The European Union has established the basis of an organizational structure to safeguard its important satellite assets, particularly those that provide vital positioning, navigation and timing data. As its Galileo constellation has grown in size and significance, the European Union is establishing the necessary organizational infrastructure to build and coordinate a collective effort to secure space against a broad range of threats.
Advanced Technology Systems Co., McLean, Virginia (FA8730-20-D-0018); Atlantic CommTech Corp., Norfolk, Virginia (FA8730-20-D-0022); BCF Solutions Inc., Chantilly, Virginia (FA8730-20-D-0017); CACI Inc., Arlington, Virginia (FA8730-20-D-0015); Chenega Security International LLC, Chantilly, Virginia (FA8730-20-D-0010); Evergreen Fire and Security, Tacoma, Washington (FA8730-20-D-0016); Government Contracting Services LLC, Tacoma, Washington (FA8730-20-D-0009); InDyne Inc., Crestview, Florida (FA8730-20-D-0013); Johnson Controls BAS LLC, Rockville, Maryland (FA8730-20-D-0008); KBRwyle Technology Solutions LLC, Columbia, Maryland (FA8730-20-D-0006); LINX Defense LLC, Deston, Florida (FA8730-20-D-0012); LVW Electronics (Low Voltage Wiring),
Security is among the single greatest concern government agencies have about moving their systems to the cloud. Although it offers significant benefits, cloud computing continues to raise questions about data and system protection. Regardless, the Office of Management and Budget via its Cloud Smart Strategy and the previous Cloud First policy mandates government agencies move to the cloud.
General Dynamics Information Technology (GDIT) will be supporting the U.S. State Department's global technical security supply chain effort, under a $2 billion single-award contract with the Bureau of Diplomatic Security (DS), Countermeasures Directorate. The contract includes a base period of five years and a five-year award term, the company reported.
Under the contract, GDIT will provide the State Department, U.S. Embassies and other posts worldwide with integrated technical security systems, engineering and solution development, hybrid supply chain and distribution management, as well as a global logistics and transportation network.
The fight to secure microelectronic chips is becoming as basic as the chip itself. With chips facing a myriad of threats throughout their life cycle, experts are incorporating security measures into the development of the chip from the foundry to assembly. Other approaches safeguard against threats that could appear as the chip moves through the supply chain. The bottom line for microelectronics security is that necessary measures cannot wait until the device is in the hands of the user.
The colossal reliance on semiconductor chips by the military and commercial industry reaches across weapons, machines and systems that perform key defense and national security functions. And while the Defense Department and the industry use secure chips, they are expensive and hard to design. To remedy that, the Defense Advanced Research Projects Agency, known as DARPA, is looking to automatically include defense mechanisms into the design of microchips. The agency is creating tools to manage the supply chain custody throughout the life cycle of a microchip and increase the availability and economics of secure microelectronics.
Mantech Advanced Systems International, Herndon, Virginia, has been awarded a $12,918,248 cost-plus-fixed-fee contract for security support. This contract provides Sensitive Compartmented Information and Special Access Program security services to the Space and Missile Systems Center and Air Force Space Command operational units. Work will be performed at Los Angeles Air Force Base, California; Vandenberg AFB, California; Peterson AFB, Colorado; and Schriever AFB, Colorado. The work is expected to be completed by November 16, 2019. This award is the result of a competitive acquisition with three offers received. Fiscal year 2018 research and development funds in the amount of $10,000 are being obligated at the time of award.
More than 50 percent of the video surveillance data the federal government collects is not being analyzed. This fact may not be surprising since cameras appear to be everywhere these days, and the amount of data they gather is so huge it’s unwieldy. But MeriTalk, the public-private partnership that conducted a survey of 151 federal decision makers, likens this situation to government agencies seeing only half a movie: They would have challenges following the plot and leveraging the information to achieve the goal—improved security.
