The U.S. government took a vital tangible step toward clearly defining rules of cyber war when the Department of Justice unsealed an indictment on March 15 accusing two operatives of Russia’s Federal Security Service (FSB) and two hired computer hackers of being behind last year's massive cyber breach of Yahoo.
Emerging technologies such as artificial intelligence and cognitive computing soon could be setting sail to aid the U.S. Navy in its battle to conquer cyberspace. Such capabilities could hold the key to improving cyber defense, while other approaches are making their way into offensive cyber operations, says the Navy’s top cyber officer.
Some technologies the Navy seeks are dual-use in the sense that they can be employed by defenders as well as attackers. Automation, for example, is being used by nation-states to probe and prey upon large blocks of Internet protocol (IP) space in both the military and commercial realms. Yet defenders also may rely on automation to help detect and respond to cyberthreats early in an attack.
The increase in cyberthreats from both internal and external sources has put the onus on government agencies, particularly at the federal level, to implement strong cybersecurity architectures. While encryption is an essential component, without careful implementation, criminals easily can exploit its weaknesses, and the emerging power of quantum computing could compound the problem.
An offshoot of social media, crowdsourcing could hold solutions to some of the biggest cybersecurity problems the U.S. Defense Department faces. The burgeoning field could find fixes for thorny legacy problems as well as emerging cyberthreats. This is exactly what is taking root at the Joint Forces Staff College in a course offered to service members and their Defense Department civilian equivalents learning cyber concepts in joint, interagency and multinational environments.
If you have been living in a cave, Malaysia’s Borneo rainforest or the 1950s, then you might be among the few people unfamiliar with the power of crowdsourcing.
The term, a convenient meshing of the words crowd and outsourcing, refers to tapping a group of people with similar skills or interests and offering them a venue through which they compete or collaborate to accomplish a particular task, job or goal. Typically, crowdsourcing is carried out by leveraging the ubiquitous connectivity of the Internet. (For more, see “Crowdsourcing Confronts Cyber Challenges.”)
Internet protocol (IP) networks achieve functionality through a layering process analogous to the fabrication of their enabling semiconductor chips. But that complex process introduces complications along with capabilities.
In the information security sector, the same problems and misconceptions about cybersecurity crop up again and again. Specifically, federal government leaders believe that security is purely a technology problem. But that is not the case. Cybersecurity vulnerabilities in both industry and government are regularly the result of human behavior and not solely an information technology or system error. And this human threat often is not malicious. So how are government officials to manage this type of insider risk?
The U.S. Defense Department’s information technology combat support agency plans to hit the kill switch on a number of systems to improve network management. The Defense Information Systems Agency is converging functions such as network operations, defensive cyber operations and network situational awareness, thanks to smart, automated technologies. Most network management technologies will be eliminated by 2021 in favor of one system, or perhaps a suite of systems. The agency is working toward a converged, integrated solution that will provide the complete set of tools needed to gather big data and to operate, visualize, sustain, maintain and defend the system.
Society’s insatiable appetite for connecting objects in the physical world to the Internet has industry’s wheels turning to fuel the materializing disruptive ecosystem called the Internet of Things, or IoT. But the good of convenience goes hand in hand with the bad of cyber risks, experts warn, spurring the U.S. government’s search for the self-healing networks of the future based on the automation tools of today.
A new way of configuring networks eliminates security vulnerabilities that date back to the Internet’s origins. Instead of building multilayered protocols that act like flashing lights to alert hackers to their presence, network managers apply a single layer that is virtually invisible to cybermarauders. The result is a nearly hack-proof network that could bolster security for users fed up with phishing scams and countless other problems.
AFCEA International’s Continuing Education (CE) program has grown dramatically since its start in 2012. The program primarily supports maintenance of CompTIA and Global Information Assurance Certification (GIAC) related to Department of Defense Directive 8570.01-M compliance but also fulfills some continuing education and cybersecurity certification maintenance requirements for the (ISC)2, the National Contract Management Association (NCMA), the Project Management Institute (PMI), the Generally Accepted Government Auditing Standards (GAGAS) and the Defense Acquisition Workforce. In addition, AFCEA Leadership Forums have been approved for George Mason University continuing education units (CEUs).
