Showing posts with label ICTEC. Show all posts
Showing posts with label ICTEC. Show all posts

18 August 2017

How ISIS harnesses commercial tech to run its global terrorist network

By: Mark Pomerleau 

When it comes to the cyber operations of the Islamic State group and other militant organizations, they have been aspirational in terms of discussing cyber activities almost from the start.

Most cyber operations by the Islamic State group and other militant organizations have been on a fairly low level and merely aspirational, according to the deputy director of the U.S. National Counterterrorism Center.

John Mulligan was giving a keynote address at the DoDIIS Worldwide Conference in St. Louis, Missouri, on Tuesday.

From a practical standpoint, cyber activity to date has been largely confined to doxing, where groups such as ISIS find available information and generate kill lists related to security or military personnel, then encouraging others to conduct attacks against those individuals, Mulligan said. This is done through some low-level hacking and the exploitation of low-hanging fruit.

The U.S. government has seen some low-level defacement of websites, he added, but nothing particularly substantial.

State Department quietly establishes new cybersecurity office


The State Department quietly established a new office earlier this year within its Diplomatic Security Service to safeguard against and respond to cybersecurity threats.

The State Department officially launched the new office, called the Cyber and Technology Security (CTS) directorate, on May 28, a department official confirmed. The establishment of the directorate was first reportedby Federal News Radio last week. 

The directorate “facilitates the conduct of global diplomacy by protecting life, property, and information with advanced cybersecurity programs and risk-managed technology innovation,” the State official told The Hill. 

“CTS provides advanced cyber threat analysis, incident detection and response, cyber investigative support, and emerging technology solutions,” the official said. 

The new directorate does not appear to have a place on the department’s website and was not accompanied by an official press release at the time of its establishment. 

A government official told Federal News Radio that the new directorate essentially gives the State Department’s chief information officer one point of contact to make sure that embassies, consulates and foreign affairs officers are adequately protecting against cyber threats. 

Cyber Threat or Cyber Threat Inflation? - Assessing the Risk to U.S. National Security

by Kenneth Mok

In response to increasing cyber intrusions, the United States government has exponentially strengthened its investment in cyber defense capabilities over the past decade. In just two years, Congress introduced over 90 bills related to cybersecurity through four different Committees and former President Obama directed five executive orders,1 supplementing his proposal to raise the fiscal year 2017 budget for cyber defense by 35% to $19 billion.2

There are two competing arguments regarding the gravity of the threat that cyber-attacks pose to the nation’s security. On one hand, cyber-attacks present a serious national security threat that can cause as much harm as conventional military attacks, warranting a robust cybersecurity policy (cyber threat theory). Alternatively, cyber-attacks present a nuisance primarily to businesses and do not pose an imminent threat to the survival of the United States, causing the U.S. to overinvest in this area (cyber threat inflation theory).

An inquiry into the plausibility of future cyber war underlies this debate. In the Journal of Strategic Studies, dozens of experts have engaged in this discussion with articles that argue whether “Cyber War Will Take Place,”3 or whether “Cyber War Will Not Take Place.”4 Examining arguments on both sides of the debate provides policymakers and practitioners a basic framework for analyzing this increasingly salient national security issue. Such analysis necessitates an acknowledgement that sophisticated cyber operations are being orchestrated by individuals and groups who do not fit the stereotypical narrative of the 400-pound hacker, as President Donald Trump once suggested.5

Cyber Flag exclusive: What Cyber Command learns from the annual exercise

By: Mark Pomerleau 

U.S. Cyber Command is still a relatively young organization. It was stood up in 2009, and while the organization reached full operational capability in 2010, its workforce isn't slated to hit this mark until September 2018.

As such, the command is learning lessons from training exercises and operations pertaining to its structure, the structure of its teams, how to deploy teams and how to conduct operations.

During an exclusive walk-through of CYBERCOM's annual Cyber Flag exercise, the simulation's leaders told Fifth Domain that they identified specific, applicable lessons at last year's Cyber Flag pertaining to the way defensive teams are deployed to problem sets.

