17 Jun 15. DISA: Cost to do cyber battle with US must rise.
Treating the cyber domain like the battle zone it is will help fight growing cyber threats, said DISA Director Lt Gen Ronnie Hawkins.
“It’s culture, conduct and capability,” Hawkins said. “The cyber domain is both an administrative and a warfighting capability…we have to change our conduct.”
In a newly released five-year strategic plan for DISA, Hawkins described the cyber domain as “a contested battlespace, where the barrier to entry is low and oftentimes unchallenged.”
That low barrier to entry is an often-cited problem. It doesn’t take a lot of resources for hackers to make attempts to penetrate networks. And in areas where there may be security gaps, those attempts can escalate into massive breaches like those recently seen at the Office of Personnel Management.
At DISA, leaders are taking a multi-fold approach to making it more difficult for would-be attackers, including by improving security and authentication measures, training and awareness, and evolving technology and programs across the lifecycle.
As is frequently stated, it starts with good security hygiene.
“We’re bringing security and authentication to today’s cyber threat standards so we’re not an easy target,” said Dave Bennett, director of DISA’s implantation and sustainment center. “It starts with the housekeeping and the maintenance of applications.”
Bennett spoke as part of a media roundtable with reporters at the AFCEA Defensive Cyber Operations Symposium in Baltimore.
In an era when the Defense Department’s head of IT calls for the end of passwords, DISA officials said they are examining ways to do authentication and security in stronger ways.
John Hickey, DISA risk management executive and CIO, said his office is looking at ways of doing authentication on DoD’s unclassified NIPRNet and classified SIPRNet.
“We’ve had [security] tokens for systems administrators…how do we push that out?” Hickey said.
Hickey also noted that with the omnipresence of social media, “bad habits” have crept into the daily operations, requiring new ways of training including phishing exercises that help train in real time. He also highlighted the need for network agility.
“How do we move around on the network like we would on the battlefield?” he said. (Source: Defense News)
18 Jun 15. U.S. weapons industry executives say they are disappointed and frustrated about a massive U.S. cyber breach that exposed sensitive information about millions of Americans, including many thousands who work on high-security arms projects.
Details are still emerging about major cyber attacks on the U.S. Office of Personnel Management that were first disclosed earlier this month and U.S. officials have linked those breaches to China. China denies any involvement.
But U.S. industry executives, many of whom hold security clearances of their own and employ thousands of people whose data has likely been stolen, say they have heard enough to know that the incident could open up new vulnerabilities putting their networks at risk.
Cyber experts say the security clearance data from OPM’s database includes the Social Security numbers of applicants and their families and friends, data that could be used by hackers to obtain passwords, create dossiers on key individuals, and better target top-secret weapons programs. U.S. weapons makers say their networks are heavily targeted by attackers linked to China, Russia and other potential foes, fending off hundreds of thousands of probes a day aimed at snagging key information about new weapons, including fighter jets, jet engines, bombers and satellite networks. The U.S. Senate Armed Services Committee hopes to add $200m to the Pentagon’s fiscal 2016 budget for a cyber review of weapons programs, after its chief weapons tester in January reported that nearly every program was vulnerable to cyber attack.
“It’s very disappointing that this information was seemingly as easy to get at as it was,