Digital Conflict blog

Kevin Coleman

Digital Conflict

By Kevin Coleman

View all blogs

Can major R&D for cyber defense make a difference?

The Defense Department’s fiscal 2013 budget is $57 billion less than that requested for fiscal 2012. Some of the cuts will hit science and technology areas. However, the 2013 $613 billion budget does call for increases in a few areas that include cyber. This budget clearly reflects Defense Secretary Leon Panetta’s mindset. Recently, he said the U.S. executive branch faces “hundreds of thousands of cyberattacks every day.” He went on to say that his fear is that the nation has “not taken all the necessary steps" to avert a cyberattack disaster.

One area of the overall cyber program receiving a fair amount of attention and budget is cyber readiness, which appears to be a priority in fiscal 2013 planning and budget. The cyber readiness program calls for departmentwide inspection of DOD's cyber defenses. DOD has set a goal that states by Sept. 30, 2013, it will achieve a passing score on a comprehensive cybersecurity inspection to reduce the risks associated with acts of cyber aggression. This inspection program looks at compliance with operational, technical and physical security standards and policies.

The number of cyberattacks on DOD and government networks is estimated at more than 400 million a year. These attacks, and the increasing attacks on the private sector, are what has driven President Barack Obama to identify cybersecurity basic research as a priority in his fiscal 2013 budget proposal. He has requested $140.8 billion in research and development for the coming year with potentially billions going to cyber. That is bigger than the 2011 gross domestic product of more than 125 countries. I was asked whether that budget is big enough given the number of cyber threats and actors, the increase in cyberattack sophistication and the vulnerability of our critical systems. I am not sure – only time will tell.

Posted on Mar 08, 2012 at 12:54 PM0 comments

Beware threats from outside insiders

Hostile insiders and insiders who accidentally do something that compromises systems or data pose a substantial threat to an organization's security and integrity. Complicating this already complex threat is the outside insider. Contractors, temporary employees, consultants and even vendors are examples of outsiders who attain insider status and systems access. Often these people require and are given access to information systems with little or no insight into their backgrounds because they are not employees of the organization. In the past year, I saw at a client’s site two examples of what can happen as a result of outside insiders’ actions.

The malicious outside insider

A temporary resource was brought in to help the IT organization. That person was obtained through what is known in the industry as a body shop (a company that provides human resources on an as-needed basis). The individual was granted appropriate access based on the duties he was assigned.

After a few months, it was discovered that he had set up an unauthorized server that was outside the organization’s control and had been transferring massive amounts of sensitive data to that server. Law enforcement was notified and, as it turns out, this person had done something similar during another temporary work assignment.

Here's a fact: The Homeland Security Department published a 2011 intelligence report warning that violent extremists have obtained insider positions and that “outsiders have attempted to solicit utility sector employees for damaging physical and cyberattacks.”

The non-malicious outside insider

In another case, management consultants were brought in to deal with some strategic issues at a critical infrastructure provider. Consultant accounts were established for each member of the consulting team. One consultant brought in a wireless hub and established his own wireless network between his computers all the time they were connected to the hard-wired client network. The rogue device was discovered during a routine wireless security scan. The individual’s wireless network extended to the floor below and above. The unencrypted network had a very weak password, and was on the same wireless channel as a competitor’s wireless network that had offices on the same floor.

It is time to give the outside insider the attention this threat deserves.

Posted on Mar 01, 2012 at 9:03 AM1 comments

Cyber diplomacy requires greater focus

There is an ever increasing need for diplomatic relationships when it comes to the cyberattacks directed at nations around the world. For this reason there is an increased focus on international cyber diplomacy.

Cyber diplomacy first began to gain government attention in 2005. Since then international cyber diplomacy has continued to gain attention as the roles and responsibilities are formalized. The watershed moment occurred when the State Department created this role within its  organization. Few cyberattacks are conducted from the attacker’s location and hit their target directly. Often they use unwilling intermediaries (such as compromised computers) in other countries, often times unfriendly to the country where the target resides. International cyber diplomacy will establish a foundation for cooperation, a common dialog and mutual aid among our growing range of our international partners, close allies, and other major players in the cyber domain.

The United States is just one of 195 countries now connected to the Internet. In contrast 193 countries are member states of the United Nations, according to Wikipedia.  Based on December 2011 statistics, North America is now third when it comes to the number of users by region. Asia is first with Europe coming in second. 

As good as the United States is at cyberattack investigations, we should not and cannot do it alone. For that primary reason the role of the cyber diplomat is critical to our success and will only grow in importance as the cyber threat domain continues to evolve.

Posted on Feb 23, 2012 at 12:54 PM0 comments

The need for world-class cyber warriors

"Cyberspace requires a world-class cyber warrior we must develop, recruit and retain in a different way to today,” Lt. Gen. Rhett Hernandez, command of the Army Cyber Command, said at a recent conference in London.

He is not the only one sounding this alarm. We covered it in this December 2011 blog

Military training often leverages pools of information from lessons learned from past military operations and wars. This is a very shallow pool when it comes to cyber conflict. Another source often cited in cyber warfare curriculum is the traditional courseware for information security. Although some areas of these materials can be adapted, cyber warfare and IT security are vastly different and new techniques and tools for waging this new modality of conflict are rapidly being developed. This creates a challenge of keeping up, as does the constant evolution of computer and device technology. So continuing education is a key component in the development of world-class cyber warriors.  

Another critical component is the ongoing, near real-time evaluation and feedback based on the student's experiences in the real-world cyber threat environment. This bring up another challenge: those who we want on the front line for cyber warfare are also those we want as instructors. So we need to draw from the best and brightest in the military, the intelligence community and also  industry. Some even go as far as to suggest that the current human resource model used by the military will have to change.

There is no doubt properly training our cyber warriors will be a challenge, as will be training the officers who lead them.

Posted on Feb 16, 2012 at 2:46 PM0 comments

Defense Systems Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.