June 11, 2015 — I have been asked multiple times what my emotions were the night I learned that I would be branching cyber. The night was like any other branch night at West Point with all of the First Class cadets anxiously awaiting their fate as army officers. The only difference with this branch night as opposed to the previous decades of them was the inclusion of the new branch, Cyber, to the list of possibilities. I knew going into this night that there were roughly forty to fifty cadets that were competing for Army Cyber slots. All of us had put in work through a selection process known as the Cyber Leader Development Program in which our talents, experiences and skills were assessed by a mentor. I thought my chances were decent because I had put hours into my application packet and had done everything I had been asked to do. I knew I would branch either Army Signal or Army Cyber. My grandpa had been an officer in the Army Signal Corps so I had a historical connection to Army Signal, but my hope and dream was to branch Army Cyber. MORE
|
May 29, 2015 — This paper discusses the benefits and drawbacks of quantum computing and quantum cryptography, subsets of the field of Quantum Information Processing (QIP). This field uses quantum mechanics for information processing rather than classical mechanics and portends game-changing implications to technologies long-relied on by military organizations, including computing, communication, and cryptographic systems. Quantum information processing may provide advantageous to Army operations in two areas: massive parallel processing and secure key distribution.
Quantum mechanics allows a single quantum computer to compute as dozens or even hundreds of classical computers, known as ‘quantum parallelism.’ This is leading to a new paradigm in computing as these computers undermine current cryptographic systems. Continuing work in other families of cryptographic systems shows promise for being unaffected by quantum processing and quantum mechanics allows for the creation and distribution of completely secret keys. This solution may require fielding a new generation of cryptographic hardware systems throughout the Army. Quantum parallelism applies to data searching, providing a polynomial speed-up for searching large databases, such as cloud storage, personnel systems, or intelligence repositories.
“If a quantum computer is ever built, much of conventional cryptography will fall apart!” (Giles Brassard, 1984)
MORE
|
May 11, 2015 — What is it like to fight in cyberspace? Almost every paper regarding cyberwarfare depicts a battlefield, wild and open, where “cyberwarriors” move like a hunting pack; smart, sharp and agile. Reality is obviously far from that. Thus, the digital battle is usually compared to what happens in real life and the strategic approach of cyberspace stresses the parallel with the open spaces and naval theories. It may seem relevant up to a certain point, but at the tactical level, we surely have to change our mind, and start to think “outside the box”. MORE
|
May 5, 2015 — The reports on the new Department of Defense (DoD) Cyber Strategy were typical; each highlighted what was put in or left out of the document in accordance to what their authors wanted to report. On the whole they hit the mark in pointing out that this 2015 cyber strategy was more transparent, emphasized deterrence and innovation, and that DoD would partner for a “whole of government approach.” Presumably this is what the DoD, and this Administration, wanted. MORE
|
May 1, 2015 — Fighting evil consistently requires you to proactively investigate it, hunt it down, and kick in the door where you find it. Organizations must evolve their security operations to hunt intruders and either eradicate them from the network or confirm that they were not there in the first place.
By integrating timely threat intelligence, security practitioners can deploy an active defense specifically targeted at critical resources rather than focusing on the outer perimeter. Defenders will improve their effectiveness, and attackers will seek out softer targets.
The term “Active Defense” has been used, abused, and misconstrued. Learn how to expose your cyber enemies and eradicate them from your network by leveraging anomaly analysis, active hunting, cyber-recon by fire, and clear-and-hold missions. We’ll discuss these and other tactics to show why the best defense is an active defense.
MORE
|
April 28, 2015 — Recently, a group claiming association with ISIS called the “Cyber Caliphate” began a campaign of online vandalism by announcing that they hacked several government accounts, seized sensitive documents and was actively monitoring U.S. troop movement.[1] But does their recent attention mean that an ISIS-sponsored cyber-attack is imminent? No – far more likely is these account managers fell victim to less technical attacks such as phishing emails, or perhaps had a password in the 25 most popular passwords list. The most noteworthy episode occurred with the hijacking of the U.S. Central Command’s (CENTCOM) Twitter account. Purporting that they had ‘hacked’ CENTCOM, ISIS sympathizers changed the military organization’s banner to that of a masked ISIS member. MORE
|
April 7, 2015 — Technology has provided ease in accessing media, financial markets, and global communication. Society and criminals have benefited from these same developments in technology, causing an increase in cyber-criminal activity. In 2014, McAfee estimated that the cost of global cybercrime is 0.8% of global GDP;[1] making cyber crime a national and international security threat. The Russians, Nigerians, Ghanaians, and Chinese are some of the best-known cyber criminals, and while groups use similar tactics, their motivations, organizational structures, and culture differ. In analyzing why individuals and organized criminal groups participate in cyber crime, and the culture and history behind the groups policy makers and the international community can make more personalized approaches in combating transnational cyber crime. Right now there are many difficulties in combating cyber crime including attribution, lack of international cooperation, and limited resources in law enforcement. Cyber crime is becoming accepted as the ‘cost’ of doing business online, with stakeholders underestimating the impact it has on security, economy, and innovation. Unless the barriers to entry and cost for cyber criminals is raised, cyber crime will continue to threat international security, economic growth, and technological innovation. MORE
|
April 7, 2015 — CSI: Cyber is getting beat-up by the information security community and at first we went along for the ride. You have to admit it is fun to play cyber bingo, live tweet during the show, or critique the technical inconsistencies, but there is something more here, something very important. The security community has long fought an uphill and losing MORE
|
February 23, 2015 — Tinker
As a child, I loved when birthday time came around. Not only mine, mind you – but also my brother’s. Whenever he received a shiny new radio-controlled car, it meant an afternoon full of disassembly and exploration was in my future. I took a certain delight in tinkering, hacking, and repurposing all kinds of materials, often to the chagrin of my younger sibling. In the same way that my childhood hero, Angus MacGyver, saw the ordinary paperclip as the life-saving ingredient to a just-in-time solution, I envisioned the fantastic lives that regular household materials could live. This insatiable hunger to find out what’s inside has undoubtedly driven me to my current career path as a Cyber Officer. While there was no path becoming a Cyber Officer when I first joined the military, I believe my interests in technical exploration positioned me well to join the Army’s newest branch. While the Army is placing significant resources into growing Cyber-related career fields by refining doctrine and funding excellent training opportunities, it’s also important for the service and its prospective technical leaders to leverage the well-established community of hobbyists known as makers.
MORE
|
February 12, 2015 — By declaring cyberspace an operational domain, the Department of Defense (DoD) acknowledged the criticality for successfully projecting combat power in the domain,[1] and therefore directed all services to create a component command subordinate to U.S. Cyber Command (USCYBERCOM).[2] Since the declaration of this entirely new operational domain, the Army has faced significant challenges such as determining the force structure requirements, capabilities, and the skills required of its cyberspace operators. In order to build a force capable of operating in cyberspace, the Army must determine how to recruit, assess, train, and retain those with the required talent. However, the Army is not the only organization seeking individuals with the ability to operate in cyberspace and it is widely recognized that there is a small talent pool from which to recruit. According to a recent Rand Institute Report, there already exists a shortage of qualified personnel in general, and that problem is exacerbated within the federal government. Such a dearth of talent potentially undermines the nation’s security in cyberspace.[3] MORE
|