Cyber Committee White Papers

AFCEA Committees bring together the top thought leaders to collaborate on issues of national and global importance. Often a subject is addressed that evolves into a white paper for distribution to higher levels, including government and military leadership. The following represent the work of the AFCEA Cyber Committee. A list of additional AFCEA white papers is also available.

2020

Strengthening the Nation's Cybersecurity Strategy

Cybersecurity and its relationship to the national interests have evolved swiftly and will continue to do so. AFCEA International's Cyber Committee offers strategy recommendations as a result of numerous studies and commissions. This is the first in a series that will highlight specific recommendations that merit action now and in the next four years.

Effectively Integrating Cybersecurity into Enterprise Risk Management

Cybersecurity is now a significant area of focus and concern for senior leaders of public and private organizations. Unfortunately, for too many organizations, cybersecurity continues to be a technically focused effort managed by the technical wizards. Instead, board of director discussions often zero in on describing the latest cyber threats, which are often unintelligible to leaders, counts of cyber attacks thwarted and recommendations for cybersecurity investments. Learn how to conduct enterprise risk management processes to benefit your organization to help all staff members and leaders understand the importance of protecting data, the lifeblood on which it thrives.

COVID-19 Compels Better NSEP Planning

Any comprehensive National Security Emergency Preparedness (NSEP) capability in the United States has atrophied amid the increase of threats that could cause a catastrophic disaster across the country. Of key interest is whether any of the DHS/FEMA critical infrastructure Information Sharing and Analysis Centers or Information Sharing and Analysis Organizations have been utilized in the dramatic effort to address COVID-19. The way is clear for many opportunities to establish or leverage existing public/private partnerships to build and coordinate NSEP capabilities in the United States.

Small Business Cybersecurity

AFCEA’s Cyber and Small Business committees present best practices, recommendations and information resources for small businesses. This paper is intended to support training and increase awareness for small businesses within local AFCEA chapters. (Graphics-free version available here)

 

Open Source Software and Mission-Critical Applications: A Cautionary Tale

The AFCEA Cyber Committee has examined the origins of the trend towards greater use of open source software (OSS) in government and commercial applications, as well as its motivation and associated risks, with a view to inform AFCEA companies and members as to the benefits and risks of this approach. The committee members draw an analogy to previous qualit control experiences. The integrity of the supply chain delivery mechanism is as important as the delivered components. The committee members conclude with some suggestions for mitigating risks when building systems they intend to trust. Those systems are now developed principally by integrating existing untrusted components having known vulnerabilities. Often those components are themselves subject to continual modification, improvement and correction.

 

The U.S. Cybersecurity Industrial Base and National Security

This white paper conveys to U.S. national security policy makers and decision makers observations and recommendations regarding the nation's cybersecurity industrial base and this sector's ability to support and strengthen the national security of the United States.

 

2019

Cyber Insurance

The Cyber Insurance Subcommittee of AFCEA International's Cyber Committee concluded cyber insurance is useful in risk transference but with some important caveats. For example, a purchase decision is contingent on individual company circumstances, such as revenue, risk tolerance, board guidance and regulatory environment relative to protected categories of information. In addition, every purchase decision should be critically reviewed regarding the extent of exclusions to coverage in each policy. The subcommittee also concluded that it remains in the indeterminate future whether cyber insurance underwriters routinely will begin to discount premiums for businesses that implement sound security countermeasures.

 

Measuring Security: Making Sense out of a Modern-Day Tower of Babel

 

Despite obvious and compelling needs for ways to measure security, AFCEA’s Cyber Committee found that there is no consensus about how to measure security. To the contrary, its members found that the security metrics are all over the map with most organizations admitting in confidential discussions that they are not comfortable with the metrics they are using.
 

2017

Big Data Analytics and Cybersecurity: Three Challenges, Three Opportunities

This paper recommends research and development the government and private sector can conduct regarding ways in which big data analytics can secure complex networks and environments. It also recommends enhanced, enterprise-level security regarding big data environments. Finally, it recommends stronger efforts by the Intelligence Community to understand how adversaries may be using big data analytics to understand the United States and craft courses of action that affect national interests.
 

2016

Key Cyber Issues and Recommendations: A Way Forward

Given the breakneck speed of technological change, challenges associated with developing/issuing national policy and concomitant adversary capabilities, government often finds itself behind the curve with respect to coordinated cybersecurity readiness and response. 

Public/Private Information Sharing

 There is a high level of frustration that the enemy is moving at unprecedented speeds, and it is unlikely that public policy can change fast enough to adapt and morph at the necessary speed to mitigate the impact of our attackers. 

Recommended Implementation Strategies for a National Cyber Information Sharing Initiative

This paper addresses recommendations for implementation strategies that should be pursued in implementing the provisions of the executive order (EO) on information sharing1. However, the committee believes that a successful implementation of the EO requires an appropriate context for these efforts as well as a framework that could be used to define success.

Recommended Context and Framework for a National Cyber Information Sharing Initiative

 This paper provides recommendations for establishing the standards and implementation of an effective National Information Sharing Infrastructure.

2015

Driving Cybersecurity Awareness HOME!

In the cyber environment, some realities defy dispute. First, the cybersecurity challenge is pervasive and growing with an ever-evolving range of threats. Second, no one wants to be a victim of cyber crime or a cyber attack, but many people, businesses, and organizations simply do not know how to dissuade cyber intruders. 


Security Implications of the Internet of Things

Once we, as individual consumers, introduce the IoT into our families and lives, we allow machine-tomachine interactions on our behalf. This changes legal and liability issues and, in some cases, introduces a series of grey areas yet to be defined.

2014

The Science of Security: A Survey and Analysis

Cyber Intelligence Sharing

The Economics of Cybersecurity: A Practical Framework for Cybersecurity Investment

The Economics of Cybersecurity Part II: Extending the Cybersecurity Framework

The Future of Internet Governance: Can the Current Model Support the New Economics of the Internet?

2013

Critical Infrastructure: Electric Power

Insider Threat: Protecting U.S. Business Secrets and Sensitive Information

Secure Mobility

2012

Cyber Assured Identity

Looking for the Right Answers in the Clouds

Security and Cloud Computing

Security Risks of Not Migrating to IPV6

Supply Chain Risk Management

 

Additional AFCEA White Papers