cyber

October 16, 2020
By Robert K. Ackerman
Credit: Shutterstock/Aleksandar Malivuk

In addition to institutions such as NATO and the European Union (EU), one of the biggest players in North Atlantic defense is data, say European experts. Yet, nations often overlook the lessons generated by the private sector and not always pursuing effective investments in military information technology.

Those points were discussed at the AFCEA Europe Joint Support and Enabling Command (JSEC) virtual event in late September. Maj. Gen. Erich Staudacher, GEAF (Ret.), AFCEA Europe general manager, offered that data increasingly sprawls into military mobility. He recited an old Latin saying that navigation is necessary, all the more in this sea of data.

October 1, 2020
By Robert Hoffman
Marines with Marine Corps Forces Cyberspace Command work in the cyber operations center at Lasswell Hall, Fort Meade, Maryland. MARFORCYBER Marines conduct offensive and defensive cyber operations in support of U.S. Cyber Command and operate, secure and defend the Marine Corps Enterprise Network. Credit: Staff Sgt. Jacob Osborne, USMC

Automation software tools are being under-utilized, especially in the U.S. Defense Department. While the department has purchased and used automated scanning tools for security and compliance, it has been slow to adopt automation for many other tasks that would benefit from the capability, such as easing software deployment and standardization and, once developed, increasing the speed of overall automation.

October 1, 2020
By Kimberly Underwood
As the deadly COVID-19 virus spread around the world, so did the attacks from malicious cyber actors, taking advantage of the unsure times, say experts from leading cybersecurity firms. Credit: Shutterstock/VK Studio

While the world was facing the rapid and deadly spread of the severe acute respiratory syndrome coronavirus 2, most commonly known as COVID-19, malicious cyber attackers were also at work, increasing the number of attacks, switching methods, taking advantage of the boom in Internet, network and email users, and playing on fears during the uncertain time, cybersecurity experts say. Companies struggling to maintain operations are still leaving gaps in digital security, they warn.

October 7, 2020
By Ray Rothrock
Just like basic personal hygiene during a pandemic, practicing cyber fundamentals comes down to the individual and consistency. Photo credit: vientocuatroestudio/Shutterstock

When it comes to nefarious deeds, the COVID-19 pandemic has been a gold mine for bad actors. In addition to wreaking havoc for individuals and healthcare organizations, federal agencies are also prime targets. Case in point: a portion of the Department of Health and Human Services’ (HHS) website was recently compromised, in what appears to be a part of an online COVID-19 disinformation campaign. 

In a time of heightened cyber risk and limited human and fiscal resources, how can agencies protect their networks from malicious actors by taking a page from the COVID playbook? They can diligently practice good (cyber) hygiene.

In fact, there is a direct correlation between personal and cyber hygiene.

October 1, 2020
By Kimberly Underwood
To roll out a massive cloud project of electronic health records in 93 days during the beginning of the pandemic required a team of teams from the Program Executive Office Defense Healthcare Management Systems and other organizations.  PEO DHMS

Facing a pandemic and an aging legacy medical record system with limited data storage capacity at an on-premise data center in Charleston, South Carolina, the Enterprise Intelligence & Data Solutions (EIDS) team, sprang into action to complete a game-changing cloud migration project. The effort, called the Accelerated Migration Project, or AMP, moved petabytes of secondary healthcare data and related applications to the cloud. The project digitally transforms access to U.S. Defense Department medical records and offers better data analytics and more reliable information discovery, driving improved outcomes in patient care and business operations, experts say.

October 1, 2020
By Joseph Mitola III
Senior Airman Daniel M. Davis, USAF, 9th Communications Squadron information system security officer, looks at a computer in the cybersecurity office on Beale Air Force Base. Cybersecurity airmen must manage more than 1,100 controls to maintain the risk management framework. Credit: U.S. Air Force photo by Airman Jason W. Cochran

Users need to transition all networked computing from the commercial central processing unit addiction to pure dataflow for architecturally safe voting machines, online banking, websites, electric power grids, tactical radios and nuclear bombs. Systems engineering pure dataflow into communications and electronic systems can protect them. The solutions to this challenge are in the users’ hands but are slipping through their fingers. Instead, they should grab the opportunity to zeroize network attack surfaces.

