July 31, 2018 — Our world is facing explosive growth in data being communicated on and generated by its people, their systems, and their networks. More data has been created in the past two years than in the entire previous history of mankind (Heidorn, 2016). By 2020, our digital universe of data will grow to 44 zettabytes (or 44 trillion gigabytes) which is ten times its size today. The enormity of this data and our ability to apply advanced technology to leverage it to gain new insights is often described as the era of “big data.” The study and application of big data spawned a new interdisciplinary field known as data science which combines the domains of operations, mathematics, and computer science as well as several ancillary fields such as social science, intelligence, and economics. The application of data science has already shown great promise in a wide range of fields from medicine to business. MORE
|
July 31, 2018 — Both the Department of Defense (DoD) and the North Atlantic Treaty Organization (NATO) have declared that cyber is a “domain”, co-equal with air, land, and sea. DoD also recognizes space as a domain. Merriam-Webster defines a domain as a sphere of knowledge, influence, or activity. [1] Although DoD does not define “domain”, it does define cyberspace as “A global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.” [2] No one has yet proposed what the cyber domain is, where militaries should be operating in cyberspace, and what missions’ militaries should be doing in cyberspace. This article identifies what DoD says their missions are in cyberspace and discusses what areas are appropriate for military operations in cyberspace. Additionally, it argues that militaries must be very careful about what missions they accept in cyberspace, and must circumscribe their forays into cyberspace lest they are overwhelmed by the sheer scope of the domain. MORE
|
July 31, 2018 — Cybersecurity control frameworks, the foundation of security practices in any enterprise today, are becoming less significant with the evolving cyber threat landscape--driving a response towards innovation in control design and resulting in the deployment of unconventional controls. Control frameworks will remain essential, but they alone are no longer sufficient to avoid significant data loss from cyber breaches. In some respects, this represents an 180° change from how our cybersecurity professionals were trained over the past several decades. MORE
|
July 31, 2018 — Each strategy has a foundation—an overarching way of explaining why things are the way we see them, and how to successfully reach our goals. Therefore, strategy is theory-based because theory provides an intellectual framework for predicting outcomes leading to the end goal the strategy pursues. This article will present the strategic cyberwar theory whose utility is tied to the likelihood of institutional instability in the targeted nation. In an ideal scenario, a nation conducts systematic cyber attacks against the targeted adversary’s institutions triggering the dormant entropy embedded in a nation possessing weak institutions. This will lead to submission to foreign will and intent. MORE
|
July 31, 2018 — While the United States (US) fought two wars over the past decade, its adversaries were evolving their technology for fighting in the electromagnetic spectrum (EMS). In his 2014 monograph, Dr. Larry M. Wortzel writes “the PLA [Chinese People’s Liberation Army] is updating 21st century mechanized and joint operations, combining them with electronic warfare—what the PLA calls “fire power warfare”–and precision strike.” [1] New doctrinal concepts ranging from the tactical to operational levels of employing traditional signals intelligence and electronic warfare lead this change movement in China. [2] Included in the transition is cyber warfare, which details both kinetic and non-kinetic effects across the EMS. [3] We have seen similar advances in capability from Russia in the ongoing conflict in Ukraine. The Ukrainian military has witnessed first-hand the actual effectiveness of Russian electronic warfare (EW) technology and tactics. [4] Russian artillery has demonstrated the synergistic effects of EW and commercial off-the-shelf (COTS) small-UAS platforms when paired with jamming, indirect fire, and direct fire assets [in Ukraine]. [5] The Russians have utilized EW capabilities to geolocate Ukrainian signals and their associated forces, then fixed the formation with UAS, and finished these forces with jamming of mission command frequencies while delivering devastating barrages. MORE
|
July 31, 2018 — Although the cyber realm is a comparatively new environment, with professionals typically setting the origins in the mid-19th century with the communications network established in support of the Anglo-French-Piedmontese force in the Crimean War, many of the imperatives of security and defense in the physical realm offer significant continuity as well as areas for profitable comparison. The historical vantage point empowers, through the use of relevant analogy and studious research and analysis. A cyber-conscious study of the early progress toward fortification of the Hudson River during the American Revolutionary War illuminates themes about the primary security role played by defensive constructions: to guarantee time that permits an active and coherent response against an adversary. It also demonstrates the vital role played by leaders who recognize security challenges and the need for expertise that can translate policymakers’ support and resources into an effective security system. This essay uses the period from 1775-1777 to highlight these issues, setting the stage for the development of expert-designed fortress construction beginning in the spring of 1778 (to be examined in the author’s next contribution to the CDR). MORE
|
July 31, 2018 — In January 2017, the U.S. Office of the Director of National Intelligence published a highly unusual public report outlining the Russian state-sponsored cyberenabled campaign to distract, disrupt, and skew the 2016 U.S. elections. [1] This latest influence campaign and continuing activities in both the U.S. and other Western countries are increasingly acknowledged as part of a broader, ambitious Russian strategy of strategic competition to restore its European sphere of influence, and erode other countries’ subscription to the Western liberal economic and political order. [2] MORE
|
July 31, 2018 — We are living in a time when virtually anything can be connected to the Internet: from smart clothing to autonomous driving to near realtime management of assets in agriculture, manufacturing, logistics, and more—the possibilities are endless. Among this connectedness, the smart cities trend continues to gain momentum. In November 2017, a real estate investment firm owned by Microsoft co-founder Bill Gates announced they purchased nearly 25,000 acres, approximately 45 minutes west of downtown Phoenix for $80 million for development into a smart community. [1] Similarly, Google's parent company, Alphabet, committed $50 million for a Toronto neighborhood development, AT&T is investing nearly $3 billion in the Atlanta area to enhance smart-city networks, and Saudi Arabia is forecasting a $500 billion investment in a mega-city spanning three countries intended to “push the boundaries of innovation.” [2,3] A smart base may be able to take advantage of the same benefits anticipated for a smart city, with added military capabilities—mission assurance and mission command. MORE
|
July 31, 2018 — SOCIAL MEDIA—BEGINNINGS When discussing the origins of social media, researchers usually start in the 1980s and the Bulletin Board Systems (BBS). They were a kind of online meeting room that allowed users to download games and other files, and leave messages to co-users. The social aspect of this exchange was pretty clear, but the interaction was rather limited and slow due to technological reasons. What is more important, the social interaction had a rather random character—people did not know who was sitting at the other end of the telephone line. MORE
|
July 31, 2018 — Modern defense platforms are at increasing risk of cyber-attack from sophisticated adversaries. These platforms do not currently provide the situational awareness necessary to identify when they are under cyberattack, nor to detect that a constituent subsystem may be in a compromised state. Long-term improvements can be made to the security posture of these platforms by iterative application of cyber risk assessments and subsystem hardening, but this is a time-consuming and costly task. Monitoring platform communication networks for malicious activity is an attractive solution for achieving improved cyber security on defense platforms in the near term. The MIL-STD-1553 bus is central to the operation of a broad range of defense platforms, making 1553 security solutions generally applicable. This article presents our research into the susceptibility of modern defense platforms to cyber-attack. We discuss risk factors contributing to cyber access, and command and control channels. We then describe a range of platform cyberattack classes, while considering the observables and indicators present on the 1553 bus. Finally, we examine factors and considerations relating to implementation of a “Cyber Warning Receiver” solution approach for detection of such attacks. MORE
|