The United States faces a “toxic mix of threats,” Dan Coats, the director of National Intelligence, testified today before the Senate Select Committee on Intelligence while unveiling the annual Worldwide Threat Assessment of the U.S. Intelligence Community.
The Cyber Edge
More than a year has passed since the Modernizing Government Technology (MGT) Act was signed into law, cementing the establishment of a capital fund for agencies to support their special IT projects. The MGT Act prompted defense and intelligence agencies to accelerate the replacement of legacy systems with innovative and automated technologies, especially as they explore new ways to mitigate security risks like those experienced all too often by their private sector counterparts.
The United States faces a threat unlike any in its history. The cyber threat zips around the world at blinding speeds and continually transforms. It can neutralize billion-dollar weapon systems and leave entire cities in the dark. It also can be wielded by superpowers, smaller governments or criminal organizations. At the same time, however, legislation, strategies, policies, authorities and a vigorous spirit of cooperation across government and the international community are all aligning to meet that threat.
The U.S. Transportation Command was the first U.S. Defense Department organization to begin moving its cyber capabilities, along with command and control applications, to a commercial cloud environment. More than a year later, the unified command is making strides in transferring its unclassified systems and is sharing lessons learned that will make the path to cloud usage smoother for others to follow.
Embedded systems are emerging as the latest challenge in the drive to secure deployed U.S. military technologies, including those residing within weapons and flight controllers. Because they are deeply entrenched inside critical hardware, these systems can be tricky to safeguard, so cybersecurity and cyber resiliency must be considered at the beginning of the design and architecture process. And although upgrades can boost embedded systems’ cybersecurity, system operators must determine when the potential pitfalls of doing so outweigh the benefits.
Up until the digital age, wars involved a limited number of combatants with clear identities battling within distinct boundaries visible on a map. These conflicts ended either with a victor or as a stalemate. But today’s information warfare does not fit this traditional model. Instead, it comprises an unlimited number of potential combatants, many with hidden identities and agendas.
Cyberspace is a theater of operations that is nowhere and everywhere. Within this domain, information warfare will not and in fact cannot come to any conclusion. This conflict closely resembles an incurable disease that can be managed so the patient can lead a productive life but is never completely cured.
Artificial intelligence can analyze vast amounts of information, identifying patterns and anomalies at a speed and scale beyond human capacity. To make it an invaluable part of defense, the goal will be to create cybersecurity systems that can anticipate national security threats. Once systems can automatically reconfigure themselves and their security controls to prevent any potential breaches, the next step will be to move to machines with the power to make their own decisions.
The U.S. defense industrial supply chain is vast, complex and vulnerable. Organic components, large-scale integrators, myriad commercial service providers, and tens of thousands of private companies sustain the Defense Department. According to the SANS Institute, the percentage of cyber breaches that originate in the supply chain could be as high as 80 percent.
Powered by recent advances in artificial intelligence and machine learning, long-hyped technologies such as facial recognition and behavioral biometrics are promising frictionless identity authentication. In the near future, people will be able prove who they are without even trying and sometimes without even knowing they’re doing it.
Threat researchers from McAfee Labs have released their 2019 cybersecurity threats predictions report. Unfortunately, cyber criminals are expected to become more sophisticated and collaborative as the “underworld” consolidates into stronger malware-as-a-service families actively working together.
Software and security teams will need to adapt as threats become more complex. McAfee predicts more attackers will be using artificial intelligence to avoid detection by security software. “In fact, an entire underground economy has emerged where criminals can now outsource products and dedicated services to aid their activities,” says Thomas Roccia, a researcher on the team.
The U.S. Indo-Pacific Command (INDOPACOM) is seeking the capabilities and enabling technologies to conduct “full-spectrum cyber operations” in its vast region of responsibility, according to its commander. Adm. Philip S. Davidson, USN, commander of the U.S. Indo-Pacific Command, described this new cyber push at the keynote luncheon on the first day of AFCEA’s TechNet Asia-Pacific 2018, held November 14-16 in Honolulu.