October 1, 2020
By Dirk W. Olliges
Leslie Bryant, civilian personnel office staffing chief, demonstrates how to give fingerprints to Jayme Alexander, Airmen and Family Readiness Center casualty assistance representative selectee. Although requiring fingerprints to access information is better than single-factor identification verification, it should be part of a multifactor authentication approach. Credit: 2nd Lt. Benjamin Aronson, USAF

The two-factor authentication schema is often heralded as the silver bullet to safeguard online accounts and the way forward to relegate authentication attacks to the history books. However, news reports of a phishing attack targeting authentication data, defeating the benefits of the protection method, have weakened confidence in the approach. Furthermore, hackers have targeted account recovery systems to reset account settings, yet again mitigating its effectiveness. Facilitating additional layers of security is crucial to bolstering user account protection and privacy today and into the future.

September 29, 2020
 

The ability to perform data science at the edge is growing increasingly important for organizations across the public sector. From smart traffic cameras to hospitals using data processing for faster diagnosis and warfighters leveraging data in theater, the need to derive actionable intelligence at the edge has never been greater.

Gartner researchers predict that by 2025 three quarters of enterprise-generated data will be created and processed at the edge, outside of a traditional data center or cloud. Fulfilling the promise of real-time edge data processing and analysis requires significant intelligence and computational horsepower that’s close to the action.

September 29, 2020
By Ned Miller, Chief Technical Strategist, McAfee U.S. Public Sector

Over the last few months, Zero Trust Architecture (ZTA) conversations have been top-of-mind across the DoD. We have been hearing the chatter during industry events all while sharing conflicting interpretations and using various definitions. In a sense, there is an uncertainty around how the security model can and should work. From the chatter, one thing is clear—we need more time. Time to settle in on just how quickly mission owners can classify a comprehensive and all-inclusive acceptable definition of Zero Trust Architecture.

September 25, 2020
By Maryann Lawlor
Enterprisewide Risk Management (ERM) consists of the formal identification of major risks to the organization’s mission.

Cybersecurity is now a significant area of focus and concern for senior leaders who have witnessed cyber events that have resulted in significant financial and reputational damage. However, for many organizations, data defense continues to be a technology-focused effort managed by the technical “wizards.” Board of director discussions often zero in on describing the latest cyber threats rather than taking a long-range approach.

But cybersecurity is more than a technical challenge. Enterprise risk management (ERM) is an effective tool to assess risks, including those with cyber origins, but few businesses or agencies use the technique for this purpose, cyber experts assert.

September 11, 2020
By Kimberly Underwood
Once more of an operational and end-user experience tool, identity management has evolved to be a core aspect of cybersecurity, especially as part of zero trust architecture, say panelists Wednesday at the FedID conference.

The need to move away from a perimeter-based cybersecurity model—the moat and castle approach—to a cloud-enabled zero trust architecture—an underlying framework that essentially is like placing a security door in front of each and every application—is apparent. Similarly, identity, once mostly an operational and user experience-driven technology, has evolved to be a core aspect of cybersecurity, verifying a user in a network or activity, said Frank Briguglio, strategist, Global Public Sector, SailPoint.

September 3, 2020
By Shaun Waterman
Photo credit: Pixabay

The global economy—and especially more technologically advanced countries like the United States—are increasingly dependent on space-based capabilities like GPS and satellite communications.

“When considering our daily lives,” explained retired Canadian Gen. Robert Mazzolin, now chief cybersecurity strategist for the Rhea Group, a global engineering firm. “There’s not an operation or activity that’s conducted anywhere at any level that’s not somehow dependent on space capabilities,” he went on.

