The Cyber Edge

The Cyber Edge Home Page

January 1, 2019
By George I. Seffers
The cyber threat offers challenges unique to this moment in history, but the cyber policy, strategy and legislation stars are aligning to counter the threat. Credit: insspirito/Pixabay

The United States faces a threat unlike any in its history. The cyber threat zips around the world at blinding speeds and continually transforms. It can neutralize billion-dollar weapon systems and leave entire cities in the dark. It also can be wielded by superpowers, smaller governments or criminal organizations. At the same time, however, legislation, strategies, policies, authorities and a vigorous spirit of cooperation across government and the international community are all aligning to meet that threat.

January 1, 2019
By George I. Seffers
Thirteen C-17 Globemaster III aircraft fly over the Blue Ridge Mountains in Virginia during low-level tactical training. U.S. Transportation Command, which mobilizes troops and equipment around the world, is moving its cyber and command and control systems to a commercial cloud environment.  U.S. Air Force photo by Staff Sgt. Jacob N. Bailey, USAF

The U.S. Transportation Command was the first U.S. Defense Department organization to begin moving its cyber capabilities, along with command and control applications, to a commercial cloud environment. More than a year later, the unified command is making strides in transferring its unclassified systems and is sharing lessons learned that will make the path to cloud usage smoother for others to follow.

January 1, 2019
By David Sheets
Future Army aviation systems will need to be able to operate against adversaries with advanced capabilities even in a contested airspace. Embedded systems need to be designed with cybersecurity in mind and may require some size, weight and power tradeoffs. U.S. Army graphic by Aviation and Missile Research, Development and Engineering Center VizLab

Embedded systems are emerging as the latest challenge in the drive to secure deployed U.S. military technologies, including those residing within weapons and flight controllers. Because they are deeply entrenched inside critical hardware, these systems can be tricky to safeguard, so cybersecurity and cyber resiliency must be considered at the beginning of the design and architecture process. And although upgrades can boost embedded systems’ cybersecurity, system operators must determine when the potential pitfalls of doing so outweigh the benefits.

January 1, 2019
By Rand Waltzman
The ability to create a digital alter ego would put control of sharing personal information in an individual’s hand. Artificial intelligence within the device also would warn an owner when data is likely disinformation aimed at influencing behavior. Credit: sdecoret/Shutterstock.com

Up until the digital age, wars involved a limited number of combatants with clear identities battling within distinct boundaries visible on a map. These conflicts ended either with a victor or as a stalemate. But today’s information warfare does not fit this traditional model. Instead, it comprises an unlimited number of potential combatants, many with hidden identities and agendas.

Cyberspace is a theater of operations that is nowhere and everywhere. Within this domain, information warfare will not and in fact cannot come to any conclusion. This conflict closely resembles an incurable disease that can be managed so the patient can lead a productive life but is never completely cured.

January 1, 2019
By Nicola Whiting
The Automated Virtual Agent for Truth Assessments in Real Time, developed at San Diego State University, can detect changes in physiology and behavior during interviews with travelers. Photo by Aaron Elkins

Artificial intelligence can analyze vast amounts of information, identifying patterns and anomalies at a speed and scale beyond human capacity. To make it an invaluable part of defense, the goal will be to create cybersecurity systems that can anticipate national security threats. Once systems can automatically reconfigure themselves and their security controls to prevent any potential breaches, the next step will be to move to machines with the power to make their own decisions.

November 30, 2018
By Sean Berg
Small contractors remain cyber's weak link in the defense industrial chain. Credit: TheDigitalArtist/Pixabay

The U.S. defense industrial supply chain is vast, complex and vulnerable. Organic components, large-scale integrators, myriad commercial service providers, and tens of thousands of private companies sustain the Defense Department. According to the SANS Institute, the percentage of cyber breaches that originate in the supply chain could be as high as 80 percent.

December 1, 2018
By Shaun Waterman
Credit: sp3n/Shutterstock

Powered by recent advances in artificial intelligence and machine learning, long-hyped technologies such as facial recognition and behavioral biometrics are promising frictionless identity authentication. In the near future, people will be able prove who they are without even trying and sometimes without even knowing they’re doing it.

