Faced with unending cyber attacks that are increasing in sophistication and coming from all types of adversaries, the U.S. Army Cyber Center of Excellence is preparing its best defense: cyber operators. With a dedicated section of the Army’s force that focuses only on cyberspace operations, the service must continue to fill the ranks and train cyber operators, said Maj. Gen. John Morrison Jr., USA, commanding general, U.S. Army Cyber Center of Excellence (CoE) and Fort Gordon.
If you think of the cyber threat as Godzilla, you can see the need for a framework that optimizes limited resources. As the beast attacks the building, those individuals located on the ground floor—for example the architects and engineers—worry about being stepped on by its feet. Those on the next floor up, the systems engineers, see the knees and want protection from being kicked. The next level, the incident responders, see the claws and worry about what those claws can do. Higher in the building, the operators see the shoulders and are focused on how big the threat might be based on the shoulder size. The customers at the top only see teeth and flames.
As the Department of Defense is working to improve lethality, it is making the transition to fight in the new domain of cyber, according to Anthony Montemarano, executive deputy director, Defense Information Systems Agency (DISA). The key to this evolution is innovation and harnessing emerging technologies to protect and defend the homeland. “We’ve got to get ahead of the adversaries,” he said.
Speaking to a room packed full of industry and government officials on Tuesday at the AFCEA Defensive Cyber Operations Symposium (DCOS) in Baltimore, and in an interview with SIGNAL Magazine, Montemarano called on industry to provide innovation.
In her unique, dual-hatted role as director of the Defense Information Systems Agency (DISA) and commander of the Joint Force Headquarters–Department of Defense Information Network (JFHQ-DODIN), Vice Adm. Nancy Norton, USN, is pushing to provide the best communication and information technology capabilities to the Defense Department (DOD).
“Everything we do is to support the warfighter and increase their ability to accomplish their mission,” she said. The admiral was the keynote speaker opening the AFCEA Defensive Cyber Operations Symposium (DCOS) in Baltimore on May 15.
The U.S. Army may be catching up to adversaries in the information warfare domain, but the pace of change remains a challenge.
“The biggest [capability] gap we have is keeping pace. It is very much a cat-and-mouse game. When you have a cat-and-mouse game, you see a lot of change, so we try to anticipate things,” says Gary Blohm, who directs the Intelligence and Information Warfare Directorate (I2WD) at Aberdeen Proving Ground, Maryland.
U.S. Navy personnel with advanced skills in information warfare may be ready to hit the decks and deploy across the fleet by year’s end.
Adding those adept information warriors to the fleet is a top priority for the commander of the Naval Information Warfighting Development Center (NIWDC), which was established about a year ago. Similar to other warfighting development centers, the NIWDC mission includes training and assessing forces in advanced tactics, techniques and procedures at the individual, unit, integrated or advanced and joint levels.
The organization tasked with protecting U.S. Defense Department networks is looking to accelerate its ability to detect and respond to enemy cyber attacks. While detection and response are not new, they have assumed greater importance as cyber attacks are combined with kinetic operations throughout the battlespace.
The increased sophistication and unpredictability of adversaries’ cyber capabilities and tactics demands improvements in war-fighting readiness by revolutionizing how information warfare is executed in the U.S. Navy’s fleet. To address this challenge, the service is aligning and synchronizing efforts among its various communities and supporting multiple warfare areas with an information-packed warfighting model.
One does not have to look too far beyond the headlines to see that the battle for world power is playing out in the information space. Free and open democratic societies increasingly are tested by rising autocratic countries employing high technology in information warfare.
For the United States to succeed in this battle, citizens, not just the government, need to be more discerning about information, experts say.
After years of lagging behind competitors in the battle for electromagnetic spectrum dominance, the U.S. Army may be catching up with reinforcement from technology researchers. But it may be the application of technology rather than the systems themselves that truly gives the Army an edge.
Service leaders say they lost focus on electronic warfare and information warfare capabilities while preoccupied with the wars in Iraq and Afghanistan, where cutting-edge technologies were not a necessity. Now, they contend, the next war likely will be against a foe capable of formidable offense and defense in the electromagnetic domain.
Being able to pace technology is the top challenge facing the Defense Information Systems Agency, according to its director. This activity encompasses both positive pacing, in which the agency takes the lead in incorporating innovative capabilities, and negative pacing, where it responds to the constantly evolving technology-based threat.
Industry plays a significant role in both aspects of pacing. The private sector serves as the font of innovation for new information capabilities sought by agency customers. Similarly, industry must be the primary source of related technologies that help counter the growing threat posed by nation-state and independent adversaries.
