June 28, 2016

The Number One Vulnerability in the Future of Cyber Security: A Critical Lesson for all Organizations

Since 1958, NASA has been the foremost symbol of American excellence in science and exploration, inspiring generations of engineers around the globe to achieve the impossible through advanced technology. With each of its defining events, NASA pushes humanity further into the future, bringing scientists more information about our universe than ever dreamt possible. But while NASA was reaching for the stars, other forces were secretly at work. In the dark recesses of the agency’s computers and network servers, intruders were lurking. After months of covert access, a hacktivist group called AnonSec obtained 276GB of sensitive data including flight logs, videos, and personal information from thousands of employees (Thalen 2016). This post examines how such an established institution of advanced technology could fall prey to cyber hacking, the glaring warning signs, and the one key lesson all organizations should learn from this historical event.

May 16, 2016

Division Cyber Operations

Modern adversaries can now integrate cyber operations into military plans. Recent events have shown that rival governments can not only develop cyber-attack plans, but synch them to achieve national goals. The U.S. Department of Defense must begin integrating and normalizing the use of cyber effects. While there are numerous methods to begin that process, the key is choosing a method and beginning the long process of training in its employment. The primary level this training should be performed is at the Army Division level. Often, the division is the first major headquarters that can develop a list of requirements to submit to the Joint Task Force Headquarters or the Combatant Command. With that in mind, training at home station and during operational level exercises is absolutely necessary. Simulation technology will catch up with cyber operations in due course, but this is no reason to not begin training now. As a military, the US faces adversaries that have proven their ability to integrate offensive cyber effects from the tactical up to the strategic level. Though multiple methods exist to request and execute Cyber Operations (CO) at the division level, the bigger and more looming problem is the lack of training in utilizing these effects, and being ready to put these effects to use on the battlefield. For the United States to keep pace with near-peer nations, it must train on and prepare to use these effects in a real-world combat environment.

May 6, 2016

Indiana Exercising Plans to Combat Cyber Threats: Preparing for CRIT-EX 2016

On the 21st and 22nd of March, 2016, Indiana hosted its inaugural Defense Cyber Summit (DCS), which aimed to advance the state’s cyber readiness and preparations against a cyberwarfare attack. Spurred on by Admiral Michael Rogers, the Commander of the U.S. Cyber Command, who in 2014 called cybersecurity “the ultimate team sport,” Indiana has purposefully adopted a culture of collaboration between government organizations, private firms, non-profits, and academia to improve the state’s response and resiliency to a significant cyber incident. This team approach will counter cyberattacks intent on degrading Indiana’s economic capacity and threating the critical services of its citizens [1]. Under the umbrella of the Applied Research Institute (ARI), organizations such as Purdue University, Indiana University, Crane Naval Surface Warfare Center, the Cyber Leadership Alliance, the Indiana National Guard, and the Indiana Department of Homeland Security have partnered together to address and propose solutions to Indiana’s cyber security challenges. This effort is boosted by the Indianapolis-based Lilly Endowment support of nearly $16.3 million that is funded through a grant from the Central Indiana Corporate Partnership Foundation. The ARI is working to foster collaboration, research, and problem solving on cyber threats to Indiana’s critical infrastructure [2].

May 2, 2016

Applied Research in Support of Cyberspace Operations: Difficult, but Critical

Cyber security as a work domain and commercial sector is relatively new, but has been maturing rapidly over the past 20 years. Cyberspace operations, on the other hand, are synchronized military activities to identify, degrade and/or deceive threat actors in cyberspace. Cyberspace operations are inherently dynamic due to changing technology and tactics of malicious actors. Recent increases in the number and scale of cyber incidents have illustrated the need for improved coordination across the Cyber Mission Force as well as improved feedback and accelerated technology transition between operational research, and development communities. This paper presents arguments for improving cyberspace operations with sustained efforts to understand cyber work and the impacts of technologies on the people who perform it. The Cyber Immersion Lab, operated by USCYBERCOM, is an activity that is demonstrating the strengths of this approach.

April 11, 2016

How Do Cyber Operations Look in 2025?

The United States military has made significant strides to counter the increasing number of worldwide cyber threats. Recently, the U.S. Army created a Cyber Branch as the newest of its basic branches. Now the transition becomes necessary to integrate the Cyber Branch into its important, future everyday role on the battlefield. Currently, most of the cyber force is congregated in certain branch specific areas. This allows for effective command and control of these units, but limits their operational utility. Despite being able to access cyberspace from anywhere in the world, using cyber to its full capability requires adaptation at the tactical level, and on the battlefield. The definition of cyber is “of, relating to, or involving computers or computer networks.”[1] A dedicated cyber force is important for defense and offense alike on the national stage, but what about cyber on the battlefield? With the increase of computers and accompanying networks on the battlefield, a deployable cyber force becomes a necessity. One of the ‘game changers’ on the modern battlefield are the multiple missions conducted by U.S. Special Operations Command (USSOCOM). These highly trained professionals have been rapidly deployed worldwide in support of Operation Enduring Freedom and Operation Iraqi Freedom. Now with US military operations in Afghanistan transitioning, special ops missions will stay constant. With over 66,000 personnel assigned to USSOCOM, and more than a $10B budget, this is one segment of the military that is not decreasing in size.[2] Operations occur worldwide, from the Middle East to South America to Africa. This force is focused on US strategic interests, while operating with a reduced signature to accomplish their mission in sensitive and dangerous environments. But how can this force increase its effectiveness? Integrating cyber operations with the special operations community will enhance this elite fighting force effectiveness by 2025 with the addition of one cyber operations specialist to every tactical Special Operations Forces (SOF) team

