Digital Conflict blog


Kevin Coleman

Digital Conflict

By Kevin Coleman

View all blogs

False sense of cybersecurity

Cybersecurity has now moved front and center in the government and private sector alike. This is due to a number of factors including the frequency of cyberattacks, the sophistication of those attacks and, most importantly, their implications. Why do you think Russia has moved to typewriters in order to stop the flow of compromised information? That speaks volumes about the state of cyber insecurity.

Organizations routinely leverage standards and regulations like the Federal Information Security Management Act as the foundation of the enterprise security strategy. In a National Institute of Standards and Technology document addressing FISMA, the following section was included under the topic of what an effective information security program should include:

“Periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than annually.”

The cyberwar gaming component has become a hot topic as of late. It is being used to evaluate the effectiveness of cybersecurity efforts and programs that have been implemented by organizations. However, the way an organization addresses the cyberwar game scenario significantly impacts the value of the exercise. Many organizations are staffing both the red (attackers) and blue (defenders) from inside the organization. That has a number of shortcomings, least of which is bias of those selecting the team members. In one instance those designing the evaluation exercise actually stated, “We want our security team (blue defenders) to win. We want to build their confidence.” That is a dangerous as it gives a false sense of cybersecurity and does not meet the intent of the NIST/FISMA section identified above.

At a recent cybersecurity event, one individual went as far as to suggest taking the same approach as was used in the Payment Card Industry security compliance requirements for FISMA. That would mean an independent evaluation of an organization’s cybersecurity program. At a minimum all organizations should be using outside objective red teams. That would give a much better evaluation of the effectiveness of the cybersecurity measures that were put in place. Cybersecurity is too important to shortcut the evaluation of cybersecurity measures.

Posted on Jul 18, 2013 at 6:07 AM2 comments


The digital–physical intersection

The boundaries between the physical and the digital worlds of conflict have been blurring for many years and will continue to do so at an ever increasing pace. More and more individuals have learned how to conduct espionage and launch attacks in the cyber domain. In a few instances, the cyber domain mirrors experiences that we have had in the physical world. In many cases, cyber capabilities can and are being used to augment physical world initiatives. There is strong evidence that this combined approach has increased the overall effectiveness of our intelligence and military forces.

Mission planners are busy finding new and innovative ways to leverage the best of both worlds in their military and intelligence efforts. Several knowledgeable sources have exclaimed that the possibilities seem endless. The implications of the combined efforts will only grow in importance as more countries become what have been termed “addicted” to integrating the Internet into virtually every aspect of their government, businesses and the lives of their citizens. Businesses are now embedding computing capabilities and connectivity into everything – eyeglasses, clothing and the applications are only limited by our creativity.

We have created a complex, technologically intense environment in which we live and work. There will be breakthrough applications coming out regularly at the digital and physical intersection. There is no going back. With all of the possibilities that this environment creates, it is critical we begin designing security into these systems from scratch and stop treating security as an afterthought or add-on. The greatest concern is whether the United States will have the technical resources (scientists, engineers and technicians) needed for what is ahead. With so much at stake, we had better make sure that we do.

Posted on Jul 11, 2013 at 8:31 AM0 comments


Re-thinking cyber training for officers

How we train the next generation of officers who will lead our cyber forces is an emerging issue for the U.S. military. I previously covered some technical cyber training programs back in February 2011, but I did not address cyber training at the officer’s level.

Some experts think we have contracted a severe case of tunnel vision when it comes to cyber training, concentrating only on the technical aspects of the cyber domain.  I agree to an extent, but even though parts of the U.S. military do offer cyber training for officers, I find the curriculum lacking. 

That’s why we must update the cyber skills of officers, many who rose through the ranks on the fringes of the computer and networking revolutions. Based on many years of research and reflection on cyber issues, here is my recommended curriculum for training the next generation of officers who will lead our cyber forces:

1. Cyber conflict background: This introductory course would cover the current state of cyber threats and vulnerabilities.

2. Understanding cyberattacks: An examination of cyber weapons, cyber intelligence and the cyberattack process.

3. Cyber activism, cyber terrorism and virtual states: A survey examining current attributes and capabilities.

4. Leading and managing highly technical individuals: This one speaks for itself.

5. Measuring and reporting on cyberattack defense: The focus here is on status and progress evaluation.

6. International issues and laws related to cyber conflict: The international rules of the road, including how DOD interacts with the United Nations, NATO and State Department.

7. Global technology reliance – Economy and infrastructure: Taking into account finance, trade and global communications.

8. Emerging technologies and the cyber implications: What disruptive new technologies will emerge over the next three to five years and what do they mean for cyber defense.

9. Hybrid military operations: Coordinating cyber and physical mission planning and operations.

10. Leading and managing cross-functional teams: Leveraging a team approach to cyber operations. 

The transition from traditional military thinking to a multidimensional approach that takes into account cyber operations is well underway. Given that reality, it is important remember that the cyber domain is continuously changing with new threats, attack vectors and defense technologies emerging regularly. Coping with that threat will require continuing education at both the officer’s level as well as our cyber soldiers’. 

Posted on Jul 03, 2013 at 10:53 AM7 comments


Are NSA's capabilities outclassed by GCHQ?

This will not surprise many of you, but more leaked information about cyber intelligence collection activities has surfaced. This time the leaks are about British Government Communications Headquarters: The disclosure is of a British intelligence initiative that secretly gained access to some 200 fiber-optic network cables, which carry much of the world's phone calls and Internet communications traffic. Each cable had the capacity to transmit approximately 10 gigabits/sec. Reports on this program state that the program collected the content of phone calls, email and Facebook posts. The Guardian reported the secret initiative was able to create a history of any Internet users’ access to websites.

One cyber intelligence analyst I spoke with commented, “I would have like to have gotten the commission check on that sale of storage.”

Another source stated that “companies were obliged to cooperate in this operation,” but the Guardian's reporting “suggests some companies have been paid for the cost of their cooperation.” The article went on to note that GCHQ went to great lengths to keep the names of the cooperating companies secret.

The Guardian article also states that GCHQ shared this initiative's information with the National Security Agency. This information was obtained from documents shown to the Guardian by -- you guessed it -- NSA whistleblower Edward Snowden. He was quoted as saying, "It's not just a U.S. problem. The U.K. has a huge dog in this fight. They [meaning GCHQ] are worse than the U.S."

It is important to note one source knowledgeable about the program stated that it was legal, had built-in safeguards, and the data collected under this initiative has led to breakthroughs in detecting and preventing serious crime. Yet the controversy continues.

One thing seems guaranteed: The Snowden leaks have caused significant issues for the U.S. and British intelligence organizations. Many wonder how much more will come out. Only time will tell.

Posted on Jun 27, 2013 at 7:39 AM0 comments


Defense Systems eNewsletters