September 9, 2020
 

Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment.

At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.

September 9, 2020
By Shaun Waterman
A GPS III satellite circles the earth. Photo Credit: United States Government, GPS.Gov

​​On both sides of the Atlantic, NATO and European leaders are struggling to address the threat posed to vital space systems by foreign hackers, cyber warfare and online espionage. Huge swathes of the global economy are utterly dependent on orbital capabilities like GPS that look increasingly fragile as space becomes more crowded and contested.

September 1, 2020
By George I. Seffers
Unmanned aircraft have proved immensely valuable to the military and to intelligence agencies, but they are sometimes too noisy for stealthy reconnaissance. The Intelligence Advanced Research Projects Activity is developing a silent and miniature aerial drone known as the Little Horned Owl. Credit: U.S. Defense Department photo by Petty Officer 3rd Class Jeffrey S. Viano, U.S. Navy

The cloud computing infrastructure at the Intelligence Advanced Research Projects Activity allowed the organization to pivot to a new teleworking norm during the pandemic that’s not much different than the old norm. The organization has conducted business as usual, hiring program managers, adding office directors, creating and killing programs, and continuing to meet the intelligence community’s technology needs.

Catherine Marsh, director of the Intelligence Advanced Research Projects Activity, known as IARPA, was told on March 12 to “lean forward,” and she did, allowing almost the entire staff to telecommute beginning the next day. Even contractors work from home legally, securely and effectively.

September 1, 2020
Posted by Kimberly Underwood
The Five Eyes nations, including Australia, Canada, New Zealand, the United Kingdom and the United States, conducted extensive joint research on cyber breeches, culminating in an incident response playbook for the extended community of partners and network administrators. Credit: Shutterstock/Metamorworks

The cybersecurity representatives of the so-called Five Eyes intelligence partners are working together to improve cyber event incident response across the extended community of the countries of Australia, Canada, New Zealand, United Kingdom and the United States. 

September 1, 2020
By Kimberly Underwood
The increase in the remote workforce due to the pandemic has highlighted calls for increased digital identity management. Credit: Shuterstock/Enzozo

Today’s identity management is fragmented and decentralized, relying on a lot of different systems to authenticate people and manage identities. Organizations use a variety of disjointed tools from passwords and smart cards to biometrics. Instead, organizations should pursue a more holistic approach.

September 1, 2020
By Robert K. Ackerman
Credit: Shutterstock/FOTOGRIN

China’s global moves to gain technological hegemony over 5G and reshape the Internet to suit its own needs offer the potential to give the Middle Kingdom control over the telecommunications market and information itself. At the very least, it would achieve market dominance. But at most, it would control both the nature of the Internet and the information that flows through it, say Internet experts.

September 1, 2020
By Shaun Waterman
As part of the nine-day Cyber Guard exercise, participants work through a training scenario. Credit: Navy Petty Officer 2nd Class Jesse A. Hyatt, USN

Second of a two-part report.

The Cyber Solarium Commission, a congressionally chartered panel of expert policymakers, was created to tackle cyber conflict in the same way its Truman-era predecessor addressed the Cold War confrontation between the United States and the Soviet Union. An article in SIGNAL Magazine’s August issue (“Leaders Seek a Grand Strategy for Cybersecurity") explored the commission’s theory of deterrence by denial and how it embraced the concept of resilience.

September 1, 2020
By George I. Seffers
Conceptually, soldiers wearing the tactical identification and authentication tokens could simply approach a system to log in and be recognized by that system, which prompts them to enter a personal identification number or to use a biometric as a second authentication factor. They also may be automatically logged out when they walk away. Credit: U.S. Army

The U.S. Army’s wearable authentication tokens intended for the tactical environment could be used for nontactical purposes, such as accessing strategic-level systems, enterprise networks and medical systems, researchers say.

Pages