March 28, 2016

Maintaining Massive Networks Through Automation And Management Tools

Computer networks are no longer the isolated, small, and static webs of the 1970s. With the number of devices connected to the internet quickly surpassing the world’s population, the ability to manage massive networks has become increasingly difficult. Additionally, the variety of devices which now access networks has gone from single home computers to include watches, tablets, smart phones, and all types of vehicles. This increase in size and complexity has created a huge burden on network security professionals. The amount of data entering and exiting many networks far exceeds what a network security staff is able to effectively monitor. With the help of automation tools and modern management strategies these challenges can be overcome. Network security professionals need to look to tools such as Splunk and the Meraki Cloud Platform to intelligently filter and focus on critical pieces of data. Additionally, they need to utilize strategies such as the Continuous Diagnostics and Mitigation (CDM) program to make error detection and response fluid and systematic.

March 22, 2016

Can Intelligence Preparation of the Battlefield/Battlespace Be Used to Attribute a Cyber-Attack to an Actor?

With countless cyber-attacks coming from advanced persistent threats (APTs) attribution for these attacks is increasingly important to calculate the damage and response as well as preventing future attacks. Establishing a framework is a way to increase analytic confidence in attribution, intelligence preparation of the battlefield/battlespace (IPB) combines elements of the battlefield and adversary which fall in line with cyber-attribution. Pulling elements of ‘OAKOC’ and ‘ASCOPE’ as well as components of the adversary the connections between the two disciplines is evident, and is shown in a graph on page 12. The overlap between IPB and cyber-attacks becomes more evident when applying the methodology to two hypothetical cyber-attacks from APTs: Axiom and APT1. As APTs reuse their tactics, techniques, and procedures (TTPs) and toolset patterns and signatures can be detected and identified utilizing cyber-IPB leading to attribution. However, APTs utilize innovative obfuscation techniques which could hamper cyber-IPB attribution. Combined with effective indicator and malware-analysis cyber-IPB provides a framework for cyber-attribution.

March 21, 2016

Economic Ethics: A Case for Applying the Ethics of Sanctions to Cyber Conflict

Cyber conflict is a growing alternative and supplement to traditional armed conflict. Recent scholarship has sought to apply the traditional ethics of war, Michael Walzer’s just war theory of jus ad bellum and jus in bello, to this novel form of combat. Yet, this framework does not apply perfectly. Cyber conflict presents challenges to the jus in bello principle of distinction, among others, which makes utilizing any form of cyber attack as unethical; yet, naively cyber conflict can be far more humane, and thus more ethical, than traditional war. An extension of just war theory to more accurately guide economic sanctions, the humanitarian proviso, can replace the standard principle of distinction and create a more accurate moral framework for cyber conflict.

March 10, 2016

Big Data is Dead, Long Live Big Data

The Gartner Hype Cycle, which assigns emerging technologies into 5 regions: Innovation Trigger, Peak of Inflated Expectations, Trough of Disillusionment, Slope of Enlightenment and Plateau of Productivity. In 2014, Big Data was at the edge of the Peak of Inflated Expectations, where the hype has already generated an enormous amount of goodwill through amazing success stories, and on a descent towards the Trough of Disillusionment, where the rate of new successes relative to the Peak creates a depressed sense of its novelty. Big Data fell off the chart in 2015.

March 1, 2016

Sticks and Stones – Training for Tomorrow’s War Today

‘I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.’ – Albert Einstein Technology is great, when it works the way we want it to. Over the last couple years it seems the ever-mounting stream of hacks could leave even the most stoic of technologists cringing. As researchers at the Army Cyber Institute at West Point, our task is to be forward thinking and anticipate the hill after next. We are one part of the Army’s robust effort to address cyberspace issues of today and tomorrow. Along with our cross-service and cross-agency partners we are making progress: we are working our way through a highly disruptive era in technology and politics to find solutions ensuring the security of the United States. At the same time, as we step forward into the complexity of a fully integrated future, we must not lose sight as a military of the fundamentals of fighting and defending the security and interests of the nation. The more the tools and gadgets of modern warfare are challenged by state and non-state actors, the more critical it becomes that our men and women in uniform maintain the fundamental skills of warriors from previous generations.