A new concept is necessary to maneuver forces, potentially with small and scalable autonomous organizations operating independently of one another. The concept, called Expeditionary Advanced Base Operations, is being explored and instituted for Naval Expeditionary Forces to fight in this manner. The challenge is in defending expeditionary networks in a mosaic warfare distribution to avoid the big problem of information advantage loss faced in a recent wargame.
The Cyber Edge
The U.S. National Security Agency/Central Security Service’s National Cryptologic School is expanding its reach of cyber education programs. The school’s Center for Education, Innovation and Outreach has many cyber-related programs supporting elementary, middle school, high school, college and graduate students. Although it has made great headway in its established programs, the National Security Agency is still working to provide cyber education to underserved regions in the United States.
Last year’s evacuation of civilians from Afghanistan was a massive undertaking with multiple challenges and successes. The withdrawal required enormous amounts of data, which also presented some obstacles, but ultimately proved successful and offered lessons learned for future operations, according to U.S. Defense Department officials.
The spate of 2021’s high-profile cyber attacks has caused policymakers and practitioners to seriously reevaluate the state of security for U.S. critical infrastructure and key resources. From the unprecedented SolarWinds supply-chain infiltration to the Colonial Pipeline ransomware attack to the most recent allegations of Chinese state actors infiltrating tens of thousands of Microsoft Exchange mail servers, the scale and scope of cyber attacks against public and private U.S. networks are only worsening. As 5G—and eventually 6G—moves to increasingly meshed networks, the challenge of network defense only grows.
The U.S. Army’s massive modernization effort requires rapid adaptability in the courses being taught in its cyber and signal schools. Efforts are underway to fundamentally change the approach to teaching and instituting courses for zero trust, cloud computing and other technology advances that will affect the future of combat.
The changing nature of threats and countermeasures cries out for new perspectives in cybersecurity, commercial experts say. Training and education must assume greater variety, but trainees also must be chosen from diverse backgrounds to provide new perspectives on threats and potential solutions.
Across the federal government, agencies are dealing with an explosion of cybersecurity data from new sensors, hyper-scale cloud infrastructure, microservices and a geographically distributed workforce—and the pace shows no sign of slowing.
Automation drives the ability for agencies to process and analyze these massive workloads, but if not deployed and managed with proper expertise, they can add complexity and risk.
The Naval Information Warfare Center Atlantic, on behalf of the Naval Information Warfare Systems Command, announced on December 7 that it had awarded an other transaction agreement to Advanced Technology International (ATI) to manage its second Information Warfare Research Project, or IWRP 2. Based in Summerville, South Carolina, ATI will perform consortium management for the IWRP, handling research funding up to $500 million under a five-year period of performance.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), announced today the appointment of the first 23 members of the agency’s new Cybersecurity Advisory Committee, a group that will advise and provide recommendations to the director on policies, programs, planning, and training to enhance the nation’s cyber defense.
The human factor looms as the most imposing challenge to implementing zero-trust security, say experts. Aspects of this factor range from cultural acceptance to training, and sub-elements such as organizations and technologies also will play a role. Ultimately, change will have to come from the top of an organization to be truly effective.
All security measures depend to a large degree on human cooperation, but that is only part of the picture for zero trust. Its implementation will entail a massive change in security procedures both for users and for network architects. And, the ability to share information across organizational boundaries will be strongly affected at all government levels.
The Cybersecurity and Infrastructure Security Agency may soon release an initial playbook for departments and agencies to follow while transitioning to a zero-trust cybersecurity architecture. The new guidance will be based on lessons learned from various pilot programs across the government.
The U.S. Defense Department has chalked up a number of accomplishments in a short amount of time aimed at achieving a vision of connecting sensors and weapon systems from all of the military services. However, officials still are assessing the best way to achieve zero trust.
The use of zero trust could prove to be a boon for 5G networks by providing vital security across networks made up of a variety of innovative devices and capabilities. Fully established zero trust could allow unprecedented network visibility and situational awareness while ensuring that potential attack points are closed to cyber marauders. Yet, implementing zero trust runs the risk of slowing down the network’s fast data flow if it is not applied properly.
