The cyber activities of Russia to try and impact the U.S. presidential elections of 2016 and 2020 are well known, spoken about by U.S. military cyber and other leaders. Going forward toward the mid-term election of 2022, the roster of countries attempting to harm U.S. processes is growing, reports Gen. Paul Nakasone, USA, commander, U.S. Cyber Command. And the command is already preparing to protect the 2022 elections.
Lessons learned in combating terrorist organizations such as ISIS have proved valuable to tailoring national defense techniques to use against cyber attacks from near-peer adversaries, including China and Russia. Speaking at West 2021, Gen. Paul M. Nakasone, USA, said recent experience demonstrates that the threats to data and networks has changed dramatically in scope, scale and sophistication.
The U.S. Cyber Command, at the invitation of foreign governments, sends teams of cyber warriors overseas to aid in the search for, analysis of and protection against adversaries conducting cyber warfare.
While U.S. forces frequently deploy overseas, this is a different kind of military support. Instead of taking tanks, helicopters and ships, the U.S. military sends its cyber warriors, armed with their adroit offensive and defensive skills and digital tools.
Raytheon Missiles & Defense, Tucson, Arizona, has been awarded a $79,398,158 cost-plus-fixed-fee contract for Small Diameter Bomb Increment II lot integration and test. This contract effort will deliver all-up round (AUR) test vehicles, perform AUR-level assembly, checkout, testing and systems integration testing; and prepare for production cut-in and fielding for the multiple engineering changes needed, including National Security Agency (NSA) cryptographic modernization, Global Positioning System (GPS) military code, mitigation of part obsolescence, and design changes evolving from production and/or operations. Work will be performed in Tucson, Arizona, and is expected to be completed April 1, 2023.
The national security community needs to prepare now for the possibility that U.S. adversaries could develop and deploy quantum computers, which would render useless most conventional encryption algorithms, says Adrian Stanger, senior cryptographic authority, Cybersecurity Directorate, National Security Agency (NSA).
The last year presented “unique challenges” to the military combatant command in charge of defending U.S. related interests in cyberspace. The three-year old U.S. Cyber Command, which plans and executes global cyberspace operations, activities and missions in regard to defending and advancing national interests, has spent the last year defending and mitigating against the continuing cyber threats from China, Russia, Iran and nonstate actors and criminals, reported Gen. Paul Nakasone, USA, commander, U.S. Cyber Command (CYBERCOM); director, National Security Agency (NSA); and chief, Central Security Service (CSS); in testimony before the Senate Armed Services Committee today.
The National Security Agency/Central Security Service (NSA/CSS)-Hawaii is looking toward innovation, both in technology and in service, as it ramps up to meet the challenges posed in the region covered by the Indo-Pacific Command (INDOPACOM). And these challenges have evolved during the COVID-19 pandemic, notes the head of the office.
Capt. Kurtis Mole, USN, commander, NSA/CSS Hawaii, addressed the opportunities NSA/CSS is seizing during his keynote address on the third day of TechNet Indo-Pacific, running virtually March 1-3. Capt. Mole defined the agency’s challenges against the backdrop of the vast Indo-Pacific region while noting its applicability worldwide.
During the pandemic, technology leaders across intelligence agencies have focused not only on supporting the continuity of mission efforts and the connectivity of its work force, but also emerging solutions to drive innovation and efficiencies.
Some of the main tools officials are pursuing include: advanced software delivery, multicloud use, machine learning and data processing tools, said chief information officers (CIOs), who along with moderator Lewis Shepherd of VMware, spoke on September 17 at the Intelligence and National Security Summit, co-hosted virtually by INSA and AFCEA.
The U.S. Defense Department by the end of the calendar year will release an initial zero trust architecture to improve cybersecurity across the department, says Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency, and commander, Joint Force Headquarters-Department of Defense Information Network.
Norton’s agency, commonly known as DISA, is working with the National Security Agency, the Department of Defense (DOD) chief information officer and others on what she calls an initial “reference” architecture for zero trust, which essentially ensures every person wanting to use the DOD Information Network, or DODIN, is identified and every device trying to connect is authenticated.
Under a joint pilot program, verifying the security of mobile application software for use within the federal government no longer needs to be time consuming or expensive. The Department of Homeland Security (DHS), working with a partnership within the NSA, automated the process to determine if apps meet the agency’s National Information Assurance Partnership (NIAP) protection profile.
The Defense Information Systems Agency (DISA) is working more closely with the intelligence community and is partnering with the National Security Agency (NSA) on a number of cybersecurity-related efforts, officials say.
The National Security Agency (NSA) has created a new Cybersecurity Directorate as a recognition that “the best defense against devastating cyber attacks is to unify as a nation against our threats,” the agency has announced.
