Amazing anecdotes kept the audience entertained during the lunch session at the AFCEA International Homeland Security Conference. The experts spoke about a serious subject: cyberwar. But the stories about their hands-on experiences in learning how to fight cyberwars, how they've fought cyberthreats and what they believe is needed to prepare future cyberwarriors kept conference attendees enthralled. Among the panelists was Maj. T.J. O'Connor, USA, 10th Special Forces Group (A), S-6. While attending the U.S. Military Academy, Maj. O'Connor had some time on his hands that led him to learn how best to defeat cyberattacks.
The Air Force and Arlington County, Virginia, are taking preventative measures against hackers such as the ones that recently attacked Sony, costing them over $170 million. It's not just money at risk for government networks, however.
The Air Force has the lead for the Next Generation Airspace and lead for the Department of Defense. Arlington County, which collaborates extensively with the department on many levels, has undertaken continuous monitoring and risk analysis and is currently evaluating its supervisory control and data acquisition (SCADA) systems.
Creating a deterrence strategy in cyberspace similar to the Cold War approach to nuclear weapons is a difficult proposition, according to Gen. Keith Alexander, USA, who commands U.S. Cyber Space Command and is director of the National Security Agency.
"There is no deterrence model out there analogous to what we had during the Cold War for nuclear détente. If you think about it, there are no rules of the road yet. There are no norms. We don't have all that figured out, so there is no deterrence strategy. In fact, I would posit that it is much more difficult to have a deterrent strategy in cyber space because all countries, nation states and non-nation states, can have these capabilities in cyberspace," says Alexander.
The Defense Department's FY 2012 budget proposal features $2.3 billion for improved cyber capabilities, according to figures released this afternoon. Key elements of that funding include $0.5 billion for the Defense Advanced Research Projects Agency (DARPA) to invest in cyber technologies. Funding also will be provided to the Defense Information Systems Agency (DISA) for cyber identity, monitoring and enforcement.
The budget will increase funding for training cyber analysts, for improving Global Information Grid (GIG)-wide situational awareness, for developing pilot programs for supply chain risk management and for improving intrusion detection and analysis.
University Multispectral Laboratory, Oklahoma State University, Stillwater, Oklahoma, is being awarded a potential $39 million contract modification to provide support services, which include identification, analysis, selection, testing and evaluation of solutions to warfighter requirements for command, control, communications, computer, cyber, intelligence, surveillance, and reconnaissance/chemical, biological, radiological, nuclear and explosive sensors and sensor-related technology. The Space and Naval Warfare Systems Center Atlantic, Charleston, South Carolina, is the contracting activity.
Point One, Arlington, Virginia, was recently awarded a $68 million contract for cyber analytical information technology services. Work is to be performed in Fort Meade, Maryland, with an estimated completion date of Sept. 29, 2015.Virginia Contracting Activity is the contracting activity.
From phishing scams to virus attacks, new cyberspace threats emerge daily, and the U.S. Air Force Space Command has turned to education to organize, train and equip forces to handle these digital threats.
This month, Linton Wells II drew his inspiration for Mission Assurance Moves to the Fore in Cyberspace from Deputy Secretary of Defense William J. Lynn III's recently published article, Defending a New Domain: The Pentagon's Cyberstrategy. Wells summarizes Lynn's strategy points, noting that taken on a whole they have a broader implication than just cyberdefense. It has more to do with mission assurance, he says:
In less than 30 days, the U.S. Defense Department will dish out 11 prizes for innovative solutions to real-world challenges facing digital forensics examiners. And it's not too late to join the fight against cyber crime. Submissions for the 2010 Defense Department Cyber Crime Center (DC3) Digital Forensics Challenge will be accepted until November 2.
Northrop Grumman Corporation has been awarded a potential $2.63 billion task order by the U.S. General Services Administration to install a campus-wide information technology infrastructure for secure communications and operations at the U.S. Department of Homeland Security (DHS) St. Elizabeths headquarters in Washington, D.C. Northrop Grumman will design, install, test, operate and maintain a seamless, integrated and secure information technology solution throughout the DHS consolidated headquarters campus.
