The revolutionary advantages offered by defense use of 5G technology could be undone if the United States doesn’t begin now to meet and overcome a set of challenges, said an expert from the National Security Agency (NSA). These challenges range from developing effective security measures to ensuring the supply chain is not contaminated by parts made by foreign adversaries.
Enlighten IT Consulting LLC, Linthicum Heights, Maryland, has been awarded a $66,294,372 firm-fixed-price contract to provide Enterprise Logging Ingest and Cyber Situational Awareness Refinery (ELICSAR) Big Data Platform (BDP) to provide Air Force enterprise data analytics and further development and deployment of ELICSAR in the unclassified, secret, and top secret domains. ELICSAR BDP is a government-owned, cloud-based platform that collects data and enables complex analytics to identify advanced cyber threats. Work will be performed in Linthicum Heights, Maryland, and is expected to be completed March 31, 2024. This award is the result of a competitive acquisition using AFWERX Commercial Solutions Opening authority.
The Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB), the sole authoritative source for operationalizing CMMC assessments and training by the U.S. Defense Department, has announced the formation of a cybersecurity Industry Advisory Council’s (IAC).
The CMMC-AB IAC mission is to provide a unified voice as representatives of organizations seeking certification to provide to the Defense Department and the accreditation board feedback, input and recommendations for implementing the CMMC.
The national security community needs to prepare now for the possibility that U.S. adversaries could develop and deploy quantum computers, which would render useless most conventional encryption algorithms, says Adrian Stanger, senior cryptographic authority, Cybersecurity Directorate, National Security Agency (NSA).
The nature of military permanent change of station assignments can create gaps in the U.S. Defense Department’s protected posture to cyber assets. The current approach allows valuable institutional knowledge literally to walk out the door, often being replaced with inadequately prepared personnel walking in. This practice runs contrary to the Pentagon’s stated strategic goals that aim at building and maintaining a skilled workforce rather than solely acquiring new tools.
NATO is at risk of losing its technology edge because of emerging and disruptive technologies increasingly developed within the civil sector. The growth of peer competitors’ determination, especially China, and the decline of technology education in Western countries are eroding the advantage they once skillfully held.
To address this state of affairs, the organization’s defense ministers are examining a number of activities. As a part of this initiative, the NATO Industrial Advisory Group (NIAG) conducted a study to provide the industry view of the implications of emerging and disruptive technologies (EDTs) and Chinese advances in defense operations and military capability development.
The federal government has been taking zero trust more seriously. Although a significant part of it has yet to be implemented, some initial work has been completed with zero trust network access, yet the outside-in approach to zero trust and complexity remains. But the more important aspect of zero trust relates to application and workload connections, which is what attackers care about and is not being protected today.
This “other side” of zero trust and a host-based micro-segmentation approach will lead to greater security and will stop the lateral movement of malware. Constituting multiple pilot projects is the best way forward in the inside-out approach to zero trust.
U.S. Army officials expect soon to release a multidomain operations (MDO) posture statement that will complement both the new MDO vision document released by the Army Chief of Staff and the posture statement from U.S. Cyber Command.
The MDO posture statement will detail how the Army intends to achieve its MDO vision for 2035. It will be released soon, possibly as early as April, according to Army officials conducting a March 26 telephonic media roundtable.
The last year presented “unique challenges” to the military combatant command in charge of defending U.S. related interests in cyberspace. The three-year old U.S. Cyber Command, which plans and executes global cyberspace operations, activities and missions in regard to defending and advancing national interests, has spent the last year defending and mitigating against the continuing cyber threats from China, Russia, Iran and nonstate actors and criminals, reported Gen. Paul Nakasone, USA, commander, U.S. Cyber Command (CYBERCOM); director, National Security Agency (NSA); and chief, Central Security Service (CSS); in testimony before the Senate Armed Services Committee today.
With ransomware and malware attacks on the rise across the globe, leaders need to be positioned for incident response before a breach occurs. Most businesses are not prepared for the earth-splitting impact a ransomware attack will present to their organization. Many organizations are deploying the “HOPE” strategy against ransomware. They hope every day that they aren’t targeted, because they know a ransomware attack will present a monumental financial and organizational challenge. Commercial businesses have paid hundreds of millions of dollars to black hat hackers for the rights to the decryption key to restore their network. Ransomware can shut down computers and lock out users until they pay hackers a ransom.
Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment. At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.
The U.S. Air Force will be flying in a different sort of cloud as it matures its information technology systems. Its Cloud One system will be at the heart of equipping everyone in the Air Force and the Space Force with access to vital information as it embraces multidomain operations.
