cyber

The Defense Digital Service (DDS) and HackerOne announced the launch of the DDS’s latest bug bounty program with HackerOne. It is the eleventh such program for DDS and HackerOne and the third with the U.S. Department of the Army.

Hack the Army 3.0 is a security test— time-bound and hacker-powered—aimed at revealing vulnerabilities so they can be resolved before they are exploited by adversaries. The bug bounty program will run from January 6, 2021, through February 17, 2021, and is open to both military and civilian participants.

Germany, the United States and many other nations are facing a more diverse, complex, quickly evolving and demanding security environment than at any time since the end of the Cold War. The resulting challenges to national and international security and stability could be as harmful to societies, economies and institutions as conventional attacks.

The U.S. Army upped the tempo when Gen. Mark Milley, USA, fired off his first message to the force in August 2015 as the newly sworn-in Army Chief of Staff: “Readiness for ground combat is—and will remain—the U.S. Army’s No. 1 priority.” Today, Gen. Milley is the chairman, Joint Chiefs of Staff, and the Army has rebuilt its tactical readiness through a transformational process that it is now expanding to focus on strategic readiness.

Experts have issued fresh warnings to U.S. citizens over the enormous amount of sensitive, personal information being routinely captured and commoditized, and that this same information is being weaponized by the country’s adversaries. A panel at the recent AFCEA TechNet Cyber conference highlighted that data gathering by Facebook, WhatsApp and Google presents a significant risk to both individuals and the nation.

Because U.S. adversaries likely will be able to use quantum computers within the next several years, Defense Information Systems Agency (DISA) officials are beginning to explore quantum-resistant technologies and the role the agency might play in developing or deploying those technologies.

Amassing data serves little purpose if it is not processed into knowledge, and that knowledge is largely wasted if leaders don’t understand what they have and how it can best be used.

That was just part of the message on empowering knowledge delivered by a NASA expert on the second day of TechNet Cyber 2020, AFCEA’s virtual event held December 1-3. Tiffany Smith, chief knowledge officer and information technology manager in NASA’s Aeronautics Research Mission Directorate, emphasized the importance of understanding both the knowledge at hand, knowledge priorities and the people who will exploit that knowledge to the fullest.

The Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN) is partnering with a broad base of national security organizations and industry to counter an increasing threat to U.S. forces and their operations worldwide. The JFHQ-DODIN seeks to meet this challenge with four primary focus areas that include new technologies such as automation to move data, hone commanders’ information and defend the network.

The U.S. Defense Department is developing a machine learning tool that can more quickly detect cyber intrusions and enable a more rapid response.

The U.S. Air Force, led by Brig. Gen. Chad Raduege, USAF, the Air Combat Command’s A-6, along with Deputy Chief Information Officer Lauren Knausenberger, is pursuing Operation Flamethrower, an aggressive project to abandon legacy network-related policies, processes or equipment that are not working. The tongue-in-cheek name of the effort is meant to illuminate the nature in which leaders will eliminate ineffective or redundant components in order to drive innovation.

“We are ruthlessly going after these things and setting them on fire,” Knausenberger said.

Adversaries are stepping up their efforts to exfiltrate information and weaken the U.S. supply chain through cyberspace. These efforts aim to both wreck the country from within and strengthen the hand of the adversary wielding the digital sword, according to a U.S. government official.

New government security measures are designed with these challenges in mind, and they can help secure targeted small businesses. The Cybersecurity Maturity Model Certification (CMMC), which is rolling out, is designed to help mitigate the effects of adversarial activities in cyberspace.

Building on the success of the inaugural June issue of SIGNAL Kids, AFCEA is proud to report the second issue will be released in December. The focus of the issue is cybersecurity, featuring an international section and an interview with a chief architect from the Naval Information Warfare Center.

The first issue was viewed by more than 13,000 readers and downloaded almost 200 times. AFCEA has long been committed to STEM learning and, especially in the time of COVID-19 when virtual learning is the new normal, is pleased to provide this additional resource to parents and educators.

STS Systems Support LLC, San Antonio, Texas, has been awarded a $21,040,702 firm-fixed-price contract for 67th Cyberspace Wing operations support services. Work will be performed at Joint Base San Antonio (JBSA) - Lackland, Texas, and is expected to be completed November 30, 2021. Fiscal year 2021 operation and maintenance funds in the amount of $1,897,325 are being obligated at the time of award. The Acquisition Management and Integration Center, JBSA-Lackland, Texas, is the contracting activity (FA7037-21-F-0003).

