be a big year for technology transformation in the Defense Department. The National Defense Authorization Act gives DoD a $738 billion budget – a $20 billion increase over last year – with an emphasis on fielding the technology necessary for a faster, more agile force, while improving operations and efficiency across the enterprise. That means having fast, low-latency cellular and Wi-Fi connections at every access point and refreshing its legacy infrastructure.
The Link 16 tactical data link has connected warfighters since the 1980s. But while the system is still associated with supporting large platforms such as aircraft and ships, it is now increasingly being used on the ground by smaller vehicles and dismounted troops to connect forces together into secure, ad-hoc networks capable of supporting a variety of missions.
Quantum computers will revolutionize information technology, ushering in an era where certain types of calculations will be performed with almost unimaginable speed. Practical applications will include healthcare disciplines such as molecular biology and drug discovery; big data mining; financial services such as portfolio analysis and fraud detection; and artificial intelligence and machine learning.
Supply chain management is vitally important to running and maintaining an organization’s IT systems, but like logistics systems, it is not inherently sexy and has historically drawn little attention from the C suite. When it is carried out, in many federal agencies it’s traditionally a manual process managed on spreadsheets. In recent years new directives have mandated that the Department of Defense (DOD) and civilian agencies must all begin monitoring this, especially for cybersecurity considerations within the Department’s Risk Management Framework (RMF).
5G wireless technology is poised to take the world by storm, offering fast and effective network connectivity at data throughput speeds once reserved for dedicated fiberoptic landlines. This increased speed will also fuel new developments in wireless applications and connected devices to vastly increase the size, depth and interconnectivity of networks of all kinds.
Link 16 is a secure system protocol that allows different military users to share data over the same network.
But like any good thing, everybody wants a piece of the action. As the popularity of Link 16 grows to include more platforms (ships, aircraft, vehicles, drones, etc.) and individual users, it will be important to expand Link 16 capabilities to help U.S. and coalition military forces adjust to new mission needs, enhance situational awareness, adapt to new technologies and improve warfighter safety.
When executives from Iron Bow Technologies sit down with officials from potential customer agencies, the goal is to understand the needs of the client rather than to close a deal, according to James Ebeler, the company’s CTO for Department of Defense (DOD) business.
Developed during the Cold War to direct U.S. and NATO fighter aircraft against the threat of incoming Soviet aircraft over Western Europe, the Link 16 datalink system is now becoming a ubiquitous situational awareness and command and control tool capable of providing all echelons and services with both theater and tactical battlespace data.
The days of holding onto legacy IT systems are over. Last year’s Executive Order has made data center and IT modernization an issue of “how” and “when,” not “if.” Despite the mandate to modernize, federal government agencies often struggle to transition from legacy facilities and legacy mindsets, largely because of three myths.
Myth #1: “Our legacy systems are working just fine.”
The slow speed of modernization is partly due to the idea that decades-old systems still seem to be working. You may see this mindset in your own agency: If it has served us well for this long, why would we change?
Meta: We examined the simulated phishing data of our federal customers and identified three tips program administrators and decision-makers in these organizations can use to strengthen their security awareness training efforts.
U.S. federal government agencies face ongoing scrutiny from virtually all angles, but cybersecurity has leapt to the forefront in recent years. From safeguarding elections to defending against nation-state attacks, federal organizations (and their workers) face many sophisticated and high-profile threats—in addition to day-to-day issues that impact data and system security.
Lockheed Martin’s F-22 Raptor is one of the most advanced fighter jets on the planet—not to mention one of the fastest. But over the past few years, as other nations began to test-fly and deploy their own fifth-generation fighters, Lockheed Martin realized that its software development practices were holding it back, delivering new capabilities to the Raptor too slowly to maintain its dominance.