Cyber Committee White Papers

AFCEA Committees bring together the top thought leaders to collaborate on issues of national and global importance. Often a subject is addressed that evolves into a white paper for distribution to higher levels, including government and military leadership. The following represent the work of the AFCEA Cyber Committee. A list of additional AFCEA white papers is also available.



Making the Case for a Federal Bureau of Cyber Statistics

AFCEA International's Cyber Committee is pleased to present this white paper as part of the members' series of white papers designed to inform an evolving national cybersecurity strategy. This paper, focused on recommendations of the Cyberspace Solarium Commission pertinent to a Bureau of Cyber Statistics, represents a program issue, given that it discusses a capability the commission believes required to strengthen the cybersecurity of the United States.

The Danger of Cognitive Stress on Tactical Operations

Cybersecurity professionals, especially on-net defenders, experience striking similarities to stress-inducing factors as do first responders. While discussions at cybersecurity conferences dating to 2018 noted a significant rise in burnout, depression and suicide in the community, no official studies exist to date. This white paper, written by members of AFCEA International's Cyber Committee, seeks to educate readers on contributing factors of the current cultures, the potential role of "gamification" to impact behaviors and recommendations to address the issue.

Jumpstarting Rural Broadband Initiatives

High-speed Internet access is critical to economic opportunity, job creation, education and civic engagement. All Americans, whether living and working in cities or the nation's rural areas, need reliable and ready access. This white paper, prepared by members of AFCEA's Cyber Committee, reviews some of the major government programs to improve nationwide availability of broadband and offers suggestions for how and why the private sector should participate. It also investigates the security and national competitive implications of the lack of reliable broadband Internet connectivity in rural communities.


Establishing a Federal Digital Service Academy

Winning in cyberspace is at root a human problem. We urgently need to build the next generation of digital leaders to prepare both government and civil society to defend and deter in this venue. It is time for us to consider developing a national cyber or digital service academy, much like the dedicated national service academies at Annapolis, West Point, and Colorado Springs. In this white paper the AFCEA Cyber Committee details a way forward for this initiative.

China, Cyberspace and Hybrid State Power

The rise of China as a peer competitor vying for superpower status has emerged as an important challenge for the United States. The AFCEA Cyber Committee opens the discussion of China's hybrid approach to the use of power, particularly in cyberspace, as a competitor to the United States. Internal and external governance and to its application on the battlefield are two facets of China's approach.

Strengthening the Nation's Cybersecurity Strategy, Part Two

The AFCEA Cyber Committee is pleased to present the second in a series of white papers designed to inform an evolving national cybersecurity strategy. While many cybersecurity recommendations focus on federal government activities, including civilian
 and military components, the committee recognizes the vital role that state and local authorities and stakeholders must play to safeguard the nation's civil, critical and business infrastructures. A one-size-fits-all model doesn't exist because local government organizations vary in size and complexity, cyber capability and need. But several examples exist.


Strengthening the Nation's Cybersecurity Strategy

Cybersecurity and its relationship to the national interests have evolved swiftly and will continue to do so. AFCEA International's Cyber Committee offers strategy recommendations as a result of numerous studies and commissions. This is the first in a series that will highlight specific recommendations that merit action now and in the next four years.

Effectively Integrating Cybersecurity into Enterprise Risk Management

Cybersecurity is now a significant area of focus and concern for senior leaders of public and private organizations. Unfortunately, for too many organizations, cybersecurity continues to be a technically focused effort managed by the technical wizards. Instead, board of director discussions often zero in on describing the latest cyber threats, which are often unintelligible to leaders, counts of cyber attacks thwarted and recommendations for cybersecurity investments. Learn how to conduct enterprise risk management processes to benefit your organization to help all staff members and leaders understand the importance of protecting data, the lifeblood on which it thrives.

COVID-19 Compels Better NSEP Planning

Any comprehensive National Security Emergency Preparedness (NSEP) capability in the United States has atrophied amid the increase of threats that could cause a catastrophic disaster across the country. Of key interest is whether any of the DHS/FEMA critical infrastructure Information Sharing and Analysis Centers or Information Sharing and Analysis Organizations have been utilized in the dramatic effort to address COVID-19. The way is clear for many opportunities to establish or leverage existing public/private partnerships to build and coordinate NSEP capabilities in the United States.

