The U.S. Army’s Communications-Electronics Research, Development and Engineering Center, known as CERDEC, is gearing up to face increasing asymmetrical threats in cyberspace. The center looks to improve cyber operations, information warfare, electronic countermeasures and information security, among other areas. Its efforts are prompted as the military finds itself fighting or preparing to fight more and more in cyberspace, in conjunction with the traditional domains of sea, air, land and space.
The potential geopolitical consequences of quantum communications will result in clear asymmetries in both knowledge and confidentiality of information. Countries whose data can be protected through quantum communication techniques will have a significant information advantage, a situation that would have important, albeit hard to predict, effects on geopolitical developments.
As a result of recent federal legislative and administrative activity, government agencies are expected to launch significant modernizations of their cybersecurity systems, get offensive with hackers and take a more strategic approach to risk. Combined, these policy directives promise to transform our government into a robust digital society, gaining greater resiliency to cyber threats by leveraging opportunities while reinforcing standards and procedures.
Here’s a breakdown of the key components of the four policies:
The days of the United States’ stature as a force without equal appear to be over. The threat of near-peer competition with increasingly sophisticated adversaries is growing. As Secretary of Defense James Mattis says in the National Defense Strategy, "America has no preordained right to victory on the battlefield."
This month is a crucial time for the U.S. Navy, as far as information technology goes. Its Program Executive Office for Enterprise Information Systems is developing the request for proposal for its Next Generation Enterprise Network Re-compete contract that will provide information technology services, including cloud services, for more than 700,000 Navy and Marine Corps users.
Whether a Social Security number from an individual, or financial information from a company, hackers continue to find ways to steal data from millions of Americans. To combat these crimes, the idea of active cyber defense has arisen on Capitol Hill with the introduction of the Active Cyber Defense Certainty (ACDC) Act.
In January, Homeland Security Secretary Kirstjen Nielsen voiced measured support for empowering companies to be more active in their approach to cybersecurity. These active measures would allow companies to access other computer networks in order to thwart cyber attacks, monitor the hackers, collect evidence or destroy stolen files.
Domestic cybersecurity has some new potential vulnerabilities to defend, according to the Department of Homeland Security’s (DHS’s) 2018 Cybersecurity Strategy. In addition to conventional concerns such as the water and power grids and the financial sector, the burgeoning number of Internet-connected devices and the global supply chain have emerged as areas that must be protected against a growing threat from a variety of adversaries.
Situational awareness is key to cybersecurity and using analytics can help create the situational awareness needed to defend the nation from adversaries. “Never before have we had the tools that we have today to understand the environment we’re in,” said Roberta “Bobbie” Stempfley, director, Carnegie Mellon University’s Software Engineering Institute, CERT Division, during her morning keynote at the AFCEA-GMU Critical Issues in C4I Symposium.
Thoughts by experts about the ability of the military to defend cyberspace are centering around the concept of improved partnerships, which may be outside of the Defense Department’s usual practices. A lot can be gained from the insight of coalition partners and think tanks—wisdom and information that the DOD may not have tapped into, experts said.
Providing an information network that enables warfighters to perform global missions is not easy given the network itself is besieged constantly by cyber attacks. All U.S. Defense Department organizations use the complex technical infrastructure known as the Department of Defense Information Network (DODIN), and the responsibility to protect it 24/7 falls squarely on the shoulders of Joint Force Headquarters–Department of Defense Information Network (JFHQ-DODIN).
Machine learning has advanced to the point where more sophisticated methods can be more effective at cyber event detection than traditional methods, an expert says. Along with emerging methods, access to large amounts of “fresh” data is important for processing, determining trends and identifying malicious activity.
Teams looking at how to use machine learning need to consider different methods, suggested Mark Russinovich, chief technology officer, Microsoft Azure, at the AFCEA Defensive Cyber Operations Symposium (DCOS) in Baltimore on May 17.
Raising the bar for STEM education comes through practice, competition and a culture shift to help prepare the next generation of defense leaders. It’s less about how many hours of STEM courses or what is the right age to engage kids in STEM and more of a focus on how to create access to opportunities in a way that they can connect with for the long term.
Between 1.5 and 3 million cyber professionals will be needed worldwide by the year 2020 according to various studies. However, the majority of individuals currently entering the field are male; estimates are only 5 percent to 11 percent of professionals entering technical fields are women on a global basis. It is critical to bring more women into cyber fields not only to fortify the cyber workforce with more talent but also to apply the power of diversity that leads to better solutions.
Faced with unending cyber attacks that are increasing in sophistication and coming from all types of adversaries, the U.S. Army Cyber Center of Excellence is preparing its best defense: cyber operators. With a dedicated section of the Army’s force that focuses only on cyberspace operations, the service must continue to fill the ranks and train cyber operators, said Maj. Gen. John Morrison Jr., USA, commanding general, U.S. Army Cyber Center of Excellence (CoE) and Fort Gordon.
If you think of the cyber threat as Godzilla, you can see the need for a framework that optimizes limited resources. As the beast attacks the building, those individuals located on the ground floor—for example the architects and engineers—worry about being stepped on by its feet. Those on the next floor up, the systems engineers, see the knees and want protection from being kicked. The next level, the incident responders, see the claws and worry about what those claws can do. Higher in the building, the operators see the shoulders and are focused on how big the threat might be based on the shoulder size. The customers at the top only see teeth and flames.
As the Department of Defense is working to improve lethality, it is making the transition to fight in the new domain of cyber, according to Anthony Montemarano, executive deputy director, Defense Information Systems Agency (DISA). The key to this evolution is innovation and harnessing emerging technologies to protect and defend the homeland. “We’ve got to get ahead of the adversaries,” he said.
Speaking to a room packed full of industry and government officials on Tuesday at the AFCEA Defensive Cyber Operations Symposium (DCOS) in Baltimore, and in an interview with SIGNAL Magazine, Montemarano called on industry to provide innovation.
In her unique, dual-hatted role as director of the Defense Information Systems Agency (DISA) and commander of the Joint Force Headquarters–Department of Defense Information Network (JFHQ-DODIN), Vice Adm. Nancy Norton, USN, is pushing to provide the best communication and information technology capabilities to the Defense Department (DOD).
“Everything we do is to support the warfighter and increase their ability to accomplish their mission,” she said. The admiral was the keynote speaker opening the AFCEA Defensive Cyber Operations Symposium (DCOS) in Baltimore on May 15.
The U.S. Army may be catching up to adversaries in the information warfare domain, but the pace of change remains a challenge.
“The biggest [capability] gap we have is keeping pace. It is very much a cat-and-mouse game. When you have a cat-and-mouse game, you see a lot of change, so we try to anticipate things,” says Gary Blohm, who directs the Intelligence and Information Warfare Directorate (I2WD) at Aberdeen Proving Ground, Maryland.
U.S. Navy personnel with advanced skills in information warfare may be ready to hit the decks and deploy across the fleet by year’s end.
Adding those adept information warriors to the fleet is a top priority for the commander of the Naval Information Warfighting Development Center (NIWDC), which was established about a year ago. Similar to other warfighting development centers, the NIWDC mission includes training and assessing forces in advanced tactics, techniques and procedures at the individual, unit, integrated or advanced and joint levels.
The organization tasked with protecting U.S. Defense Department networks is looking to accelerate its ability to detect and respond to enemy cyber attacks. While detection and response are not new, they have assumed greater importance as cyber attacks are combined with kinetic operations throughout the battlespace.