Cyber Defense Archives - Page 4 of 5 - A Cyber Fellow
Currently viewing the category: "Cyber Defense"

Image via Communications of the ACM

One of the important things in the Information Technology field is the ability to not only understand the technology itself but to be able to expertly navigate the human network.  With that said we’re taking a look at the Best of the Best in  Professional Cyber Security Organizations and Conferences:

USENIX, the Advanced Computing Systems Association:

  • Fosters technical excellence and innovation
  • Supports and disseminates research with a practical bias
  • Provides a neutral forum for discussion of technical issues
  • Encourages computing outreach into the community at large

USENIX Annual Technical Conference (USENIX ATC ’12) is their main conference.  USENIX ATC ’12 will take place June 12–15, 2012 in Boston.

 

IEEE, pronounced “Eye-triple-E”, stands for the Institute of Electrical and Electronics Engineers.

  • foster technological innovation and excellence for the benefit of humanity.
  • essential to the global technical community and to technical professionals everywhere, and be universally recognized for the contributions of technology and of technical professionals in improving global conditions.

IEEE Symposium on Security & Privacy is their main Cyber Security conference.  IEEE SEC & PRI will take place May 20-23, 2012 in San Francisco.

 

ISOC, Internet Society, founded by Vint Cerf:

  • world’s trusted independent source of leadership for Internet policy, technology standards, and future development.
  • More than simply advancing technology, they work to ensure the Internet continues to grow and evolve as a platform for innovation, economic development, and social progress for people around the world.

Network & distributed System Security Symposium (NDSS) occured on February 5-8, 2012 in San Diego.

 

ACM, Association for Computing Machinery:

  • widely recognized as the premier membership organization for computing professionals, delivering resources that advance computing as a science and a profession
  • enables professional development
  • promote policies and research that benefit society.

ACM Computer and Communications Security (ACM CSS) Conference will occur on October 16-18, 2012 in Raleigh.

[via David Brumley]

Incoming search terms:

cybersecurity professional organizations, cyber security organizations, cyber security professional conference us, cyber security professional organizations, cybersecurity organizations in colorado, level one cyber professional, Professional associations portland cyber security, who are the top cyber security organizations

Image via DMARC.org

What is Domain-based Message Authentication, Reporting & Conformance (DMARC?)  It is a significant software engineering effort to build upon the dated DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) authentication technologies.

DMARC is designed to satisfy the following requirements:

  • Minimize false positives.
  • Provide robust authentication reporting.
  • Assert sender policy at receivers.
  • Reduce successful phishing delivery.
  • Work at Internet scale.
  • Minimize complexity.

DMARC is designed to replace ADSP by adding support for:

  • wildcarding or subdomain policies,
  • non-existent subdomains,
  • slow rollout (e.g. percent experiments)
  • SPF
  • quarantining mail

DMARC has been designed based on real-world experience by some of the world’s largest email senders and receivers deploying SPF and DKIM. The specification takes into account the fact that it is nearly impossible for an organization to flip a switch to production. There are built-in methods for “throttling” the DMARC processing to ease into full deployment over time.

  1. Deploy DKIM & SPF.
  2. Ensure that your mailers are correctly aligning the appropriate identifiers.
  3. Publish a DMARC record with the “monitor” flag set for the policies, asking for data reports.
  4. Analyze the data and modify your mail streams as appropriate.
  5. Modify your DMARC policy flags from “monitor” to “quarantine” to “reject” as you gain experience.

Early Deployers - The following organizations are deploying or otherwise supporting the current draft of the DMARC specification:

  • Agari
  • American Greetings
  • Facebook
  • LinkedIn
  • PayPal
  • Return Path

[via DMARC]

Incoming search terms:

Domain-based Message Authentication Reporting & Conformance, introduction to Domain-based Message Authentication Reporting & Conformance

Download (PDF, 239KB)

Chief of Naval Operations Adm. Jonathan Greenert testifies at the House Armed Services Committee Hearing on President Obama’s Fiscal 2013 Budget Request for the U.S. Navy, 16 February 2012.  The following specific excerpts are focused on the area of Cyberwarfare:

“While we currently dominate the undersea domain, cyberspace and the electromagnetic spectrum present a different set of challenges and a lower barrier to entry to our potential adversaries. Our FY2013 budget submission furthers our goal to operate effectively in cyberspace and fully exploit the electromagnetic spectrum. Investments including SEWIP, the Consolidated Afloat Network Enterprise System (CANES), E-2D Hawkeye, Next-Generation Enterprise Network (NGEN) and Mobile User Objective System (MUOS) support development of a common operational picture of cyberspace and the electromagnetic spectrum. They also support robust defense of our networks and improve our ability to use non-kinetic effects to defend our ships from attack, conduct offensive operations and conduct superior command and control.”

“Project Power Despite A2/AD Challenges. Potential adversaries are mounting strategies to prevent U.S. forces from entering their theater (anti-access) or operating effectively once within the theater (area-denial). These adversaries intend to prevent U.S. forces from defeating their aggression or coming to the aid of allies and partners. Both state and non-state actors are undertaking these strategies using capabilities including mines, submarines, anti-ship cruise and ballistic missiles, anti-satellite weapons, cyber attack, and communications jamming. The Navy FY2013 budget submission addresses these threats through a wide range of investments that support the multi-service Air-Sea Battle concept. In addition to the MIW, ASuW and ASW investments identified above, our FY2013 budget submission funds upgrades in electronic warfare (EW), integrated fire control, cyber operations, networks, Virginia SSN and payload modules, and the F-35C.”

“Operate Effectively in Space and Cyberspace. As a forward deployed force, our Fleet is highly dependent upon space-based systems, cyberspace and the electromagnetic spectrum. Naval forces rely on long-haul communications for command and control, positioning, navigation and timing and administration. Given the growing A2/AD threat from communications jamming and anti-satellite weapons, our FY2013 budget submission includes investment in the maritime portion of the Joint Airborne Layer Network, a UAV-based system to assure our ability to communicate and conduct command and control.”

“Cyberspace and the electromagnetic spectrum are a key area of emphasis for our future force development. In the past two years, we made significant investments in personnel for Navy Cyber Command / Tenth Fleet as well as U.S. Cyber Command, which continue in our FY2013 budget submission. These highly-skilled operators are developing a “common operational picture” (COP) of cyberspace and the tools to effectively defend our interests within it. Cyberspace and the electromagnetic spectrum are inextricably linked, and in our FY2013 budget submission, we fund a range of EW and electronic support systems including SEWIP, Next-Generation Jammer, shipboard prototype and demonstrator systems, Ship Signal Exploitation Equipment (SSEE) and the E-2D Hawkeye. These systems sustain our ability exploit the electromagnetic spectrum for sensing and communication, while denying our adversaries accurate or effective information. We are also developing the conceptual and doctrinal framework to fully exploit the electromagnetic spectrum as a warfighting domain.”

And there is even a note on the CARL VINSON (in good company with CONSTITUTION) from SECNAV Mabus:

“Our commitment to our sailors and Marines can never waver. It can never end. For 236 years from steam — from sail to steam to nuclear, from the USS Constitution to the USS Carl Vinson, from Tripoli to Tripoli, our maritime warriors have upheld a proud heritage, protected our nation, projected our power, and provided freedom of the seas. In coming year, this new strategy and our plans to execute that strategy will assure that our naval heritage not only perseveres, but that our Navy and Marine Corps continue to prevail.”

[via Navy.mil]

Incoming search terms:

CNO testimony on battle force
Tagged with: