During the afternoon of the first day of AFCEA’s Cyber Education, Research and Training Symposium (CERTS), leaders from all five branches of the armed forces shared their perspectives on cyber education and training. Though all five laid out slightly different strategies and goals for their individual services, they all agreed they should leverage each other’s expertise and work together to figure out a way forward.
Information warfare is an aggressive game of soccer where not only are all the fans on the field with the players, but no one is wearing uniforms.
— Sandra Jontz (@jontz_signalmag) February 22, 2017
Emerging cyber trends such as the rapid increase in the number of bad actors, increased capabilities and sophistication, and the high degree of automation complicates a key question posed to U.S. military leaders: Are the armed forces ready to fight?
In the cyber realm, the answer is: “It depends,” said Vice Adm. Michael Gilday, USN, commander of U.S. Fleet Cyber Command/10th Fleet.
Nearly everyone has heard a parent or grandparent refer to the good ol’ days. Tales usually begin either with “When I was your age…” or “In my day, we didn’t have….” While it seems appropriate that octogenarians and nonagenarians tell such stories, today they’re not the only generations sharing memories that begin with, “When I was young….” People in their 20s and 30s reflect on their youth wistfully because members of the younger generation—who, by the way, are only five or 10 years younger than they are—can communicate, play, buy and sell, and share life moments in ways that surprise even 20-somethings.
Cyberspace is being accepted throughout the U.S. Army as a warfighting domain. However, many soldiers outside of the U.S. Army Signal Corps do not grasp the concept of cyberspace as an operational realm. Empowering them with that understanding is essential to operational success.
One of the primary tasks of Signal Corps members is to provide other leaders and soldiers with a clear understanding of the job of the corps and of cyberspace itself. As a military organization, the clearest means for the Signal Corps to communicate these concepts is through operational language. Many parallels exist between a battlefield’s physical landscape and what is done during offensive, defensive and support operations in cyberspace.
The U.S. Air Force cyber community is failing, but not all is lost. While some aspects are in dire need of repair or replacement, effective solutions potentially are within reach—if leadership is up to the task.
Intelligent Software Solutions, Colorado Springs, Colo.; BAE Systems, McLean, Va.; Charles River Analytics Inc., Cambridge, Mass.; Northrop Grumman Systems Corp., Herndon, Va.; Science Applications International Corp., McLean, Va.; Lockheed Martin Corp., Colorado Springs, Colo., and Solers Inc., Arlington, Va., are being awarded a $249 million multiple-award indefinite delivery/indefinite quantity for the development of command and control applications and information services for air, space and cyberspace domains. The contracting activity is the U.S. Air Force Life Cycle Management Center, Hanscom Air Force Base, Mass.
From securing the cloud to unwrapping new architecture compliance requirements, 2011 was a busy year for the tech public sector. In the New Year's spirit of renewal and rededication, here are five resolutions federal agencies should make. 1. Leverage IT to meet budget requirements The government fiscal landscape changed radically in the last year with budget cuts across the majority of federal agencies. The Obama's Administration fiscal 2012 budget proposal calls for a five-year discretionary spending freeze along with $33 billion in additional cuts. Yet, there is a reason why federal IT spending to commercial contractors is expected to grow five percent annually.
Earlier this year, detailed information about the bomb resistance of a new Department of Defense (DoD) building in Virginia was compromised. Reuters broadcast the information worldwide. The news organization did not obtain the document by hacking network systems, but rather accessed the "official use only" document on the Army Corps of Engineers website. This incident is just one example of the thousands of data breaches that occur as a result of internal information leakage rather than an outside attack. In their 2011 Information Security Report, the U.S. Government Accountability Office (GAO) shed light on why internal leaks are so prevalent.
Where the 20th century was the age of airpower, the 21st century will be the age of cyberpower, according to the U.S. Air Force's chief information officer (CIO). Lt. Gen. William T. Lord, USAF, told the closing keynote luncheon audience that the growth in cyberspace's importance is outstripping even its own metrics for progress. What he referred to as "Android's Law" has accelerated Moore's Law when it comes to change. Mobile devices are driving a global cultural change, he offered, and that change is breaching barriers and crossing into new territory. For example, social media was the tipping point in recent revolutions, the general pointed out.
The new technologies that are enabling elements of the critical infrastructure to operate more efficiently also are making them more vulnerable to devastating cyberattacks. Advanced mobile connectivity and supervisory control and data acquisition (SCADA) systems have created fertile ground for cybermarauders to target key aspects of the infrastructure a number of ways. These were the findings of a panel comprising a number of experts from Hawaii and the U.S. Pacific Command (PACOM) at TechNet Asia-Pacific 2011 in Honolulu. Rear Adm. Paul Becker, USN, the PACOM J-2, described how the use of SCADA industrial control systems was a primary threat to the infrastructure.