Top leaders from CYBERCOM have recently indicated they've discovered it's not always necessary to deploy the entirety of a cyber protection team, or CPT.

"One of the things we found with practical experience is we can actually deploy in smaller sub elements, use reach-back capability, the power of data analytics; we don't necessarily have to deploy everyone," Adm. Michael Rogers, the commander of CYBERCOM, told the House Armed Services Committee in May. "We can actually work in a much more tailored, focus[ed] way optimized for the particular network challenge that we're working. We're actually working through some things using this on the Pacific at the moment."

Dateless Discord Dominance in Digital Dreamdorf Domain

by Scott S. Haraburda

Should this tale, by arousing the imagination, assist to prevent in the future even one such case of disregard of principles, it will not have been written in vain.
– Ernest D. Swinton, The Defence of Duffer's Drift

It is our choices, Harry, that show what we truly are, far more than our abilities.
– J. K. Rowling, Harry Potter and the Chamber of Secrets

I triumphantly defended the Broghil Pass, protecting Afghanistan from Tehrik-i-Taliban Pakistani, perfected without friendly casualties. Captain Realness Morpheus, my company commander, summoned me to his tactical operations center (TOC), no doubt to honor me for my blossoming tactical prowess and fearless leadership. After waiting several hours for his arrival, I felt him tap my shoulder from behind, commanding me to arise. Perhaps, he was going to pin a Silver Star medal on my chest. Maybe even a more distinguished medal. Or better yet, he was going to slap captain bars onto my uniform. Then, everything faded away, just like the swift obliteration of Pompeii when Mount Vesuvius spewed tons of molten ash and blazing pumice over the ancient Roman city.

Army reaps benefits of open-source policy

By: Adam Stone 

The Army’s decision to formalize its open-source software development policy is paying off. At least two major projects have benefited from the policy announced this spring, with open source helping to speed development and save taxpayer dollars, according to officials from the U.S. Army Research Laboratory.

“Open source can reduce development time and lower overall costs, resulting in a win-win situation for the Army and the U.S. taxpayer,” said ARL Deputy Chief Scientist Mary Harper.

When it comes to defense agencies embracing open-source software development, the Army is hardly at the cutting edge. The National Geospatial-Intelligence Agency paved the way with the launch of its GitHub open-source community in 2014. The Navy issued a guidance on the use of open-source code as early as 2007.

Still, ARL leaders say they expect to reap big benefits by formalizing their approach to open source, a term used to describe software for which the original source code is made freely available and may be shared and modified.

“To date, all projects that have been released by ARL as open source have been done under an ad hoc decision-making process. This policy is an experiment by ARL to normalize the process, making open source a day-to-day activity of ARL,” said Cem Karan, an ARL computer engineer who helped formulate the policy.

'Information' is playing outsize role in warfare

By: Mark Pomerleau 

DIA chief: US must avoid 'Kodak moment'

More so now than ever, information is playing an outsize role in military capabilities and being rolled into conventional elements.

In 21st century warfare, war is cognitive as much as it’s kinetic, Lt. Gen. Vincent Stewart, director of the Defense Intelligence Agency, told a small group of reporters in his office this week. 

Top competitors, Stewart said, are organizing their forces in this new information space and have developed doctrine to fight and win in the information age.

Russia views many facets of the information space — to include information operations, space/counterspace, cyber, cyber-enabled psychological operations and electronic warfare, to name a few — as critical to fighting and winning future conflicts, especially against the U.S., according to a recent and unclassified report on Russia’s military published by DIA.

“Moscow perceives the information domain as strategically decisive and critically important to control its domestic populace and influence adversary states. Information warfare is a key means of achieving its ambitions of becoming a dominant player on the world stage,” the report says. “Since at least 2010, the Russian military has prioritized the development of forces and means for what it terms ‘information confrontation,’ which is a holistic concept for ensuring information superiority, during peacetime and wartime. This concept includes control of the information content as well as the technical means for disseminating that content. Cyber operations are part of Russia’s attempts to control the threat environment.”

