Last year was a banner year for cyber fraud. In just the first six months of 2019, more than 3,800 breaches exposed 4.1 billion records, with 3.2 billion of those records exposed by just eight breaches. The scale of last year’s data breaches underscores the fact that identity has become the currency of the digital world and data is the fuel that powers the digital economy. What’s also clear looking back on 2019 is that digital identities are continually being compromised on multiple levels.
There are certainly similarities between network resilience and cyber resilience. The foundation for both is the ability to maintain business or mission capabilities during an event, such as a backhoe cutting your fiber cables or a nation-state actively exploiting your network. But there are also significant differences.
Supply chain security has been of concern to government leaders for decades, but with attacks now originating in industrial control systems (ICS) from supply chain vulnerabilities and with an increasing reliance on the Internet of Things (IoT), Congress is stepping up its involvement. For example, legislators have promised that more stringent standards will soon be enforced.
Government agencies face similar challenges when it comes to understanding—and gaining intelligence from— foreign language content. They need to process, manage and gain insight from large volumes of content locked away in different formats, often across multiple languages. And they need to do all of this as quickly as possible. It’s no mean feat when you consider the mindboggling amounts of content being generated: 90% of the world’s content was created over the past two years alone.
When it comes to artificial intelligence (AI), the Department of Defense (DOD) has put a firm stake in the ground. The department’s AI strategy clearly calls for the DOD “to accelerate the adoption of AI and the creation of a force fit for our time.”
Anyone who has worked in the Pentagon or on almost any military installation can attest to wireless connectivity problems. Whether dealing with a dearth of cellular service, inadequate Wi-Fi or security blockers, service members and civilians have felt the frustration of not being able to access information or communicate effectively.
In every recent discussion I have had with government and defense leaders around IT modernization, the conversation quickly leads to cloud and its role in enabling agile ways of working for government. Many agencies have already developed cloud migration targets and are looking at how they can accelerate cloud adoption.
The U.S. Army is leading the charge on the military’s multidomain battle concept—but will federal IT networks enable this initiative, or inhibit it?
The network is critical to the Army’s vision of combining the defense domains of land, air, sea, space and cyberspace to protect and defend against adversaries on all fronts. As Gen. Stephen Townsend, USA, remarked to AFCEA conference attendees earlier this year, the Army is readying for a future reliant on telemedicine, 3D printing and other technologies that will prove integral to multidomain operations. “The network needs to enable all that,” said Townsend.
The response to the Chief of Naval Operations (CNO) Adm. John Richardson’s repeated request to “pick up the pace” of developing and implementing breakthrough technologies for our warfighters has gone, in my opinion, largely unheeded.
This is not the result of a lack of innovative solutions. A myriad of research and development programs exists to support the development of new technologies or to adapt existing commercial technologies to defense applications. Rather, it’s the result of an arcane acquisition process that is burdensome, expensive and lacking vision. Acquisition reform is where we need to pick up the pace!
When the Department of Defense (DOD) launched its Everything Over IP initiative nearly 10 years ago the focus was to bring traditional telecommunications technology—phone calls, streaming video and even faxes—to the digital world.
At that time, unified communications (UC), especially in the government workplace, was a relatively new concept. Remember, this was a time when voice over Internet Protocol (VoIP) phones were still seen as cutting edge. Now, though, UC has become not just a business tool, but a strategic offering that can connect employees in disparate locations, including the frontlines.
More than a year has passed since the Modernizing Government Technology (MGT) Act was signed into law, cementing the establishment of a capital fund for agencies to support their special IT projects. The MGT Act prompted defense and intelligence agencies to accelerate the replacement of legacy systems with innovative and automated technologies, especially as they explore new ways to mitigate security risks like those experienced all too often by their private sector counterparts.
The military continues to focus its efforts on developing the most sophisticated technologies and capabilities needed to sustain tactical advantage and achieve mission objectives. But the most critical component to success on the battlefield continues to lie with the warfighter.
Open source containers, which isolate applications from the host system, appear to be gaining traction with IT professionals in the U.S. defense community. But for all their benefits, security remains a notable Achilles’ heel for a couple of reasons.
First, containers are still fairly nascent, and many administrators are not yet completely familiar with their capabilities. It’s difficult to secure something you don’t completely understand. Second, containers are designed in a way that hampers visibility. This lack of visibility can make securing containers extremely taxing.
Layers upon layers
The U.S. defense industrial supply chain is vast, complex and vulnerable. Organic components, large-scale integrators, myriad commercial service providers, and tens of thousands of private companies sustain the Defense Department. According to the SANS Institute, the percentage of cyber breaches that originate in the supply chain could be as high as 80 percent.
Implementing a new system can be an exciting time, but the nagging questions and doubts about the fate of data you’ve literally spent years collecting, organizing and storing can dampen this excitement.
This legacy data often comes from a variety of sources in different formats maintained by a succession of people. Somehow, all the data must converge in a uniform fashion, resulting in its utility in the new solution. Yes, it is hard work and no, it is not quick. Fortunately, this scrubbing and normalization does not have to be a chaotic process replete with multiple failures and rework.
It comes as no surprise that U.S. adversaries continue to target and successfully exploit the security weaknesses of small-business contractors. A successful intrusion campaign can drastically reduce or even eliminate research, development, test and evaluation (RDT&E) costs for a foreign adversary. Digital espionage also levels the playing field for nation-states that do not have the resources of their more sophisticated competitors. To bypass the robust security controls that the government and large contractors have in place, malicious actors have put significant manpower into compromising small- and medium-sized businesses (SMBs).
Artificial intelligence can be surprisingly fragile. This is especially true in cybersecurity, where AI is touted as the solution to our chronic staffing shortage.
It seems logical. Cybersecurity is awash in data, as our sensors pump facts into our data lakes at staggering rates, while wily adversaries have learned how to hide in plain sight. We have to filter the signal from all that noise. Security has the trifecta of too few people, too much data and a need to find things in that vast data lake. This sounds ideal for AI.
Every time federal information technology professionals think they’ve gotten in front of the cybersecurity risks posed by the Internet of Things (IoT), a new and unexpected challenge rears its head. Take, for instance, the heat maps used by GPS-enabled fitness tracking applications, which the U.S. Department of Defense (DOD) warned showed the location of military bases, or the infamous Mirai Botnet attack of 2016.
Historically, the U.S. Department of Defense (DOD) has been the driver of technological innovation, inventing remarkable capabilities to empower warfighter mission effectiveness and improve warfighter safety. Yet over the past 25 years, a transformational shift has taken place in several key technology sectors, and technology leadership in these sectors is no longer being driven by the military, but rather by the private sector.
The need for next-generation networking solutions is intensifying, and for good reason. Modern software-defined networking (SDN) solutions offer better automation and remediation and stronger response mechanisms than others in the event of a breach.
But federal administrators should balance their desire for SDN solutions with the realities of government. While there are calls for ingenuity, agility, flexibility, simplicity and better security, implementation of these new technologies must take place within constraints posed by methodical procurement practices, meticulous security documentation, sometimes archaic network policies and more.