Situational awareness that borders on command and control (C2) may be necessary to protect vulnerable networks in the nation's critical infrastructure. The threat to these increasingly complex industrial control systems will require more than just commercial off-the-shelf security solutions, according to a panel of experts at TechNet Asia-Pacific 2011 in Honolulu. Rear Adm. Paul Becker, USN, the U.S. Pacific Command (PACOM) J-2, warned that the proliferation of control systems, coupled with a lack of network situational awareness, are prime opportunities for cybermarauders.
The spread of mobile networking systems along with the use of social media have opened new backdoors for hackers with potentially serious consequences, according to a leading security expert speaking at TechNet Asia-Pacific 2011. Tom Reilly, vice president and general manager, HP Enterprise Security, told the Wednesday breakfast audience that this major information technology transformation is leading to an escalation of attacks, especially against applications, and cyberspace will be a more dangerous place as a result. "Things are going to be much uglier in the cybercrime world," Reilly declared. He added that our adversaries are evolving away from traditional marauders. Many of them now are working at the behest of nation states.
Building network security around firewalls is passé, as cybercriminals are employing innovative means to enter a network. Instead, security managers should concentrate on understanding the user, the application and the data, according to Tom Reilly, vice president and general manager, HP Enterprise Security. Speaking at the TechNet Asia-Pacific 2011 Wednesday breakfast, Reilly described how new types of networking are rendering old measures obsolete. Traditionally, experts have looked at security as being a 100-percent solution that is layer focused. With the advent of mobile and cloud computing, perimeters are devolving and consumers want more access to information.
As social media permeates deeper into military organizations, leaders are confronting a host of challenges. However, those challenges largely are new incarnations of longstanding problems that have faced military communicators for generations. A panel of experts at TechNet Asia-Pacific 2011 focused on how information sharing can exist within an information security environment. Many of their concerns proved to be more user-oriented than technology-based. Addressing those concerns, Master Sgt. Andrew Baker, USA, 516th Signal Brigade, said that forces need to be more operations-security (OPSEC) oriented with new media.
Building and operating the third version of the Global Information Grid-GIG 3.0-will require new forms of accountability both for security and for operation. Accordingly, identity and access management will be the key items as the next-generation defense network is developed, said a panel of defense networking experts at TechNet Asia-Pacific 2011. GIG 3.0 would tap existing technology to provide better information sharing-particularly for interservice, interagency and international coalitions-along with improved cyber security and responsiveness, offered panel moderator Randy Cieslak, U.S. Pacific Command (PACOM) chief information officer (CIO).
The third iteration of the Defense Department's Global Information Grid (GIG 3.0) may represent a breakthrough in networking capabilities, but only current technologies need apply to build it, according to a Defense Department official. Mark Loepker, acting director for the Defense Information Assurance Program, told a panel audience at TechNet Asia-Pacific 2011 that industry should bring innovative solutions to the GIG table-only, a solution that is not supported by current technology is not a solution.
The United States should start pursuing some of the people who are hacking into U.S. systems and stealing intellectual property, said the former commander of the U.S. Pacific Command. Adm. Timothy J. Keating, USN (Ret.), told the audience at the opening keynote address for TechNet Asia-Pacific 2011 in Honolulu, Hawaii, that going after cybermarauders may be the only way to reduce their activities. The admiral called for a "thorough review of our nation's policy" with an eye toward taking action against cyberintruders. Saying it's time to "let the Genie out of the bottle," Adm.
One of the government's premier scientific research institutions is focusing its resources on defending computer systems against cyberattackers. The Sandia National Laboratories has concluded a recent two-day conference on cybersecurity by announcing plans for a new Cyber Engineering Research Institute (CERI) that will have a presence on both Sandia campuses in New Mexico and California. CERI is expected to more closely coordinate with industry and universities in developing new tactics to enhance cybersecurity.
The Air Force and Arlington County, Virginia, are taking preventative measures against hackers such as the ones that recently attacked Sony, costing them over $170 million. It's not just money at risk for government networks, however.
The Air Force has the lead for the Next Generation Airspace and lead for the Department of Defense. Arlington County, which collaborates extensively with the department on many levels, has undertaken continuous monitoring and risk analysis and is currently evaluating its supervisory control and data acquisition (SCADA) systems.