The U.S. Department of Homeland Security’s Science and Technology Directorate is working to improve the resiliency of smartphones and other mobile technologies through directed research and development initiatives. Not as secure as office computers, mobile devices are becoming the preferred target for malicious actions by cyber adversaries. In many cases, smartphones, tablets and other electronic devices simply do not have the same protections available for more traditional computing technologies, experts say. The level of attacks also is moving “deeper down the mobile device stack,” from the application and mobile operating system layers to the hardware and infrastructure layers, according to the department.
The Cyber Edge
It has become increasingly evident that artificial intelligence (AI) and machine learning (ML) are poised to impact government technology. Just last year, the General Services Administration launched programs to enable federal adoption of AI, and the White House encouraged federal agencies to explore all of the possibilities AI could offer. The benefits are substantial, but before the federal government can fully take advantage of advancements like AI, federal agencies must prepare their IT infrastructure to securely handle the additional bandwidth.
Just as methodical programs to improve emergency communications interoperability are building up speed, new technologies threaten to derail the entire effort. Emergency responders find that new mobile systems bring valuable capabilities, such as enhanced data access, and they embrace these technologies eagerly. But the advanced communications systems often do not mesh with each other as well as traditional broadband radio links, and their innovative approaches pose new challenges.
The U.S. Air Force is developing a methodology for assessing the cyber resiliency of weapon systems and examining how to standardize that methodology across the service. The effort could improve the security of hundreds of weapon systems, including aerial refueling planes, fighter jets and inertial navigation systems.
The cyber realm has redefined the meaning of warfare itself. Conflict in cyberspace is constant, low-cost and uninhibited by traditional definitions of territory and country. Now, governments, militaries and private research groups from America to South Korea are taking cyber capabilities one step further, using developments in artificial intelligence and machine learning to create autonomous weapons that will soon be deployed into battle.
Machine learning already has been used in both cyber and kinetic weapons, from autonomously firing gun turrets to human-superior social engineering attacks. While these advances are noteworthy, these machines are neither entirely intelligent nor autonomous.
The recent dissemination of classified information through media outlets and social media indicate that contemporary insider threat management has entered a new phase. Unlike previous generations that adhered to a strict code of silence, some millennials in charge of keeping U.S. secrets safe have the urge to share information they deem the public has the right to know. Rather than going through official channels to reveal actions they believe are wrong, people like Chelsea Manning, Edward Snowden and Reality Winner leak classified material through media and are just the first indication of information management processes that must change with the times.
The U.S. Defense Department is leaning forward by investing in capabilities that equip U.S. cyber forces with a warfighting platform to achieve, maintain and defend cyberspace superiority. The Unified Platform will be critical to realizing U.S. Cyber Command’s vision to maneuver globally and seamlessly between defense and offense across the cyberspace domain and defend far forward into an adversary’s cyber space.
Wary that the Internet of Things (IoT) could be used to introduce unwanted and unchecked security risks into government networks, senators last year created a piece of legislation that placed minimum security standards around IoT devices sold to and purchased by government agencies. The IoT Cybersecurity Improvement Act of 2017 specifically cites the need for regulation of “federal procurement of connected devices,” including edge computing devices, which are part of the IoT ecosystem.
U.S. Army officials conducting the third annual Cyber Quest experiment, which ends today, will issue a report in about 30 days that will determine which of the systems involved will transfer to programs of record. The exercise consists of an array of systems, including artificial intelligence and machine learning, that help provide situational understanding of the cyber and electronic warfare realms.
Traffic on optical transport networks is growing exponentially, leaving cyber intelligence agencies in charge of monitoring these networks with the unenviable task of trying to sift through ever-increasing amounts of data to search for cyber threats. However, new technologies capable of filtering exploding volumes of real-time traffic are being embedded within emerging network monitoring applications supporting big data and analytics capabilities.
With the arrival of June, we’re at the halfway point of an already busy year for the cybersecurity industry. With each passing year, our sector continues to demonstrate its evolving approach to fighting cyber threats, as cyber crime itself continues to evolve.
As both business and government move forward with digital transformation initiatives to improve processes and efficiency, the overall security attack surface continues to expand with more potential points of access for criminals to exploit. However, our industry is tackling these challenges head-on, with numerous innovative solutions continuing to come to market.
When National Science Foundation officials announced in February that three major providers of cloud computing were donating up to $9 million collectively for big data research, they already were looking for ways to broaden the effort to include a wider variety of topics, including cybersecurity. The expansion is intended to benefit both research and education initiatives and is necessary, in part, because the cloud providers now acquire cutting-edge hardware before it is made available to researchers.
The U.S. Army’s Communications-Electronics Research, Development and Engineering Center, known as CERDEC, is gearing up to face increasing asymmetrical threats in cyberspace. The center looks to improve cyber operations, information warfare, electronic countermeasures and information security, among other areas. Its efforts are prompted as the military finds itself fighting or preparing to fight more and more in cyberspace, in conjunction with the traditional domains of sea, air, land and space.
The potential geopolitical consequences of quantum communications will result in clear asymmetries in both knowledge and confidentiality of information. Countries whose data can be protected through quantum communication techniques will have a significant information advantage, a situation that would have important, albeit hard to predict, effects on geopolitical developments.
As a result of recent federal legislative and administrative activity, government agencies are expected to launch significant modernizations of their cybersecurity systems, get offensive with hackers and take a more strategic approach to risk. Combined, these policy directives promise to transform our government into a robust digital society, gaining greater resiliency to cyber threats by leveraging opportunities while reinforcing standards and procedures.
Here’s a breakdown of the key components of the four policies:
The days of the United States’ stature as a force without equal appear to be over. The threat of near-peer competition with increasingly sophisticated adversaries is growing. As Secretary of Defense James Mattis says in the National Defense Strategy, "America has no preordained right to victory on the battlefield."
This month is a crucial time for the U.S. Navy, as far as information technology goes. Its Program Executive Office for Enterprise Information Systems is developing the request for proposal for its Next Generation Enterprise Network Re-compete contract that will provide information technology services, including cloud services, for more than 700,000 Navy and Marine Corps users.
Whether a Social Security number from an individual, or financial information from a company, hackers continue to find ways to steal data from millions of Americans. To combat these crimes, the idea of active cyber defense has arisen on Capitol Hill with the introduction of the Active Cyber Defense Certainty (ACDC) Act.
In January, Homeland Security Secretary Kirstjen Nielsen voiced measured support for empowering companies to be more active in their approach to cybersecurity. These active measures would allow companies to access other computer networks in order to thwart cyber attacks, monitor the hackers, collect evidence or destroy stolen files.
Domestic cybersecurity has some new potential vulnerabilities to defend, according to the Department of Homeland Security’s (DHS’s) 2018 Cybersecurity Strategy. In addition to conventional concerns such as the water and power grids and the financial sector, the burgeoning number of Internet-connected devices and the global supply chain have emerged as areas that must be protected against a growing threat from a variety of adversaries.
Thoughts by experts about the ability of the military to defend cyberspace are centering around the concept of improved partnerships, which may be outside of the Defense Department’s usual practices. A lot can be gained from the insight of coalition partners and think tanks—wisdom and information that the DOD may not have tapped into, experts said.