Daily cyber attacks and other threats naturally take up the short-term attention of many governmental agencies, but there is a need for a more strategic look at risks to the nation’s critical infrastructure. A center within the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, is charged with examining how to address concerns in the long-term.
The Cyber Edge
Managing an enterprise cybersecurity and information assurance program in any company today is a complex balancing act. It resembles an unending three-dimensional chess match entwining business risk, profit and loss, pitting a company’s very survival against myriad global threat actors. An organization’s cybersecurity stance also involves a combination of technology and solid decision making at an organization’s highest levels.
The concern of machine ethics and laws spills into the everyday workings of society, not just the domain of defense. Many concepts revolve around the law of armed conflict, societal law, ethical dilemmas, psychological concepts and artificially intelligent cyber systems, as well as their relationships among each other. In addition to the delineation of machine ethic guidelines, an ethical life cycle is necessary to account for changes over time in national circumstances and personal beliefs. Just recently, the Defense Innovation Board, which serves as an advisory board to the Pentagon, met and published ethical guidelines in designing and implementing artificially intelligent weapons.
Security is among the single greatest concern government agencies have about moving their systems to the cloud. Although it offers significant benefits, cloud computing continues to raise questions about data and system protection. Regardless, the Office of Management and Budget via its Cloud Smart Strategy and the previous Cloud First policy mandates government agencies move to the cloud.
As people around the world practice self-isolation in an effort to reduce exposure and spreading of the COVID-19 virus, the need to maintain a strong cybersecurity posture arguably has never been higher. Millions of people have shifted their daily lives to an environment relying on telework, distance learning, Internet-enabled social engagement, streaming news and entertainment and other activities.
This “new normal” is facilitated by the robust capabilities of the Internet. Yet it presents a significant cyber risk. During the COVID-19 crisis, we’ve seen bad actors stepping up their game with increased incidents of phishing, disinformation, watering hole attacks and other criminal activity.
How the U.S. government responded to the vulnerabilities created by anti-virus software and other products from Russia’s AO Kaspersky Laboratories is an important demarcation point in the growing awareness of and need for supply chain trust and assurance. Before that, conversations regarding supply chain risk management “were sort of siloed off to the side,” explains Daniel Kroese, acting deputy assistant director for the Cybersecurity and Infrastructure Security Agency’s National Risk Management Center at the Department of Homeland Security.
The bipartisan Cyberspace Solarium Commission today issued a call to action on cybersecurity. The commission issued a report sounding the alarm on the nation’s lack of security in cyberspace.
“The reality is that we are dangerously insecure in cyber. Your entire life—your paycheck, your health care, your electricity—increasingly relies on networks of digital devices that store, process and analyze data. These networks are vulnerable, if not already compromised,” Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wisconsin), co-chairs of the commission, write in a letter introducing the report.
Having a detailed description of the software components in any software-based product is necessary to identify cyber vulnerabilities and ultimately help reduce cybersecurity risks, officials say. The National Telecommunications and Information Administration, working with industry stakeholders, is pursuing the advent of a so-called software bill of materials to apply to digital products that identifies and lists the pieces of software, information about those components and supply chain relationships between them, the agency specifies.
When the National Counterintelligence and Security Center designated April as National Supply Chain Integrity Month, it cited threats that cost the country innovation, jobs and economic advantage. It also mentioned a reduction of U.S. military strength as the need for increased awareness. Now as we approach the one-year anniversary of that designation, threats—especially cybersecurity threats—continue to grow and evolve. These give the military-industrial base new reasons to refocus on the security of contractors, subcontractors and suppliers.
With the U.S. Defense Department’s new cybersecurity verification requirements set to go into effect later this year, the Pentagon gets high marks from cybersecurity professionals for finally addressing the lack of contractor security, but experts also express doubts about the aggressive schedule and the potential for unintended consequences.