November 29, 2018
Posted by Julianne Simpson
Credit: Rawpixel.com

Threat researchers from McAfee Labs have released their 2019 cybersecurity threats predictions report. Unfortunately, cyber criminals are expected to become more sophisticated and collaborative as the “underworld” consolidates into stronger malware-as-a-service families actively working together.

Software and security teams will need to adapt as threats become more complex. McAfee predicts more attackers will be using artificial intelligence to avoid detection by security software. “In fact, an entire underground economy has emerged where criminals can now outsource products and dedicated services to aid their activities,” says Thomas Roccia, a researcher on the team.

November 14, 2018
By Robert K. Ackerman
Adm. Philip S. Davidson, USN, commander of the U.S. Indo-Pacific Command, describes the command's new cyber challenges and policy at TechNet Asia Pacific 2018 in Honolulu.

The U.S. Indo-Pacific Command (INDOPACOM) is seeking the capabilities and enabling technologies to conduct “full-spectrum cyber operations” in its vast region of responsibility, according to its commander. Adm. Philip S. Davidson, USN, commander of the U.S. Indo-Pacific Command, described this new cyber push at the keynote luncheon on the first day of AFCEA’s TechNet Asia-Pacific 2018, held November 14-16 in Honolulu.

November 1, 2018
By George I. Seffers

For three years, the U.S. Army has been asking questions about how to converge cyberspace operations, electronic warfare and spectrum management capabilities at the corps level and below to deny, degrade, destroy and manipulate enemy capabilities. Now, officials say, they are drawing closer to answers.

In 2015, the service created a pilot program known as Cyberspace Electromagnetic Activity (CEMA) Support to Corps and Below. The CEMA concept integrates elements from offensive and defensive cyber, electronic warfare, and intelligence into expeditionary teams that support tactical units.

November 1, 2018
By George I. Seffers
The HoneyBot, a robotic system acting as a honeypot to lure hackers, could be used to protect critical infrastructure facilities. Credit: Rob Felt

In the coming months, researchers from Georgia Tech will reveal the results of testing on a robot called the HoneyBot, designed to help detect, monitor, misdirect or even identify illegal network intruders. The device is built to attract cyber criminals targeting factories or other critical infrastructure facilities, and the underlying technology can be adapted to other types of systems, including the electric grid.

The HoneyBot represents a convergence of robotics with the cyber realm. The diminutive robot on four wheels essentially acts as a honeypot, or a decoy to lure criminal hackers and keep them busy long enough for cybersecurity experts to learn more about them, which ultimately could unmask the hackers.

November 1, 2018
By Robert K. Ackerman
Venera Salman/Shutterstock

One way of ensuring that attackers don’t access a network node or break into a device is to render its identification invisible. Cloaking the device’s address gives a hacker nothing to see, and it can be done on systems ranging from government networks to medical electronics implanted inside human beings.

November 1, 2018
By Lt. Col. Jon Erickson, USAR
Soldiers demonstrate the Command Post Computing Environment prototype at Aberdeen Proving Ground. With a new single tactical server infrastructure plus a common software baseline, it will provide soldiers an underlying core command post system. U.S. Army photo by Dan Lafontaine, PEO C3T

The Warfighter Information Network–Tactical program delivered a digital transformation, enabling maneuver elements to move faster and provide commanders with vital battlefield information in near real-time. Its flexibility facilitated communications in Iraq’s urban environments and Afghanistan’s mountainous terrain. Although a powerful improvement over Mobile Subscriber Equipment, the technologies are not powerful enough to combat adversaries wielding cyber capabilities.

October 20, 2018
By George I. Seffers
Credit: daniel_diaz_bardillo/Pixabay

Officials with the U.S. Defense Department and Department of Homeland Security recently signed a memorandum of understanding outlining a partnership that will allow the Defense Department to take a greater role in sharing intelligence and proactively defending the nation’s critical infrastructure, including next week’s mid-term election.

The Defense Department’s unique role in assessing foreign threats means that it often has information that could benefit the other departments and agencies, the defense industrial base and others with a role in defending the nation’s critical infrastructure.