Some of the hackers who have persistently attacked Lockheed Martin’s networks have “gone quiet” in recent months, officials told reporters yesterday at an Arlington, Virginia, media summit hosted by the company’s recently restructured Defense and Intelligence Solutions division. “We’ve seen a number of the adversaries—I wouldn’t say they’ve disappeared—but they’ve gone quiet,” said Darrell Durst, Lockheed Martin’s vice president, cyber solutions. “I think we have been able to counter a number of the adversaries relative to our networks.”
The National Institute of Standards and Technology (NIST) primary external advisory board today announced a report calling for the agency to increase its staff of cryptography experts and to implement more explicit processes for ensuring openness and transparency to strengthen its cryptography efforts. In making its recommendations, the Visiting Committee on Advanced Technology (VCAT) specifically addressed NIST’s interactions with the National Security Agency (NSA).
Lawrence Livermore National Laboratory, Los Alamos National Laboratory and Bechtel BNI are joining forces to a new class of cyberdefense professionals to protect the nation’s critical digital infrastructure. The Bechtel-Lawrence Livermore-Los Alamos Cyber Career Development Program is designed to allow the national labs to recruit and rapidly develop cybersecurity specialists who can guide research at their respective institutions and create solutions that meet the cyberdefense needs of private industry, which owns about 80 percent of the nation’s critical digital infrastructure and assets.
The National Security Agency (NSA) has selected five more schools for the National Centers of Academic Excellence (CAE) in Cyber Operations Program, which is designed to cultivate more U.S. cyber professionals. These schools are now designated as Cyber Operations CAEs for the 2014-2019 academic years:
Research on the state of cybersecurity of the U.S. critical infrastructure companies reveals that 67 percent have experienced at least one security compromise that led to the loss of confidential information or disruption to operations during the past year. In addition, 24 percent of a survey’s respondents said the compromises involved insider attacks or negligent privileged information technology users. Only 6 percent provide cybersecurity training for all employees.
Today the U.S. Defense Department released its strategy for countering weapons of mass destruction (WMD). This strategy will direct the department’s efforts to prevent hostile actors from acquiring WMD, contain and reduce WMD threats and ensure the department can respond effectively to WMD crises.
People with access to privileged data—such as health care records, sensitive company information, intellectual property or personal records—frequently put their organization’s sensitive information at risk, according to a new report by Raytheon Company. The survey report, “Privileged User Abuse & The Insider Threat,” finds that many individuals often are granted access to data and areas of the network not necessary for their roles and responsibilities. Furthermore, 65 percent of survey respondents indicated that curiosity—not job necessity—drives them to access sensitive or confidential data.
Key findings include:
High school students and teachers get to learn about the world of cybersecurity through Sandia National Laboratories' Cyber Technologies Academy (CTA), which offers free classes for those interested in computer science and cybersecurity.
The Department of Veterans Affairs (VA) remains plagued by decades-old problems of unreliable and vulnerable networks and computer systems, putting the veterans they serve at risk, according to a recent government report. Despite years of documented weaknesses, the VA still has failed to shore up vulnerabilities, according to the Government Accountability Office (GAO) report.
During the past six years alone, computer security incidents at the VA doubled, from 4,834 in 2007 to 11,382 in 2013, GAO investigators write. Incidents included unauthorized access, denial-of-service attacks, installation of malicious code and improper usage of computing resources, among others.
Middle and high school student teams from 14 states will gather next week for CyberPatriot, a culminating competition in which they will be tested defend computers against cyberattacks.
After months of preparation, the CyberPatriot event on March 28 will test students on their defensive measures and skills to trounce cyber and computer vulnerabilities, a much-needed emerging skill in the cybersecurity industry.
The real challenge to keeping the homeland secure is dealing with the world's increasing complexity, Adm. Thad Allen, USCG, (Ret.), executive vice president of Booz Allen Hamilton and former commandant of the U.S. Coast Guard, told the audience at the AFCEA Homeland Security Conference in Washington, D.C., on Monday during his luncheon keynote address.
