This week, the cybersecurity arm of the U.S. Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency, known as CISA, held a virtual exercise and preparedness event with Major League Baseball’s (MLB's) Cactus League. The event aimed to boost physical security and cybersecurity at training, practices and games this spring in Arizona, CISA reported.
The need to move away from a perimeter-based cybersecurity model—the moat and castle approach—to a cloud-enabled zero trust architecture—an underlying framework that essentially is like placing a security door in front of each and every application—is apparent. Similarly, identity, once mostly an operational and user experience-driven technology, has evolved to be a core aspect of cybersecurity, verifying a user in a network or activity, said Frank Briguglio, strategist, Global Public Sector, SailPoint.
Range Generation Next LLC, Sterling, Virginia, has been awarded a $13,941,843 cost-plus-fixed-fee modification (P000297) to contract FA8806-15-C-0001 for cyber hardened infrastructure support. This modification supports an increase in launch and test range requirements. The primary locations of performance are the Eastern Range, Patrick Air Force Base, Florida; and the Western Range, Vandenberg AFB, California. Work is expected to be completed Feb. 14, 2022. Fiscal 2020 operations and maintenance funds in the amount of $13,941,843 are being obligated at the time of award. The total cumulative face value is $1,210,861,882. Space and Missile Systems Center, Peterson AFB, Colorado, is the contracting activity.
Arlington, Virginia-based Shift5, Inc., signed a Cooperative Research and Development Agreement (CRADA) with the U.S. Army Combat Capabilities Development Command Ground Vehicle Systems Center (GVSC) in Warren, Michigan, the company announced on April 2. Under the CRADA, Shift5 will support the GVSC—which is the military's research and development facility for advanced technology in ground vehicle systems—by developing advanced cyber defense capabilites to protect such vehicles from cyber attacks. The technology developed by Shift5 will integrate, demonstrate, and validate cyber resiliency and inform cyber situational awareness prototype solutions to defend Army platforms from proof of concept cyber attacks, the company said.
With the increase of available equipment that connects to the Internet, the military needs to address the associated cybersecurity risks. The Defense Department is lacking a comprehensive strategy of how to harness these so-called IoT devices, which could be based on existing cybersecurity frameworks, advised experts at an October 31 AFCEA Quantico-Potomac Chapter luncheon.
The sophisticated nature of cyber attacks and intellectual property theft performed by adversaries is only increasing, as nation-state actors continue to mount attacks to gain valuable information from the United States, its military and private companies.
The blend of cyber and human espionage is what makes China particularly effective in mounting these kinds of attacks, said Mark Kelton, senior advisor, Chertoff Group and former senior executive of the CIA. The threats to U.S. intellectual property and digitally based assets are not slowing down anytime soon, stated Sean Berg, senior vice president and general manager, Global Governments and Critical Infrastructure, Forcepoint.
Packet Forensics LLC, Virginia Beach, Virginia, was awarded a $10,000,000 modification (P00004) to previously awarded HR0011-18-C-0056 for the Defense Advanced Research Projects Agency Harnessing Autonomy for Countering Cyberadversary Systems (HACCS) research project. The modification brings the total cumulative face value of the contract to $21,200,000 from $11,200,000. Work will be performed at Virginia Beach, Virginia, with an expected completion date of August 2020. Fiscal year 2019 research and development funds in the amount of $10,000,000 are being obligated at time of award. The Defense Advanced Research Projects Agency, Arlington, Virginia, is the contracting activity.
Sabre Systems Inc., Warrington, Pennsylvania, is awarded $42,999,468 for cost-plus-fixed-fee delivery order N68335-19-F-0533 against a previously issued basic ordering agreement (N68335-16-G-0022). This delivery order provides for the research and development of cyber resilient and full spectrum cyber warfare capabilities in support of the Integrated Battlespace Simulation and Test Department, Research, Development, Test and Evaluation Infrastructure Division. Work will be performed in Patuxent River, Maryland, and is expected to be completed in August 2024.
