Germany, the United States and many other nations are facing a more diverse, complex, quickly evolving and demanding security environment than at any time since the end of the Cold War. The resulting challenges to national and international security and stability could be as harmful to societies, economies and institutions as conventional attacks.
Emerging technology, state actors such as Russia and China, and nonstate actors including ISIS, are often quoted as some of the greatest threats to computer and network security. But before the United States can engage with these threats effectively, the war against words must take place.
One place to start is by eliminating the word “cyber” as a descriptor. The term has been used and overused, manipulated and exploited so many times and in so many places, it has become meaningless. What individuals or organizations mean or want when they use it is impossible to say. It’s time to scrap the word altogether and instead specify technical concepts at a more granular level.
STS Systems Support LLC, San Antonio, Texas, has been awarded a $21,040,702 firm-fixed-price contract for 67th Cyberspace Wing operations support services. Work will be performed at Joint Base San Antonio (JBSA) - Lackland, Texas, and is expected to be completed November 30, 2021. Fiscal year 2021 operation and maintenance funds in the amount of $1,897,325 are being obligated at the time of award. The Acquisition Management and Integration Center, JBSA-Lackland, Texas, is the contracting activity (FA7037-21-F-0003).
Amid growing fears that U.S. military reliance on civilian space infrastructure might prove a weak point, two organizations are seeking to improve cybersecurity in the burgeoning satellite industry. The Orbital Security Alliance has published a detailed set of cybersecurity guidelines for commercial satellite operators, which aims specifically at smaller, newer companies in the fast-growing “minisat” sector.
The Navy awarded nine indefinite-delivery/indefinite-quantity, cost-plus-fixed-fee contract for professional technical and management support services to establish and maintain cyberspace operations and enable product lines, programs and projects to include interoperability of systems, services and capabilities at the tactical, operational and strategic levels.
DOD reported that all of the contract awardees will have the opportunity to compete for task orders during the ordering period. The three-year contracts also include two two-year option periods.
During the afternoon of the first day of AFCEA’s Cyber Education, Research and Training Symposium (CERTS), leaders from all five branches of the armed forces shared their perspectives on cyber education and training. Though all five laid out slightly different strategies and goals for their individual services, they all agreed they should leverage each other’s expertise and work together to figure out a way forward.
Information warfare is an aggressive game of soccer where not only are all the fans on the field with the players, but no one is wearing uniforms.
— Sandra Jontz (@jontz_signalmag) February 22, 2017
Emerging cyber trends such as the rapid increase in the number of bad actors, increased capabilities and sophistication, and the high degree of automation complicates a key question posed to U.S. military leaders: Are the armed forces ready to fight?
In the cyber realm, the answer is: “It depends,” said Vice Adm. Michael Gilday, USN, commander of U.S. Fleet Cyber Command/10th Fleet.
Nearly everyone has heard a parent or grandparent refer to the good ol’ days. Tales usually begin either with “When I was your age…” or “In my day, we didn’t have….” While it seems appropriate that octogenarians and nonagenarians tell such stories, today they’re not the only generations sharing memories that begin with, “When I was young….” People in their 20s and 30s reflect on their youth wistfully because members of the younger generation—who, by the way, are only five or 10 years younger than they are—can communicate, play, buy and sell, and share life moments in ways that surprise even 20-somethings.
Cyberspace is being accepted throughout the U.S. Army as a warfighting domain. However, many soldiers outside of the U.S. Army Signal Corps do not grasp the concept of cyberspace as an operational realm. Empowering them with that understanding is essential to operational success.
One of the primary tasks of Signal Corps members is to provide other leaders and soldiers with a clear understanding of the job of the corps and of cyberspace itself. As a military organization, the clearest means for the Signal Corps to communicate these concepts is through operational language. Many parallels exist between a battlefield’s physical landscape and what is done during offensive, defensive and support operations in cyberspace.
The U.S. Air Force cyber community is failing, but not all is lost. While some aspects are in dire need of repair or replacement, effective solutions potentially are within reach—if leadership is up to the task.
Intelligent Software Solutions, Colorado Springs, Colo.; BAE Systems, McLean, Va.; Charles River Analytics Inc., Cambridge, Mass.; Northrop Grumman Systems Corp., Herndon, Va.; Science Applications International Corp., McLean, Va.; Lockheed Martin Corp., Colorado Springs, Colo., and Solers Inc., Arlington, Va., are being awarded a $249 million multiple-award indefinite delivery/indefinite quantity for the development of command and control applications and information services for air, space and cyberspace domains. The contracting activity is the U.S. Air Force Life Cycle Management Center, Hanscom Air Force Base, Mass.