Every year in the January issue, SIGNAL Magazine introduces a new columnist for its Incoming opinion column. Next year’s columnist, Lt. Gen. Daniel P. Bolger, USA (Ret.), picked a timely topic for his first column. He worries that with social media posts, warfighters and civilian military employees “merrily are doing the work of a million foreign spies.” Gen. Bolger warns of a broad trend toward posting too much information in social media.
The most damaging cyber attacks possible are among the least likely to happen, because the powers capable of undertaking them are unlikely to launch them, according to an expert with the Office of the Director of National Intelligence (ODNI). Sean Kanuck, national intelligence officer for cyber issues at the National Intelligence Council, ODNI, told the audience at the second day of the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that cyber attack capability need not translate to immediate threat.
A “digital Pearl Harbor Armageddon” that inflicts catastrophic damage on the United States is not likely soon or in the foreseeable future. The worst cyber attack that could be expected would have less of an effect for a shorter period of time, said an expert with the Office of the Director of National Intelligence (ODNI).
Sean Kanuck, national intelligence officer for cyber issues at the National Intelligence Council, ODNI, told the audience at the second day of the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that predictions of destruction that would bring the United States to its knees are unnecessarily pessimistic and unlikely to materialize.
Democracy has only 20 years left to live if an effective means of digital identification is not developed before that deadline. As young people growing up with social media reach voting age in increasing numbers, they will lead a major shift to online voting. A lack of identity security will throw open the gates to massive voter fraud that will destroy the fidelity of elections, and with it, true representative government.
One of the world’s leading experts on cybersecurity calls cyber sabotage attacks “the worst innovation of this century.” Cyberweapons have become too dangerous, and cyberattack can lead to visible and important damage to the critical infrastructure or telecommunications. And, attribution is almost impossible.
Supervisory control and data acquisition (SCADA) systems face numerous threats from cybermarauders coming at them from any of a number of directions. Some systems could suffer malware attacks even though they are not the intended targets, according to a leading security expert.
Eugene Kaspersky, chief executive officer and co-founder of Kaspersky Lab, described the threat to SCADA systems to the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. Kaspersky described several SCADA attacks that already occurred and warns of new potential vulnerabilities.
Resistance to change may prove to be the biggest impediment to information sharing among the cyber intelligence community. Both government and industry must break out of their existing paradigms to share cyber intelligence that may prove vital to national security.
Panelists on the second day of the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., outlined some of the cultural obstacles that hold back information sharing. In the intelligence community, the conflict is the traditional need to know versus the new need to share.
The most serious national security threat looming in cyberspace may be the potential for vital data to be altered by cybermarauders, according to a cyber expert with the Office of the Director of National Intelligence (ODNI). Speaking to an attentive audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., Sean Kanuck, national intelligence officer for cyber issues at the National Intelligence Council in the ODNI, admitted that the threat to data integrity keeps him awake at night.
Effective cyber experts require an increasing skill set that is putting them out of reach of the government. As threats have become more diverse, so have the abilities needed to defend against them, and the government may need to turn to innovative methods of building its cyberforce.
While government and industry wrestle with issues of sharing cyber intelligence, different private sectors face an equally difficult—and important—task of information sharing among themselves. Many face similar threats, and their survival against cybermarauders may depend on how well they share threat knowledge.
Information sharing is a major discussion point in the two-day AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. In a panel discussion, Robert Mayer, vice president of industry and state affairs at the U.S. Telecom Association, called for more cross-sector activity and engagement so that the industry sectors share more information.
Companies that are hacked have valuable information that can help prevent future cyber intrusions, said an FBI cyber expert. Rick McFeely, executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the bureau is depending on industry to share vital information on cyber attacks.
“A key part of what the FBI does is victim notification,” McFeely said. “But, by calling out methods used to attack one company, we can see if those methods are being used to attack others. We now do that [a great deal].
