Cyber Committee White Papers
AFCEA Committees bring together the top thought leaders to collaborate on issues of national and global importance. Often a subject is addressed that evolves into a white paper for distribution to higher levels, including government and military leadership. The following represent the work of the AFCEA Cyber Committee. A list of additional AFCEA white papers is also available.
The rise of China as a peer competitor vying for superpower status has emerged as an important challenge for the United States. The AFCEA Cyber Committee opens the discussion of China's hybrid approach to the use of power, particularly in cyberspace, as a competitor to the United States. Internal and external governance and to its application on the battlefield are two facets of China's approach.
The AFCEA Cyber Committee is pleased to present the second in a series of white papers designed to inform an evolving national cybersecurity strategy. While many cybersecurity recommendations focus on federal government activities, including civilian and military components, the committee recognizes the vital role that state and local authorities and stakeholders must play to safeguard the nation's civil, critical and business infrastructures. A one-size-fits-all model doesn't exist because local government organizations vary in size and complexity, cyber capability and need. But several examples exist.
Cybersecurity and its relationship to the national interests have evolved swiftly and will continue to do so. AFCEA International's Cyber Committee offers strategy recommendations as a result of numerous studies and commissions. This is the first in a series that will highlight specific recommendations that merit action now and in the next four years.
Cybersecurity is now a significant area of focus and concern for senior leaders of public and private organizations. Unfortunately, for too many organizations, cybersecurity continues to be a technically focused effort managed by the technical wizards. Instead, board of director discussions often zero in on describing the latest cyber threats, which are often unintelligible to leaders, counts of cyber attacks thwarted and recommendations for cybersecurity investments. Learn how to conduct enterprise risk management processes to benefit your organization to help all staff members and leaders understand the importance of protecting data, the lifeblood on which it thrives.
Any comprehensive National Security Emergency Preparedness (NSEP) capability in the United States has atrophied amid the increase of threats that could cause a catastrophic disaster across the country. Of key interest is whether any of the DHS/FEMA critical infrastructure Information Sharing and Analysis Centers or Information Sharing and Analysis Organizations have been utilized in the dramatic effort to address COVID-19. The way is clear for many opportunities to establish or leverage existing public/private partnerships to build and coordinate NSEP capabilities in the United States.
AFCEA’s Cyber and Small Business committees present best practices, recommendations and information resources for small businesses. This paper is intended to support training and increase awareness for small businesses within local AFCEA chapters. (Graphics-free version available here)
This white paper conveys to U.S. national security policy makers and decision makers observations and recommendations regarding the nation's cybersecurity industrial base and this sector's ability to support and strengthen the national security of the United States.
The Cyber Insurance Subcommittee of AFCEA International's Cyber Committee concluded cyber insurance is useful in risk transference but with some important caveats. For example, a purchase decision is contingent on individual company circumstances, such as revenue, risk tolerance, board guidance and regulatory environment relative to protected categories of information. In addition, every purchase decision should be critically reviewed regarding the extent of exclusions to coverage in each policy. The subcommittee also concluded that it remains in the indeterminate future whether cyber insurance underwriters routinely will begin to discount premiums for businesses that implement sound security countermeasures.
Despite obvious and compelling needs for ways to measure security, AFCEA’s Cyber Committee found that there is no consensus about how to measure security. To the contrary, its members found that the security metrics are all over the map with most organizations admitting in confidential discussions that they are not comfortable with the metrics they are using.
Given the breakneck speed of technological change, challenges associated with developing/issuing national policy and concomitant adversary capabilities, government often finds itself behind the curve with respect to coordinated cybersecurity readiness and response.
There is a high level of frustration that the enemy is moving at unprecedented speeds, and it is unlikely that public policy can change fast enough to adapt and morph at the necessary speed to mitigate the impact of our attackers.
This paper addresses recommendations for implementation strategies that should be pursued in implementing the provisions of the executive order (EO) on information sharing1. However, the committee believes that a successful implementation of the EO requires an appropriate context for these efforts as well as a framework that could be used to define success.
This paper provides recommendations for establishing the standards and implementation of an effective National Information Sharing Infrastructure.
In the cyber environment, some realities defy dispute. First, the cybersecurity challenge is pervasive and growing with an ever-evolving range of threats. Second, no one wants to be a victim of cyber crime or a cyber attack, but many people, businesses, and organizations simply do not know how to dissuade cyber intruders.
Once we, as individual consumers, introduce the IoT into our families and lives, we allow machine-tomachine interactions on our behalf. This changes legal and liability issues and, in some cases, introduces a series of grey areas yet to be defined.