The U.S. Space Force Space Launch Delta 45’s addition of zero-trust architecture to the launch enterprise could bring earth-shattering flexibility to its mission operations, its commander says. Under a year-long pilot effort, officials at Patrick Space Force Base, Florida, Space Launch Delta 45’s headquarters, and nearby Cape Canaveral Space Force Station, its launch range, have installed zero trust-related software and hardware into the launch mission system and are conducting beta testing and evaluation of the capabilities.
The U.S. Department of Justice, or DOJ, is wielding the proverbial stick to improve cybersecurity across the federal government. Under the Civil Cyber-Fraud Initiative rolled out in October, the DOJ is increasing its actions against federal contractors and grant recipients that neglect to adhere to cybersecurity standards when providing technology solutions or services to the government. The department is relying on fraud provisions under the False Claims Act to pursue this cybersecurity-related legal action.
The need for the United States to not only have digital literacy but also cybersecurity-educated students is prompting the addition of programs into the middle school level. Students in grades 6-8 can benefit greatly from having a foundational understanding of cyber concepts, as can the nation, officials say.
The U.S. National Security Agency (NSA)/Central Security Service’s National Cryptologic School, which already has a robust offering of cyber education programs across the elementary, high school, college and graduate student levels, is growing its specific offerings to middle schools, teachers and kids age 12-14.
More than just a technology focus, zero trust (ZT) is an invitation for all of us to think differently about cybersecurity. We are losing on the cybersecurity battlefield, and continued investment in more advanced versions of the same architecture patterns will not change that.
The U.S. Indo-Pacific Command will deliver an initial mission partner environment next summer. The capability ultimately will allow U.S. forces to access classified and unclassified networks with one device. It also will provide more effective information sharing with allies and coalition forces.
In the current cybersecurity environment, live video and data distributed within physically secure environments, such as a sensitive compartmented information facility (SCIF), command and control centers, situational awareness or secure briefing centers, is no longer safe and secure.
One of the early efforts of the national cyber director is to tackle how to strengthen the critical infrastructure of the United States. The key to approaching that overwhelming task is to drive coordination across the federal government and the critical sectors, and to identify the crucial subelements that connect each component, versus trying to protect all sectors at once, which is not quite possible, explained Christopher Inglis, national cyber director, speaking at AFCEA International’s TechNet Cyber conference in Baltimore on October 27.
To be prepared for today’s cyberspace competition and ready for tomorrow’s fight requires a new, comprehensive look at strategic focus areas within the Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN). Those focus areas include streamlining command and control; organizing battle space; optimizing technology; harnessing the power of partnerships; and cultivating change and talent management.
For the last eleven years, the U.S. Cyber Command, which conducts cyber operations in defense of the nation, has partnered closely with government organizations and private industry to advance is mission. Now, the command, known as USCYBERCOM, is working to bolster its activities with academia as part of its comprehensive engagement plan. It recently launched a new academic engagement strategy that will broaden its communications with more U.S. universities; harness cyber research; promote cyber careers; and add analytical capabilities.
The United States is adding another tool in its attempt to improve cybersecurity. The U.S. State Department is in the process of standing up a bureau of cyberspace and digital policy. The new organization will conduct cyber diplomacy around the globe and set international norms around cybersecurity. The department is also creating a new position at State called the special envoy for critical and emerging technology.
Compared to an ambassador who is stationed in a foreign country to increase bilateral ties with the United States, a special envoy oversees a specific portfolio, in this case, critical and emerging technology. Both the senior bureau official and the special envoy roles would require Senate confirmation.
As the 231-year-old U.S. Coast Guard guards the nation’s waterways and ports, more and more it is finding the need to increase its capabilities in the cyber domain, given the rising digital threats to the $5.4 trillion of waterway-based trade. This fall, the maritime service is adding new cyber offensive capabilities and is growing its existing cyber defense, reports Rear Adm. Michael Ryan, USCG, commander of the Coast Guard’s Cyber Command.
The Defense Information Systems Agency intends next month to award a contract for its Thunderdome zero-trust architecture and to begin implementing a prototype within six months. The new architecture is expected to enhance security, reduce complexity and save costs while replacing the current defense-in-depth approach to network security.
The Defense Information Systems Agency is embracing robotic process automation, and it is implementing several steps. The agency is training a cadre of developers, and it is also creating a platform and code library and establishing practices and methods—all to internally improve how it delivers robotic process automation across the agency. By using automated software robots, or bots, that can perform rules-based processes, the Defense Information Systems Agency (DISA) aims to reduce the workload for humans that conduct repetitive tasks across the agency’s financial, public relations, procurement and other offices.
