cyber

April 1, 2020
By Kimberly Underwood
Among its other responsibilities in cracking hard issues, the National Risk Management Center, part of the Cybersecurity and Infrastructure Security Agency, is examining the concept of vendor attestation to help vendors assess themselves against a set of commonly agreed-upon metrics. Credit: Shutterstock/deepadsigns

Daily cyber attacks and other threats naturally take up the short-term attention of many governmental agencies, but there is a need for a more strategic look at risks to the nation’s critical infrastructure. A center within the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, is charged with examining how to address concerns in the long-term.

April 1, 2020
By Mark A. Spangler
Navigating today’s cyber battlespace without a robust understanding of organizational risk, mission essential functions and critical cyber terrain can cause even the most seasoned manager to feel digitally adrift. Credit: Original image is a composite of at least nine images and graphics that TriSept’s, Axel Edling, created.

Managing an enterprise cybersecurity and information assurance program in any company today is a complex balancing act. It resembles an unending three-dimensional chess match entwining business risk, profit and loss, pitting a company’s very survival against myriad global threat actors. An organization’s cybersecurity stance also involves a combination of technology and solid decision making at an organization’s highest levels.

April 1, 2020
By Michael M. Hanna
Shutterstock/kentoh

The concern of machine ethics and laws spills into the everyday workings of society, not just the domain of defense. Many concepts revolve around the law of armed conflict, societal law, ethical dilemmas, psychological concepts and artificially intelligent cyber systems, as well as their relationships among each other. In addition to the delineation of machine ethic guidelines, an ethical life cycle is necessary to account for changes over time in national circumstances and personal beliefs. Just recently, the Defense Innovation Board, which serves as an advisory board to the Pentagon, met and published ethical guidelines in designing and implementing artificially intelligent weapons.

April 1, 2020
By Sarbari Gupta, Ph.D.
Overspending on cyber tools and appliances placed in the wrong location or configured poorly can be equally bad if not worse than under-resourcing. 2,500 years before the advent of digital networking, military strategist Sun Tzu’s advice is still applicable: You must know your enemy and know yourself to be victorious. Credit: Pexels/meo

Security is among the single greatest concern government agencies have about moving their systems to the cloud. Although it offers significant benefits, cloud computing continues to raise questions about data and system protection. Regardless, the Office of Management and Budget via its Cloud Smart Strategy and the previous Cloud First policy mandates government agencies move to the cloud.

March 23, 2020
By Greg Touhill
With the Coronavirus driving more people to work or study from home, it is more important than ever for private individuals and families to secure their home networks. Credit: Manolines/Shutterstock

As people around the world practice self-isolation in an effort to reduce exposure and spreading of the COVID-19 virus, the need to maintain a strong cybersecurity posture arguably has never been higher. Millions of people have shifted their daily lives to an environment relying on telework, distance learning, Internet-enabled social engagement, streaming news and entertainment and other activities.

This “new normal” is facilitated by the robust capabilities of the Internet. Yet it presents a significant cyber risk. During the COVID-19 crisis, we’ve seen bad actors stepping up their game with increased incidents of phishing, disinformation, watering hole attacks and other criminal activity.

March 25, 2020
By Kimberly Underwood
Credit: Shutterstock

How the U.S. government responded to the vulnerabilities created by anti-virus software and other products from Russia’s AO Kaspersky Laboratories is an important demarcation point in the growing awareness of and need for supply chain trust and assurance. Before that, conversations regarding supply chain risk management “were sort of siloed off to the side,” explains Daniel Kroese, acting deputy assistant director for the Cybersecurity and Infrastructure Security Agency’s National Risk Management Center at the Department of Homeland Security.

March 25, 2020
 

Smartronix Inc., Hollywood, Maryland, is awarded a $26,565,294 modification (P00011) against a previously awarded cost-plus-fixed-fee task order N00421-19-F-0422 under a general services, Alliant 2 government-wide acquisition contract (47QTCK-18-D-007). Work will be performed in Patuxent River, Maryland, and will provide for the development, planning, execution, monitoring and life cycle services for information technology/cybersecurity programs and activities in support of the Naval Air Warfare Center Aircraft Division, Information Technology and Cyber Security Department.  Work is expected to be completed in March 2021.

