Essye Miller, principal deputy, Department of Defense chief information officer (DOD CIO), wants to reshape the cyber workforce conversation. And, she told the audience at the Cyber Education, Research and Training Symposium (CERTS), she needs their help.
The most senior military cyber warfighters have defined the challenge of building a world-class cybersecurity workforce: We have great performers but not enough. Our accessions can barely keep pace with attrition; but we are scheduled to grow. We need a viable plan to increase capacity.
During a panel session at the Cyber Education, Research and Training Symposium (CERTS) in Augusta, Georgia, cybersecurity leaders discussed how to build the people who can protect the nation against the tens of thousands of very high-end professionals that Russia and China are putting out.
Lt. Gen. Stephen G. Fogarty, USA, commanding general, U.S. Army Cyber Command, is preparing for the command's move from Fort Belvoir, Virginia, to Fort Gordon in Georgia later this year. Top of mind for the general though is not the physical move, it’s the people.
“It’s all about the people,” stressed Gen. Fogarty during his keynote at the third annual Cyber Education, Research and Training Symposium (CERTS) in Augusta, Georgia. “We cannot have a failure to imagine” what the future cyber workforce looks like.
Last year was a banner year for cyber fraud. In just the first six months of 2019, more than 3,800 breaches exposed 4.1 billion records, with 3.2 billion of those records exposed by just eight breaches. The scale of last year’s data breaches underscores the fact that identity has become the currency of the digital world and data is the fuel that powers the digital economy. What’s also clear looking back on 2019 is that digital identities are continually being compromised on multiple levels.
The U.S. Defense Department is providing the strategic template for cyber progress, which the military services must implement according to their own priorities and requirements. However, not all the parameters are sharply defined, and the department is responsible to Congress for ensuring that money is spent wisely and goals are met.
The department must determine “adequacy” as it reviews individual service cyber plans, and it is up to the department to explain to Congress where there is an inadequacy and why. This issue was described by Maj. Gen. Dennis A. Crall, USMC, deputy principal cyber advisor and senior military advisor for cyber policy, to an audience at an AFCEA NOVA Chapter luncheon on January 9.
There are certainly similarities between network resilience and cyber resilience. The foundation for both is the ability to maintain business or mission capabilities during an event, such as a backhoe cutting your fiber cables or a nation-state actively exploiting your network. But there are also significant differences.
Mobile technology is not always available to military or government personnel in all environments. Operating in a secure facility requires cellular phones or other mobile devices to be stowed outside the door. Companies are preparing solutions to enable the use of mobile devices in such accredited facilities in ways not seen before.
“The Defense Department deals with very sophisticated adversaries, and as a result, those devices are banned in many places and need to be controlled,” says Mike Fong, founder and CEO of Privoro.
The U.S. military relies heavily on companies to research, develop and manufacture innovative technologies to support missions. This hasn’t always been the case. A century ago, it was often the armed services that conceived and created the latest solutions. But when the world goes to war, it’s all hands on deck.
With unlimited resources, delving into fantastical technical solutions is easy. However, in the real world, the government and the private sector must solve real-life problems with realistic budgets. And today, both funds and available expertise are at a premium. Consequently, agencies must rely on companies they trust, and corporations only thrive when they invest in solutions likely to flourish in the future.
The FBI is increasing its cooperative efforts with U.S. government agencies and overseas allies as it wages an unending battle against growing cyber adversaries with escalating capabilities. Joining four major nation-states on the cyber threat list are terrorists and criminal organizations that constitute a mounting threat to U.S. national security, including the economy. The FBI faces the challenge of keeping up with these enemies, while knowing that they are relentless in their pursuit of cyber supremacy to achieve their goals.
To remain relevant, the Army National Guard must completely divest GuardNet, its information technology network, and converge with the Army’s Department of Defense Information Network. This step will prevent the Guard from reverting to a strategic reserve and enable full-time staffing of tactical communication system readiness to completely participate in dynamic force employment as an operational reserve. It also will repurpose the resources allocated to managing this nondeployable network so tactical units can meet the faster deployment time lines needed in the new security environment.
The rapid pace of technology adoption has leveled the playing field in global competition and opened new warfare domains in the space and cyber realms. To maintain their competitive advantage, U.S. warfighters must find ways to simplify and streamline technology upgrades and fixes in the field, as well as develop processes to onboard new technology solutions faster. Open architecture and modular systems present compelling solutions to achieve this goal.
Cyber insurance can protect organizations from losing more than data, but choosing a cyber insurer and policy comes with its own caveats. The purchase decision maker must consider an individual company’s circumstances, such as revenue, risk tolerance, board guidance and regulatory environment relative to protected categories of information. In addition, every purchase decision must be critically reviewed, particularly regarding the extent of coverage exclusions in each policy.
Long before the federal government charged two defendants in 2018 for ransomware attacks on municipal computer systems—including Atlanta’s—cities found ways to make do during these outages. Police wrote reports by hand, traffic tickets were paid in person and social media kept everyone informed in a way that showcased a city’s resiliency.
Last year, the Air Force announced it was moving the 24th Air Force, which specializes in cyber operations, and the service’s Cyber Mission from the Air Force Space Command to the Air Combat Command. This spring, the Air Combat Command is working on the merger of those cyber components with its intelligence, surveillance and reconnaissance (ISR) capabilities from the 25th Air Force and integrating cyber into its operations.
The move, which started eight months ago, signifies a shift in the Air Force’s emphasis on putting cyber into everyday operations, said Col. Chad Raduege, USAF, who has been nominated for appointment to brigadier general, director of cyberspace and information dominance, Air Combat Command (ACC).
The Army is transforming its Cyber Command to meet the challenges of a multidomain battlefield. Just over eight years old, the command, located at Ft. Gordon, Georgia, will evolve by 2028 into something possibly called the Army Information Warfare Operations Command, which will fully incorporate cyber, electronic warfare and information operations.
The U.S. Army envisions future robotic vehicles that are easy for soldiers to operate while proving difficult for enemy forces to detect, jam or hack. Researchers at one of the service’s premier research and development centers are racing to build the sensors, communications links and software needed to make that vision a reality.
Fiber is booming as telecommunications customers seek more services both in the cloud and at the network’s edge. The most important part of society’s information infrastructure, it is relatively secure in the face of attempts to wreak devastating harm to the nation, experts say. But that security is not absolute, and potential vulnerabilities could open up optical fiber to damaging attacks. Damage to this infrastructure, which serves as the backbone of the Internet and all the e-commerce that travels over it, could bring about an unprecedented economic upheaval.
Over the next year, U.S. government officials intend to develop an initial conformance framework to ultimately improve resilience for systems that provide positioning, navigation and timing for a wide variety of users. That initial framework will focus on timing, and lessons learned will be used to develop more comprehensive versions.
The top five U.S. cybersecurity workforce positions in demand today are information systems security developer, information systems security manager, systems developer, research and development specialist, and software developer. To fill these posts, entry-level positions must be developed in the areas of systems administrators, network operations and cyber operator specialists. All of this demand requires a steady supply of training.
Lockheed Martin Corp., Orlando, Florida, was awarded a $93,000,000 cost-plus-fixed-fee contract for a national cyber range that provides the ability to conduct realistic cybersecurity test and evaluation of major Department of Defense (DoD) acquisition programs and the ability to conduct realistic training, certification and mission rehearsal events for the DoD Cyber Mission Force. One bid were solicited with one bid received. Work locations and funding will be determined with each order, with an estimated completion date of November 19, 2021. U.S. Army Contracting Command, Orlando, Florida, is the contracting activity (W900KK-20-D-0001).