April 28, 2017

General Dynamics Information Technology Inc., Fairfax, Virginia, is being awarded a $47,102,597 indefinite-delivery/indefinite-quantity contract, resulting from solicitation (N00189-17-R-0007), that will include terms and conditions for the placement of firm-fixed-price and firm-fixed-price level-of-effort task orders to provide program management, information technology architecture and engineering, meteorology and oceanography information technology subject matter expertise, geospatial information system subject matter expertise, cybersecurity, and information technology portfolio management for the Naval Information Forces Command, Naval Meteorology and Oceanography Command, and other subordinate command

April 26, 2017
By Robert K. Ackerman
Corinne Charette, senior assistant deputy minister, Spectrum, Information Technologies and Telecommunications Sector, Canada, describes how her country is an emerging source of cyber and space technologies at NITEC 2017.

A new generation of secure space satellites will both serve Canada and contribute to NATO innovation, said a government official. Corinne Charette, senior assistant deputy minister, Spectrum, Information Technologies and Telecommunications Sector, Canada, told the audience at NITEC 2017 in Ottawa that the country will benefit both socially and economically from the new orbiters looming just over the horizon.

Charette emphasized that these satellites, which will represent cutting-edge space technologies, will have effective cybersecurity. That cybersecurity may originate in Canada, as she noted the country has a burgeoning high-technology industry.

April 25, 2017
By Robert K. Ackerman
A panel explores acquisition innovation at NITEC 2017 in Ottawa.

Useful methods of encouraging innovation in military cyber must be consolidated to achieve success, according to high-technology executives. Speaking on the second day of NITEC 2017 in Ottawa, this panel of experts outlined useful measures of boosting innovation, and then warned they must be part of a larger overall effort.

April 25, 2017
By Robert K. Ackerman
Mark Anderson, president of Palo Alto Networks, describes cybersecurity threats and solutions to the audience at NITEC 2017 in Ottawa.

Cybersecurity has not kept up with changes in the realm that opened the door to the security challenges facing networks today, said a Silicon Valley executive. Mark Anderson, president of Palo Alto Networks, told the audience at day two of NITEC 2017 in Ottawa that new approaches to security and network architecture must be implemented to turn the tide against cyber adversaries.

“The past decade, there have been tectonic shifts in the IT [information technology] landscape that created the perfect storm,” Anderson said. He mentioned several activities—and lack of key actions—that enabled adversaries to take advantage of their own burgeoning skills to penetrate networks nearly at will.

April 24, 2017
By Robert K. Ackerman
A panel discussion examines innovation as a security imperative at NITEC 2017 in Ottawa.

Needing innovation for cybersecurity more than ever, NATO and its member nations still do not have a concrete plan to speed new capabilities into alliance and national systems. Intricate procurement processes compound the absence of cooperation among firms while cyber adversaries continue to improve their methods and broaden their capabilities.

April 24, 2017
By Robert K. Ackerman
Glen F. Post III, CEO and president, CenturyLink, describes the difficulty in building a network of trusted peers at NITEC 2017.

U.S. cybersecurity firms have discovered the value and the difficulty of building a stable of trusted peers, but extending that principle to the multinational status of NATO will be as challenging as it is important, according to a U.S. technology firm leader experienced with both government and industry. Glen F. Post III, CEO and president, CenturyLink, told the first-day audience at NITEC 2017 in Ottawa that his firm serves its customers by relying on trusted partners who can support the company as needed.

April 24, 2017
By Robert K. Ackerman
Gen. Denis Mercier, FRAF, Supreme Allied Commander Transformation, speaks to the audience at NITEC 2017.

The near certainty that future military operations will require coalitions of modern network-centric forces mandates interoperability among advanced technologies, said the head of NATO's transformation effort. Gen. Denis Mercier, FRAF, Supreme Allied Commander Transformation, told the audience at NITEC 2017 in Ottawa, Canada, this is the alliance's key issue.

Always a concern, interoperability has risen to critical importance as military capacities have become focused on networks and information technologies. Countries and industry must work together to ensure effective communication among advanced technologies.

April 21, 2017

Adversaries, and cyber criminal organizations in particular, are building tools and using techniques that are becoming so difficult to detect organizations are having a hard time knowing that intrusions are taking place. Passive techniques of watching for signs of intrusion are less and less effective. Environments are complicated, and no technology can find 100 percent of malicious activity, so humans have to “go on the hunt.”

April 19, 2017
By Joe Kim

Through its significant investment in networked systems and smart devices, the U.S. Defense Department has created an enormously effective—yet highly vulnerable—approach to national security. The department has begun investing more in the Internet of Things (IoT), which has gone a long way toward making ships, planes, tanks and other weapon systems far more lethal and effective. Unfortunately, the IoT's pervasive connectivity also has increased the vulnerability of defense networks and the potential for cyber attacks.