For all the talk about how hard it is to crack the cybersecurity code, what if the dialogue shifted?
What if technologists were given the right economic incentives to solve the problem? What if, instead of droning on about poor cyber hygiene practices, users weren’t treated like they are the problem but the solution?
The AFCEA Cyber Committee, which is made up of more than 40 experts in the field, has released a white paper identifying key concerns in the cyber realm and offering recommendations for the incoming administration.
The report, Key Cyber Issues and Recommendations: A Way Forward, identifies three needs in the cyber arena. The first is that the United States must approach cyber in a strategic and international context that incorporates diplomatic, information, military and economic elements of national power.
The NATO Communications and Information Agency will preview details of 40 upcoming business opportunities at its annual industry conference NITEC17 to be held April 24-26 in Ottawa, Canada. Agency officials intend to put 40 contracts out to tender in the next 18 to 24 months as part of a €3 billion ($3.26 billion) technology refresh.
Various program officials will discuss tangible opportunities coming to market, including international competitive bids in the following areas:
WikiLeaks is posting thousands of files Tuesday the organization says detail the CIA’s efforts to surveil overseas targets by tapping otherwise ordinary devices that are connected to the Internet. The anti-secrecy group launched a “new series of leaks,” this time taking aim at the CIA’s Center for Cyber Intelligence, which falls under the agency’s Digital Innovation Directorate.
Lockheed Martin Space Systems Co., Sunnyvale, California, has been awarded a $15,000,000 modification (P00874) to previously awarded contract (F04701-95-C-0017) for Space-Based Infrared System (SBIRS) engineering, manufacture and development. Contractor will enhance cyber capabilities on the operational SBIRS ground system. Work will be performed at Sunnyvale, and is expected to be complete by June 30, 2019. Fiscal 2017 research, development, test and evaluation funds in the amount of $13,394,965 are being obligated at the time of award. The Space and Missile Systems Center, Los Angeles Air Force Base, California, is the contracting activity.
Avanti Technologies Inc.,* Annandale, Virginia, is being awarded a potential $22,886,318 indefinite-delivery/indefinite-quantity, cost-plus-fixed-fee contract (N66001-17-D-0114) to provide cyberspace science, research, engineering and technology integration. This three-year contract includes one two-year option ordering period that, if exercised, would bring the potential value of this contract to $38,568,712. Sentar Inc.,* Huntsville, Alabama, is being awarded an $18,130,539 (N66001-17-D-0116) contract with a potential value of $30,762,580 if all options are exercised.
Not only does the Army want new capabilities to deal with dynamic changes in the warfighting realm, it also faces the challenge of obsolescence in many of its existing communications-electronics systems. Technologies designed decades ago are still carrying the freight for information that increasingly is sent in a format far different from the equipment that must deliver it to the warfighter and decision maker.
Booz Allen Hamilton, McLean, Virginia, has been awarded a $10,000,000 indefinite-delivery/indefinite-quantity contract for high power electromagnetics (HPEM) and cyber electronic warfare (EW) applications. Contractor will provide study opportunities where HPEM technologies can be used to complement or enhance capabilities of the cyber and EW communities. This includes conduct experiments that enhance the understanding of how HPEM technologies can be used for cyber and EW missions. Work will be performed at Kirtland Air Force Base, New Mexico, and is expected to be complete by June 5, 2020. This award is the result of a competitive acquisition with six offers received.
Trowbridge & Trowbridge LLC,* McLean, Virginia, is being awarded a $23,406,788 cost-plus-fixed-fee contract to provide information technology, system administration and cybersecurity solutions and related services, hardware, software, licensing, technical support, lab warranty services, technological refreshment and enhancements, complete life cycle support and customer service in support of the Naval Air Warfare Center Weapons Division. Work will be performed at China Lake, California (95 percent); Point Mugu, California (3 percent); and Tucson, Arizona (2 percent). It is expected to be completed in March 2020.