Government agencies are working together much more effectively as they counter terrorism and state-sponsored attacks in cyberspace. But more remains to be done as adversaries introduce new tactics and capabilities.
A panel comprising the top U.S. intelligence officials reviewed these issues as they closed out the AFCEA/INSA Intelligence & National Security Summit on September 5. Their points ranged from foreign interference in U.S. elections to cooperation—or the lack thereof—from industry with the U.S. government.
The National Security Agency (NSA) is launching its new Cybersecurity Directorate with a promise of “opening the door to partners and customers on a wide variety of cybersecurity efforts,” according to an agency statement. These partners will include established government allies in the cyber domain such as the U.S. Cyber Command, the Department of Homeland Security and the FBI. The directorate also is promising to share information better with its customers to help them defend against malicious cyber activity.
The May 7th ransomware attack against Baltimore has crippled much of the local government’s IT infrastructure while holding its network hostage. Not since the March 2018 attacks against Atlanta has a major U.S. city been so digitally impaired.
The subsequent media coverage of Baltimore’s struggle has generated some misplaced criticism of the U.S. government. Initial news reports erroneously claimed that the ransomware leveraged an NSA-developed exploit to compromise Baltimore’s municipal systems. Unfortunately, this snowballed into numerous sources placing blame on the NSA, claiming that they mismanaged their cyber weaponry.
This is grossly incorrect.
Personnel working in cyber must continually look for opportunities to learn, say cyber professionals from across government.
During a morning panel discussion on the final day of the AFCEA TechNet Cyber conference in Baltimore, high-ranking officials from the Defense Department, Department of Homeland Security and National Security Agency discussed a wide range of issues concerning the cyber workforce today and tomorrow.
The National Security Agency is now sharing the source code of Ghidra, its reverse engineering tool developed by the agency’s Research Directorate in support of its cybersecurity mission. Ghidra, a suite of software analysis tools, examines complied code using capabilities such as disassembly, assembly, decompilation, graphing and scripting.
Ghidra helps analyze malicious code and malware and improves cybersecurity professionals’ understanding of potential vulnerabilities in their networks and systems. With this release, developers can now collaborate, create patches and extend the tool to fit their cybersecurity needs.
The United States faces a “toxic mix of threats,” Dan Coats, the director of National Intelligence, testified today before the Senate Select Committee on Intelligence while unveiling the annual Worldwide Threat Assessment of the U.S. Intelligence Community.
There is not enough skilled talent for the growing need of the cyber community. Based on a state-by-state analysis on cyberchair.org, there are currently 320,000 open cyber jobs in the United States. Projections get worse. According to a CISCO report, by 2020 there will be 1 million unfilled cyber positions worldwide.
“We need to make systemic changes to address that gap,” said Rob Joyce, senior cybersecurity strategy advisor to the director, National Security Agency (NSA), and former cybersecurity advisor to the president.
Millions of times every single day, antagonists search for entry into the U.S. Defense Department’s networks. They come from all over: Russia, China, North Korea, Iran. Some are sponsored by nation-states; others are terrorist groups.
Never before has there been such an intense focus on data security and privacy. With data breaches increasing exponentially and the European Union’s recent implementation of the General Data Protection Regulation (GDPR), data security has been at the forefront of news stories over the past several months, with both businesses and consumers suddenly paying very close attention. With this increased attention has come an understanding that data continues to exist even when it is no longer needed or used. Due to this newfound understanding and GDPR’s “Right to be Forgotten,” the eradication of data has new urgency and has become critical to a successful data security program.
When Alexander Woody was born, his mother knew she needed to forge a new path career-wise. She enrolled in an associate's degree program at her local community college and studied computer programming.
“She hit that program really hard back in the '90s and was able to succeed,” says Woody, who is now an Army specialist working as a counter pursuit operator within the National Security Agency’s (NSA’s) Cybersecurity Threat Operations Center.
Spc. Woody ended up with the NSA after finding himself also at a career crossroad. He studied chemistry at North Carolina State University and sometimes tutors high school students struggling with chemistry. But he realized it wasn’t the right career choice for him.
If you think of the cyber threat as Godzilla, you can see the need for a framework that optimizes limited resources. As the beast attacks the building, those individuals located on the ground floor—for example the architects and engineers—worry about being stepped on by its feet. Those on the next floor up, the systems engineers, see the knees and want protection from being kicked. The next level, the incident responders, see the claws and worry about what those claws can do. Higher in the building, the operators see the shoulders and are focused on how big the threat might be based on the shoulder size. The customers at the top only see teeth and flames.
Where some see challenges, others see opportunities. It sounds like a motivational poster, but that is exactly how researchers at the National Security Agency view the Internet of Things, or the IoT.
