The U.S. Office of Management and Budget released a report this spring showing the abysmal state of cybersecurity in the federal government. Three-quarters of the agencies assessed were found to be “at risk” or “at high risk,” highlighting the need for a cyber overhaul. The report also noted that many agencies lacked “standardized cybersecurity processes and IT capabilities,” which affected their ability to “gain visibility and effectively combat threats.”
Medical technologies such as electronic devices implanted or injected into the human body are the next growth area for hackers pursuing money or control of individual people. With nanotechnology implants already being used for some medical treatments, advances in their application could pose as great a cybersecurity threat as what faces the Internet of Things, experts say.
When Alexander Woody was born, his mother knew she needed to forge a new path career-wise. She enrolled in an associate's degree program at her local community college and studied computer programming.
“She hit that program really hard back in the '90s and was able to succeed,” says Woody, who is now an Army specialist working as a counter pursuit operator within the National Security Agency’s (NSA’s) Cybersecurity Threat Operations Center.
Spc. Woody ended up with the NSA after finding himself also at a career crossroad. He studied chemistry at North Carolina State University and sometimes tutors high school students struggling with chemistry. But he realized it wasn’t the right career choice for him.
Radiance Technologies Inc.,* Huntsville, Alabama, has been awarded a $19,776,547, cost-plus-fixed-fee completion contract for Small Business Cyber Security Operations Center (SB-CSOC). The scope of this effort is the development of a SB-CSOC capability. Unlike private security operations centers or managed security services providers, the SB-CSOC will provide direct integration with state and federal organizations and cyber mission forces, enabling small businesses to adopt best-of-breed cybersecurity strategies (such as those based on the National Institute of Standards and Technology Cybersecurity Framework). Work will be performed in Baton Rouge, Louisiana, and is expected to be completed by July 29, 2021.
The U.S. Navy is working to speed cyber capabilities to the force to keep up with both technology innovation and adversarial activities. Major obstacles can be found both internally and externally, and security concerns dominate all modernization efforts.
Northrop Grumman Systems Corp., McLean, Virginia, was awarded a $16,634,000 modification contract for non-personal Information Technology support services for the U.S. Army Regional Cyber Center-Europe. Work will be performed in Wiesbaden Erbenheim, Germany, with an estimated completion date of July 18, 2019. Fiscal year 2018 operations and maintenance Army funds in the amount of $2,000,000 were obligated at the time of the award. U.S. Army Contracting Command, Aberdeen Proving Ground, Maryland, is the contracting activity.
Fraud, waste, and abuse (FWA) remains a major challenge to the federal government. From 2012 to 2016, the 73 federal inspectors general (IGs), who are on the frontline of fighting FWA, identified $173 billion in potential savings and reported $88 billion in investigative recoveries and 36,000 successful prosecutions and civil actions.
The U.S. Department of Homeland Security’s Science and Technology Directorate is working to improve the resiliency of smartphones and other mobile technologies through directed research and development initiatives. Not as secure as office computers, mobile devices are becoming the preferred target for malicious actions by cyber adversaries. In many cases, smartphones, tablets and other electronic devices simply do not have the same protections available for more traditional computing technologies, experts say. The level of attacks also is moving “deeper down the mobile device stack,” from the application and mobile operating system layers to the hardware and infrastructure layers, according to the department.
It has become increasingly evident that artificial intelligence (AI) and machine learning (ML) are poised to impact government technology. Just last year, the General Services Administration launched programs to enable federal adoption of AI, and the White House encouraged federal agencies to explore all of the possibilities AI could offer. The benefits are substantial, but before the federal government can fully take advantage of advancements like AI, federal agencies must prepare their IT infrastructure to securely handle the additional bandwidth.
The U.S. Air Force is developing a methodology for assessing the cyber resiliency of weapon systems and examining how to standardize that methodology across the service. The effort could improve the security of hundreds of weapon systems, including aerial refueling planes, fighter jets and inertial navigation systems.