Lauren Knausenberger, chief information officer, U.S. Air Force, described the future Air Force information environment at the AFCEA Rocky Mountain Chapter’s Rocky Mountain Cyberspace Symposium being held March 8-11 both virtually and at The Broadmoor in Colorado Springs, Colorado. She reported that many elements will need to come to pass, including better cyber training, for this new enterprise information system to realize its full potential.
In the ever-growing and complexifying ecosystem of the Internet of Things (IoT), demand for connectivity is stronger than ever and only bound to intensify. Statista predicts that by 2025, there will be 38.6 billion devices connected to the internet, which will put even more pressure on organizations to monitor their infrastructures.
For system administrators, there are several obstacles to keeping pathways clear and the flow of data smooth. Here are a few of the most common roadblocks when it comes to IoT monitoring, as well as a few ways to overcome them.
Roadblock #1: Managing different interfaces for different devices
The National Security Agency/Central Security Service (NSA/CSS)-Hawaii is looking toward innovation, both in technology and in service, as it ramps up to meet the challenges posed in the region covered by the Indo-Pacific Command (INDOPACOM). And these challenges have evolved during the COVID-19 pandemic, notes the head of the office.
Capt. Kurtis Mole, USN, commander, NSA/CSS Hawaii, addressed the opportunities NSA/CSS is seizing during his keynote address on the third day of TechNet Indo-Pacific, running virtually March 1-3. Capt. Mole defined the agency’s challenges against the backdrop of the vast Indo-Pacific region while noting its applicability worldwide.
The 35th annual AFCEA TechNet Indo-Pacific conference featured a panel with top female leaders addressing cybersecurity workforce issues. Having ever-present cybersecurity training, reaching a younger audience on their level and leveraging women who may be seeking a second career are all ways to close the cybersecurity workforce gaps, the leaders said.
The rise of the People’s Republic China as a peer competitor vying for superpower status has emerged as an important challenge for the United States. To confront this competition, policy and decision makers must preserve and extend U.S. global interests to deter China if necessary and work in the international system in which the United States plays a vital role.
The entire nation must engage in an informed debate about cybersecurity and how to stop the damage being inflicted by adversaries through cyberspace, says the director of intelligence for the U.S. Cyber Command. Brig. Gen. Matteo Martemucci, USAF, J-2 for the U.S. Cyber Command, says this debate must explore whether the roles played in cyber defense stay the way they are or change.
If all goes as planned, a major mobile cellphone carrier will ultimately adopt technology developed under the Defense Advanced Research Project’s Agency’s Open, Programmable, Secure 5G program. Doing so will allow the open-source, secure technology to proliferate as so-called Internet of Things technologies become more ubiquitous.
The U.S. Defense Department already is looking beyond its massive $600 million investment in 5G experiments announced in October. Plans include a second round of experiments and the potential for expanding efforts with other government agencies and with international partners.
The telecommunications industry is currently rolling out the fifth-generation wireless network known as 5G, which is bringing more bandwidth, lower latency, high-speed throughput, improved reliability and increased connectivity to mobile communications. Off of that advancing communications point will come 6G, the sixth iteration of the wireless network.
As a lead nation, Germany has been successfully designing and implementing the Federated Service Management and Control capability as part of the development of the NATO Federated Mission Network. Throughout the joint approach, NATO member states, partner nations Austria and Switzerland, the NATO Communications and Information Agency, the Allied Command Transformation and Supreme Headquarters Allied Powers Europe, which are both NATO strategic commands, as well as Allied Command Operations have been continuously involved in its design and incremental implementation.
Today, the Defense Information Systems Agency’s new leader, Lt. Gen. Skinner, USAF, was promoted, and tomorrow, he will take on his new role. Gen. Skinner returns to the agency, known as DISA, this time at the helm. He is taking over from Vice Adm. Nancy Norton, USN, the current director of DISA and the commander of the Joint Force Headquarters Department of Defense Information Networks (JFHQ-DODIN) as she retires after three years in the role.
The U.S. Army is applying its cyber expertise across the defense spectrum as it blends tactical and strategic capabilities while helping the departmentwide cyber mission. This ranges from operational activities to training, and the effort spans both defensive and offensive cyber missions.
Some of these points were explained in day 2 of the first episode in the TechNet Augusta Virtual Solutions Series, airing February 16-17. Col. John Transue Jr., USA, director, Army Capability Manager (ACM) Cyber, described how the separation between tactical and strategic capabilities is blurring as the Army applies elements of one to the other.
The U.S. Army’s 1st Special Forces Command (Airborne) is looking to fill vital cyber and communications gaps, but with technologies tailored to its unique missions, said Maj. Gen. John Brennan, USA, commanding general, 1st Special Forces Command (Airborne), Fort Bragg, North Carolina. The command is the largest divisional element in the Army, with soldiers that serve in special forces, psychological operations groups and battalions, civil affairs groups and information warfare groups and for the national mission force that operates mostly with the Joint Special Operations Command units.