“We approach IoT a little differently than everybody else. Everybody’s talking about all the security problems. That’s certainly fair, but we look at IoT as an opportunity in terms of the security goals we can accomplish,” says George Coker, chief, Information Assurance Research Group, National Security Agency (NSA).
The U.S. Navy has outsourced geospatial intelligence at sea, delaying its investment in a solution to this core intelligence competency for the afloat commander. The service needs to train its analysts to produce geospatial intelligence and acquire software and hardware for them. A cost-effective systems solution exists, but the lack of commitment to geospatial intelligence holds the Navy back.
Officials from across the U.S. intelligence community are calling for reauthorization of section 702 of the Foreign Intelligence Surveillance Act, which allows the government to collect data on non-U.S. citizens on foreign soil, as Congress debates whether to reauthorize, reform or outright reject it.
Multiple officials from multiple agencies touted the benefits of Section 702 during the 2017 Intelligence and National Security Summit, which was held Sept. 6-7 in Washington, D.C.
After months of uncertainty, President Donald Trump announced today that he has elevated the U.S. Cyber Command to a unified combatant command. In addition, Cyber Command ultimately may be separated from the National Security Agency (NSA).
“This new unified combatant command will strengthen our cyberspace operations and create more opportunities to improve our nation’s defense,” Trump said. “The elevation of United States Cyber Command demonstrates our increased resolve against cyberspace threats and will help reassure our allies and partners and deter our adversaries.”
Solid-state drives store data using flash memory and are becoming common system-level components in military systems. Although they are inexpensive and readily available, commercial off-the-shelf versions often fail to meet military requirements: predictable performance under stressful operating conditions, robust ruggedization, long-term availability from an accredited supplier and trusted security. Drives designed for the commercial market do not provide the flexible security features needed in today’s modern military applications.
Editor’s note: Hugh Montgomery, the focus of this article, passed away April 6, just weeks after this SIGNAL interview.
It is just a matter of time before other countries face insider leaks similar to those that have haunted the American intelligence community, said Hugh Montgomery, a former U.S. diplomat and a pioneering intelligence officer who served for more than six decades.
An offshoot of social media, crowdsourcing could hold solutions to some of the biggest cybersecurity problems the U.S. Defense Department faces. The burgeoning field could find fixes for thorny legacy problems as well as emerging cyberthreats. This is exactly what is taking root at the Joint Forces Staff College in a course offered to service members and their Defense Department civilian equivalents learning cyber concepts in joint, interagency and multinational environments.
Cybersecurity can no longer be viewed as a technology-only problem and segmented into stovepipes where the U.S. Defense Department carries out one set of tasks; the civilian government another; and industry does its own thing, said Adm. Michael Rogers, USN, director of the National Security Agency (NSA) and commander of U.S. Cyber Command.
“It must be viewed more broadly and must be tackled from a national security perspective,” Adm. Rogers said during a morning West 2017 conference presentation Thursday with Adm. James Stavridis, USN (Ret.), former NATO commander and dean of Tufts University’s Fletcher School of Law and Diplomacy.
The ability of warfighters to be mobile and nimble is not a luxury during combat operations. It is an absolute necessity. Staying ahead of the enemy or avoiding attack often means an entire command post must move, and quickly—a mammoth challenge if the command post relies on a wired communications network with cumbersome and costly cables and equipment.
Maj. Gen. Mark W. Westergren, USAF, has been assigned as deputy chief, Central Security Service, National Security Agency, Fort George G. Meade, Maryland.
Securing the cyberspace will get worse before it gets any better, warned Adm. Michael Rogers, USN, director of the National Security Agency (NSA) and commander of U.S. Cyber Command.
“The very technical foundation of the world we’ve created with the Internet of Things is going to exacerbate [security vulnerabilities], not make it easier,” he said. Now, it’s not that the Internet of Things is bad, he pointed out. “As a private citizen, I love the convenience. But I also acknowledge it brings inherent challenges when we’re trying to defend something.”
Every now and then a poll result pops up that surprises me. Results sometimes are counter-intuitive, or at least counter-narrative from what we're led to believe in major media coverage.
Case in point: An early 2015 poll shows that after nearly two years of a negative spotlight on the U.S. intelligence community, and particularly on the National Security Agency (NSA) and Central Intelligence Agency (CIA), the American people still have a positive view of the NSA and CIA. More startlingly, young Americans have more favorable views of NSA and CIA than older Americans!
The National Security Agency’s third annual Best Scientific Cybersecurity Paper competition is now open. Scientific papers must have been published during 2014.
The papers will be judged on scientific merit and the the strength and significance of the work reported. In addition, the paper must exemplify the performance and reporting of cybersecurity scientific research.