March 17, 2020
Posted by Julianne Simpson
Essye Miller, principal deputy, DOD CIO, speaks at a town hall on the response to COVID-19. Credit: Screenshot of DVIDS video

During a town hall on the response to COVID-19, leaders at the Pentagon stressed the importance of cybersecurity as more employees shift to telework. Along with personal hygiene, Daniel Walsh, acting director, Pentagon Force Protection Agency, asked Pentagon personnel to practice good cyber hygiene.

Essye Miller, principal deputy, Department of Defense Chief Information Officer, echoed similar sentiments. “With the increased telework capability comes an increased attack surface for our adversaries. They are already taking advantage,” she said.

March 9, 2020
By Kimberly Underwood
The Air Force’s Cyber Resiliency Office for Weapons Systems is helping to solve the service’s cybersecurity issues by securing weapons systems, improving training and adding cyber resiliency components into programs. Credit: Shutterstock/Den Rise

The three-year old Cyber Resiliency Office for Weapons Systems, known as CROWS, created by the National Defense Authorization Act of 2016, has set about making cyber resiliency a part of the U.S. Air Force. As a problem solver for the service, the organization is elevating the cybersecurity of weapons systems, improving the Air Force’s training in cyber and adding cyber resiliency components where uniquely needed, Joseph Bradley, SES, director of CROWS, told SIGNAL Magazine in an interview. Bradley also serves as the Air Force Life Cycle Management Center-Hanscom’s Engineering and Technical Management associate director.

March 1, 2020
By George I. Seffers
The Army Rapid Capabilities Office uses the Network Integration Evaluation exercises to gain soldier feedback on electronic warfare prototypes. The service expects to make advances this year on reintroducing sophisticated electronic warfare technologies back into the force.  Original image by Sgt. Maricris C.McLane, 24th Press Camp Headquarters. Edited by Chris D’Elia.

This year the Army will take several steps in the march toward reintroducing cutting-edge electronic warfare systems capable of countering near-peer competitors.

March 1, 2020
By Kimberly Underwood
Known as a software bill of materials, a list of software components, information about those components and their relationship to the supply chain, are key elements in building supply chain transparency. Credit: Shutterstock/Andrey Suslov

Having a detailed description of the software components in any software-based product is necessary to identify cyber vulnerabilities and ultimately help reduce cybersecurity risks, officials say. The National Telecommunications and Information Administration, working with industry stakeholders, is pursuing the advent of a so-called software bill of materials to apply to digital products that identifies and lists the pieces of software, information about those components and supply chain relationships between them, the agency specifies.

March 1, 2020
By Maj. Gen. Jennifer Napper, USA (Ret.)
Threats to the supply chain—especially cyber threats—continue to grow. Credit: Leyn/Shutterstock

When the National Counterintelligence and Security Center designated April as National Supply Chain Integrity Month, it cited threats that cost the country innovation, jobs and economic advantage. It also mentioned a reduction of U.S. military strength as the need for increased awareness. Now as we approach the one-year anniversary of that designation, threats—especially cybersecurity threats—continue to grow and evolve. These give the military-industrial base new reasons to refocus on the security of contractors, subcontractors and suppliers.

March 1, 2020
By Shaun Waterman
Hardware for 5G networks largely comes from non-U.S. firms. Samsung technology provides the foundation for Sprint Mobile’s 5G network in Chicago. Credit: Samsung

The much-hyped 5G has begun to arrive, but in the United States, the truly transformative elements of these next-generation cellular networks are probably still four or five years off. Although improvements such as 100-times-faster speeds will enable more life-and-death type services, including remote surgery or self-driving cars, they also employ a more compromised hardware supply chain and offer a larger attack surface than current networks, federal officials warn.

“The anxiety from governments and regulators about the security issues [arising from 5G] and possible nation-state interference is at a fever pitch right now,” Robert Mayer, senior vice president for cybersecurity, USTelecom, says.