Ask someone in federal IT what zero trust means and you’re likely to hear that it’s about access control: never granting access to any system, app or network without first authenticating the user or device, even if the user is an insider. The term “Never trust; always verify” has become a common way to express the concept of zero trust, and the phrase is first on the list of the Defense Information Systems Agency’s (DISA’s) explanation.
Companies preparing for Cybersecurity Maturity Model Certification (CMMC) should beware of firms that are promising to get them certified, said a government official. Stacy Bostjanick, director of CMMC, Office of the Under Secretary of Defense (A&S), stated that any firms claiming to be able to do that are not capable of that function yet.
Cyber Systems and Services Solutions, Bellevue, Nebraska, has been awarded a $17,765,741 firm-fixed-price and cost-plus-fixed-fee modification (P0010) to contract FA8773-18-D-0002 to exercise Option Three for defensive cyber realization, integration and operational support services. Work will be performed at Joint Base San Antonio (JBSA)-Lackland, Texas, and is expected to be completed February 28, 2022. This modification is the result of a competitive acquisition and seven offers were received. Fiscal 2021 operation and maintenance funds in the amount of $8,764,731 are being obligated at the time of award. The 38th Contracting Squadron, JBSA-Lackland, Texas, is the contracting activity.
DevSecOps is being used to implement cyber hardening solutions that secure deployed, operational platforms and industrial control systems (ICS) against cyber threat actors. Work in vulnerability analysis and applied artificial intelligence (Ai) tool development enables streamlined threat mitigation and cyber hardening of Joint All Domain Operations (JADO) platforms and systems of the future. Learn more about how commercial algorithm innovations and government technology stacks are being combined to create rapidly fielded, integrated and accredited solutions here: https://www.alionscience.com/cyberhardening.
The Defense Department has an information warfare (IW) problem. While the information environment continues to grow exponentially in importance and ubiquity, rapidly transforming the character of competition and war, there is no organization within the department that directs, synchronizes and coordinates IW planning and operations.
U.S. Cyber Command serves this very purpose for cyber operations, as do its service components. But this necessarily anchors the focus of American IW on a single information related capability (IRC), at the expense of the many other IRCs and their ability to generate military advantage.
Officials in U.S. federal and state governments need to consider and address the possible cyber risks stemming from the current civilian unrest, cyber experts advise. Until now, the federal government, especially, has had a foreign intelligence focus, said Adm. Michael Rogers, USN (Ret.).
The Defense Digital Service (DDS) and HackerOne announced the launch of the DDS’s latest bug bounty program with HackerOne. It is the eleventh such program for DDS and HackerOne and the third with the U.S. Department of the Army.
Hack the Army 3.0 is a security test— time-bound and hacker-powered—aimed at revealing vulnerabilities so they can be resolved before they are exploited by adversaries. The bug bounty program will run from January 6, 2021, through February 17, 2021, and is open to both military and civilian participants.
It is no secret that the U.S. government is grappling with cybersecurity issues across its organizations and agencies. The good news is that the government has an auditing agency that investigates possible weaknesses or cybersecurity gaps and makes key recommendations to rectify problems: the U.S. Government Accountability Office, known as GAO.
Germany, the United States and many other nations are facing a more diverse, complex, quickly evolving and demanding security environment than at any time since the end of the Cold War. The resulting challenges to national and international security and stability could be as harmful to societies, economies and institutions as conventional attacks.
The U.S. Army’s universal, reprogrammable encryption chip is in final testing and may be destined for the service’s next-generation encryption fill device, other military services or possibly even the commercial sector.
The REprogrammable Single Chip Universal Encryptor (RESCUE) technology was developed to be a government-owned, general-purpose cryptographic module and architecture that is highly tailorable to counter emerging cryptographic threats. It uses standardized encryption algorithms designed by the National Security Agency (NSA) and the National Institute for Standards and Technology.
The U.S. Army upped the tempo when Gen. Mark Milley, USA, fired off his first message to the force in August 2015 as the newly sworn-in Army Chief of Staff: “Readiness for ground combat is—and will remain—the U.S. Army’s No. 1 priority.” Today, Gen. Milley is the chairman, Joint Chiefs of Staff, and the Army has rebuilt its tactical readiness through a transformational process that it is now expanding to focus on strategic readiness.
Emerging technology, state actors such as Russia and China, and nonstate actors including ISIS, are often quoted as some of the greatest threats to computer and network security. But before the United States can engage with these threats effectively, the war against words must take place.
One place to start is by eliminating the word “cyber” as a descriptor. The term has been used and overused, manipulated and exploited so many times and in so many places, it has become meaningless. What individuals or organizations mean or want when they use it is impossible to say. It’s time to scrap the word altogether and instead specify technical concepts at a more granular level.