For three years, the U.S. Army has been asking questions about how to converge cyberspace operations, electronic warfare and spectrum management capabilities at the corps level and below to deny, degrade, destroy and manipulate enemy capabilities. Now, officials say, they are drawing closer to answers.
In 2015, the service created a pilot program known as Cyberspace Electromagnetic Activity (CEMA) Support to Corps and Below. The CEMA concept integrates elements from offensive and defensive cyber, electronic warfare, and intelligence into expeditionary teams that support tactical units.
In the coming months, researchers from Georgia Tech will reveal the results of testing on a robot called the HoneyBot, designed to help detect, monitor, misdirect or even identify illegal network intruders. The device is built to attract cyber criminals targeting factories or other critical infrastructure facilities, and the underlying technology can be adapted to other types of systems, including the electric grid.
The HoneyBot represents a convergence of robotics with the cyber realm. The diminutive robot on four wheels essentially acts as a honeypot, or a decoy to lure criminal hackers and keep them busy long enough for cybersecurity experts to learn more about them, which ultimately could unmask the hackers.
One way of ensuring that attackers don’t access a network node or break into a device is to render its identification invisible. Cloaking the device’s address gives a hacker nothing to see, and it can be done on systems ranging from government networks to medical electronics implanted inside human beings.
The Warfighter Information Network–Tactical program delivered a digital transformation, enabling maneuver elements to move faster and provide commanders with vital battlefield information in near real-time. Its flexibility facilitated communications in Iraq’s urban environments and Afghanistan’s mountainous terrain. Although a powerful improvement over Mobile Subscriber Equipment, the technologies are not powerful enough to combat adversaries wielding cyber capabilities.
Officials with the U.S. Defense Department and Department of Homeland Security recently signed a memorandum of understanding outlining a partnership that will allow the Defense Department to take a greater role in sharing intelligence and proactively defending the nation’s critical infrastructure, including next week’s mid-term election.
The Defense Department’s unique role in assessing foreign threats means that it often has information that could benefit the other departments and agencies, the defense industrial base and others with a role in defending the nation’s critical infrastructure.
It comes as no surprise that U.S. adversaries continue to target and successfully exploit the security weaknesses of small-business contractors. A successful intrusion campaign can drastically reduce or even eliminate research, development, test and evaluation (RDT&E) costs for a foreign adversary. Digital espionage also levels the playing field for nation-states that do not have the resources of their more sophisticated competitors. To bypass the robust security controls that the government and large contractors have in place, malicious actors have put significant manpower into compromising small- and medium-sized businesses (SMBs).
Artificial intelligence can be surprisingly fragile. This is especially true in cybersecurity, where AI is touted as the solution to our chronic staffing shortage.
It seems logical. Cybersecurity is awash in data, as our sensors pump facts into our data lakes at staggering rates, while wily adversaries have learned how to hide in plain sight. We have to filter the signal from all that noise. Security has the trifecta of too few people, too much data and a need to find things in that vast data lake. This sounds ideal for AI.
Every time federal information technology professionals think they’ve gotten in front of the cybersecurity risks posed by the Internet of Things (IoT), a new and unexpected challenge rears its head. Take, for instance, the heat maps used by GPS-enabled fitness tracking applications, which the U.S. Department of Defense (DOD) warned showed the location of military bases, or the infamous Mirai Botnet attack of 2016.
U.S. military aircraft, ships, combat vehicles, radios and satellites remain vulnerable to relatively common cyber attacks, according to a report published Tuesday by the U.S. Government Accountability Office (GAO). The report does not specify which weapon systems were tested.
In one case, a two-person test team took just one hour to gain initial access to a weapon system and one day to gain full control of the system, the report says. Another assessment demonstrated that the weapon system “satisfactorily prevented unauthorized access by remote users, but not insiders and near-siders.”