March 1, 2020
By George I. Seffers
The littoral combat ships USS Independence, back, and USS Coronado travel together in the Pacific Ocean. One of the Defense Department’s primary cybersecurity concerns is that adversaries can hack into industry networks and steal secrets about developing weapon systems. U.S. Navy photo by Chief Mass Communication Specialist Keith DeVinney/Released​

With the U.S. Defense Department’s new cybersecurity verification requirements set to go into effect later this year, the Pentagon gets high marks from cybersecurity professionals for finally addressing the lack of contractor security, but experts also express doubts about the aggressive schedule and the potential for unintended consequences.

February 7, 2020
By Kimberly Underwood
Hands-on events, such as the Capture the Flag competitions at recent AFCEA chapter conferences, are helping to build the next generation of cybersecurity protectors. Credit: Shutterstock

At conference halls throughout the year, groups of students work intensely to complete digital challenges in cyberspace, vying to win so-called Capture the Flag Contests, such as several hosted by Deloitte. The company sponsors several such educational cybersecurity competitions, including recently at AFCEA Alamo ACE in San Antonio and in Colorado Springs at the AFCEA Rocky Mountain Cyberspace Symposium.

February 1, 2020
By Robert K. Ackerman
The aircraft carrier USS Theodore Roosevelt transits the Pacific Ocean with the USS Russell and the USS Paul Hamilton. The U.S. Navy is facing several challenges as it strives to modernize its information technology across the breadth of its sea and land assets.  U.S. Navy photo

Long-discussed cybersecurity issues such as cultural attitudes, innovation and supply chain vulnerability are now at the top of the U.S. Navy’s information technology action list as it faces a multifaceted threat to information dominance. Current conditions present a sense of urgency in efforts to upgrade Navy and Marine Corps information assets, but the services also face a window of opportunity that they can exploit.

February 1, 2020
By George I. Seffers
The amphibious assault ship USS Bataan (LHD 5) departs Naval Base Norfolk. It will be one of two ships to initially carry the Information Warfare Platform to sea. Photographer’s Mate 1st Class Shawn Eklund/U.S. Navy​

Before the end of the fiscal year, the U.S. Navy intends to deliver an early version of the Information Warfare Platform to two ships, the USS Lincoln and USS Bataan before fielding more comprehensive systems to the Theodore Roosevelt Strike Group. The new capability will be enabled in part by artificial intelligence, machine learning and so-called digital twins. It is expected to offer the ability to acquire, test, install and field technologies at a faster, more affordable rate while also enhancing cybersecurity.

February 24, 2020
By Tim Mullahy
Members of the Oklahoma National Guard drive down Telephone Road in Moore, Oklahoma, May 21, 2013, en route to the neighborhoods devastated by a tornado. Cybersecurity needs to be a priority in the aftermath of major disasters when people and their personal data can be most vulnerable. U.S. Air Force photo by Senior Airman Mark Hyber

It’s easy to forget that in the midst of a catastrophe, physical safety isn’t the only thing that’s important. As technology’s role in disaster response and relief becomes more and more prevalent, cybersecurity becomes an essential part of the process. Here’s why.

Few people are more vulnerable than those impacted by a crisis. Whether a man-made attack or a natural disaster, the widespread destruction created by a large-scale emergency can leave countless individuals both destitute and in need of medical attention. Protecting these men, women and children requires more than a coordinated emergency response.

February 21, 2020
By Robert K. Ackerman
Adm. James Stavridis, USN (Ret.), is an operating executive for The Carlyle Group and former supreme allied commander of NATO.

The United States is woefully underprepared to protect cyberspace against the worst-case scenarios threatening the country, says the former supreme allied commander of NATO. Adm. James Stavridis, USN (Ret.), operating executive for the Carlyle Group, warns that long-term solutions must be paired with near-term actions to prevent a host of cyber threats from crippling the United States militarily and economically.

February 20, 2020
 

Dark Wolf Solutions LLC, Chantilly, Virginia, has been awarded a $75,000,000 blanket purchase agreement for cyber innovation services. This award was made from GSA Professional Services Schedule number:  GS-00F-086GA. The contractor is a Phase III, Small Business Innovation and Research program participant. The location of performance is Hill Air Force Base, Utah. The work to be conducted includes software penetration testing and adversarial assessment. The work is expected to be complete by October 19, 2020. Fiscal 2020 research development test and evaluation funds in the amount of $7,093,286 are being obligated at the time of award via task order FA7014-20-F-0041.

Pages