From securing the cloud to unwrapping new architecture compliance requirements, 2011 was a busy year for the tech public sector. In the New Year's spirit of renewal and rededication, here are five resolutions federal agencies should make. 1. Leverage IT to meet budget requirements The government fiscal landscape changed radically in the last year with budget cuts across the majority of federal agencies. The Obama's Administration fiscal 2012 budget proposal calls for a five-year discretionary spending freeze along with $33 billion in additional cuts. Yet, there is a reason why federal IT spending to commercial contractors is expected to grow five percent annually.
Earlier this year, detailed information about the bomb resistance of a new Department of Defense (DoD) building in Virginia was compromised. Reuters broadcast the information worldwide. The news organization did not obtain the document by hacking network systems, but rather accessed the "official use only" document on the Army Corps of Engineers website. This incident is just one example of the thousands of data breaches that occur as a result of internal information leakage rather than an outside attack. In their 2011 Information Security Report, the U.S. Government Accountability Office (GAO) shed light on why internal leaks are so prevalent.
Where the 20th century was the age of airpower, the 21st century will be the age of cyberpower, according to the U.S. Air Force's chief information officer (CIO). Lt. Gen. William T. Lord, USAF, told the closing keynote luncheon audience that the growth in cyberspace's importance is outstripping even its own metrics for progress. What he referred to as "Android's Law" has accelerated Moore's Law when it comes to change. Mobile devices are driving a global cultural change, he offered, and that change is breaching barriers and crossing into new territory. For example, social media was the tipping point in recent revolutions, the general pointed out.
Situational awareness that borders on command and control (C2) may be necessary to protect vulnerable networks in the nation's critical infrastructure. The threat to these increasingly complex industrial control systems will require more than just commercial off-the-shelf security solutions, according to a panel of experts at TechNet Asia-Pacific 2011 in Honolulu. Rear Adm. Paul Becker, USN, the U.S. Pacific Command (PACOM) J-2, warned that the proliferation of control systems, coupled with a lack of network situational awareness, are prime opportunities for cybermarauders.
The new technologies that are enabling elements of the critical infrastructure to operate more efficiently also are making them more vulnerable to devastating cyberattacks. Advanced mobile connectivity and supervisory control and data acquisition (SCADA) systems have created fertile ground for cybermarauders to target key aspects of the infrastructure a number of ways. These were the findings of a panel comprising a number of experts from Hawaii and the U.S. Pacific Command (PACOM) at TechNet Asia-Pacific 2011 in Honolulu. Rear Adm. Paul Becker, USN, the PACOM J-2, described how the use of SCADA industrial control systems was a primary threat to the infrastructure.
The spread of mobile networking systems along with the use of social media have opened new backdoors for hackers with potentially serious consequences, according to a leading security expert speaking at TechNet Asia-Pacific 2011. Tom Reilly, vice president and general manager, HP Enterprise Security, told the Wednesday breakfast audience that this major information technology transformation is leading to an escalation of attacks, especially against applications, and cyberspace will be a more dangerous place as a result. "Things are going to be much uglier in the cybercrime world," Reilly declared. He added that our adversaries are evolving away from traditional marauders. Many of them now are working at the behest of nation states.
Building network security around firewalls is passé, as cybercriminals are employing innovative means to enter a network. Instead, security managers should concentrate on understanding the user, the application and the data, according to Tom Reilly, vice president and general manager, HP Enterprise Security. Speaking at the TechNet Asia-Pacific 2011 Wednesday breakfast, Reilly described how new types of networking are rendering old measures obsolete. Traditionally, experts have looked at security as being a 100-percent solution that is layer focused. With the advent of mobile and cloud computing, perimeters are devolving and consumers want more access to information.
As social media permeates deeper into military organizations, leaders are confronting a host of challenges. However, those challenges largely are new incarnations of longstanding problems that have faced military communicators for generations. A panel of experts at TechNet Asia-Pacific 2011 focused on how information sharing can exist within an information security environment. Many of their concerns proved to be more user-oriented than technology-based. Addressing those concerns, Master Sgt. Andrew Baker, USA, 516th Signal Brigade, said that forces need to be more operations-security (OPSEC) oriented with new media.