On Friday, the U.S. House of Representatives passed their version of the National Defense Authorization Act for Fiscal Year 2020, H.R. 2500, by a vote of 220-197. Known as the NDAA, the annual legislation authorizes policy measures for the Defense Department. It varies from the Senate’s bill, S. 1790—passed on June 28—which the two legislative bodies will have to reconcile before sending a final NDAA to the president.
Singapore, in terms of size, is akin to an ant versus an elephant, said David Koh, commissioner of cybersecurity; chief executive, Cyber Security Agency, Singapore’s Prime Minister’s Office; and Defense Cyber Chief, Ministry of Defense of the Republic of Singapore. Nevertheless, the republic has put cybersecurity front and center. Even with only a population of about 5.9 million people—similar to the number of citizens in the Washington, D.C., area—Singapore is one the world’s most digitally connected cities, averaging two cellphones per citizen.
Booz Allen Hamilton, McLean, Virginia, was awarded a $12,884,834 modification (P00006) to contract W91RUS-18-C-0024 for cybersecurity support services. Work will be performed in Fort Huachuca, Arizona, with an estimated completion date of September 2, 2029. Fiscal year 2019 operations and maintenance Army funds in the amount of $12,884,834 were obligated at the time of the award. U.S. Army Contracting Command, Aberdeen Proving Ground, Maryland, is the contracting activity.
Somewhere between “hype and hope,” experts posit that aspects of a cyber attack can be predicted. They caution that success so far has been limited. If it is possible, forecasting digital invasions in advance naturally could be an important capability.
The key is predicting with enough accuracy to be helpful and with sufficient lead time, experts shared at AFCEA International and the Institute of Electrical and Electronics Engineers’ (IEEE’s) MILCOM conference on October 29 in Los Angeles.
Malicious emails have been the more forecastable type of cyber attack, the experts said.
The U.S. Department of Homeland Security’s Science and Technology Directorate is working to improve the resiliency of smartphones and other mobile technologies through directed research and development initiatives. Not as secure as office computers, mobile devices are becoming the preferred target for malicious actions by cyber adversaries. In many cases, smartphones, tablets and other electronic devices simply do not have the same protections available for more traditional computing technologies, experts say. The level of attacks also is moving “deeper down the mobile device stack,” from the application and mobile operating system layers to the hardware and infrastructure layers, according to the department.
Aiming to accelerate the U.S. government’s use of secure mobile technologies, the Cyber Security Division (CSD) in the Department of Homeland Security (DHS) is pursuing several research and development (R&D) projects, among other efforts, that focus on two main areas: mobile device security and mobile application security. The projects and related vendors are working to improve device security:
ICF Inc. of Fairfax, Virginia, was awarded a $31,467,870 modification to an existing contract to support the Army Research Laboratory's Cyber Security Service Provider program. The work includes both research and development and defensive cyber operations amd will be performed in Adelphi, Maryland, with an estimated completion date of June 15, 2020. Fiscal year 2018 research, development, test and evaluation funds in the amount of $2,433,999 were obligated at the time of the award. U.S. Army Contracting Command, Aberdeen Proving Ground, Maryland, is the contracting activity.
This month, Linton Wells II drew his inspiration for Mission Assurance Moves to the Fore in Cyberspace from Deputy Secretary of Defense William J. Lynn III's recently published article, Defending a New Domain: The Pentagon's Cyberstrategy. Wells summarizes Lynn's strategy points, noting that taken on a whole they have a broader implication than just cyberdefense. It has more to do with mission assurance, he says:
Recognizing a threat is the first step to addressing it, and one way to do that is to track incongruities rather than just monitoring the status quo. In this issue of SIGNAL Magazine, Chris Sanders highlights an intrusion detection architecture that does just that. His article, "The Exception Becomes the Rule," focuses on how this system enables a rapid, flexible response to cyberthreats.
In "New Document Provides Framework for Interagency Data Sharing," Henry Kenyon describes a newly released document that sets common standards for data security and risk management: the NIST Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST SP-800-37).