With no end in sight to the ever-increasing cybersecurity challenges, the federal government must move quickly and deliberately to adopt an architecture to protect against all outside threats. This means building on existing strengths and bolstering cybersecurity strategies.
Open source code is used increasingly across the entire federal government and the U.S. military. But a new digital rubicon is looming: the use of open source code as a condition within U.S. Defense Department and intelligence community software acquisition contracts.
Cybersecurity Maturity Model Certification is a serious and involved process that will take time and resources, and for small companies, it’s often difficult to know where to start. Using these 12 steps, companies can effectively manage the transition from noncompliance to compliance.
As it advances its application of robotic process automation, the Defense Information Systems Agency is expanding its artificial intelligence efforts through a research agreement and a new pilot program. The agency is using these latest efforts to examine the application of artificial intelligence capabilities to network defense—as it conducts its daily around-the-clock mission of protecting the Department of Defense Information Network.
In one effort, the agency is working with Vienna, Virginia-based software company NT Concepts through a cooperative research and development agreement, or CRADA, to apply machine learning (ML) to defensive cyber operations.
The Defense Information Systems Agency is initially employing robotic process automation, or RPA, to several of its processes in finance, public affairs, circuit management, security authorization and procurement, with an intent to build a robust RPA platform for greater use across the agency. The automated software robots, or bots, will perform repetitive, rules-based processes and considerably reduce the workload of humans, the director of DISA’s Emerging Technology Directorate, Stephen Wallace, shares.
The cyber activities of Russia to try and impact the U.S. presidential elections of 2016 and 2020 are well known, spoken about by U.S. military cyber and other leaders. Going forward toward the mid-term election of 2022, the roster of countries attempting to harm U.S. processes is growing, reports Gen. Paul Nakasone, USA, commander, U.S. Cyber Command. And the command is already preparing to protect the 2022 elections.
Eight weeks on the job, the national cyber director, Chris Inglis, is examining the confines of how to approach the cyber adversaries and nation states conducting malicious attacks on the U.S. government, critical infrastructure and private sector. The former deputy director of the National Security Agency and a member of that agency for 28 years, Inglis sees how the Russian government is not taking any action against perpetrators.
As the Air Force strives to become a digital force and embraces Chief Gen. C. Q. Brown’s vision of accelerating change, the service is streamlining its cyber and communications career fields. Headquarters Air Force leaders, National Guard and Reserve leaders and major command functional managers of the cyberspace support career field met at Sheppard Air Force Base, Texas, last week to discuss how to develop the adaptable, agile communications and cyber career fields needed to support future Air Force requirements, reported John Ingle from the 82nd Training Wing Public Affairs.
Defense Information Systems Agency (DISA) officials do not plan to try to force others in the Defense Department or military services to use its zero-trust solution known as Thunderdome.
Thunderdome is a fledgling program that offers a range of capabilities, including secure access service edge (SASE), software-defined area networking (SD-WAN), identity credential access management (ICAM) and virtual security stacks.
SASE, which is pronounced “sassy,” is a technology package that includes SD-WAN, firewall as a service and cloud access security broker. While SASE has been implemented across much of the commercial world, it has not yet been widely adopted by the government.
The threat to the integrity of the U.S. and global financial system posed by the crisis in online identity is a national security issue, a senior Treasury Department official told the 2021 Federal Identity Forum and Expo Monday.
The U.S. Air Force is pursuing zero-trust architecture on a level not seen before with the lead command, the Air Combat Command, driving many initiatives with a comprehensive view to employ zero-trust architecture across the service’s bases, weapon systems and mission environments. Supporting the cyberspace and engineering side of the effort is the 16th Air Force’s 688th Cyberspace Wing.
The Defense Information Systems Agency, known as DISA, is expanding its artificial intelligence (AI) efforts through a research agreement and a new pilot program. While both efforts are in the beginning stages, the agency is considering how to possibly apply the so-called AI capabilities to network defense—among other areas the agency is separately pursuing—as it conducts its daily 24/7 mission of protecting the Department of Defense Information Network, or DODIN.
The agency entered into a Cooperative Research and Development Agreement, or CRADA, with Vienna, Virginia-based software company NT Concepts to apply machine learning (ML) to defensive cyber operations.
