The Cyber Edge

The Cyber Edge Home Page

February 20, 2018
By Kimberly Underwood
Government mobile devices are still vulnerable to cyber attacks, a recent report says. Photo credit: Shutterstock/Georgejmclittle

Mobile devices used by federal employees continue to be susceptible to malicious cyber attacks. Email accounts, stored documents, microphones and cameras on the devices still present avenues of entry for bad actors.

Complicating the matter are conflicting governmental compliance policies, misconceptions of security measures and naivety about the exact risks, a recent survey concluded. Many agencies are still ill equipped to handle these incidents. Moreover, even if policies are in place, employees do not always follow them, and intrusions still happen, according to the report, "Policies and Misconceptions: How Government Agencies are Handling Mobile Security in the Age of Breaches," prepared by San Francisco-based Lookout Inc.

February 1, 2018
By Nicola Whiting
Credit: Mopic/Issarawat Tattong/Shutterstock

Advances in automated cyber weapons are fueling the fires of war in cyberspace and enabling criminals and malicious nation-states to launch devastating attacks against thinly stretched human defenses. Allied forces must collaborate and deploy best-of-breed evaluation, validation and remediation technologies just to remain even in an escalating cyber arms race.

December 13, 2017
By Robert K. Ackerman
A U.S. Air Force U-2 lands at Al Dhafra Air Base in the United Arab Emirates. The Air Force is developing a new intelligence, surveillance and reconnaissance (ISR) strategy that focuses on data instead of collection platforms.

The U.S. Air Force is shifting its emphasis in intelligence, surveillance and reconnaissance (ISR) away from platforms and toward data as it develops a new ISR strategy. Planners are aiming at a new approach that changes how ISR is undertaken and how it benefits decision makers and warfighters alike.

The new strategy is being built around a core philosophy: “We cannot continue to conduct ISR in the same old ways using the same old methods,” states Col. Johnson Rossow, USAF, Air Force A-2 chief of capabilities-based planning under the Future Warfare Directorate. “We need to be looking at … using old tools in new ways, or new tools in new ways.”

February 1, 2018
By George I. Seffers
Ultimately, lessons learned and technologies developed under the Next Generation Cyber Infrastructure Apex program will benefit other critical infrastructure industries, such as oil and gas.

Within the next 12 months, a fledgling program at the U.S. Department of Homeland Security will likely begin transitioning cybersecurity technologies to the finance sector in an effort to shore up the nation’s critical infrastructure. Technologies developed under the program ultimately could be made available to other sectors.

February 1, 2018
By Kimberly Underwood
 The European Union Agency for Network and Information Security, or ENISA, plays a collaborative role to bring Europe together to improve cybersecurity.

Europe is taking on several socio-technological initiatives, including developing a digital single market and tackling consumer financial services reform. Add the need to balance privacy concerns and safeguards across 28 member countries of the European Union, and it may seem like a tall order for policy makers to help strengthen information security.

Enter the European Union Agency for Network and Information Security, the European Union’s cybersecurity agency known as ENISA. The agency, founded in 2004, equips the European Union (EU) to prevent, detect and respond to cybersecurity problems.

February 1, 2018
By Kimberly Underwood
The distinctive collegial nature of universities makes them susceptible to cyber attacks, experts say. Credit: Jorge Salcedo/Shutterstock

Although universities can be part of larger cyber attacks as unwitting victims like any other organization or enterprise, the institutions are distinguished by a collegial nature that renders them vulnerable. Academia has a more open atmosphere and a mindset of research and collaboration, making universities an enticing cyber target even for adversaries such as nation-states

February 1, 2018
By James R. Rutherford and Gregory B. White
A proposed new cyber kill chain model modifies the previous one by adding an intelligence-gathering step as well as a step for execution of an attack and exfiltration of information. Credit: Denis Semenchenko/Shutterstock

Understanding the cyber kill chain and disrupting it could effectively defend against the most recent generation of cyber attacks. By scrutinizing the time and effort hackers invest in scoping out potential targets, network defenders can take advantage of several opportunities to block system access or, at the very least, drive up the cost, making attempts unappealing.

