The Cyber Edge Sponsored

Coordination among allied militaries is one of the world’s oldest problems. In the future, U.S. forces will likely operate in increasingly complex environments alongside diverse multinational forces to address emerging threats. Coalition command structures will require warfighting capabilities built on interoperability and a secure environment for communication and collaboration among trusted coalition forces at operational and tactical levels.

Working from home or remotely has always been a significant challenge for our federal workforce. The obstacles are not so much technical, rather it is the sensitivity of the data and communications that must traverse the network, and the sophistication, resources and determination of the adversarial powers that seek to disrupt or compromise them.

Unlike the commercial marketplace where a security breech might result in lost revenue, stolen IP or a fine, in the federal mission space the cost of failure could be the loss of critical infrastructure or even loss of life.

Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment. At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.

The ability to perform data science at the edge is growing increasingly important for organizations across the public sector. From smart traffic cameras to hospitals using data processing for faster diagnosis and warfighters leveraging data in theater, the need to derive actionable intelligence at the edge has never been greater.

Gartner researchers predict that by 2025 three quarters of enterprise-generated data will be created and processed at the edge, outside of a traditional data center or cloud. Fulfilling the promise of real-time edge data processing and analysis requires significant intelligence and computational horsepower that’s close to the action.

Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment.

At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.

The one constant of cybersecurity is its rate of change. The technology you knew yesterday was acquired, bundled and updated into a consolidated tool that provides the solution for today. That consolidation is inevitable given the breadth of solutions and vendors working to address always-shifting security operations requirements. Not all segments of cybersecurity are responding equally to consolidation though. In particular, a critical segment that is long overdue, the security operations center (SOC), has not undergone its shift—yet.  

For decades, Type 1 has been the National Security Agency’s most prized cybersecurity designation, describing technology that can effectively keep the nation’s most classified information under lock and key.

Recent years, however, have seen the growth of NSA’s Commercial Solutions for Classified (CSfC) program, which offers an alternative to Type 1 products.

With these two competing options, it is important to understand what the difference between Type 1 and CSfC really is and which one is best for your use case. 

Below, we’ll discuss everything you need to know about both NSA Type 1 and the CSfC program.

What Is NSA Type 1 Equipment?

There was massive technological growth in 2018; things like artificial intelligence and blockchain have gained much support recently. IT departments often enable improved efficiency and security in their organizations by adopting emerging technologies, but that's only if they have the freedom to do so. A few years ago, IT had very less influence over business decisions, but now times are changing: IT is gaining an increased role in business decisions with implementation of cloud computing, data centres and enterprise mobility.

For military intelligent sensor systems constrained by size, weight and power (SWaP), custom microelectronic processing devices using advanced 3D packaging and thermal management are the only solution for success.

As the need for more sensor processing and embedded security continues to grow in defense applications such as unmanned systems and munitions, the footprint for these mission-critical systems continues to shrink. A fundamental shift in microelectronics design and packaging is required to address the needs of the modern threat environment where non-invasive attacks are imminent.

Recent initiatives by the National Security Agency (NSA) have enabled alternatives to Type 1 security solutions by leveraging commercial technologies in a layered approach, thus saving time and money for classified programs. The Commercial Solutions for Classified (CSfC) Program provides solution level specifications called Capability Packages (CP) to deliver data security solutions using approved components from leaders in commercial technology. In the Data at Rest CP data protection can be accomplished by integrating an inner and outer layer of hardware and software encryption where a self-encrypting solid state drive is the inner layer and either a file encryption or software full disk encryption solution would be the outer layer.

As you are probably aware, there was a new interesting phishing attack that started in May.

“The vulnerability was exposed for only about one hour, and a spokesperson told NBC News that it affected “fewer than 0.1 percent of Gmail users” — which would still be about 1 million.”

In a nutshell the attack worked like this:

You receive a link from one of your contacts sharing out a Google doc.

Increasingly, cyberattackers have been leveraging “non-malware” attack methods to target vulnerable organizations. Recently, the Carbon Black Threat Research Team was alerted about such an attack by a partner’s incident response (IR) team. The attack ultimately compromised accounts and stole research and intellectual property.

In this specific attack, a malicious Excel document was used to create a PowerShell script, which then used the Domain Name System (DNS) to communicate with an Internet Command and Control (C2) server.

This attack method prompts three key questions for organizations looking to defend themselves against non-malware attacks, namely:

The AFCEA Cyber Committee, which is made up of more than 40 experts in the field, has released a white paper identifying key concerns in the cyber realm and offering recommendations for the incoming administration.

The report, Key Cyber Issues and Recommendations: A Way Forward, identifies three needs in the cyber arena. The first is that the United States must approach cyber in a strategic and international context that incorporates diplomatic, information, military and economic elements of national power.