Building and operating the third version of the Global Information Grid-GIG 3.0-will require new forms of accountability both for security and for operation. Accordingly, identity and access management will be the key items as the next-generation defense network is developed, said a panel of defense networking experts at TechNet Asia-Pacific 2011. GIG 3.0 would tap existing technology to provide better information sharing-particularly for interservice, interagency and international coalitions-along with improved cyber security and responsiveness, offered panel moderator Randy Cieslak, U.S. Pacific Command (PACOM) chief information officer (CIO).
The third iteration of the Defense Department's Global Information Grid (GIG 3.0) may represent a breakthrough in networking capabilities, but only current technologies need apply to build it, according to a Defense Department official. Mark Loepker, acting director for the Defense Information Assurance Program, told a panel audience at TechNet Asia-Pacific 2011 that industry should bring innovative solutions to the GIG table-only, a solution that is not supported by current technology is not a solution.
The United States should start pursuing some of the people who are hacking into U.S. systems and stealing intellectual property, said the former commander of the U.S. Pacific Command. Adm. Timothy J. Keating, USN (Ret.), told the audience at the opening keynote address for TechNet Asia-Pacific 2011 in Honolulu, Hawaii, that going after cybermarauders may be the only way to reduce their activities. The admiral called for a "thorough review of our nation's policy" with an eye toward taking action against cyberintruders. Saying it's time to "let the Genie out of the bottle," Adm.
One of the government's premier scientific research institutions is focusing its resources on defending computer systems against cyberattackers. The Sandia National Laboratories has concluded a recent two-day conference on cybersecurity by announcing plans for a new Cyber Engineering Research Institute (CERI) that will have a presence on both Sandia campuses in New Mexico and California. CERI is expected to more closely coordinate with industry and universities in developing new tactics to enhance cybersecurity.
The Air Force and Arlington County, Virginia, are taking preventative measures against hackers such as the ones that recently attacked Sony, costing them over $170 million. It's not just money at risk for government networks, however.
The Air Force has the lead for the Next Generation Airspace and lead for the Department of Defense. Arlington County, which collaborates extensively with the department on many levels, has undertaken continuous monitoring and risk analysis and is currently evaluating its supervisory control and data acquisition (SCADA) systems.
Being successful in the era of irregular warfare will require a focus on new ways of building and preparing the force, according to a panel of military and civilian experts. Speaking at the 2011 Joint Warfighting Conference, the Wednesday panelists emphasized training and education using innovative approaches to build a force capable of winning in a rapidly changing arena. Brig. Gen. John W. Bullard Jr., USMC, prospective deputy commanding general, Marine Corps Combat Development Command, declared that the key to the future will be education-however, there is no silver bullet. The military must invest in officers and senior enlisted personnel both in training and education.
Future adversaries are likely to wage new types of warfare against U.S. and coalition forces based on varying types of conflict, according to a panel of experts at Joint Warfighting Conference 2011 in Virginia Beach, Virginia. "I worry about disruptive threats such as cyber and EW [electronic warfare]," said Lt. Gen. William J. Rew, USAF, vice commander, Air Combat Command. Gen. Rew expressed concern that the young people who've grown up always having the global positioning system GPS may be ill-equipped to handle warfare with those high-technology capabilities are denied.
Malicious threats in cyberspace are entering a new territory that is more menacing than previously experienced, according to the deputy commander of the U.S. Cyber Command. Lt. Gen. Robert E. Schmidle, USMC, told the kickoff address audience at the Joint Warfighting Conference 2011 in Virginia Beach, Virginia, that cyberspace is seeing the beginnings of the development of new types of destructive tools. These tools are software that has no purpose other than the destruction of other software or even hardware, he explained. As an example of the potential for this type of damage, the general cited an accident that occurred recently at a Russian power plant.
Cyberspace security experts no longer can afford the luxury of traditional security that detects malicious operations when they begin, said Lt. Gen. Robert E. Schmidle, USMC, deputy commander of the U.S. Cyber Command. This active approach must be extended across the civilian realm of cyberspace as well as in the military arena, he said. "You can't have static defense where you wait for something to happen," the general declared at the Joint Warfighting Conference 2011. "You've got to be out in the network hunting for malware." One approach is an agile tipping and cueing capability similar to that employed in signals intelligence (SIGINT).
Creating a deterrence strategy in cyberspace similar to the Cold War approach to nuclear weapons is a difficult proposition, according to Gen. Keith Alexander, USA, who commands U.S. Cyber Space Command and is director of the National Security Agency.
"There is no deterrence model out there analogous to what we had during the Cold War for nuclear détente. If you think about it, there are no rules of the road yet. There are no norms. We don't have all that figured out, so there is no deterrence strategy. In fact, I would posit that it is much more difficult to have a deterrent strategy in cyber space because all countries, nation states and non-nation states, can have these capabilities in cyberspace," says Alexander.
