Currently viewing the category: "Cyber Defense"

The video above is Dr. Regina Dugan speaking at the DARPA Cyber Colloquium in January 2012. This is video provides an excellent snapshot of what is ongoing throughout the Internet and what we call “Cyberspace”.  It also alludes to the “Death by a thousand cuts” I mentioned in my Information Dominance Corps video.

The news today is that Dr. Dugan is headed out of DARPA and into the arms of Google. This kind of departure is one of my main concerns for the U.S. Government, Department of Defense, and the U.S. Navy. This concern is rooted in the historical departure of excellent people from these institutions due to the institution’s inability to entice them to stay.  The military and Navy have battled this issue for centuries and I think the battle in the realms of Information Technology and Cyberspace will be a far more challenging one.

To this point the private sector has traveled through the economic recession and is in full recovery and growth mode in these realms while the government sector is just now facing it with massive budgetary issues.  Companies can’t obtain excellent people in these Cyber fields fast enough. Carnegie Mellon University and others can’t create them fast enough.  In steps a company like Google, Facebook and others and they gobble up every great candidate.  Facebook’s creator visited CMU for just this reason in the last part of 2011.

DARPA DirectorWhen a company like Facebook wants a great candidate they are no longer simply offering a salary (which already dwarfs those of the government sector) but are able to provide a substantial and comprehensive package.  If the candidate puts up a bit of a fight they simply increase the offer.  And if the candidates desires are to follow their company start-up dreams and continue with their own company; Facebook will simply buy the company.

Starting to see my point?  The Government and our Military are significantly challenged when trying to recruit, develop, and maintain this cyber force.  They are not only facing a foe in Cyberspace but the economic challenges in one of the most rapidly growing and developing industries in a globally connected world.  Compound these considerations with the Military budgets and personnel that are shrinking.  While more resources are shifting to the Cyberspace arena the priority changes, funding amounts and personnel may not be adequate enough to mitigate the risks that our Nation is facing.

What do you think?  How do you keep, maintain, and improve the people required for Cyberspace?

[via DARPA]

Tagged with:
 

Download (PDF, 130KB)

In the fight between implementing security and continous monitoring of compliance we normally (and with some justification) lean toward the former.  But when an organizations ability to effectively exercise its enterprise security we often jump and immediately add more monitoring measures. Either way it is extremely difficult to look an Inspector General in the eye and tell them you have an effective Cyber Security program after admitting that in “March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station.”  To give you an idea of how behind NASA is with encryption of notebook computers this was required and addressed by the majority of agencies in 2006 – a 6 year lag is unacceptable.

I’m not sure about you but if you are entering a future and environment where Cyber War is a possibility it is probably not the best plan to allow the largest continously space borne craft to have its C2 algorithms lost.  Sounds like NASA needs the helping hand from a few of my Information Dominance Corps members – specifically from Information Warfare and Information Professionals that are also Space Cadre members.  You want a catastrophic type of event?  Lose control of the Space Station and it’s orbit parameters. 

The IG for NASA went on to continue the main issues which need to be addressed:

  • Lack of full awareness of Agency-wide IT security posture;
  • Shortcomings in implementing a continuous monitoring approach to IT security;
  • Slow pace of encryption for NASA laptop computers and other mobile devices;
  • Ability to combat sophisticated cyber attacks; and
  • Transition to cloud computing.

Another major organizational issue which points directly at the leadership of NASA is that the “Chief Information Officer Lacks Visibility of and Oversight Authority for Key NASA IT Assets.”  This leads to a direct reminder that Lord Kelvin (yeah the temperature guy) once said “If you cannot measure it, you cannot improve it.”  And if you don’t own it there is no way you’ll be able to get the measurements you need.

[via House of Representatives]

So Interpol’s website is down in a possible retaliation as they just picked up 25 suspected Anonymous members.  Or the other reason could be that Interpol simply has a low cap in relation to the amount of attention this story is getting and the story itself is causing the Distributed Denial of Service. That is all part of the fun in Cyberspace; what is the true cause and attribution.

The arrests followed an ongoing investigation begun in mid-February which also led to the seizure of 250 items of IT equipment and mobile phones in searches of 40 premises in 15 cities, Interpol said.

Anonymous recently got attention by secretly recording a conference call between U.S. and British cyber investigators tasked with bringing the group to justice.  But the information within the call was fairly germane.  Part of the overall difficulty beyond compromising a system is actually getting through the minutia and getting the gems within.  If you can’t get the gemstones there is ultimately no end affect.

Anonymous executed this plan well with the Stratfor hack.  Only a few days ago they delivered their ex-filtrated gemstones to Wikileaks for publication.

Rarely do you get to watch a CEO like George Friedman detail the hacking incident and its implications. publicly acknowledge their major failures in the information war component in Cyber Battle against malicous Hackers like Anonymous.

Stratfor’s immediate actions included:

  • Ensured the prompt notification of credit card issuers about the compromised credit cards.
  • Offered all current and former paid subscribers identity protection services from CSID, a leading identity protection company.
  • Commissioned SecTheory, a respected Internet security firm, to work with us to rebuild our website, email system and internal infrastructure.
  • Hired Verizon Business Network Services to conduct a forensic investigation in cooperation with the FBI’s ongoing investigation.
  • Moving our entire e-commerce process to a highly secure, PCI compliant third-party system, which eliminates the need for us to store any credit card information.
  • Enhancing the way we encrypt and store passwords, and implementing new password requirements.

Stay tuned.  I’m sure there is more to follow…

Tagged with:
 
Set your Twitter account name in your settings to use the TwitterBar Section.