Despite attempts from adversaries such as China, Iran and Russia to compromise voting on America’s Election Day, the election system worked well, even with the record levels of voting, reported senior officials with the U.S. Department of Homeland Security’s (DHS’) Cybersecurity and Infrastructure Security Agency (CISA). The cybersecurity concerns now move to protecting the final vote counting, canvasing, auditing, certification and inauguration phases.

When the U.S. Army conducts its Multi-Domain Operations Live experiment in the Indo-Pacific region next year, it will mark the first time the service has undertaken a full-scale technology development experiment in a combat theater. The goal is to assess technologies under the same conditions they will face in times of war, rather than in a stateside setting.

Information management is an integral part of any military operation, and in today’s operations, technology is a common tool used to facilitate a shared understanding of intel. A growing trend for military bases is to install large format direct-view LED video walls in locations like command centers, control rooms and briefing rooms to show an integrated big picture of data feeds and video feeds critical to decision-making during the mission. As global cyber threats increase and the Department of Defense ramps up expectations for cybersecurity, the manufacturing location for any technology systems which send and receive signals is a forefront concern for equipment installations for the military and government.

Traditional institutions are falling by the wayside as technologies and geopolitics undergo multiple revolutions. Political parties, global relations, sociological structures and education all are changing shape as a tsunami of new trends overwhelms traditional ways and means.

The result of these changes is that formerly disparate disciplines are becoming more interconnected than before. Digitization has become a common thread throughout all, but other factors have created symbiotic relationships that must be taken into account as humankind meets the challenges emerging in this new era.

Anyone moving through the ecosystem of software development and cyber over the last few decades has heard cool words to describe it: Waterfall, Cobalt, Agile, DevOps and now DevSecOps.

DevSecOps may be the latest term but the idea behind it remains constant: Security should be a priority from the start.

In addition to institutions such as NATO and the European Union (EU), one of the biggest players in North Atlantic defense is data, say European experts. Yet, nations often overlook the lessons generated by the private sector and not always pursuing effective investments in military information technology.

Those points were discussed at the AFCEA Europe Joint Support and Enabling Command (JSEC) virtual event in late September. Maj. Gen. Erich Staudacher, GEAF (Ret.), AFCEA Europe general manager, offered that data increasingly sprawls into military mobility. He recited an old Latin saying that navigation is necessary, all the more in this sea of data.

While the world was facing the rapid and deadly spread of the severe acute respiratory syndrome coronavirus 2, most commonly known as COVID-19, malicious cyber attackers were also at work, increasing the number of attacks, switching methods, taking advantage of the boom in Internet, network and email users, and playing on fears during the uncertain time, cybersecurity experts say. Companies struggling to maintain operations are still leaving gaps in digital security, they warn.

Facing a pandemic and an aging legacy medical record system with limited data storage capacity at an on-premise data center in Charleston, South Carolina, the Enterprise Intelligence & Data Solutions (EIDS) team, sprang into action to complete a game-changing cloud migration project. The effort, called the Accelerated Migration Project, or AMP, moved petabytes of secondary healthcare data and related applications to the cloud. The project digitally transforms access to U.S. Defense Department medical records and offers better data analytics and more reliable information discovery, driving improved outcomes in patient care and business operations, experts say.

The two-factor authentication schema is often heralded as the silver bullet to safeguard online accounts and the way forward to relegate authentication attacks to the history books. However, news reports of a phishing attack targeting authentication data, defeating the benefits of the protection method, have weakened confidence in the approach. Furthermore, hackers have targeted account recovery systems to reset account settings, yet again mitigating its effectiveness. Facilitating additional layers of security is crucial to bolstering user account protection and privacy today and into the future.

Over the last few months, Zero Trust Architecture (ZTA) conversations have been top-of-mind across the DoD. We have been hearing the chatter during industry events all while sharing conflicting interpretations and using various definitions. In a sense, there is an uncertainty around how the security model can and should work. From the chatter, one thing is clear—we need more time. Time to settle in on just how quickly mission owners can classify a comprehensive and all-inclusive acceptable definition of Zero Trust Architecture.

The need to move away from a perimeter-based cybersecurity model—the moat and castle approach—to a cloud-enabled zero trust architecture—an underlying framework that essentially is like placing a security door in front of each and every application—is apparent. Similarly, identity, once mostly an operational and user experience-driven technology, has evolved to be a core aspect of cybersecurity, verifying a user in a network or activity, said Frank Briguglio, strategist, Global Public Sector, SailPoint.

Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment.

At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.