17 August 2017

Gen. Hyten: ‘No such thing as war in cyber’

By: Aaron Mehta 

Washington (AFNS) -- Gen. John Hyten, Air Force Space Command commander, speaks to the audience on maintaining space and cyber capabilities during the Air Force Association's 2014 Air and Space Conference at the Gaylord National Convention Center Washington, D.C., Sep. 16, 2014. As AFSPC Commander, he is responsible for organizing, equipping, training and maintaining mission-ready space and cyberspace forces and capabilities for North American Aerospace Defense Command, U.S. Strategic Command and other combatant commands around the world. 

The U.S. cannot fall into the trap of focusing on warfighting domains when debating responses to an adversary, said Gen. John Hyten, the head of United States Strategic Command.

“There’s no such thing as war in space; there’s just war. There’s no such thing as war in cyber; there’s just war,” Hyten said while speaking at the annual Space and Missile Defense Symposium Aug. 8 in Huntsville, Alabama. “We have to figure out how to defeat our adversaries, not to defeat the domains where they operate.”

The general, who has led STRATCOM since November 2016, circled back on that point later in the speech, warning that America’s assured dominance in air and space over the past 15 years could lead the Pentagon into bad habits.

“You can’t fall into the trap of saying ‘There’s a space problem, so I’ll ask the space guy to go fix the space problem,’” he said. “It’s a problem with an adversary. I may not want to [direct] a response to a space problem in space. ... I may go a different direction. So, it has to be from an adversary perspective, not a domain perspective.”

CYBERCOM Evaluating Cyber Mission Force

By: Mark Pomerleau

Airmen and Soldiers from the North Carolina National Guard train for Cyber Guard 15, conducting a "red vs. blue" cyber exercise with help from the Kansas Air National Guard (KAANG 177th Information Aggressor Squadron) acting as the opposing force. The NCNG Joint Cyber Defense Team defend a simulated mission-critical network from sophisticated network attacks conducted by members of the KAANG. Cyber Guard 15 is an exercise designed to defend Department of Defense information networks in the U.S. from disruptive or destructive cyber attacks. The exercise trains service members to rapidly detect and effectively respond to a destructive or disruptive cyber-attack impacting U.S. critical infrastructure.

The Defense Department and Cyber Command continue to evaluate the effectiveness and construct of the newly established cyber force.

"There is actually a study going on right now at CYBERCOM, cyber mission force 2.0, to look at do we have it right, how should we tweak it and things of that nature," Col. Robert "Chipper" Cole, director of Air Forces Cyber (forward), said during an event hosted by AFCEA NOVA on Dec. 13.

Because the cyber mission force is just coming on board, Cole explained, many weren't sure what it was going to look like when it started. DoD is trying to figure out exactly how to formulate the force, he said.

Australia to try taming unruly cyber words

By Stilgherrian

"Language matters. We know that in the offline world, and online is no different," says Alastair MacGibbon, Special Adviser to the Prime Minister on Cyber Security.

"Until such time as we are better able to define and explain why we use certain words, the broader public can't be involved in a debate that is really necessary for all of society to be part of," MacGibbon told ZDNet on Friday.

MacGibbon had just finished hosting a two-hour roundtable at the Department of Prime Minister and Cabinet (PM&C) to discuss an early draft of a document titled Words Matter: Australia's Cyber Security Lexicon -- although that title will probably change.

The intention, according to MacGibbon, is "to help define, as best we can, what these words mean, so that we can all be on a common page as we discuss cybersecurity issues". It has the "express purpose of engaging the broader public in what is probably going to be the greatest existential threat that we face as an economy".

One such set of words -- one of the phrases the draft document labelled "contentious cybersecurity terms" and which were discussed at length in the roundtable -- is "cyber attack".

Legal Hacking Tools Can Be Useful for Journalists, Too


Motherboard does not condone illegal hacking. If journalists are unsure of what they can and cannot do legally, they should ask their publication's legal counsel.

Journalists are increasingly using nifty tools like Signal to more easily communicate securely with sources and Tor to anonymously research sensitive subjects. But there's another avenue of techniques and technologies through which reporters can do journalism: tools used by legal hackers.