Experts have issued fresh warnings to U.S. citizens over the enormous amount of sensitive, personal information being routinely captured and commoditized, and that this same information is being weaponized by the country’s adversaries. A panel at the recent AFCEA TechNet Cyber conference highlighted that data gathering by Facebook, WhatsApp and Google presents a significant risk to both individuals and the nation.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, reported yesterday that the Federal Bureau of Investigation, the Office of the Director of Intelligence and CISA itself had created a Cyber Unified Coordination Group. The move was necessary given the alarming cyber compromise, a Trojan-style attack by threat-actor UNC2452 with ties to Russia. The attack, identified by FireEye, reached North American, European, Asian and Middle Eastern governments, technology firms, telecommunications, consulting companies and other entities, the company said.
Because U.S. adversaries likely will be able to use quantum computers within the next several years, Defense Information Systems Agency (DISA) officials are beginning to explore quantum-resistant technologies and the role the agency might play in developing or deploying those technologies.
Massive amounts of sensitive information on U.S. citizens are being collected, created, shared, bought and sold, and in some cases used as a weapon by the country’s adversaries, according to a panel of experts speaking at the AFCEA TechNet Cyber conference, a virtual event held December 1-3.
The information is gathered and sold by companies such as Facebook and Google and the producers of a wide range of applications, programs and technologies.
Amassing data serves little purpose if it is not processed into knowledge, and that knowledge is largely wasted if leaders don’t understand what they have and how it can best be used.
That was just part of the message on empowering knowledge delivered by a NASA expert on the second day of TechNet Cyber 2020, AFCEA’s virtual event held December 1-3. Tiffany Smith, chief knowledge officer and information technology manager in NASA’s Aeronautics Research Mission Directorate, emphasized the importance of understanding both the knowledge at hand, knowledge priorities and the people who will exploit that knowledge to the fullest.
Innovative ideas may hold the key to thwarting cyber adversaries emboldened by opportunities offered in the COVID-19 pandemic. And, the source of these innovative approaches may be diverse personnel who break the mold of conventional cybersecurity professionals.
The Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN) is partnering with a broad base of national security organizations and industry to counter an increasing threat to U.S. forces and their operations worldwide. The JFHQ-DODIN seeks to meet this challenge with four primary focus areas that include new technologies such as automation to move data, hone commanders’ information and defend the network.
Electronic implants in the brain or other parts of the body may be more efficient and effective due to a recent breakthrough by researchers at the University of Delaware. The advance potentially offers a wide array of biotechnology benefits and could also allow humans to control unmanned vehicles and other technologies with the brain.
The U.S. Defense Department is developing a machine learning tool that can more quickly detect cyber intrusions and enable a more rapid response.
Speed will be the order of the day for military information systems as new technologies incorporate breakthrough innovations. Hardware also will transform as capabilities grow in influence. But above all, the entire defense information system community is undergoing major cultural changes spawned by a combination of innovation and disease.
The U.S. Air Force, led by Brig. Gen. Chad Raduege, USAF, the Air Combat Command’s A-6, along with Deputy Chief Information Officer Lauren Knausenberger, is pursuing Operation Flamethrower, an aggressive project to abandon legacy network-related policies, processes or equipment that are not working. The tongue-in-cheek name of the effort is meant to illuminate the nature in which leaders will eliminate ineffective or redundant components in order to drive innovation.
“We are ruthlessly going after these things and setting them on fire,” Knausenberger said.
The U.S. Air Force is on track to provisionally stand up its first and only Spectrum Warfare Wing (SWW)— known as the 350th SWW—this spring. The organization will be responsible for electronic warfare and so-called electromagnetic spectrum missionware. The 350th SWW’s role will run the gamut of providing such capabilities along the development, hosting, integration, testing and distribution phases, reported Lt. Gen. Chris Weggeman, USAF, deputy commander, Air Combat Command (ACC).
Adversaries are stepping up their efforts to exfiltrate information and weaken the U.S. supply chain through cyberspace. These efforts aim to both wreck the country from within and strengthen the hand of the adversary wielding the digital sword, according to a U.S. government official.
New government security measures are designed with these challenges in mind, and they can help secure targeted small businesses. The Cybersecurity Maturity Model Certification (CMMC), which is rolling out, is designed to help mitigate the effects of adversarial activities in cyberspace.
As the United States enters the third decade of the 21st century, our nation faces growing and rapidly evolving threats to our information technology, infrastructure, networks and data. Indeed, the ever-present threat of cyber attacks is one of the most significant challenges we face, impacting economic, political, societal and national security concerns. This ever-present threat touches every corner of our economy and every level of our government, from municipalities and school districts to state election databases to the Internal Revenue Service, Office of Personnel Management and the Defense Department.