The small business sector must seize the day and immediately begin taking the steps necessary to implement tools for cyber resilience and cyber readiness. Scaling cybersecurity services, education and training are crucial to national security.
Regarding the cyber warfare landscape for 2021, the most critical group to secure is the small and midsize business sector (SMBs), particularly following the pandemic. When working with tech-specific organizations and the military, process management and a sense of purpose can overcome inertia and apathy until a financial loss appears.
As the United States is more and more under siege against nefarious cyber attacks, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, has been working to educate, advise and partner to protect the nation. In its latest move, CISA has created the Joint Cyber Defense Collaborative to bring defensive cyber capabilities together across the federal government, local and state entities and the private sector, according to an August 5 statement from CISA.
Earlier this year, Defense Secretary Lloyd Austin signed off on the U.S. Defense Department’s first-ever strategy for Joint All-Domain Command and Control, or JADC2, giving his imprimatur to an ambitious vision of a fully networked U.S. military.
JADC2 aims to provide rear-echelon commanders with continuous connectivity to front-line sensors, providing real-time data and offering an unassailable decision advantage to U.S. forces.
On the digitally managed battlefield envisaged by JADC2, autonomous vehicles and networked weapons would be remotely controlled via cloud-based AI-enabled software, so that a coordinated attack by land, sea, air and cyber forces can be launched with the swipe of a finger.
As China continues to threaten U.S. national security through a whole-of-society warfare strategy, a government-private sector partnership must be a fundamental component of the U.S. government’s approach to information advantage and countering China’s attacks.
The novel 2034 by James Stavridis and Elliot Ackerman perpetuates a fundamental misunderstanding of how technology should be employed and managed in future conflicts.
The continuing narrative is that we should purposely degrade our systems in a conflict with a peer competitor because of the possibility of a degraded spectrum, cyber attacks, space-based detection and jamming. But if we preemptively degrade our technology in a peer conflict, we will lose.
In the novel, after a conflict with the Chinese Navy in which the U.S. technical systems were incapacitated, U.S. ships preemptively disabled “any interface with a computer, a GPS or [any interface] that could conceivably be accessed online.”
Led by the Air Combat Command, the U.S. Air Force is pursuing zero-trust architecture on a level not seen before. One of the service’s first main use cases applies the cybersecurity measure to the agile combat employment (ACE). ACE operations provide a more lean, agile and lethal force that can generate airpower from multiple locations. ACE requires a different kind of command and control (C2) environment, as well as advanced planning concepts and logistical supply line support.
The U.S. Navy is moving ahead at full speed to equip its assets with effective cybersecurity. However, the diverse nature of those assets—some are city-size ships while others are small but vital systems—confound planners seeking to ensure interoperable security measures.
Following the success of some initial, smaller-scale efforts, the U.S. Air Force is pursuing zero trust architecture on a level not seen before. The service’s Air Combat Command is leading the charge into many more initiatives with a comprehensive view to employ zero trust architecture across its bases, weapon systems and missions.
Winner of The Cyber Edge 2021 Writing Contest
Convincing senior defense decision makers to significantly invest in artificial intelligence capabilities that would add more value to the United States’ already digitized operational capabilities—particularly in the cyber domain—needs more than pronouncements that “AI can save the taxpayers money.” It requires a logical progression of defining the objective, identifying the need, demonstrating specific results, conducting comprehensive cost analysis and, particularly in the case of applications in the cyber domain, thoughtfully discussing resilience and deception.
2nd Place in The Cyber Edge 2021 Writing Contest
The United States stands on the cusp of a future defined by great power competitions that will undoubtedly be characterized by broad, deep and subtle cyber warfare strategies and tactics. The nation must make a deliberate decision to defend the digital human attack surface effectively by blurring traditional battle lines and creating a combined homeland and external battlespace.
3rd Place in The Cyber Edge 2021 Writing Contest
A military-age male left home and traveled through the city, unaware he was being surveilled. Those watching him knew his patterns and preferences. They collected his point of departure, route and destination to predict when he would be most vulnerable for attack. Arriving at a marketplace, he meandered through a few high-traffic areas. Passing down a quiet corridor, he finally provided a clear shot. His smartphone buzzed and its screen flashed: “Two-for-one sale at the nearby pretzel shop!” He was struck by a precision-guided advertisement.