We're not talking about exploits, password cracking, or anything illegal. Instead, journalists could use programs and tools created primarily for and deployed by hackers to scope out targets, companies, and connections with other items of interest.

Imagine a hacker who is legally authorized to test a company's cyber defenses. Let's say the hacker wants to map out the company's web presence, including websites, email servers, and other info, so they can then decide which bits to probe more closely. The hacker might use something like Maltego, an interface and suite of tools that can quickly search for a website's IP address, pull up extra info from that, and then visualise all those data points and connections.

A journalist can do much the same thing using the same tools. Maybe there is a series of scam sites with no obvious connection, but they actually all share the same Google Analytics code, suggesting a common owner. Or a reporter needs to map out a spyware company and see which other websites it owns.

17-Year-Old Hacks US Air Force For The Biggest Bug Bounty


The Defense Department’s third vulnerability-finding contest invited international participants to attack USAF websites. They found the most bugs yet.

Foreign and domestic hackers probed hundreds of security holes in critical Air Force networks for weeks in late spring, and the Pentagon knew all about it. But instead of getting punished, the hackers got paid.

The Defense Department’s third and most successful bug bounty program, Hack the Air Force, uncovered a record 207 vulnerabilities in the branch’s major online systems. The department’s previous initiatives, Hack the Pentagon and Hack the Army, found 138 and 118 security gaps, respectively.

Unlike previous bug bounty programs that were open only to Americans, Hack the Air Force invited hackers from four countries outside the U.S. to participate: Australia, Canada, New Zealand and the United Kingdom.

Though inviting foreigners to hack military networks may sound unsafe, Air Force Chief Information Security Officer Peter Kim says the DOD frequently works with partner nations on initiatives to boost cybersecurity.

“We get a diversity of efforts that will make sure we have looked at our security from every angle,” Kim told Nextgov. “By allowing the good guys to help us, we can better level the playing field and get ahead of the problem instead of just playing defense.”

16 August 2017

Waiting for China’s Data Protection Law

Source Link
By George G. Chen and Tiffany G. Wong

Fourteen years ago, the Chinese government started to draft a bill to protect citizens’ information across the country. Earlier this year, China’s legislators were still striving to get China’s legislature to review this bill. In the wake of growing social concerns over large-scale misuse of citizens’ data, Yang Zhen, a delegate to the National People’s Congress (NPC), has continued to advocate the adoption of a specific bill on data protection over the past three years. Although some delegates espoused this proposal, it might take another “three to five years” to pass the law, said Yang.

Concomitant with their struggle was the “General Provisions of the Civil Law” passed on the final day of this year’s NPC in March. As the opening chapter of China’s first Civil Code, this law bans “illegal” sales or publication of personal information. Yet any clear liability for government bodies is missing, as is the case with the Cybersecurity Law enacted this June. Without further legal restraints on the inordinate power of the government to manage data, effective data protection will prove to be very difficult.

The protection of personal data is a core issue of China’s digital transformation. As life gets increasingly tied to computers and mobile devices, personal information is becoming more and more vulnerable to hackers and other third parties with malicious intent. Foreign companies, researchers, and also the Chinese government have suggested that Chinese citizens do not care about the protection of their personal data. The mobile habits of tech-savvy Chinese youths suggest as much. Online payment apps allow them to hook their bank and credit card information to their mobile phones, while cab-hailing apps such as Didi Chuxing require constant disclosure of their GPS locations. Convenience seems to trump privacy concerns.

What’s missing in leadership development?

By Claudio Feser, Nicolai Nielsen, and Michael Rennie

Only a few actions matter, and they require the CEO’s attention.

Organizations have always needed leaders who are good at recognizing emerging challenges and inspiring organizational responses. That need is intensifying today as leaders confront, among other things, digitization, the surging power of data as a competitive weapon, and the ability of artificial intelligence to automate the workplace and enhance business performance. These technology-driven shifts create an imperative for most organizations to change, which in turn demands more and better leaders up and down the line.

