The Cyber Edge

The national security community needs to prepare now for the possibility that U.S. adversaries could develop and deploy quantum computers, which would render useless most conventional encryption algorithms, says Adrian Stanger, senior cryptographic authority, Cybersecurity Directorate, National Security Agency (NSA).

NATO is at risk of losing its technology edge because of emerging and disruptive technologies increasingly developed within the civil sector. The growth of peer competitors’ determination, especially China, and the decline of technology education in Western countries are eroding the advantage they once skillfully held.

To address this state of affairs, the organization’s defense ministers are examining a number of activities. As a part of this initiative, the NATO Industrial Advisory Group (NIAG) conducted a study to provide the industry view of the implications of emerging and disruptive technologies (EDTs) and Chinese advances in defense operations and military capability development.

The last year presented “unique challenges” to the military combatant command in charge of defending U.S. related interests in cyberspace. The three-year old U.S. Cyber Command, which plans and executes global cyberspace operations, activities and missions in regard to defending and advancing national interests, has spent the last year defending and mitigating against the continuing cyber threats from China, Russia, Iran and nonstate actors and criminals, reported Gen. Paul Nakasone, USA, commander, U.S. Cyber Command (CYBERCOM); director, National Security Agency (NSA); and chief, Central Security Service (CSS); in testimony before the Senate Armed Services Committee today.

The entire nation must engage in an informed debate about cybersecurity and how to stop the damage being inflicted by adversaries through cyberspace, says the director of intelligence for the U.S. Cyber Command. Brig. Gen. Matteo Martemucci, USAF, J-2 for the U.S. Cyber Command, says this debate must explore whether the roles played in cyber defense stay the way they are or change.

The U.S. Defense Department already is looking beyond its massive $600 million investment in 5G experiments announced in October. Plans include a second round of experiments and the potential for expanding efforts with other government agencies and with international partners.

As a lead nation, Germany has been successfully designing and implementing the Federated Service Management and Control capability as part of the development of the NATO Federated Mission Network. Throughout the joint approach, NATO member states, partner nations Austria and Switzerland, the NATO Communications and Information Agency, the Allied Command Transformation and Supreme Headquarters Allied Powers Europe, which are both NATO strategic commands, as well as Allied Command Operations have been continuously involved in its design and incremental implementation.

The Defense Department has an information warfare (IW) problem. While the information environment continues to grow exponentially in importance and ubiquity, rapidly transforming the character of competition and war, there is no organization within the department that directs, synchronizes and coordinates IW planning and operations.

U.S. Cyber Command serves this very purpose for cyber operations, as do its service components. But this necessarily anchors the focus of American IW on a single information related capability (IRC), at the expense of the many other IRCs and their ability to generate military advantage.

The cybersecurity of civil government, critical infrastructure and business infrastructure remains uneven. Worrying reports of ransomware affecting city and county governments as well as local health care organizations have put leaders and administrators, and infrastructure operators on edge.

It is no secret that the U.S. government is grappling with cybersecurity issues across its organizations and agencies. The good news is that the government has an auditing agency that investigates possible weaknesses or cybersecurity gaps and makes key recommendations to rectify problems: the U.S. Government Accountability Office, known as GAO.

The U.S. Army’s universal, reprogrammable encryption chip is in final testing and may be destined for the service’s next-generation encryption fill device, other military services or possibly even the commercial sector.

The REprogrammable Single Chip Universal Encryptor (RESCUE) technology was developed to be a government-owned, general-purpose cryptographic module and architecture that is highly tailorable to counter emerging cryptographic threats. It uses standardized encryption algorithms designed by the National Security Agency (NSA) and the National Institute for Standards and Technology.

Emerging technology, state actors such as Russia and China, and nonstate actors including ISIS, are often quoted as some of the greatest threats to computer and network security. But before the United States can engage with these threats effectively, the war against words must take place.

One place to start is by eliminating the word “cyber” as a descriptor. The term has been used and overused, manipulated and exploited so many times and in so many places, it has become meaningless. What individuals or organizations mean or want when they use it is impossible to say. It’s time to scrap the word altogether and instead specify technical concepts at a more granular level.

The European Union has released a new EU Cybersecurity Strategy designed to bolster Europe's collective resilience against cyber threats and help to ensure that all citizens and businesses can fully benefit from trustworthy and reliable services and digital tools, according to a published announcement.