The same challenges facing the military now confront law enforcement as it embraces cyber capabilities. Disciplines ranging from data fusion to security are becoming integral parts of the curriculum for police officers.
Cathy Lanier, chief of the Washington, D.C., Metropolitan Police Department, did not understate the changes technology has wrought as she spoke at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. “It almost feels like completely reinventing police work,” she said.
The military is so busy combating cybermarauders that it has not been able to shape an overall strategic approach to securing cyberspace, said the head of intelligence for the Joint Staff. Rear Adm. Elizabeth Train, USN, director for intelligence, J-2, the Joint Staff, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the cyberdomain is a multidimensional attack domain that threatens both the military and the private sector.
“We’re doing more tactical blocking and tackling than strategic defense right now,” Adm. Train said.
Information sharing, automated intelligence reporting and all-source analysis capabilities are cited by many experts as being necessary for helping ensure cybersecurity. However, the human element must remain not only present, but also dominant, in any cybersecurity process.
That was one point presented in a panel discussion at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C. Rear Adm. Elizabeth Train, USN, director for intelligence, J-2, the Joint Staff, cited an automated unclassified intelligence reporting system as one capability that is needed but is still a way off.
Just as an earlier panelist at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., emphasized the importance of the human element in cyber intelligence, a subsequent panel sounded the alarm for acquiring and keeping cyber personnel. Obsolete hiring rules and competition from the private sector loom large as impediments to the government’s ability to hire and retain effective cyber intelligence personnel.
The U.S. Senate is moving on a cyber bill that is more in line with the approach being taken by the House, said a member of the House Permanent Select Committee on Intelligence. Rep. Mac Thornberry (R-TX) told the morning audience at the AFCEA Global Intelligence Forum at the National Press Club in Washington, D.C., that this bill may be marked up by the Senate Commerce Committee this week. It would turn to standards established by the National Institute of Standards and Technology (NIST) for private sector guidelines.
Hackers need to pay a greater price for intrusions if network security is to be effective, said a former director of national intelligence. Adm. Dennis Blair, USN (Ret.), who also is a former commander of the U.S. Pacific Command, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the nation needs to raise the cost to the hacker without breaking the bank for the defender.
The admiral emphasized that he is not advocating the legalization of counter-cyber attacks—as much as the concept appeals to him. Instead, he called for legalization of “a myriad of nondestructive counter cyber attacks” that would raise the minimal cost to these hackers.
The FBI has created an information sharing portal for cyber defense modeled on its Guardian counterterrorism portal. Known as iGuardian, the trusted portal represents a new FBI thrust to working more closely with industry on defeating cyberthreats. It is being piloted within the longtime InfraGard portal, according to an FBI cyber expert.
Rick McFeely, executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that information sharing with private industry is absolutely essential for defeating the cyberattacks on private networks.
The recently signed executive order on cybersecurity and the presidential directive on critical infrastructure protection are not separate documents. In fact, they are part of the same overall effort to protect the nation, said Rand Beers, undersecretary for the National Protection and Programs Directorate, U.S. Department of Homeland Security. Beers discussed the effort on Thursday at the AFCEA Homeland Security Conference in Washington, D.C.
Gen. Michael Hayden, USAF (Ret.), former director of the CIA, indicated an astounding extent of Chinese cyber espionage and said he believes the Iranians are attacking U.S. banks with unsophisticated but pervasive cyber attacks.
The hotel industry has seen a greater increase in terrorist attacks than any other industry in recent years, according to Alan Orlob, vice president of global safety and security for Marriott International. Orlob offered a first-hand account of the attacks on two hotels in Jarkarta, Indonesia, in 2009.
Orlob, the luncheon keynote speaker at the AFCEA Homeland Security Conference in Washington, D.C., was staying at a Ritz Carlton hotel, which is owned by Marriott, at the time of the attack.