Unfortunately, there is overwhelming evidence that the plethora of services, books, articles, seminars, conferences, and TED-like talks purporting to have the answers—a global industry estimated to be worth more than $50 billion—are delivering disappointing results. According to a recent Fortune survey, only 7 percent of CEOs believe their companies are building effective global leaders, and just 10 percent said that their leadership-development initiatives have a clear business impact. Our latest research has a similar message: only 11 percent of more than 500 executives we polled around the globe strongly agreed with the statement that their leadership-development interventions achieve and sustain the desired results.

How can creative industries benefit from blockchain?

By Ryo Takahashi

Five forces of blockchain technology could affect the creative economy. Here are some of the risks and challenges to overcome.

Many readers will be familiar with blockchain as the underlying enabling technology developed for Bitcoin, a cryptocurrency. Klaus Schwab, founder and executive chairman of the World Economic Forum, provides this summary in his book on the Fourth Industrial Revolution: “In essence, the blockchain is a shared, programmable, cryptographically secure and therefore trusted ledger which no single user controls and which can be inspected by anyone.”

Blockchain has the potential to become a powerful disruptive force. A survey of 800 executives, featured in the same book, suggests 58 percent believe that up to 10 percent of global GDP will be stored using blockchain technology.

Blockchain technology may provide several important features that could be leveraged for use in the creative economy:

Transactions are verified and approved by consensus among participants in the network, making fraud more difficult.

The full chronology of events (for example, transactions) that take place are tracked, allowing anyone to trace or audit prior transactions.

Sensor overload is overloading the network

By: Mark Pomerleau

Analysts are drowning in the amount of data provided by Army sensors and those of the military writ large. And often unsaid is the burden that this overload places on the network.

“Over time, regardless of what is happening in CENTCOM or AFRICOM or in EUCOM, the demand for the aerial sensors has always increased,” Mark Kitz, director of the System of Systems Engineering team at Program Executive Office for Intelligence, Electronic Warfare and Sensors, said Aug. 9 during a panel discussion at TechNet Augusta in August, Georgia.

“Our footprint forward has decreased significantly. The intelligence community has put a lot of investment and a lot of time and a lot of capability in putting sensors forward [and] having soldiers here in [the continental United States] processing those sensors.”

While acknowledging this is a great capability, Kitz said it places a significant burden on the network. This problem will only get worse in the next 10 years with the increase in boxes and sensors, he added.

“So the challenge that our PEO is relaying to industry … is: How do we get more information, how do we still deliver that accurate and timely information whether that’s intelligence, whether that’s video for integrated base defense, whether that’s situational awareness on our survivability platforms?” he said. “How do we get all of that capability that we need without burdening the network anymore? Don’t assume that network is going to get thicker and broader and [be] there for us.”

Cyber Flag exclusive: What Cyber Command learns from the annual exercise

By: Mark Pomerleau 

U.S. Cyber Command is still a relatively young organization. It was stood up in 2009, and while the organization reached full operational capability in 2010, its workforce isn't slated to hit this mark until September 2018.

As such, the command is learning lessons from training exercises and operations pertaining to its structure, the structure of its teams, how to deploy teams and how to conduct operations.

During an exclusive walk-through of CYBERCOM's annual Cyber Flag exercise, the simulation's leaders told Fifth Domain that they identified specific, applicable lessons at last year's Cyber Flag pertaining to the way defensive teams are deployed to problem sets.

Top leaders from CYBERCOM have recently indicated they've discovered it's not always necessary to deploy the entirety of a cyber protection team, or CPT.

"One of the things we found with practical experience is we can actually deploy in smaller sub elements, use reach-back capability, the power of data analytics; we don't necessarily have to deploy everyone," Adm. Michael Rogers, the commander of CYBERCOM, told the House Armed Services Committee in May. "We can actually work in a much more tailored, focus[ed] way optimized for the particular network challenge that we're working. We're actually working through some things using this on the Pacific at the moment."

Joint Force Quarterly 85 (2nd Quarter, April 2017) Operational Graphics for Cyberspace

April 1, 2017 — NOTE: A font was created to accompany this article. The Operational Graphics that appear in the article's table can be downloaded as a font, by clicking the download button below. 

