July 30, 2024 — Rapid advances in machine learning, deep learning, artificial intelligence (AI), large language models, and generative AI have accelerated efforts to leverage these technologies for military advantage. We refer to these and related technologies as analytics. We present a framework as a guide to achieving “analytic superiority,” which is the operational advantage obtained through the ability to collect data required for analytics; build useful, performant, and robust analytic models; and deploy analytic models in operational systems to achieve objectives, while exploiting or denying an adversary’s ability to do the same. Analytic superiority is best understood in the context of the analytic capabilities of one’s adversaries, who also collect data, build models, and deploy them to achieve their own objectives and defeat the analytics of their adversaries. U.S. cyberspace superiority, which is foundational to military advantage in the physical domains, now depends on prevailing in analytic competition with adversaries and thus requires adopting a strategy and processes to achieve analytic superiority. MORE
|
July 30, 2024 — Zero Trust (ZT), simply defined, is an information security framework which monitors and protects users, assets, resources, and data on a network by positively verifying all activity and never trusting anything by default. With the push to implement ZT across the public and private sectors, this transition between cybersecurity paradigms must be accomplished in a manner that is robust and enduring. This article examines emerging technologies most likely to impart the largest impact on ZT architectures (ZTAs), so that we better anticipate the pluses and minuses that will accompany those technologies. The discussion here focuses on data security, and the potential of each technology to affect security and protection across the lifecycle of data as it is generat¬ed, collected, transmitted, utilized, and stored. Technologies appraised include differ¬ential privacy, confidential computing, homomorphic encryption, quantum technolo¬gy, biological technology, blockchain, and alternative computing methods. MORE
|
July 30, 2024 — Winning is much easier if you have an edge, whether that be better personnel, strategy, and/or technology. Quantum Information Science (QIS) - which includes quantum sensing, networking, communications, and computing - provides a technology that both tactical and strategic commanders will leverage to seize the initiative and create positions of advantage. Optimizing the exploitation of quantum technology will require that senior leaders understand enough about the technology and its fast-evolving applications to outmaneuver and outthink our adversaries. This does not require expertise in all facets of QIS, any more than a computer user needs to know computer design. This article attempts to be an introduction to quantum technology and some of its potential uses in the military operational environment. MORE
|
July 30, 2024 — This article presents a new framework for thinking about data and the risks posed to national security. Taking issue with the prevailing analogy of “data as oil,” this article argues that viewing data as ammunition provides a clearer understanding of the real threats and a familiar path toward risk mitigation in the information space. The “data as ammunition” analogy carries a better intuitive depiction of the risk and why, in the days of increasing storage which keeps data easily accessible seemingly forever, categorizing data through the lens of ordnance classifications can help clarify the risks to force and national security. We close this article with recommendations to adapt current privacy, security, and commercial policies to mitigate the new risks to force and personnel on and off the battlefield. MORE
|
July 30, 2024 — This article explores the potential of large language models (LLMs) to transform dataset creation and analysis in cybersecurity. The proposed method leverages LLMs to overcome the labeled data bottleneck by generating high-quality, task-specific datasets for AI model tuning. Existing network intrusion analysis datasets are synthesized with domain knowledge extracted from cybersecurity literature to create a new dataset tailored for supervised training of zero-day exploit detection systems. LLMs interpret the semantic content of relevant literature to identify crucial characteristics and values of zero-day exploit signatures in network traffic. The resulting synthesized dataset is primarily based on 'organic' data collected by genuine sensors, with key feature characteristics intelligently interpolated by LLMs. This approach enables the creation of suitable training data for high-performance ML models. This article demonstrates the effectiveness of this method by utilizing advanced AI techniques to generate a dataset for zero-day exploit detection, illustrating the potential for accelerated progress in specialized AI for cybersecurity. The proposed solution offers a promising approach to address the challenge of labeled data scarcity in developing specialized AI for cybersecurity, facilitating more efficient and effective protection against emerging threats. MORE
|
April 26, 2024 — I am honored and humbled to be selected as the editor-in-chief of The Cyber Defense Review. I believe the CDR and the combined efforts of this community will push the envelope on the concepts that will keep the competitive balance tilted in our favor. As we look into the future, to where today’s disruptive technologies and innovation converge, I look forward to having an interactive dialog with readers and writers from across the community to help solve the problems of today as we adapt to long-term global competition and build the campaigns that will have lasting impacts ten years out and beyond. MORE
|
April 26, 2024 — A senior civilian in USCYBERCOM asked me “What matters more: the message or the ability to send that message?” I pondered it momentarily, trying to decide on what message was critically important—was it a 911 call? A call for fire at a critical point in battle? These are critically important. However, the message is meaningless if you do not have a way to send it. It suddenly became clear to me where he was going: it is the ability to send a message that is important. The ability to communicate is paramount to just about everything we do, and cyber turns that ability on or off. After more than a year as the Director of the Army Cyber Institute, I’m not so sure anymore. The articles in this edition of the CDR display that even in this one cyber journal, we look to the history of what we know to help describe the future of cyber, yet there are gaps, and it is difficult. MORE
|
April 26, 2024 — As I look back on 2023, increased tension and conflict around the world highlight the importance of our capabilities and the need for continued efforts to deter aggression and remain fully prepared to prevail in conflict when necessary. Every Soldier and civilian of ARCYBER is keenly aware of these conflicts, and more pointedly, conflict in cyberspace is now an integral element of enduring strategic competition amongst nations. Conflicts in both Ukraine and Gaza have revealed that all belligerents are operating in the cyber domain to support their tactical and strategic objectives. The persistent nature of around-the-clock cyber competition, and continuous preparations for crisis and conflict, requires constant adaptation to optimally employ our limited resources. Often, I am asked, “How exactly does ARCYBER contribute to or support the Army, U.S. Cyber Command (USCYBERCOM), and our overall National Defense?” This simple, straightforward question has a five-part answer.
MORE
|
April 26, 2024 — On October 30, 2023, the Administration released Executive Order (EO) 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). For several reasons this EO lays a light hand on the Department of Defense (DoD). The DoD had and was already implementing “responsible AI” safeguards for defense programs. A public debate over AI for some time has been in progress among political and IT capital goods elites over a rising concern that uncontrolled commercial and government use of AI is spreading too rapidly into all private and consequential aspects of citizens’ lives but these are areas in which DoD generally plays a limited role. However, adversaries and vendors also get a vote in the future of trust with AI and DoD. MORE
|
April 26, 2024 — ARCYBER is challenged to balance the demands of mission commanders requesting defense of critical missions, Congress directing actions to defend critical resources, and intelligence reports, all resulting in diversion of resources to address perceived threats. Mission Thread Analysis (MTA) is a process to help build understanding and consensus between customers (operational force) and providers (network operators and defenders), offering an analytical framework where both sides detail their operational and technical requirements. ARCYBER redesigned and formalized the MTA process to help inform prioritization, training,
team employment, and optimization of Defensive Cyber Forces.
MORE
|