The Pentagon is looking to buy an enterprisewide identity management system to provide a single authoritative source of user information, identity authentication and information technology access for millions of U.S. Defense Department computer network users. The Defense Information Systems Agency’s call for white papers on the development and deployment of a Defense Department Enterprise Identity Service is the first step in identifying two or three vendors to take part in a competitive prototyping contest under an other transaction authority effort.
The Cyber Edge
The most senior military cyber warfighters have defined the challenge of building a world-class cybersecurity workforce: We have great performers but not enough. Our accessions can barely keep pace with attrition; but we are scheduled to grow. We need a viable plan to increase capacity.
During a panel session at the Cyber Education, Research and Training Symposium (CERTS) in Augusta, Georgia, cybersecurity leaders discussed how to build the people who can protect the nation against the tens of thousands of very high-end professionals that Russia and China are putting out.
Last year was a banner year for cyber fraud. In just the first six months of 2019, more than 3,800 breaches exposed 4.1 billion records, with 3.2 billion of those records exposed by just eight breaches. The scale of last year’s data breaches underscores the fact that identity has become the currency of the digital world and data is the fuel that powers the digital economy. What’s also clear looking back on 2019 is that digital identities are continually being compromised on multiple levels.
There are certainly similarities between network resilience and cyber resilience. The foundation for both is the ability to maintain business or mission capabilities during an event, such as a backhoe cutting your fiber cables or a nation-state actively exploiting your network. But there are also significant differences.
Mobile technology is not always available to military or government personnel in all environments. Operating in a secure facility requires cellular phones or other mobile devices to be stowed outside the door. Companies are preparing solutions to enable the use of mobile devices in such accredited facilities in ways not seen before.
“The Defense Department deals with very sophisticated adversaries, and as a result, those devices are banned in many places and need to be controlled,” says Mike Fong, founder and CEO of Privoro.
The U.S. military relies heavily on companies to research, develop and manufacture innovative technologies to support missions. This hasn’t always been the case. A century ago, it was often the armed services that conceived and created the latest solutions. But when the world goes to war, it’s all hands on deck.
With unlimited resources, delving into fantastical technical solutions is easy. However, in the real world, the government and the private sector must solve real-life problems with realistic budgets. And today, both funds and available expertise are at a premium. Consequently, agencies must rely on companies they trust, and corporations only thrive when they invest in solutions likely to flourish in the future.
The FBI is increasing its cooperative efforts with U.S. government agencies and overseas allies as it wages an unending battle against growing cyber adversaries with escalating capabilities. Joining four major nation-states on the cyber threat list are terrorists and criminal organizations that constitute a mounting threat to U.S. national security, including the economy. The FBI faces the challenge of keeping up with these enemies, while knowing that they are relentless in their pursuit of cyber supremacy to achieve their goals.
To remain relevant, the Army National Guard must completely divest GuardNet, its information technology network, and converge with the Army’s Department of Defense Information Network. This step will prevent the Guard from reverting to a strategic reserve and enable full-time staffing of tactical communication system readiness to completely participate in dynamic force employment as an operational reserve. It also will repurpose the resources allocated to managing this nondeployable network so tactical units can meet the faster deployment time lines needed in the new security environment.
The rapid pace of technology adoption has leveled the playing field in global competition and opened new warfare domains in the space and cyber realms. To maintain their competitive advantage, U.S. warfighters must find ways to simplify and streamline technology upgrades and fixes in the field, as well as develop processes to onboard new technology solutions faster. Open architecture and modular systems present compelling solutions to achieve this goal.
Cyber insurance can protect organizations from losing more than data, but choosing a cyber insurer and policy comes with its own caveats. The purchase decision maker must consider an individual company’s circumstances, such as revenue, risk tolerance, board guidance and regulatory environment relative to protected categories of information. In addition, every purchase decision must be critically reviewed, particularly regarding the extent of coverage exclusions in each policy.
Long before the federal government charged two defendants in 2018 for ransomware attacks on municipal computer systems—including Atlanta’s—cities found ways to make do during these outages. Police wrote reports by hand, traffic tickets were paid in person and social media kept everyone informed in a way that showcased a city’s resiliency.
The U.S. Army envisions future robotic vehicles that are easy for soldiers to operate while proving difficult for enemy forces to detect, jam or hack. Researchers at one of the service’s premier research and development centers are racing to build the sensors, communications links and software needed to make that vision a reality.
Fiber is booming as telecommunications customers seek more services both in the cloud and at the network’s edge. The most important part of society’s information infrastructure, it is relatively secure in the face of attempts to wreak devastating harm to the nation, experts say. But that security is not absolute, and potential vulnerabilities could open up optical fiber to damaging attacks. Damage to this infrastructure, which serves as the backbone of the Internet and all the e-commerce that travels over it, could bring about an unprecedented economic upheaval.
A new report on the commoditization of cyber weapons suggests that the easy availability of inexpensive offensive cyber tools is reshaping the cyber threat landscape. The report is being briefed to officials across the federal government, including elements of the Department of Defense, Department of Homeland Security (DHS), FBI, Senate Cyber Caucus and the Secret Service.
Over the next year, U.S. government officials intend to develop an initial conformance framework to ultimately improve resilience for systems that provide positioning, navigation and timing for a wide variety of users. That initial framework will focus on timing, and lessons learned will be used to develop more comprehensive versions.
The top five U.S. cybersecurity workforce positions in demand today are information systems security developer, information systems security manager, systems developer, research and development specialist, and software developer. To fill these posts, entry-level positions must be developed in the areas of systems administrators, network operations and cyber operator specialists. All of this demand requires a steady supply of training.
Monitoring global lightning strikes could help detect cyber attacks on the U.S. electrical grid, according to Georgia Institute of Technology researchers who have a patent pending to do just that.
Lightning strikes roughly 3.5 million times per day on average. Each and every strike creates an electrical path miles tall that emits a very low frequency radio signal. Those signals bounce off the upper atmosphere and can be detected virtually anywhere in the world, explains Morris Cohen, an associate professor in the Georgia Tech School of Electrical and Computer Engineering.
As the U.S. Air Force is working to define operations on the battlefield of the future, sensors or other digitally connected devices will play a key role—as they always have—but on a much larger scale, one expert says. For the military, the world of Internet of Things, or IoT, has to work across the air, land, space and sea domains. And for the Air Force to enable a greater sensor-based environment, it has to tackle data platforms, cloud storage and capabilities, communication infrastructure and its network, says Lauren Knausenberger, the Air Force’s chief transformation officer.
The Defense Information Systems Agency (DISA) Cloud Based Internet Isolation prototyping effort is already eliminating cyber threats every day, says Angela Landress, who manages the program commonly known as CBII.
The program uses a little technological sleight of hand to keep non-secure Internet browsing in the secure Amazon Web Services (AWS) cloud rather than on the Department of Defense Information Network (DODIN). “What comes back from the cloud is actually just a video-like representation of the webpage. There’s nothing executable in it,” Landress explains.
The U.S. Army is looking toward the Internet of Things to reshape the future force for multidomain operations. Faced with the challenge of networking vast amounts of diverse sensors, the service views this type of networking as the solution to greater efficiency combined with increased capability.
Bruce D. Jette, assistant secretary of the Army for acquisition, logistics and technology, emphasizes the importance of the Internet of Things (IoT) approach across the service. “The IoT has the potential to greatly improve and economize the way we will operate as an Army in the future,” he declares.