What if your smartphone messages could self-destruct to ensure ultimate privacy and control over the content? No, it's not a scene from a spy movie. The newly released Wickr app for iPhone encrypts communication and permanently deletes personal data from your device. The free app provides military-grade encryption of text, picture, audio and video messages, and it gives the sender control over who can read messages and for how long. For example, a user could send a picture message but set it to self-destruct after 10 minutes. In addition, Wickr deletes all metadata from files.
More than 70 percent of energy security professionals believe smart grid security standards cannot keep pace with the ever-changing technology and threats, according to a recent survey sponsored by nCircle and EnergySec, a public-private partnership funded by the U.S. Department of Energy. The online survey, conducted in March, questioned 104 participants in the energy and utility industry about current smart grid security measures.
Next in SIGNAL's webinar series, "Securing the Data Center: A DOD Architecture for Information Assurance" will take place on May 7, 2009 at 11:00 AM ET. Targeted attacks by hackers and insiders are aimed where they'll do the most damage and where the most valuable assets are located - the agency data center. Government agencies can increase protection and reduce operational costs when security issues are considered at the very beginning of data center planning. So it's ironic that data center security is often an afterthought. A well thought-out defense-in-depth strategy includes multiple layers of security and different overlapping technologies.
Attendees will learn how a secure data center architecture can:
The Department of Homeland Security’s SAFETY Act is finding a new application as it may serve to protect against the potential for lawsuits arising from the National Institute of Standards and Technology Cybersecurity Framework. Lawyers are answering questions from clients about possible legal actions, and the department and institute are working together to ensure developers work with confidence.
Budget cuts and rapidly improving information technology are forcing the U.S. Defense Department to confront increasing cybersecurity demands without commensurate increases in available resources. Cybersecurity costs are increasing with both the complexity of new technologies and the worsening threat picture. However, solutions to this challenge do exist—if the Defense Department opts for new approaches.
One way of characterizing the current Defense Department situation is to view it as an inability to meet rising demands for systems without having adequate funding for cyberdefenses. Meanwhile, the costs of cybersecurity are rising. The progress in meeting increased cyberthreats is lagging, which is not acceptable.
U.S. Defense Department and interagency special operators are scheduled to begin receiving new tactical mesh networking equipment this month. The kit provides a mobile, ad hoc, self-healing network that offers a full range of situational awareness data, including intelligence, surveillance and reconnaissance feeds, blue force tracking and a voice over Internet protocol capability.
U.S. border patrol agents watched on surveillance videos as suspected drug smugglers chatted on cellular phones. But when agents sought phone records for investigations into the suspected nefarious activity along the Texas-Mexico divide, commercial service providers came up empty-handed. There simply were no logs. How were the smugglers evading commercial providers?
U.S. Customs and Border Protection turned to Lockheed Martin for its LUMEN Active Defense technology of sensors that can help detect rogue cellular base stations devised to circumvent cellular service providers.
U.K. government entities at various levels are looking into bring-your-own-device policies for their purposes. And while their mandates differ, they all have one factor in common—a need for the right level of security. To help groups at the most open classification levels make the right choices, a U.K. security agency has released a series of guidance documents that outlines what decision makers should consider.
The jury is still out in the corporate world as to whether the bring-your-own-device trend will gain a permanent foothold. While the movement creates security worries and extra work for information technology employees, it presents a few perks corporate leaders are reluctant to turn down: cost savings and increased employee productivity. Efforts for full implementation for both businesses and government entities are stymied much more by policy than by technology, or the lack thereof, experts say. While some technological shortcomings create some security risk, viable solutions are on the horizon.
The United States military has for decades invested in sophisticated and expensive technologies that take years, sometimes even decades, to develop. While those systems provide an advantage on the battlefield, the nation can no longer afford to continue the same strategy, according to Dr. Arati Prabhakar, director of the Defense Advanced Research Projects Agency (DARPA), the Defense Department’s premier agency for developing advanced technologies.