Because U.S. adversaries likely will be able to use quantum computers within the next several years, Defense Information Systems Agency (DISA) officials are beginning to explore quantum-resistant technologies and the role the agency might play in developing or deploying those technologies.

Electronic implants in the brain or other parts of the body may be more efficient and effective due to a recent breakthrough by researchers at the University of Delaware. The advance potentially offers a wide array of biotechnology benefits and could also allow humans to control unmanned vehicles and other technologies with the brain.

Speed will be the order of the day for military information systems as new technologies incorporate breakthrough innovations. Hardware also will transform as capabilities grow in influence. But above all, the entire defense information system community is undergoing major cultural changes spawned by a combination of innovation and disease.

It is not necessary for a leader to be the most brilliant person in an organization but to foster innovation and ensure those with big ideas are given opportunities to succeed, according to Vice Adm. Nancy Norton, USN, the Defense Information Systems Agency (DISA) director and the commander for the Joint Forces Headquarters-Department of Defense Information Network (JFHQ-DODIN).

When the U.S. Army conducts its Multi-Domain Operations Live experiment in the Indo-Pacific region next year, it will mark the first time the service has undertaken a full-scale technology development experiment in a combat theater. The goal is to assess technologies under the same conditions they will face in times of war, rather than in a stateside setting.

During an October 27 telephonic roundtable discussion with reporters, Lt. Gen. John Morrison, USA, Army Deputy Chief of Staff, G-6, revealed four pillars for the restructured office. They include building a unified network; posturing signal, cyber and electronic warfare forces for multidomain operations; reforming and operationalizing cybersecurity processes; and driving effective and efficient network and cyber investments.

Automation software tools are being under-utilized, especially in the U.S. Defense Department. While the department has purchased and used automated scanning tools for security and compliance, it has been slow to adopt automation for many other tasks that would benefit from the capability, such as easing software deployment and standardization and, once developed, increasing the speed of overall automation.

When it comes to nefarious deeds, the COVID-19 pandemic has been a gold mine for bad actors. In addition to wreaking havoc for individuals and healthcare organizations, federal agencies are also prime targets. Case in point: a portion of the Department of Health and Human Services’ (HHS) website was recently compromised, in what appears to be a part of an online COVID-19 disinformation campaign. 

In a time of heightened cyber risk and limited human and fiscal resources, how can agencies protect their networks from malicious actors by taking a page from the COVID playbook? They can diligently practice good (cyber) hygiene.

In fact, there is a direct correlation between personal and cyber hygiene.

Users need to transition all networked computing from the commercial central processing unit addiction to pure dataflow for architecturally safe voting machines, online banking, websites, electric power grids, tactical radios and nuclear bombs. Systems engineering pure dataflow into communications and electronic systems can protect them. The solutions to this challenge are in the users’ hands but are slipping through their fingers. Instead, they should grab the opportunity to zeroize network attack surfaces.

Cybersecurity is now a significant area of focus and concern for senior leaders who have witnessed cyber events that have resulted in significant financial and reputational damage. However, for many organizations, data defense continues to be a technology-focused effort managed by the technical “wizards.” Board of director discussions often zero in on describing the latest cyber threats rather than taking a long-range approach.

But cybersecurity is more than a technical challenge. Enterprise risk management (ERM) is an effective tool to assess risks, including those with cyber origins, but few businesses or agencies use the technique for this purpose, cyber experts assert.

The cloud computing infrastructure at the Intelligence Advanced Research Projects Activity allowed the organization to pivot to a new teleworking norm during the pandemic that’s not much different than the old norm. The organization has conducted business as usual, hiring program managers, adding office directors, creating and killing programs, and continuing to meet the intelligence community’s technology needs.

Catherine Marsh, director of the Intelligence Advanced Research Projects Activity, known as IARPA, was told on March 12 to “lean forward,” and she did, allowing almost the entire staff to telecommute beginning the next day. Even contractors work from home legally, securely and effectively.

China’s global moves to gain technological hegemony over 5G and reshape the Internet to suit its own needs offer the potential to give the Middle Kingdom control over the telecommunications market and information itself. At the very least, it would achieve market dominance. But at most, it would control both the nature of the Internet and the information that flows through it, say Internet experts.