General Dynamics C4 Systems, Scottsdale, Arizona, recently received the Defense Mobile Classified Capability (DMCC) contract from the National Security Agency (NSA). As part of the contract, General Dynamics will deliver up to 1,000 Samsung KNOX-enabled Galaxy S4 smartphones provisioned with added GD Protected software for the U.S. government. With these new smartphones, authorized government personnel will be able to make secure phone calls and access classified email. With GD Protected software, the phone operates using only authorized software and applications from a trusted source. The company will provide system updates and upgrades over the air.
The National Security Agency (NSA) is focusing inward and externally as it adopts a new approach to technology policy. This effort ranges from seeking outside partners in technology development to conducting an internal audit to uncover weak points that might bring down the agency.
The leaders of the U.S. intelligence community stated that the Snowden and Manning revelations of U.S. intelligence collection activities have done serious harm to U.S. national security in several ways. Three agency directors and one acting director stated that the ability to view the threat picture has been hamstrung as it is changing to an increasing degree.
U.S. intelligence agencies gave administration officials good advance information on Ukraine and the Islamic State in Iraq and the Levant (ISIL) activities before the crises unfolded, according to leaders of the agencies. Yet, inherent limitations prevented them from being able to measure transitional events.
From circuit-switched networks (CSN), to Global System for Mobile Communications (GSM), to Enhanced Data Rates for GSM Evolution (EDGE), technology has reached the point where it is now feasible to secure mobile communications. Only recent mobile devices-witness the iPhone-can keep up with security demands required for secure communications. The National Security Agency (NSA) is developing a midterm pilot program aiming for the end goal of a mobile platform developed using only commercial off-the-shelf (COTS) components.
Creating a deterrence strategy in cyberspace similar to the Cold War approach to nuclear weapons is a difficult proposition, according to Gen. Keith Alexander, USA, who commands U.S. Cyber Space Command and is director of the National Security Agency.
"There is no deterrence model out there analogous to what we had during the Cold War for nuclear détente. If you think about it, there are no rules of the road yet. There are no norms. We don't have all that figured out, so there is no deterrence strategy. In fact, I would posit that it is much more difficult to have a deterrent strategy in cyber space because all countries, nation states and non-nation states, can have these capabilities in cyberspace," says Alexander.
The National Security Agency (NSA) now has an app for aspiring agents. The free NSA Career Links app for iPhone will keep you up to date about agency jobs, career events, news, and video and employee testimonies. Developed by CACI-CMS Information Systems Inc., the app is meant to attract the best and brightest to join the NSA team. According to NSA officials, this year will be the agency's largest hiring effort in recent memory. Think you have what it takes to carry out some of the nation's most important and sensitive intelligence activities?
The U.S. Defense Department must secure the cyber domain to protect and defend its own information and U.S. citizens, Gen. Keith B. Alexander, USA, commander of U.S. Cyber Command said today during the opening address of LandWarNet 2010. Gen. Alexander also serves as the director of the National Security Agency. "Every link and system has vulnerabilities that we have to defend," he stated. Gen. Alexander organized his speech by comparing warfare in the past with the movie WarGames and cyberwarfare to the movie The Matrix. In the former movie, as in nuclear warfare, there is no good engagement option because of assured mutual destruction.
Yesterday's blog coverage was just too short to include the depth of advice the experts at the Small Business Intelligence Forum shared, so here are a few more ideas: -Savvy SIGNAL Scape reader Ross Andrews, ARC Program Manager, Contractor - BVTI, beat this reporter to the punch on a very important item that should be on every small company's list if it wants to do business with the intelligence community: register with the Acquisition Resource Center. See his full comment at http://bit.ly/bXmzFM.
It's sometimes difficult to figure out what's the bigger secret - intelligence or the acquisition processes of the organizations that gather it. CIA, NSA, DIA plus 13 more agencies are collectively known as the intelligence community (IC), but that's where most of the similarity ends when it comes to these information hunters and gathers when it comes to purchasing goods, services or "carbon units." One fact is absolutely true and as open source as is possible: small businesses have advocates in IC agencies that fight tooth and nail in their interest. Some of these experts presented valuable secrets as well as common sense about how to capture the IC's business at the AFCEA International Small Business Intelligence Forum.
Revelations about the National Security Agency’s (NSA’s) monitoring practices created some fallout with the telecommunications industry and other nations, acknowledges Adm. Michael Rogers, USN, the agency’s new director, who also leads the U.S. Cyber Command. But the capabilities the agency provides eclipse the damage done.
“The majority of the relationships that we have around the world with nation states, with the corporate sector, remain as they were before this—the majority,” Adm. Rogers stresses. “That’s not to say it hasn’t had an impact, and no one should think otherwise.