The U.S. Secret Service is putting into place its first-ever cyber and information technology strategic plan, which provides a path forward through 2021. Among other goals, the plan calls for the agency to build a world-class network operations security center and to continue the march toward greater mobility for special agents and uniformed officers.
The Cyber Edge
What will you be doing in 20 years? Have you planned that far ahead? As anyone who thought floppy disks or landlines would stand the test of time knows, predicting that far out is a challenge, especially when it comes to technology. But the U.S. Army has done just that, outlining its vision for an effective, modern enterprise network in the strategic document “Shaping the Army Network: 2025-2040.”
Advances in genomics, medical sensors and data-driven health care increasingly are enabling doctors and patients to make personalized and targeted care decisions. But the effectiveness of these precision medicine capabilities depends on critical cybersecurity components to protect patient privacy and the integrity of patient data.
With cyberspace emerging as a critical warfare domain, U.S. military leaders have been forced to dump both old habits and doctrine in the name of network security. These arduous tasks are part of adapting to the new normal of the digital age, which can include contorting Army policies and actions to win modern wars and address global crises, says Essye Miller, the Army’s director of cybersecurity.
Some U.S. Marine Corps cyber warriors are playing their way toward proficiency. The Corps’ Delta Company, Communication Training Battalion, has turned to gamification to foster a new cyber instruction method that is becoming much more than fun and games. Retooling teaching techniques gave rise to what is dubbed “2-3-6 training” to integrate the intelligence directorate with operations and communications, which in military parlance are designated by the numerals 2, 3 and 6.
A defense-in-depth architecture built around a dual-data model reduces the risk of supervisory control and data acquisition networks being hacked or their data being stolen. The dual-data approach makes connecting various sensors and legacy systems easy, and initial tests show that adding a defense-in-depth architecture provides a degree of security not found in many of these networks, which often lack effective protection against intruders.
Cyber capabilities have dramatically transformed the battlefield and how conflicts are resolved. Traditionally, battles were fought in conventional domains—land, air, sea, space—using kinetic, psychological and economic means to defeat opponents. In the cyber realm, anything goes. There are no rules. And adversaries are developing advanced cyber capabilities just as quickly as the United States, threatening critical infrastructure and other systems. So-called cyber-to-physical attacks, when hackers target physical buildings, networks and sites, demonstrate the potentially catastrophic results of a successful campaign against power, water and transportation services.
China, Russia and Iran all have been blamed for brazenly intruding into U.S. government or military networks, and government officials have pointed a finger at North Korea for breaking into Sony Pictures’ computers. While an eye-for-an-eye approach may sound tempting, a cyber response is not necessarily the best solution, says Aaron Hughes, deputy assistant secretary of defense for cyber policy.
As the U.S. Cyber Command recruits 6,200 cyber warriors for teams positioned around the world, it must deliberately work to develop a new generation of cyber-minded warfighters rather than simply repurpose existing service members to meet its goal. The nation may not be prepared to defend cyberspace unless it emphasizes key skills early in students’ educational development. Many of these efforts must begin locally, and some military forces already are working in that direction.
This threat can come from signals beamed into a control stream or even embedded software containing a Trojan horse. Researchers are addressing this challenge from traditional and innovative directions as the use of unmanned aerial vehicles continues to expand into new realms. But the issues that must be accommodated are growing as quickly as threat diversity.
The proliferation of new data sources promises to compound security challenges. Organizations must embrace a new way to protect their valued assets and information, building robust assurances against data leaks, spills and theft as well as any compromise of data integrity. Cross-domain solutions offer protection at the highest levels, and they facilitate secure collaboration at significantly lower costs than other methods.
Complying with federal cybersecurity standards, though essential for the defense industrial base and national security at large, presents immense fiscal challenges for smaller businesses that struggle every day to meet the demanding requirements—without breaking the bank.
If not addressed soon, small business noncompliance with the standards spelled out in the Defense Federal Acquisition Regulation Supplement, or DFARS, could have the unintended consequence of severely diminishing the sector’s role in defense contracting, exacerbating concerns about bringing the entire industrial base into compliance. It is a responsibility shared by all businesses doing work for the Defense Department—small, medium and large.
A burgeoning breed of combatants fights in a convoluted new domain where no one has blazed a trail, where no history books offer lessons or guidance. These warriors sometimes use untested offensive and defensive network maneuvers to secure cyberspace, the increasingly important and congested battleground rapidly becoming the attack venue of choice.
The technology to succeed in this ongoing fight actually already exists, as does the well-trained work force, experts say. The question now hovers over what ethical guidelines the United States will employ to carry out cyber warfare—where dynamic real-world events shape the malleable rules of engagement.
The exciting advent of nanotechnology that has inspired disruptive and lifesaving medical advances is plagued by cybersecurity issues that could result in the deaths of people that these very same breakthroughs seek to heal. Unfortunately, nanorobotic technology has suffered from the same security oversights that afflict most other research and development programs. Nanorobots, or small machines, are vulnerable to exploitation just like other devices.
But the others are not implanted in human bodies.
The phenomenal transformation of computer networks from limited and simple to vast and complex has contributed to such great advances. Great but susceptible advances.
The U.S. Army and its Cyber Command are building momentum to create the institutional and operational structure required to conduct and support missions in the cyber domain. Now is the time to seriously address the challenges of attracting and retaining soldiers with the talent needed to take on the enemy. As Lt. Gen. Edward C. Cardon, USA, commanding general of Army Cyber Command, often states: Technology, as significant as it is in the rapidly changing face of warfare, will not be the deciding factor in who will dominate in this domain. It’s the people.
The U.S. Army is converging many of its communications, electronics and intelligence disciplines to combat a cyberthreat that already has eroded much of the competitive advantage the U.S. military has possessed in recent years. Countering this threat virtually mandates that cyber operations move into the realm of fully integrated operations.
A large portion of this issue of SIGNAL Magazine is devoted to its new quarterly special section—The Cyber Edge. The goal of The Cyber Edge is to do a better job of educating people across a broad spectrum in terms of the cyber threat, its implications, its technology issues and the policies that must be undertaken to solve the challenge.
Currently, from a cyber perspective, there is a dearth of information on what really is going on. Tales and stories abound, but no one goes into enough detail on what is behind those stories. Very few professional publications have properly framed the issues that must be dealt with from a cyber perspective.
The typical all-source intelligence analyst must generate products that result from the fusion and correlation of structured and unstructured text reporting with sensor and imagery data sources. This process is complicated by the explosion of information on the Internet and the international community’s increasing use of social media to share ideas and coordinate activities, which has resulted in a larger data pool.
Security products are like crack to security professionals—they just cannot get enough. These products appear to be the panacea practitioners are seeking, but they often are not what they seem. They do not always solve problems, and they leave security experts continually looking for yet more new products, solutions and techniques for managing cyber risk. This raises the question: Why do enterprises and government organizations find protecting themselves from cyber crime so difficult?
As the U.S. Air Force develops its computer security forces, it finds itself caught in a web of ineffective policies and generational conflict. The arrival of people who have grown up in the information age exacerbates the 21st-century generation gap. Fortunately, a clear understanding of the root causes of problems illuminates sound models that can be evaluated and adopted to support the success of Air Force cyber.
The service has seen a mass exodus of talented cyber professionals over the past few years. Many leave because they are frustrated with Air Force cyber’s constraints and flawed policies. Although not typically the driving factor, pay for industry jobs is often better, further encouraging departure.