April 17, 2017
By Robert K. Ackerman
A U.S. Army logistics management specialist instructs a soldier in the installation of the Joint Capabilities Release—Logistics System in an Army vehicle. The Defense Information Systems Agency increasingly is looking to small business for innovative communications and electronics technologies that can be acquired and deployed rapidly.

The very qualities that define small businesses—agility, flexibility, inherent innovation—are driving the Defense Information Systems Agency to increase its efforts to bring their capabilities under the big tent of defense network services.

With the agency, known as DISA, tasked with providing warfighters and decision makers with the best in information technology, it must incorporate capabilities faster than is possible through normal acquisition processes involving large contractors. Ongoing efforts such as regular outreach and prime contract set-asides are being supplanted with new segmented contracts and drives to bring in nontraditional firms.

April 13, 2017
By Jane Melia

While we are all still in the early stages of a networked, always-on Internet of Things world, this is the precise time to develop crucial and effective cybersecurity solutions to combat growing threats. The developing ecosystem needs new ideas for bold government actions, particularly to reduce the risks of quantum computers.

Quantum Threats Looming

April 11, 2017
By Robert K. Ackerman

Just as free world militaries are moving toward a convergence of cyberspace, electronic warfare and signals intelligence, the dividing lines that define cyberthreats are disappearing as U.S. adversaries join forces against common targets. Nation-states now are cooperating with cyber criminals and hackers to pursue similar goals. Being motivated by either politics or profit is no drawback to the unholy alliance forming worldwide in cyberspace.

April 11, 2017
By Leon Adato

SDN, BYOA, VDI. This alphabet soup of technologies and approaches has complicated U.S. Defense Department networks.

Trends such as bring your own device (BYOD), bring your own application (BYOA), software-defined networking (SDN) and virtual desktop infrastructure (VDI) have dramatically increased network vulnerabilities, where failures, slowdowns or breaches can cause great damage. For the military, specifically, such occurrences can be serious and mission altering, exposing incredibly sensitive data.

April 10, 2017
By Sandra Jontz

Millions of student, staff and faculty email addresses and passwords from 300 of the largest universities in the United States have been stolen and are being circulated by cyber criminals on the dark web, according to a recent report. 

Hacktivists, scam artists and even terrorists intend to sell, trade or just give away the addresses and passwords, said the Digital Citizens Alliance report. 

April 7, 2017
By Sandra Jontz
The proposed update to the NIST cybersecurity framework further develops voluntary guidelines for organizations to reduce their risk.

The comment deadline is Monday for changes introduced to the National Institute of Standards and Technology (NIST) draft update to its Framework for Improving Critical Infrastructure Cybersecurity

The proposed update aims to further develop voluntary guidelines for organizations to reduce cybersecurity risks. It provides details on managing cyber supply chain risks, clarifies key terms and introduces measurement methods for cybersecurity, the agency states. 

April 7, 2017
By Sandra Jontz

The Northrop Grumman Foundation awarded $50,000 in scholarships to high school teams that excelled at the CyberPatriot IX National Finals Competition this week in Baltimore.

The CyberPatriot IX finals featured 28 high school and middle school teams that defended virtual networks and mobile devices from a professional aggressor team. The competition drew a record 4,404 teams, a 30 percent increase over last year, according to a press release. 

April 6, 2017

Increasingly, cyberattackers have been leveraging “non-malware” attack methods to target vulnerable organizations. Recently, the Carbon Black Threat Research Team was alerted about such an attack by a partner’s incident response (IR) team. The attack ultimately compromised accounts and stole research and intellectual property.

In this specific attack, a malicious Excel document was used to create a PowerShell script, which then used the Domain Name System (DNS) to communicate with an Internet Command and Control (C2) server.

This attack method prompts three key questions for organizations looking to defend themselves against non-malware attacks, namely:

April 6, 2017
By Ali Cybulski
The number of women in cybersecurity has remained stagnant over the past few years, a new report says.

Women comprise just 11 percent of the information security work force, and despite being more educated than men in the field, hold fewer senior-level positions and earn less money, new research shows. Female representation in the industry also has remained unchanged since 2013, according to the Center for Cyber Safety and Education’s Women in Cybersecurity report.

April 5, 2017
By Sandra Jontz

As the Internet of Things, or IoT, steadily migrates from fantasy to reality, the accompanying cybersecurity challenges posed by billions of connected devices have become not only evident, but a leading concern for federal technologists.

The lack of IoT security tops a list of critical concerns for surveyed professionals wrestling to address the challenges increasingly front and center as the sheer number of connected devices and sensors grows, according to results of a recent Brocade survey.

April 4, 2017
By Robert Kim
U.S. officials hold a press conference in March announcing indictments of Russian FSB officers and hacking conspirators for breach of Yahoo accounts.

The U.S. government took a vital tangible step toward clearly defining rules of cyber war when the Department of Justice unsealed an indictment on March 15 accusing two operatives of Russia’s Federal Security Service (FSB) and two hired computer hackers of being behind last year's massive cyber breach of Yahoo.