The Defense Department's FY 2012 budget proposal features $2.3 billion for improved cyber capabilities, according to figures released this afternoon. Key elements of that funding include $0.5 billion for the Defense Advanced Research Projects Agency (DARPA) to invest in cyber technologies. Funding also will be provided to the Defense Information Systems Agency (DISA) for cyber identity, monitoring and enforcement.
The budget will increase funding for training cyber analysts, for improving Global Information Grid (GIG)-wide situational awareness, for developing pilot programs for supply chain risk management and for improving intrusion detection and analysis.
Our cyber adversaries threaten us as individuals, communities, nations and members of the global community. We risk ruined credit, emptied bank accounts, government privacy information held hostage or destroyed, disabled defense systems and destruction to our infrastructure. Many recognize that our existing organizational and acquisition models can't respond quickly enough to meet the cyber challenge. Why not establish a neutral entity to act as an impartial system integrator that collaborates global efforts and resources to anticipate and defend against our cyber adversaries?
From phishing scams to virus attacks, new cyberspace threats emerge daily, and the U.S. Air Force Space Command has turned to education to organize, train and equip forces to handle these digital threats.
The key to providing greatly enhanced cyber security may be at hand, but it may also eliminate one of the Internet's greatest characteristics, and a middle ground may be hard to achieve. Carter Bullard, president and chief executive officer, QoSient, told the audience at a MILCOM 2010 Wednesday afternoon panel on cyber security that technologies are needed for three elements-attribution, mitigation and deterrence. Attaining attribution and mitigation will lead to deterrence, he maintained. A key means of attribution is non-repudiation, which he described as having the potential to go after the entire threat matrix.
One key to securing cyberspace may be to simplify its processes and architectures. The newly formed U.S. Cyber Command is taking that approach in configuring its own information systems. Rear Adm. David Glenn, USCG, U.S. Cyber Command J-6, told the Thursday breakfast audience at TechNet Asia-Pacific 2010 that all elements of cyber are potential attack surfaces. He characterized these elements as the geographic layer; the physical network layer; the logical network layer (where the 1s and 0s reside); the cyber persona layer; and the persona layer. "We need to simplify GIG [Global Information Grid] architecture, reduce and simplify our networks, and reduce the hundreds of security enclaves down to one," he said. Adm.
The United States can attain supremacy in cyberspace despite the advantages seemingly held by malevolent organizations and nations, noted an expert in a TechNet Asia-Pacific 2010 panel on warfighters. Randall Cieslak, chief information officer, U.S. Pacific Command, told the afternoon panel audience that adversaries are neither 10 feet tall nor invincible. The United States can achieve cyber supremacy in the same manner that it has air supremacy if it adopts the correct approaches to cyberspace. "We can achieve supremacy in cyberspace. We have it in SIPRNET [secret Internet protocol router network]," Cieslak stated.
A devastating terror attack that would cripple the United States could happen as soon as tomorrow. However, unlike the events of 9/11, this attack would take place in cyberspace and involve accounting figures, not any physical plant. That gloomy assessment was offered by Adm. Mike McConnell, USN (Ret.), executive vice president of Booz Allen Hamilton and former director of national intelligence (DNI). Giving the Wednesday plenary address at TechNet Asia-Pacific 2010, Adm. McConnell shared with the audience how his concerns over the vulnerability of the banking sector date back to when he was named DNI by then-President George W. Bush. Putting the threat in perspective, Adm.
Cyberspace is the key to successful military operations, and leaders are not focusing on the right aspects to secure it from adversaries, according to a U.S. Navy fleet commander. Vice Adm. Richard W. Hunt, USN, commander of the U.S. Third Fleet, stated that a denial of U.S. military cyber capabilities would cripple U.S. forces to the extent that they would not be able to conduct operations effectively. Speaking before a luncheon audience at TechNet Asia-Pacific 2010 in Honolulu, Hawaii, Adm. Hunt emphasized the importance of cyber in the U.S. military. "Cyber is the key spot in virtually every warfighting discussion and planning I've been in since I got to Third Fleet," he declared.
The medium literally is the message in Pacific Command operations, as network situational awareness may be the determining factor in the success of future operations. Adm. Robert F. Willard, USN, commander of the U.S. Pacific Command, warned that U.S. military capabilities in this area are strongly lacking. "In command and control, you can't control what you can't see, and you must be able to control everything in these domains," Adm. Willard said. Speaking at TechNet Asia-Pacific 2010, Adm. Willard related that recent Pacific rim exercises illustrated the problem. The cyber element was set up weeks in advance, and it was supported to an unprecedented level by personnel from the newly established U.S.