New privacy rules that fall under the European Union’s General Data Protection Regulation, which takes effect May 25, could have a global impact both financially and socially. Effects could range from consumer demands for privacy rights trumping private-sector business practices to billions of dollars in lawsuits against commercial data collectors. The consequences are uncertain because the rules themselves are not specific enough to determine parameters for violations and penalties, information officials say.
ICF Inc. LLC, Fairfax, Virginia, has been awarded a $51,745,970 firm-fixed-price contract for cyberspace support to Air Combat Command. The contract provides for technical and programmatic expertise and recommendations for cyberspace support. Work will be performed at Joint Base Langley-Eustis, Virginia, with the option to place contractors at Joint Base San Antonio, Texas; and/or Peterson Air Force Base, Colorado. Work is expected to be complete by Nov. 20, 2021. This contract is a result of a competitive acquisition and four offers were received. Fiscal 2018 operations and maintenance funds in the amount of $10,608,650 will be obligated at the time of award.
DSoft Technology, Engineering & Analysis Inc., Colorado Springs, Colorado, has been awarded a $95,900,000 indefinite-delivery/indefinite-quantity contract for modeling, simulation and analysis for space and cyberspace capabilities. This contract provides for objective and responsive modeling, simulation, and analysis and decision support for space and cyberspace analyses. Work will be performed at Peterson Air Force Base, Colorado, and is expected to be complete by May 31, 2023. This award is the result of a competitive acquisition and four offers were received. Fiscal 2018 operations and maintenance; and fiscal 2018 research and development funds in the amount of $8,071,421 are being obligated at the time of award.
Cybersecurity evolves daily to counter ever-present threats posed by criminals, nation states, insiders and others. To address the changing threat landscape, the National Institute of Standards and Technology (NIST) periodically updates its Risk Management Framework (RMF), a standards-based, security-by-design process that all IT systems within DOD agencies must meet.
The Defense Advanced Research Projects Agency (DARPA) selected Systems Technology & Research, Woburn, Massachusetts, for a research project under the Harnessing Autonomy for Countering Cyberadversary Systems (HACCS) program. The HACCS program aims to develop technologies for accurately identifying malicious cyber-adversary infiltrated networks, generating reliable software exploits for large numbers of known (n-day) vulnerabilities, and creating effective autonomous software agents that can be inserted in the compromised networks via the n-day exploits to safely and reliably neutralize cyber-adversary software agents.
Kudu Dynamics, Chantilly, Virginia, was awarded a $7,913,091 cost-plus-fixed-fee contract for a research project on the Harnessing Autonomy for Countering Cyberadversary Systems (HACCS) program. The HACCS program aims to develop technologies for accurately identifying malicious cyberadversary infiltrated networks, generating reliable software exploits for large numbers of known (n-day) vulnerabilities, and creating effective autonomous software agents that can be inserted in the compromised networks via the n-day exploits to safely and reliably neutralize cyberadversary software agents. Work will be performed in Chantilly, Virginia (85 percent); and Arlington, Virginia (15 percent), with an expected completion date of April 2022.
Cyber Systems & Services Solutions, Bellevue, Nebraska, has been awarded a $15,603,744 indefinite-delivery/indefinite-quantity contract for cyber support services. This contract provides for a qualified team with expertise, theoretical and practical knowledge to support mission operations and mission support. Work will be performed at Lackland Air Force Base, Texas, and is expected to be complete by April 25, 2023. This contract was a competitive acquisition, and seven offers were received. Fiscal 2018 operations and maintenance funds in the amount of $2,929,723 are being obligated at the time of award. The 38th Contracting Squadron, Lackland Air Force Base, Texas, is the contracting activity (FA8773-18-D-8002).
Researchers at the National Institute of Standards and Technology (NIST) have developed a method for generating numbers guaranteed to be random by quantum mechanics. Generating truly random numbers is one of the major challenges for quantum-based encryption and could mark a major leap in cybersecurity.
Sotera Defense Solutions Inc., Herndon, Virginia, was awarded a $7,284,383 cost-plus-fixed-fee contract for a research project under the Harnessing Autonomy for Countering Cyber-adversary Systems (HACCS) program. The HACCS program aims to develop technologies for accurately identifying malicious cyber-adversary infiltrated networks, generating reliable software exploits for large numbers of known (n-day) vulnerabilities, and creating effective autonomous software agents that can be inserted in the compromised networks via the n-day exploits to safely and reliably neutralize cyber-adversary software agents. Work will be performed in Herndon, Virginia, with an expected completion date of April 2022.