The Cyber Defense Review

Articles

1 2 3 4 5 6 7 8 9 10 ... 16

Book Review: Pushing Limits: From West Point to Berkeley & Beyond

December 4, 2018 — Ted Hill was a different type of leader for the U.S. Army than West Point intended to produce when he graduated in 1966. He was adventurous, entrepreneurial, highly talented, quantitative yet out-of-the-box, irreverent to senseless authority, impatient, and very lucky to survive his 4-year required service to the Army after his United States Military Academy (USMA) schooling and commissioning. This autobiography of a West Point graduate, Army officer, and a highly successful academic professor is a fun, action-packed look at the anachronism of a modern 21st-century deep thinker serving in the highly structured Army during the Vietnam era. MORE

Book Review: Cyber War

September 17, 2018 — This book takes a holistic view of the cyber world and how it pertains to the United States regarding capabilities, vulnerabilities, policy, and potential strategies. We, as student and instructor in a course entitled Networks for Cyber Operations used this book as one of our texts in the Spring semester of 2016. Author Richard Clarke uses his experience in dealing with nuclear weapons, and his role as a Special Advisor to the President for Cyber Security to explain how the world situation has changed to make cyberattacks a significant threat to the United States.Clarke and Knake do an excellent job of speaking to a general audience (from cyber novices to experienced cyber warriors and hackers). The authors introduce the subject by describing the Israeli cyberattack on Syria before the bombing of a nuclear facility in 2007. This book stays away from the technical aspects of cyberattacks, but provides detailed background information about the Internet and how digitization has created a new battlefield. MORE

The Cyber Defense Review: Cyber Leadership During Uncertain Times

September 5, 2018 — During these uncertain times of relentless cyber onslaughts against critical US infrastructure and DoD networks and systems, cyber leadership has never been so important to effectively defend and manage the national cybersecurity ecosystem. The intensive and crippling nature of cyber conflict requires cyber leadership not only to defend against cyberattacks of significant consequence but to also generate integrated cyberspace effects in support of operational plans and contingency operations. MORE

Financial Stewardship in the Land of “1’s and 0’s”

September 5, 2018 — Budget processes supporting cyberspace operations are uniquely challenged due to their dispersal within Department of Defense (DoD) Services and agencies. This budgetary structure fails to provide the visibility needed to analyze and report on cyberspace investments. Furthermore, this structure fails to provide the resolution, with a high level of confidence, on how the DoD executes money in support of cyberspace operations. Establishing a budgetary process similar to that employed by special operations would synchronize and integrate funding activities to operational functions and tasks. This includes the creation of a cyberspace Major Force Program (MFP) that would provide cyberspace budget lines throughout the department. These proposals would create a budgetary structure that could best serve the unique requirements demanded in cyberspace. Doing so would act to acknowledge the cyberspace domain as a separate environment integrated across all Services. MORE

Toward Automated Information Sharing California - Cybersecurity Integration Center’s approach to improve on the traditional information sharing models

September 5, 2018 — On August 31, 2015, California Governor Jerry Brown signed Executive Order B-34-15, directing the establishment of the California Cybersecurity Integration Center (Cal-CSIC). The new center operates under the auspices of the Office of Emergency Services (OES), with the California Department of Technology, California National Guard, and the California Highway Patrol acting as the key partners in the coordination of cybersecurity related activities within the State. In his Executive Order, Governor Brown tasks the Cal-CSIC with two primary missions: facilitate information sharing across the state and coordinate statewide responses to cyber incidents. Given the increasing threat from cyberattacks to the State government and all California governments, businesses, and citizens, the Cal-CSIC’s mandate is immediate action to mitigate those risks. It takes significant planning and time to coordinate an incident response capability for statewide deployment, therefore, the immediate focus is to create and implement a statewide information sharing program. MORE

The Use of Weaponized “Honeypots” under the Customary International Law of State Responsibility

September 5, 2018 — When most people think of “honeypots,” they picture a plump Winnie-the-Pooh adorably getting stuck while trying to get honey out of a jug—a honeypot. In recent years, the term “honeypot” has migrated to the lexicon of cyberspace and operations. In the rapidly evolving realities ofcomputer security, the term “honeypot” has come to mean: deception MORE

Effective Cyber Leadership: Avoiding The Tuna Fish Effect and Other Dangerous Assumptions

September 5, 2018 — When I owned my advertising agency, I too got the opportunity to pursue a dream of directing. In this case, it was for an advertising commercial, and it taught me a leadership lesson I will never forget. We had been shooting for hours when my producer pulled me over and said we needed to take a half-hour break. “The crew needs it, and it’s Union rules,” he informed me. My assumption was that a break wasn’t necessary and that with the right inspiration, the crew could finish up shortly, saving us money. So, ignoring the advice of the producer, I pulled the entire crew together and gave them what I felt was a highly motivational speech about how great they were doing, how I believed they were up for the challenge, and how if we pulled our energies together, we could finish up shortly. MORE

Cybersecurity for the Nation: Workforce Development

September 5, 2018 — Cyberspace “is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures.” [1] It is the newest military domain affecting the Operating Environment (OE) and the focus of concern by the President of the United States. In the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, President Trump directed the Department of Defense and other agencies across the whole of government to identify a long-term way ahead to address education and retention of cybersecurity professionals. [2] There are two potential programs Chemical, Biological, Radiological, Nuclear (CBRN) Response Enterprise (CRE) [3] and the Civil Air Patrol (CAP), which could provide a framework that supports long-term education and retention of the US government cyber workforce. MORE

Breadth vs. Depth: Best Practices Teaching Cybersecurity in a Small Public University Sharing Models

September 5, 2018 — In recent history, America witnessed cyber breaches at Snapchat, where employees had personal information stolen by way of a phishing scam; Premier Healthcare, which saw unencrypted data pertaining to more than 200,000 users stolen from a laptop; Verizon Enterprise Solutions, who had the information of 1.5 million customers stolen by hackers; and LinkedIn, who saw a 2012 data breach “come back to haunt them when 117 million e-mail and password combinations stolen by hackers four years ago popped up online [1].” These are just some of the many breaches experienced recently, which also included the hacking of a Presidential candidate by actors of a foreign nation-state, potentially an act of cyber warfare. MORE

Cybersecurity Architectural Analysis for Complex Cyber-Physical Systems

September 5, 2018 — In the modern military’s highly interconnected and technology-reliant operational environment, cybersecurity is rapidly growing in importance. Moreover, as a number of highly publicized attacks have occurred against complex cyberphysical systems such as automobiles and airplanes, cybersecurity is no longer limited to traditional computer systems and IT networks. While architectural analysis approaches are critical to improving cybersecurity, these approaches are often poorly understood and applied in ad hoc fashion. This work addresses these gaps by answering the questions: 1. “What is cybersecurity architectural analysis?” and 2. “How can architectural analysis be used to more effectively support cybersecurity decision making for complex cyber-physical systems?” First, a readily understandable description of key architectural concepts and definitions is provided which culminates in a working definition of “cybersecurity architectural analysis,” since none is available in the literature. Next, we survey several architectural analysis approaches to provide the reader with an understanding of the various approaches being used across government and industry. Based on our proposed definition, the previously introduced key concepts, and our survey results, we establish desirable characteristics for evaluating cybersecurity architectural analysis approaches. Lastly, each of the surveyed approaches is assessed against the characteristics and areas of future work are identified. MORE

1 2 3 4 5 6 7 8 9 10 ... 16