February 1, 2018
By George I. Seffers
A new project led by Lawrence Livermore National Laboratory aims to use distributed energy resources, such as customer-generated solar power, to enhance the electrical grid’s ability to recover quickly from blackouts or cascading outages. The work is funded through the U.S. Department of Energy’s Grid Modernization Initiative.

A new project headed by Lawrence Livermore National Laboratory aims to use microgrid resources to boost the electric grid’s ability to bounce back more rapidly from blackouts or cascading outages, such as those following major storms or earthquakes.

In less than three years, researchers will attempt to demonstrate the potential of distributed energy resources, including the energy produced by solar panels on homes, to help restore power to the grid from scratch, an effort commonly known as a black start. The black start process is now done manually using special generators that can provide power to slowly bring other generators back online.

January 25, 2018
By Maryann Lawlor
While the migration to the Joint Regional Security Stacks will transition ownership of security architecture from the Air Force to DISA, the squadron will retain operational control of traffic flow for Air Force networks. U.S. courtesy photo

The Defense Information Systems Agency (DISA) now offers service product packages to mission-partner authorizing officials to provide a holistic view of their information systems risk posture. The packages help ensure compliance for mission partners who have programs and systems hosted within the DISA computing ecosystem.

Control Correlation Identifiers (CCIs) within the service packages allow high-level policy framework requirements to be decomposed and associated with low-level security settings to determine compliance with the objectives of that specific security control.

January 1, 2018
By George I. Seffers
“The most important thing I will predict is that we will stop talking about the technology of cognitive computing. It will be simply a behavior that will be built into any newer system,” says Sue Feldman, a co-founder of the Cognitive Computing Consortium.

Millions of hits result from searching Google for the phrase “how cognitive computing will change the world,” reflecting the public’s big appetite for information about the emerging technology. But some experts foresee a time when the extraordinary is ordinary.

December 28, 2017
By David Mihelcic
Former DISA official David Mihelcic stresses the need to balance IoT convenience and benefits with cybersecurity needs. Credit: PIRO4D/Pixabay

The federal government has invested billions of dollars on Internet of Things (IoT) technologies over the past few years, but it may be compromising its security posture for better information. Certainly being able to share and access the information derived from connected sensors is vital to the protection of the United States and instrumental to military success. However, connected devices present enticing targets, as evidenced by the 2016 Mirai Botnet attack, which originated through vulnerable IoT devices.

January 1, 2018
By Robert K. Ackerman
A soldier with the U.S. Army’s 780th Military Intelligence Brigade sets up deployable cyber tools at the National Training Center in Fort Irwin, California. The Army’s Chief Information Officer (CIO)/G-6 office is working to bring operations, intelligence and policy making closer together in its cybersecurity efforts. Credit: U.S. Cyber Command

The U.S. Army is narrowing the gap between policy and operations as it confronts new threats in cyberspace. Field reports are having greater and faster influence on the issuance of directives, and intelligence is now a major player in determining cyber policy.

“Aligning cybersecurity directly with our operations to achieve readiness is the key to succeeding and moving forward,” says Carol Assi, division chief for cybersecurity policy and governance in the Army Chief Information Officer (CIO)/G-6 office. “And shrinking the gap between operation and policy, having continuous dialogue and working hand in hand, addressing issues in a collaborative environment, [are essential] to that. We no longer can afford to work in silos.”

January 1, 2018
By Maj. Gen. Gregg Potter, USA (Ret.), and Chris Valentino
The U.S. Army Cyber Command’s 41 Cyber Mission Force teams, including the 780th Military Intelligence Brigade operations center at Fort Meade, Maryland, achieved full operational capability more than a year ahead of schedule. Credit: Steve Stover

The U.S. Cyber Command’s Cyber Mission Force must keep pace with a threat landscape that is evolving at an unprecedented tempo. Cyberthreats are constantly growing in volume, velocity and sophistication, and the force needs a warfighting platform that will allow it to get ahead of attackers. That platform should enable continuous improvement through iterative development at the speed and scale of military operations.

January 1, 2018
By Ryan Brichant
One way international military and government agencies gather information about weather and oceanographic data to enhance forecasting and environmental models is through networked buoys. The Royal Danish Air Force deployed these ice-hardened buoys from a C-130 into the Arctic Ocean in September as part of the International Arctic Buoy Program. Credit: John F. Williams

No longer a curiosity, the Internet of Things has emerged as a highly sought-after technology advantage for organizations worldwide. The federal government has stepped up as an innovator within this space, generating profound advancements with seemingly unlimited promise to support national security missions. Those in doubt need look no further than research from the Center for Data Innovation, a nonprofit, nonpartisan institute, which reveals a broad range of eclectic, real-life implementations. 

January 1, 2018
By Milan Balazik and Col. Katerina Bernardova, CZA (Ret.)
The Czech army examines the dynamics within social groups using a technique called sociomapping, which helps analyze an adversary’s team member relationships and applies to offensive cybersecurity team building.

Modern information and networking technologies bring exciting functionalities to everyone, everywhere, all the time. Manufacturers, service providers and users alike welcome the advancements because they boost business opportunities and enable new and better computing capabilities that offer convenience, increase independence and save time.

Plainly, innovations are appealing, but important security aspects are being pushed into the background. Security adds complexity and limitations to functionality. It requires more resources and seems to slow innovation and increase cost. In a military environment, these hurdles can seriously affect mission success.

December 21, 2017
By Thomas Jones
Federal contractors need to be able to show by January 1 they have a plan in place to meet NIST’s new cybersecurity mandate. Credit: geralt/Pixabay

There’s a new National Institute of Standards and Technology (NIST) cybersecurity framework that’s going against the grain. The Department of Defense has mandated that contractors comply with the guidance laid out in NIST special publication 800-171, which aims to strengthen the protection of controlled unclassified information. Why focus contractors’ limited resources on protecting information that is not top secret? Even if information is not top secret it still can be sensitive. For example, social security numbers, contact information, bank account details and other personal information about U.S.

December 19, 2017
By Joe Kim
Artificial intelligence is helping to solve many problems, but humans remain a crucial element for cybersecurity. Credit: GDJ/Pixabay

In the federal government space, the machines have risen, but they’re not here to threaten us. Instead, agencies are turning to artificial intelligence (AI) and machine learning to bolster the U.S.’s cybersecurity posture.

There are many reasons for this emergent interest. Agencies are dealing with enormous amounts of data and network traffic from many different sources, including on premises and from hosted infrastructures—and sometimes a combination of both. It’s impossible for humans to sift through this massive amount of information, which makes managing security a task that cannot be exclusively handled manually.

December 19, 2017
 
A DHS pilot project has secure mobile apps used by first responders. Credit: geralt/Pixabay

A Department of Homeland Security Science pilot testing project helped identify and secure a variety of mobile apps used by first responders.

December 13, 2017
By Bob Gourley and Jane Melia
Due to the varying needs of each agency, the FedRAMP process was designed to find solutions that align only with broad government needs. Credit: Blackboard/Shutterstock

The cloud and data security go hand-in-hand. While cloud computing provides valuable IT architectures and solutions for government agencies, it also requires them to relinquish data security to public cloud service providers. 

December 1, 2017
By George I. Seffers

A lightning strike last year delivered a new way for Marianne Bailey, the National Security Agency’s new deputy national manager for national security systems, to illuminate the cybersecurity threat.

The bolt burned Bailey’s house, and the burglar alarm was one of the last items she replaced. “The poor burglar alarm guy was telling me about all this great capability where I can get this thing on my smartphone, and I can turn it on and turn it off,” she relates.

Her response: “I want the dumb one that’s not connected to Wi-Fi.”

Pages