06 Jan 16. US Air Force developing airborne tactical cloud. The US Air Force is looking for an airborne tactical cloud that doesn’t rely on satellite or ground links. The Airborne Cloud for the Tactical Edge User (ABC) project calls for a “managed aerial layer network employing dynamic cloud capabilities that do not rely solely on satcom or ground entry points, but may operate for up to seven days without intervention,” according to the Air Force research solicitation.
Phase I would deliver a cloud that can securely support and secure tactical operations within a high-capacity backbone aerial layer networking topology using current Defense Information System Agency and service guidance. Phase II would demonstrate the ability to function despite interruptions and jamming. (Source: C4ISR & Networks)
04 Jan 16. The Secure Perimeter Cybersecurity Model Is Broken. Want to keep yourself up at night, spend some time reading about the latest developments in cybersecurity. Airplanes hacked, cars hacked, vulnerabilities in a breathtaking range of sensitive equipment from TSA locks to voting booths to medical devices. The big picture is even scarier. Former NSA Director Mike McConnell suspects China has hacked “every major corporation” in the US. Edward Snowden’s NSA leaks revealed the US government has its own national and international hacking to account for. And the Ponemon Institute says 110 million Americans saw their identities compromised in 2014. That’s one-in-two American adults.
The system is broken. It isn’t keeping us, companies, or our government safe. Worse yet, no one seems to know how to fix it.
This wasn’t difficult in the early days of the Internet and online threats. But today, most private networks have far too many endpoints to properly secure. In an age of “Bring Your Own Device,” the cloud, remote access, and the Internet of Things, there are too many vulnerabilities that hackers can exploit.
But the security paradigm remains focused on perimeter defense because, frankly, no one knows what else to do. To address threats, security experts should assume compromise, that hackers and malware already have breached their defenses, or soon will and instead classify and mitigate threats.
The information security community has a model to assess and respond to threats, at least as a starting point. It breaks information security into three essential components: confidentiality, integrity, and availability.
Confidentiality means protecting and keeping your secrets. Espionage and data theft are threats to confidentiality.
Integrity means assessing whether the software and critical data within your networks and systems are compromised with malicious or unauthorized code or bugs. Viruses and malware compromise the integrity of the systems they infect.
Availability means keeping your services running, and giving administrators access to key networks and controls. Denial of service and data deletion attacks threaten availability.
Of these, integrity is the least understood and most nebulous. And what many people don’t realize is it’s the greatest threat to businesses and governments today. Meanwhile, the cybersecurity industry remains overwhelmingly focused on confidentiality. Its mantra is “encrypt everything.” This is noble, and essential to good security. But without integrity protection, the keys that protect encrypted data are themselves vulnerable to malicious alteration. We can no longer count on keeping the hackers out. Let’s work on ensuring we can catch them once they break in.(Source: Cyber Security Intelligence/Wired)
04 Jan 16. Apple Opens Fire In Encryption Battle. So far, the debate over encryption has been vague and broadly drawn. On one side, Silicon Valley, arguing that weakening encryption puts normal people’s privacy and security at risk (and threatens their relationships with customers). On the other, the security services, police and governments, arguing (sometimes without much firm proof) tha