Small Business Cybersecurity

AFCEA’s Cyber and Small Business committees present best practices, recommendations and information resources for small businesses. This paper is intended to support training and increase awareness for small businesses within local AFCEA chapters. (Graphics-free version available here)


Open Source Software and Mission-Critical Applications: A Cautionary Tale

The AFCEA Cyber Committee has examined the origins of the trend towards greater use of open source software (OSS) in government and commercial applications, as well as its motivation and associated risks, with a view to inform AFCEA companies and members as to the benefits and risks of this approach. The committee members draw an analogy to previous qualit control experiences. The integrity of the supply chain delivery mechanism is as important as the delivered components. The committee members conclude with some suggestions for mitigating risks when building systems they intend to trust. Those systems are now developed principally by integrating existing untrusted components having known vulnerabilities. Often those components are themselves subject to continual modification, improvement and correction.


The U.S. Cybersecurity Industrial Base and National Security

This white paper conveys to U.S. national security policy makers and decision makers observations and recommendations regarding the nation's cybersecurity industrial base and this sector's ability to support and strengthen the national security of the United States.



Cyber Insurance

The Cyber Insurance Subcommittee of AFCEA International's Cyber Committee concluded cyber insurance is useful in risk transference but with some important caveats. For example, a purchase decision is contingent on individual company circumstances, such as revenue, risk tolerance, board guidance and regulatory environment relative to protected categories of information. In addition, every purchase decision should be critically reviewed regarding the extent of exclusions to coverage in each policy. The subcommittee also concluded that it remains in the indeterminate future whether cyber insurance underwriters routinely will begin to discount premiums for businesses that implement sound security countermeasures.


Measuring Security: Making Sense out of a Modern-Day Tower of Babel


Despite obvious and compelling needs for ways to measure security, AFCEA’s Cyber Committee found that there is no consensus about how to measure security. To the contrary, its members found that the security metrics are all over the map with most organizations admitting in confidential discussions that they are not comfortable with the metrics they are using.


Big Data Analytics and Cybersecurity: Three Challenges, Three Opportunities

This paper recommends research and development the government and private sector can conduct regarding ways in which big data analytics can secure complex networks and environments. It also recommends enhanced, enterprise-level security regarding big data environments. Finally, it recommends stronger efforts by the Intelligence Community to understand how adversaries may be using big data analytics to understand the United States and craft courses of action that affect national interests.


Key Cyber Issues and Recommendations: A Way Forward

Given the breakneck speed of technological change, challenges associated with developing/issuing national policy and concomitant adversary capabilities, government often finds itself behind the curve with respect to coordinated cybersecurity readiness and response. 

Public/Private Information Sharing

 There is a high level of frustration that the enemy is moving at unprecedented speeds, and it is unlikely that public policy can change fast enough to adapt and morph at the necessary speed to mitigate the impact of our attackers. 

Recommended Implementation Strategies for a National Cyber Information Sharing Initiative

This paper addresses recommendations for implementation strategies that should be pursued in implementing the provisions of the executive order (EO) on information sharing1. However, the committee believes that a successful implementation of the EO requires an appropriate context for these efforts as well as a framework that could be used to define success.

Recommended Context and Framework for a National Cyber Information Sharing Initiative

 This paper provides recommendations for establishing the standards and implementation of an effective National Information Sharing Infrastructure.


Driving Cybersecurity Awareness HOME!

In the cyber environment, some realities defy dispute. First, the cybersecurity challenge is pervasive and growing with an ever-evolving range of threats. Second, no one wants to be a victim of cyber crime or a cyber attack, but many people, businesses, and organizations simply do not know how to dissuade cyber intruders. 

Security Implications of the Internet of Things

Once we, as individual consumers, introduce the IoT into our families and lives, we allow machine-tomachine interactions on our behalf. This changes legal and liability issues and, in some cases, introduces a series of grey areas yet to be defined.


The Science of Security: A Survey and Analysis

Cyber Intelligence Sharing

The Economics of Cybersecurity: A Practical Framework for Cybersecurity Investment

The Economics of Cybersecurity Part II: Extending the Cybersecurity Framework

The Future of Internet Governance: Can the Current Model Support the New Economics of the Internet?


Critical Infrastructure: Electric Power

Insider Threat: Protecting U.S. Business Secrets and Sensitive Information

Secure Mobility


Cyber Assured Identity

Looking for the Right Answers in the Clouds

Security and Cloud Computing

Security Risks of Not Migrating to IPV6

Supply Chain Risk Management


Additional AFCEA White Papers