April 28, 2015 — Recently, a group claiming association with ISIS called the “Cyber Caliphate” began a campaign of online vandalism by announcing that they hacked several government accounts, seized sensitive documents and was actively monitoring U.S. troop movement.[1] But does their recent attention mean that an ISIS-sponsored cyber-attack is imminent? No – far more likely is these account managers fell victim to less technical attacks such as phishing emails, or perhaps had a password in the 25 most popular passwords list. The most noteworthy episode occurred with the hijacking of the U.S. Central Command’s (CENTCOM) Twitter account. Purporting that they had ‘hacked’ CENTCOM, ISIS sympathizers changed the military organization’s banner to that of a masked ISIS member. MORE
|
April 7, 2015 — Technology has provided ease in accessing media, financial markets, and global communication. Society and criminals have benefited from these same developments in technology, causing an increase in cyber-criminal activity. In 2014, McAfee estimated that the cost of global cybercrime is 0.8% of global GDP;[1] making cyber crime a national and international security threat. The Russians, Nigerians, Ghanaians, and Chinese are some of the best-known cyber criminals, and while groups use similar tactics, their motivations, organizational structures, and culture differ. In analyzing why individuals and organized criminal groups participate in cyber crime, and the culture and history behind the groups policy makers and the international community can make more personalized approaches in combating transnational cyber crime. Right now there are many difficulties in combating cyber crime including attribution, lack of international cooperation, and limited resources in law enforcement. Cyber crime is becoming accepted as the ‘cost’ of doing business online, with stakeholders underestimating the impact it has on security, economy, and innovation. Unless the barriers to entry and cost for cyber criminals is raised, cyber crime will continue to threat international security, economic growth, and technological innovation. MORE
|
April 7, 2015 — CSI: Cyber is getting beat-up by the information security community and at first we went along for the ride. You have to admit it is fun to play cyber bingo, live tweet during the show, or critique the technical inconsistencies, but there is something more here, something very important. The security community has long fought an uphill and losing MORE
|
February 23, 2015 — Tinker
As a child, I loved when birthday time came around. Not only mine, mind you – but also my brother’s. Whenever he received a shiny new radio-controlled car, it meant an afternoon full of disassembly and exploration was in my future. I took a certain delight in tinkering, hacking, and repurposing all kinds of materials, often to the chagrin of my younger sibling. In the same way that my childhood hero, Angus MacGyver, saw the ordinary paperclip as the life-saving ingredient to a just-in-time solution, I envisioned the fantastic lives that regular household materials could live. This insatiable hunger to find out what’s inside has undoubtedly driven me to my current career path as a Cyber Officer. While there was no path becoming a Cyber Officer when I first joined the military, I believe my interests in technical exploration positioned me well to join the Army’s newest branch. While the Army is placing significant resources into growing Cyber-related career fields by refining doctrine and funding excellent training opportunities, it’s also important for the service and its prospective technical leaders to leverage the well-established community of hobbyists known as makers.
MORE
|
February 12, 2015 — By declaring cyberspace an operational domain, the Department of Defense (DoD) acknowledged the criticality for successfully projecting combat power in the domain,[1] and therefore directed all services to create a component command subordinate to U.S. Cyber Command (USCYBERCOM).[2] Since the declaration of this entirely new operational domain, the Army has faced significant challenges such as determining the force structure requirements, capabilities, and the skills required of its cyberspace operators. In order to build a force capable of operating in cyberspace, the Army must determine how to recruit, assess, train, and retain those with the required talent. However, the Army is not the only organization seeking individuals with the ability to operate in cyberspace and it is widely recognized that there is a small talent pool from which to recruit. According to a recent Rand Institute Report, there already exists a shortage of qualified personnel in general, and that problem is exacerbated within the federal government. Such a dearth of talent potentially undermines the nation’s security in cyberspace.[3] MORE
|
February 9, 2015 — The U.S. Army’s Field Manual 3-24, Counterinsurgency, broke the mold for Army doctrine, providing insights into counterinsurgency operations that were largely unknown to U.S. military professionals and offering techniques that could be applied at both the operational and tactical levels to improve local conditions. The manual also highlighted the complex nature of counterinsurgency operations, providing a list of paradoxes, or seemingly contradictory truths, that highlight the difficulties inherent in this type of military operation. Many parallels can be drawn between counterinsurgency and cyber operations, and practitioners of both face challenges even more complex than those encountered in more traditional, kinetic military operations. Herein we provide a list of cyber paradoxes in the spirit of the counterinsurgency paradoxes given in FM 3-24. Through these paradoxes, we hope to highlight the inherent complexity of cyber operations and provide insights to those who hope to be successful in this new operational domain. MORE
|
January 23, 2015 — The nation that will insist upon drawing a broad line of demarcation between the fighting man and the thinking man is liable to find its fighting done by fools and its thinking by cowards.
– Sir William Francis Butler, 19th-century British Lieutenant General
After more than a decade at war, the Army is not the same institution that I joined before the 9/11 terrorist attacks. Traditions that bound generations of service members together have been forgotten and institutional knowledge has vanished. The development of leaders in a fiscally constrained environment is one of the key skills that has been lost. With military budgets shrinking now, the art of developing leaders prepared to handle diverse situations seems a daunting challenge. We have relied on mobile training teams, scripted rotations in the box[1], and deployments in sustained bases to train Soldiers and Leaders to handle typical scenarios. All of which incur expenses that are no longer sustainable, while none of them truly focus on stretching leaders’ skills and capabilities to handle the unknown.
MORE
|
January 23, 2015 — In a recent trip to Aberdeen Proving Ground, MD, members of the Army Cyber Institute (ACI) visited the Communication-Electronics Research, Development and Engineering Center (CERDEC) of the US Army’s Research, Development and Engineering Command (RDECOM).
Led by Director Henry Muller’s, CERDEC’s six directorates support its mission to develop engineering technology solutions for America’s Soldiers. On this particular visit, the ACI met with Mr. Kevin Boyle, Chief Technology Officer of the Intelligence and Information Warfare Directorate (I2WD) and Dr. Paul Zablocky, Director of the Space and Terrestrial Communications Directorate (STCD). The visit included not only command briefs from senior leaders of their respective organizations, but also tours of several of CERDEC’s labs and facilities. The ACI discovered some great opportunities for collaboration with these very talented Civilian Engineers, Scientists and Technicians.
MORE
|