The growth of any discipline depends on the ability to communicate and develop ideas, and this in turn relies on a language that is sufficiently detailed and flexible.

—Simon Singh, Fermat’s Enigma

To promote interoperability at the information level within the area of joint military symbology, it is necessary to define a standard set of rules for symbol construction and generation to be implemented in C2 [command and control]systems.

—Joint Military Symbology

A sergeant looks at an arrow marked in grease pencil on a laminated map and knows that a machine gun position lies ahead. The large projection screen showing a map with a blue rectangle encompassing an oval gives the joint task force commander assurance that a tank battalion defends key terrain. A picture is worth a thousand words.

Complex subjects—mathematics, chemistry, physics, even highway driving—have specialized sets of symbols that convey information and understanding more quickly than text alone can do. Symbols have been part of military tactics, operations, and strategy since armies became too large for personal observation on the battlefield. In joint military operations, it is crucial to have a set of common symbols familiar to all users. They are especially useful to establish a common understanding across a user population with widely varying knowledge, experience, and Service backgrounds. The Department of Defense (DOD) established the newest warfighting domain via doctrinal guidance 8 years ago, yet cyber warriors still lack a coherent set of symbols that allow them to convey the intricacies of cyber warfare to the joint warfighting community. The inability of cyber warriors to easily express operational concepts inhibits the identification of cyber key terrain, development of tactics and strategies, and execution of command and control.

15 August 2017

China Accuses Its Top 3 Internet Giants of Potentially Violating Cybersecurity Law

By Charlotte Gao

Tencent, Baidu, and Sina are being investigated by the Chinese Cyberspace Administration. 

On August 11, while the Chinese public attention is focusing on the powerful earthquake that struck Sichuan and Xinjiang, China’s internet regulator — the Cyberspace Administration of China — announced that it’s investigating China’s top three internet giants for potentially violating the Cybersecurity Law.

The Cyberspace Administration specified that it is the three giants’ social media platforms — Tencent’s WeChat (China’s biggest messaging app), Sina’s Weibo (China’s leading online news and social networking service), and Baidu’s Tieba ( China’s largest BBS-like communication platform) — that are under investigation.

According to the announcement, Weibo, WeChat, and Tieba have users who “spread information of violence and terror, false rumors, pornography, and other information that jeopardizes national security, public safety, and social order.” The three companies are suspected of violating China’s Cybersecurity Law, because they fail to “fulfill duties to manage those illegal information uploaded by their users.”

To show its resolution, the Cyberspace Administration also vowed to “further increase the intensity of internet content supervision and law enforcement” toward illegal acts online. In addition, the Cyberspace Administration welcomed netizens to report any “harmful” online information and published its 24-hour hotline number, website, and email.

Pinpointing the global forces that drive progress

Companies that pay close attention to the trends and shifts affecting growth and productivity can help create a new societal deal for prosperity.

Although the world has seen broad-based progress over the past several decades, pushing society to the next level will require businesses to connect the dots between digital disruption, shifts in global growth, and the global trends that affect it all. In this episode of the McKinsey Podcast, senior partner Sven Smit and senior expert Ezra Greenberg speak with McKinsey Quarterly editor in chief Allen Webb about how companies need to focus keenly on sweeping global forces that affect growth, productivity, and societal prosperity.

Allen Webb: Hi, I’m Allen Webb, editor in chief of the McKinsey Quarterly. I’m in Seattle today, and I’m delighted to be speaking with two longtime colleagues and friends—Sven Smit, a senior partner in the firm’s Strategy Practice, who is based in Amsterdam, and Ezra Greenberg, a senior expert in Stamford, Connecticut.

Sven and Ezra, along with their colleague Martin Hirt, were the coauthors of a recent McKinsey Quarterly article called “The global forces inspiring a new narrative of progress.” The article’s been one of the more widely read pieces this year on It was the culmination of a major effort to connect the dots between critical global trends and to distill some larger themes, such as global growth shifts, the acceleration of industry disruption, and the need for a new societal deal, and then to try to help make sense of them all. Sven and Ezra, thank you very much for spending some time with us today.