This month, Linton Wells II drew his inspiration for Mission Assurance Moves to the Fore in Cyberspace from Deputy Secretary of Defense William J. Lynn III's recently published article, Defending a New Domain: The Pentagon's Cyberstrategy. Wells summarizes Lynn's strategy points, noting that taken on a whole they have a broader implication than just cyberdefense. It has more to do with mission assurance, he says:
Maintaining stability in one of the most diverse, dynamic regions of the world will take a concerted effort among all particants holding a positive stake in the future. To achieve that goal, nations and organizations must band together to iron out the rough spots even when some players remain reticent about cooperation. In this month's issue of SIGNAL Magazine, Robert K. Ackerman strikes a chord with his interview featuring the commander of Pacific Command (PACOM), Adm. Robert F.
The United Kingdom is giving its defense structure a good hard look, with plans to revamp its architecture, mission and capabilities. Recognizing the need to move away from a mentality built on Cold War threats, U.K. leaders have commissioned several studies to determine the way ahead. In this issue of SIGNAL Magazine, Robert K. Ackerman gleans insight on the goals of the U.K.
Recognizing a threat is the first step to addressing it, and one way to do that is to track incongruities rather than just monitoring the status quo. In this issue of SIGNAL Magazine, Chris Sanders highlights an intrusion detection architecture that does just that. His article, "The Exception Becomes the Rule," focuses on how this system enables a rapid, flexible response to cyberthreats.
Part 2 of 2
Defense Department IT budgets are now fully mortgaged to support ongoing operations and maintenance, while most large development funds are still paying for continuation of programs that were started years ago. With regard to the concerns I've raised in my previous post, here are some ideas on what should be done:
First of two parts.
According to Air Force LTG William Lord, 85 percent of cyberoperations are in defense. That being the case, How should the Defense Department protect its network and computer assets? A 2009 RAND Corporation report on cyberdeterrence asserts "...most of the effort to defend systems is inevitably the ambit of everyday system administrators and with the reinforcement of user vigilance." The report also states "...the nuts and bolts of cyberdefense are reasonably well understood."
Apply Now for CyberPatriot III
The Air Force Association (AFA) is now collecting applications for CyberPatriot III-a nationwide competition that aims to educate students in science, technology, engineering and mathematics (STEM) and to foster the next generation of national security professionals in the United States.
Gen. Keith Alexander, USA, the head of the new cyber command, stated that the Defense Department needs situational awareness across DOD's networks to protect its cyber defenses: "We do not have a common operating picture for our networks. We need to build that."
The Defense Department is responsible for protecting more than seven million machines, linked in 15,000 networks, with 21 satellite gateways and 20,000 commercial circuits. Unauthorized users probe Defense Department networks 250,000 times an hour, or more than six million times per day, he added.
Accreditation and certification of software is a vital but time-consuming process. On Tuesday afternoon, panelists at the AFCEA SOLUTIONS symposium discussed the challenge and ongoing attempts to streamline the process. Brig. Gen. Peter F. Hoene, USAF, DISA's program executive officer for the Global Command and Control System-Joint (GCCS-J), stated that there was a need to speed accreditation and certification because the current procedure takes too much time. He noted that some units had even resorted to writing their own software, completely aware of the risks involved in using uncertified programs, because they needed the operational capability.
The AFCEA SOLUTIONS conference at George Mason University's C4I Center, "Critical Issues in C4I," kicked off this morning with a keynote address by Lt. Gen. Dennis Via, USA, director of C4 systems, the Joint Staff. The general discussed his mission responsibilities, which he described as leading the joint community and helping to pull together and organize initiatives to share information. As part of this responsibility, he sees the J6 bringing together the services, government organizations, industry and academia. "We don't tend to slow down to talk about the challenges that we have," the general said. Gen.
Although the U.S. Defense Department keeps its finger on the pulse of secure communications, it's cautiously easing up on its banning of thumb drives. That's not to say the department is becoming lax, however, because it has imposed tight restrictions on the use of these and other portable data storage devices. Better to keep the pressure cuff on than to end up having to stanch the potential flow of classified information into the hands of the enemy if a device is lost or stolen. In this issue of SIGNAL Magazine, Henry S. Kenyon describes the department's efforts to stay in step with 21st century cyberspace while being mindful of its security.