October 24, 2018
By Michael Carmack
Small and medium-sized defense contractors are increasingly targeted by malicious hackers seeking to steal intellectual property. Credit: GDJ/Pixabay

It comes as no surprise that U.S. adversaries continue to target and successfully exploit the security weaknesses of small-business contractors. A successful intrusion campaign can drastically reduce or even eliminate research, development, test and evaluation (RDT&E) costs for a foreign adversary. Digital espionage also levels the playing field for nation-states that do not have the resources of their more sophisticated competitors. To bypass the robust security controls that the government and large contractors have in place, malicious actors have put significant manpower into compromising small- and medium-sized businesses (SMBs).

October 22, 2018
By Mike Lloyd
Artificial intelligence is still too easily fooled to secure networks without human assistance. Credit: geralt/Pixabay

Artificial intelligence can be surprisingly fragile. This is especially true in cybersecurity, where AI is touted as the solution to our chronic staffing shortage.

It seems logical. Cybersecurity is awash in data, as our sensors pump facts into our data lakes at staggering rates, while wily adversaries have learned how to hide in plain sight. We have to filter the signal from all that noise. Security has the trifecta of too few people, too much data and a need to find things in that vast data lake. This sounds ideal for AI.

October 15, 2018
By Paul Parker
Technical, physical, and departmental silos could undermine the government’s Internet of Things security efforts. Credit: methodshop/Pixabay

Every time federal information technology professionals think they’ve gotten in front of the cybersecurity risks posed by the Internet of Things (IoT), a new and unexpected challenge rears its head. Take, for instance, the heat maps used by GPS-enabled fitness tracking applications, which the U.S. Department of Defense (DOD) warned showed the location of military bases, or the infamous Mirai Botnet attack of 2016.

October 9, 2018
By George I. Seffers
With stealth technology, advanced sensors, weapons capacity and range, the F-35 can collect, analyze and share data. A U.S. Government Accountability Office report—which did not specify any particular weapon system—says a number of cybersecurity tests prove U.S. military weapon systems to be vulnerable to cyber attacks. Photo: Lockheed Martin

U.S. military aircraft, ships, combat vehicles, radios and satellites remain vulnerable to relatively common cyber attacks, according to a report published Tuesday by the U.S. Government Accountability Office (GAO). The report does not specify which weapon systems were tested.

In one case, a two-person test team took just one hour to gain initial access to a weapon system and one day to gain full control of the system, the report says. Another assessment demonstrated that the weapon system “satisfactorily prevented unauthorized access by remote users, but not insiders and near-siders.”

October 1, 2018
By George I. Seffers
Soldiers from the 25th Infantry Division in Hawaii and from U.S. Army Training and Doctrine Command Centers of Excellence participate in the Army's Cyber Blitz in April 2016 at Joint Base McGuire-Dix-Lakehurst, New Jersey. Cyber Blitz provides the Army a way to learn about cyber and electromagnetic activity. U.S. Army CERDEC photo by Kristen Kushiyama

The U.S. Army’s Cyber Blitz experimental exercise September 17-28 turned out to be an eye-opener for one maneuver officer regarding cyber’s capabilities on the battlefield.

Military leaders often describe the “speed of cyber” as being measured in milliseconds or microseconds, which means the operations tempo in the cyber realm is incredibly high and decisions are made rapidly. But an offensive cyber campaign can sometimes take much longer than maneuver commanders might expect. In a teleconference with reporters to discuss Cyber Blitz results, Lt. Col. John Newman, USA, deputy commanding officer, 3rd Brigade Combat Team, 10th Mountain Division, reports that the experiment proved to be a revelation.

October 1, 2018
By George I. Seffers
After getting a call from the White House, Dana Deasy came out of retirement to become the chief information officer for the U.S. Department of Defense.

By some measures, Dana Deasy, U.S. Defense Department chief information officer, has made a lot of progress in a little amount of time. He has developed an overarching digital modernization strategy, created a cyber working group, reviewed the department’s plans for implementing an enterprise-scale cloud computing architecture, and is leading an effort to establish a Joint Artificial Intelligence Center.

Pages