China, Russia and Iran all have been blamed for brazenly intruding into U.S. government or military networks, and government officials have pointed a finger at North Korea for breaking into Sony Pictures’ computers. While an eye-for-an-eye approach may sound tempting, a cyber response is not necessarily the best solution, says Aaron Hughes, deputy assistant secretary of defense for cyber policy.
The Cyber Edge
As the U.S. Cyber Command recruits 6,200 cyber warriors for teams positioned around the world, it must deliberately work to develop a new generation of cyber-minded warfighters rather than simply repurpose existing service members to meet its goal. The nation may not be prepared to defend cyberspace unless it emphasizes key skills early in students’ educational development. Many of these efforts must begin locally, and some military forces already are working in that direction.
This threat can come from signals beamed into a control stream or even embedded software containing a Trojan horse. Researchers are addressing this challenge from traditional and innovative directions as the use of unmanned aerial vehicles continues to expand into new realms. But the issues that must be accommodated are growing as quickly as threat diversity.
The proliferation of new data sources promises to compound security challenges. Organizations must embrace a new way to protect their valued assets and information, building robust assurances against data leaks, spills and theft as well as any compromise of data integrity. Cross-domain solutions offer protection at the highest levels, and they facilitate secure collaboration at significantly lower costs than other methods.
Complying with federal cybersecurity standards, though essential for the defense industrial base and national security at large, presents immense fiscal challenges for smaller businesses that struggle every day to meet the demanding requirements—without breaking the bank.
If not addressed soon, small business noncompliance with the standards spelled out in the Defense Federal Acquisition Regulation Supplement, or DFARS, could have the unintended consequence of severely diminishing the sector’s role in defense contracting, exacerbating concerns about bringing the entire industrial base into compliance. It is a responsibility shared by all businesses doing work for the Defense Department—small, medium and large.
A burgeoning breed of combatants fights in a convoluted new domain where no one has blazed a trail, where no history books offer lessons or guidance. These warriors sometimes use untested offensive and defensive network maneuvers to secure cyberspace, the increasingly important and congested battleground rapidly becoming the attack venue of choice.
The technology to succeed in this ongoing fight actually already exists, as does the well-trained work force, experts say. The question now hovers over what ethical guidelines the United States will employ to carry out cyber warfare—where dynamic real-world events shape the malleable rules of engagement.
The exciting advent of nanotechnology that has inspired disruptive and lifesaving medical advances is plagued by cybersecurity issues that could result in the deaths of people that these very same breakthroughs seek to heal. Unfortunately, nanorobotic technology has suffered from the same security oversights that afflict most other research and development programs. Nanorobots, or small machines, are vulnerable to exploitation just like other devices.
But the others are not implanted in human bodies.
The phenomenal transformation of computer networks from limited and simple to vast and complex has contributed to such great advances. Great but susceptible advances.
The U.S. Army and its Cyber Command are building momentum to create the institutional and operational structure required to conduct and support missions in the cyber domain. Now is the time to seriously address the challenges of attracting and retaining soldiers with the talent needed to take on the enemy. As Lt. Gen. Edward C. Cardon, USA, commanding general of Army Cyber Command, often states: Technology, as significant as it is in the rapidly changing face of warfare, will not be the deciding factor in who will dominate in this domain. It’s the people.
The U.S. Army is converging many of its communications, electronics and intelligence disciplines to combat a cyberthreat that already has eroded much of the competitive advantage the U.S. military has possessed in recent years. Countering this threat virtually mandates that cyber operations move into the realm of fully integrated operations.
A large portion of this issue of SIGNAL Magazine is devoted to its new quarterly special section—The Cyber Edge. The goal of The Cyber Edge is to do a better job of educating people across a broad spectrum in terms of the cyber threat, its implications, its technology issues and the policies that must be undertaken to solve the challenge.
Currently, from a cyber perspective, there is a dearth of information on what really is going on. Tales and stories abound, but no one goes into enough detail on what is behind those stories. Very few professional publications have properly framed the issues that must be dealt with from a cyber perspective.
The typical all-source intelligence analyst must generate products that result from the fusion and correlation of structured and unstructured text reporting with sensor and imagery data sources. This process is complicated by the explosion of information on the Internet and the international community’s increasing use of social media to share ideas and coordinate activities, which has resulted in a larger data pool.
Security products are like crack to security professionals—they just cannot get enough. These products appear to be the panacea practitioners are seeking, but they often are not what they seem. They do not always solve problems, and they leave security experts continually looking for yet more new products, solutions and techniques for managing cyber risk. This raises the question: Why do enterprises and government organizations find protecting themselves from cyber crime so difficult?
As the U.S. Air Force develops its computer security forces, it finds itself caught in a web of ineffective policies and generational conflict. The arrival of people who have grown up in the information age exacerbates the 21st-century generation gap. Fortunately, a clear understanding of the root causes of problems illuminates sound models that can be evaluated and adopted to support the success of Air Force cyber.
The service has seen a mass exodus of talented cyber professionals over the past few years. Many leave because they are frustrated with Air Force cyber’s constraints and flawed policies. Although not typically the driving factor, pay for industry jobs is often better, further encouraging departure.