The much-hyped 5G has begun to arrive, but in the United States, the truly transformative elements of these next-generation cellular networks are probably still four or five years off. Although improvements such as 100-times-faster speeds will enable more life-and-death type services, including remote surgery or self-driving cars, they also employ a more compromised hardware supply chain and offer a larger attack surface than current networks, federal officials warn.
“The anxiety from governments and regulators about the security issues [arising from 5G] and possible nation-state interference is at a fever pitch right now,” Robert Mayer, senior vice president for cybersecurity, USTelecom, says.
At conference halls throughout the year, groups of students work intensely to complete digital challenges in cyberspace, vying to win so-called Capture the Flag Contests, such as several hosted by Deloitte. The company sponsors several such educational cybersecurity competitions, including recently at AFCEA Alamo ACE in San Antonio and in Colorado Springs at the AFCEA Rocky Mountain Cyberspace Symposium.
Long-discussed cybersecurity issues such as cultural attitudes, innovation and supply chain vulnerability are now at the top of the U.S. Navy’s information technology action list as it faces a multifaceted threat to information dominance. Current conditions present a sense of urgency in efforts to upgrade Navy and Marine Corps information assets, but the services also face a window of opportunity that they can exploit.
Before the end of the fiscal year, the U.S. Navy intends to deliver an early version of the Information Warfare Platform to two ships, the USS Lincoln and USS Bataan before fielding more comprehensive systems to the Theodore Roosevelt Strike Group. The new capability will be enabled in part by artificial intelligence, machine learning and so-called digital twins. It is expected to offer the ability to acquire, test, install and field technologies at a faster, more affordable rate while also enhancing cybersecurity.
It’s easy to forget that in the midst of a catastrophe, physical safety isn’t the only thing that’s important. As technology’s role in disaster response and relief becomes more and more prevalent, cybersecurity becomes an essential part of the process. Here’s why.
Few people are more vulnerable than those impacted by a crisis. Whether a man-made attack or a natural disaster, the widespread destruction created by a large-scale emergency can leave countless individuals both destitute and in need of medical attention. Protecting these men, women and children requires more than a coordinated emergency response.
The U.S. Army its transforming its Department of the Army’s Management Office-Cyber (DAMO-CY) to include a wider range of joint all-domain operations capabilities.
Col. Jay Chapman, USA, division chief, Mission Command, in the Army CIO/G-6 office, revealed the change at a February 13 luncheon event in Arlington, Virginia, hosted by the AFCEA Washington, D.C. chapter.
The Pentagon is looking to buy an enterprisewide identity management system to provide a single authoritative source of user information, identity authentication and information technology access for millions of U.S. Defense Department computer network users. The Defense Information Systems Agency’s call for white papers on the development and deployment of a Defense Department Enterprise Identity Service is the first step in identifying two or three vendors to take part in a competitive prototyping contest under an other transaction authority effort.
The most senior military cyber warfighters have defined the challenge of building a world-class cybersecurity workforce: We have great performers but not enough. Our accessions can barely keep pace with attrition; but we are scheduled to grow. We need a viable plan to increase capacity.
During a panel session at the Cyber Education, Research and Training Symposium (CERTS) in Augusta, Georgia, cybersecurity leaders discussed how to build the people who can protect the nation against the tens of thousands of very high-end professionals that Russia and China are putting out.
Last year was a banner year for cyber fraud. In just the first six months of 2019, more than 3,800 breaches exposed 4.1 billion records, with 3.2 billion of those records exposed by just eight breaches. The scale of last year’s data breaches underscores the fact that identity has become the currency of the digital world and data is the fuel that powers the digital economy. What’s also clear looking back on 2019 is that digital identities are continually being compromised on multiple levels.
There are certainly similarities between network resilience and cyber resilience. The foundation for both is the ability to maintain business or mission capabilities during an event, such as a backhoe cutting your fiber cables or a nation-state actively exploiting your network. But there are also significant differences.