BAE Systems National Security Solutions, BAE Systems Advanced Information Technologies, Burlington, Massachusetts, was recently awarded a $21 million contract to design a new computer system that is highly resistant to cyber attack, is resilient in that it continues to render useful services in the face of attacks and faults, and can repair itself. The U.S. Air Force Research Laboratory, Wright-Patterson Air Force Base, Ohio, is the contracting activity.
Adventium Enterprise Limited Liability Company, Minneapolis, Minnesota, was awarded a nearly $24 million contract to develop a trusted virtual cyber defender that meets the technical, logistic, and economic constraints presented by the U.S. Air Force computing infrastructure. Air Force Research Laboratory, Rome, New York, is the contracting activity.
SRC Incorporated recently received a contract from the Department of Homeland Security's Immigration and Customs Enforcement (DHS-ICE) agency with a potential value of nearly $42 million to establish and maintain a Security Operations Center to help protect critical information technology infrastructure. This contract will enable ICE to monitor its information technology assets 24 hours a day and evaluate and respond to cyber security threats. SRC will lead a team to provide innovative cybersecurity solutions, process improvement strategies and best-of-breed technologies for ICE.
SRC Incorporated, formerly Syracuse Research Corporation, announced it has been awarded a contract from the Department of Homeland Security's Immigration and Customs Enforcement investigative agency with a potential value of nearly $42 million to establish and maintain a Security Operations Center to help protect critical information technology infrastructure. SRC will lead a team to provide innovative cybersecurity solutions, process improvement strategies and best-of-breed technologies.
ManTech International Corporation announced today that it received a new contract to support the U.S. Department of Agriculture Office of the Chief Information Officer, Agriculture Security Operations Center. ManTech will provide continous incident handling and strategic support to help detect and report malicious cyber activities on the agency's enterprise information infrastructure. The contract is estimated to be worth nearly $11 million.
Part 2 of 2
Defense Department IT budgets are now fully mortgaged to support ongoing operations and maintenance, while most large development funds are still paying for continuation of programs that were started years ago. With regard to the concerns I've raised in my previous post, here are some ideas on what should be done:
First of two parts.
According to Air Force LTG William Lord, 85 percent of cyberoperations are in defense. That being the case, How should the Defense Department protect its network and computer assets? A 2009 RAND Corporation report on cyberdeterrence asserts "...most of the effort to defend systems is inevitably the ambit of everyday system administrators and with the reinforcement of user vigilance." The report also states "...the nuts and bolts of cyberdefense are reasonably well understood."
Scalable Network Technologies Incorporated was recently awarded a project from the U.S. Defense Department's Test & Evaluation/Science & Technology Program for project StealthNet, which will provide a real-time, hardware-in-the-loop capability for simulation of cyber threats to the entire net-centric infrastructure. StealthNet is designed to address an existing gap in the Defense Department's testing infrastructure to realistically test the vulnerabilities and resilience of friendly force communications against sophisticated cyber attacks.
Kratos Defense & Security Solutions, Inc., has announced new contract awards for its flagship network management and situational awareness products, NeuralStar and dopplerVUE, from two unnamed U.S. national security and defense-focused agencies. NeuralStar is an enterprise-class information management solution that integrates data across distributed networks, and dopplerVUE is a network monitoring and management tool that brings enterprise-grade features to field and tactical networks of any size.
It's rare that an audience of industry and service members at all ranks get the chance to hear first hand from the first of a kind. But that was the case after eating lunch on Wednesday of WEST 2010. Vice Adm. Jack Dorsett, USN, the Navy's first N2/N6 may have begun his speech by wondering why he was among other high-ranking military experts at the conference, but he followed through with revealing the latest approaches the Navy is taking to achieve information dominance. The Navy is developing new mini-road maps of sorts that address nearly a dozen topics, including undersea dominance, maritime ballistic C2 and improved maritime domain awareness.