The cyber realm has redefined the meaning of warfare itself. Conflict in cyberspace is constant, low-cost and uninhibited by traditional definitions of territory and country. Now, governments, militaries and private research groups from America to South Korea are taking cyber capabilities one step further, using developments in artificial intelligence and machine learning to create autonomous weapons that will soon be deployed into battle.
Machine learning already has been used in both cyber and kinetic weapons, from autonomously firing gun turrets to human-superior social engineering attacks. While these advances are noteworthy, these machines are neither entirely intelligent nor autonomous.
The recent dissemination of classified information through media outlets and social media indicate that contemporary insider threat management has entered a new phase. Unlike previous generations that adhered to a strict code of silence, some millennials in charge of keeping U.S. secrets safe have the urge to share information they deem the public has the right to know. Rather than going through official channels to reveal actions they believe are wrong, people like Chelsea Manning, Edward Snowden and Reality Winner leak classified material through media and are just the first indication of information management processes that must change with the times.
The U.S. Defense Department is leaning forward by investing in capabilities that equip U.S. cyber forces with a warfighting platform to achieve, maintain and defend cyberspace superiority. The Unified Platform will be critical to realizing U.S. Cyber Command’s vision to maneuver globally and seamlessly between defense and offense across the cyberspace domain and defend far forward into an adversary’s cyber space.
Ever-expanding reviews and policies aren’t the only way to control enterprise information technology projects. Instead, management should establish clear standards and incentivize project managers to choose enterprise-friendly designs that streamline external reviews and eliminate the delays and costs associated with compliance.
Information technology projects have distinct requirements: cybersecurity, privacy and Section 508 compliance. These necessary requirements add a significant burden and can cause slowdowns and cost overruns. Other external challenges come from the budgeting process, procurement and configuration management.
Wary that the Internet of Things (IoT) could be used to introduce unwanted and unchecked security risks into government networks, senators last year created a piece of legislation that placed minimum security standards around IoT devices sold to and purchased by government agencies. The IoT Cybersecurity Improvement Act of 2017 specifically cites the need for regulation of “federal procurement of connected devices,” including edge computing devices, which are part of the IoT ecosystem.
U.S. Army officials conducting the third annual Cyber Quest experiment, which ends today, will issue a report in about 30 days that will determine which of the systems involved will transfer to programs of record. The exercise consists of an array of systems, including artificial intelligence and machine learning, that help provide situational understanding of the cyber and electronic warfare realms.
Cyber Defense Information Assurance, Round Rock, Texas, has been awarded a $12,150,174 modification to contract FA8773-15-C-0045 for Air Force enterprise-level network management, optimized communications and defensive measures at Air Force information network gateways. Work will be performed at Maxwell Gunter Air Force Base, Alabama, and is expected to be complete by July 8, 2018. Fiscal year 2018 operations and maintenance funds in the amount of $9,100,130 are being obligated at the time of award. The 38th Contracting Squadron, Tinker Air Force Base, Oklahoma, is the contracting activity.
Traffic on optical transport networks is growing exponentially, leaving cyber intelligence agencies in charge of monitoring these networks with the unenviable task of trying to sift through ever-increasing amounts of data to search for cyber threats. However, new technologies capable of filtering exploding volumes of real-time traffic are being embedded within emerging network monitoring applications supporting big data and analytics capabilities.
With the arrival of June, we’re at the halfway point of an already busy year for the cybersecurity industry. With each passing year, our sector continues to demonstrate its evolving approach to fighting cyber threats, as cyber crime itself continues to evolve.
As both business and government move forward with digital transformation initiatives to improve processes and efficiency, the overall security attack surface continues to expand with more potential points of access for criminals to exploit. However, our industry is tackling these challenges head-on, with numerous innovative solutions continuing to come to market.
When National Science Foundation officials announced in February that three major providers of cloud computing were donating up to $9 million collectively for big data research, they already were looking for ways to broaden the effort to include a wider variety of topics, including cybersecurity. The expansion is intended to benefit both research and education initiatives and is necessary, in part, because the cloud providers now acquire cutting-edge hardware before it is made available to researchers.