Cyber
The Magazine of the MCPA




Click here to be published and contribute to the professional dialogue!

Full Text Listing of All Stories


The Law of "Cyber-" Prefixes

posted Aug 4, 2018, 11:28 AM by James Caroland   [ updated Aug 4, 2018, 11:30 AM ]

By LTJG Brandon Karpf, United States Navy 

Article Summary

We use “cyber-” prefixes to the detriment of our own goals. This barrier defining language artificially separates cyber-security problems from traditional analogues, to the detriment of security. Only one reasonable path remains: abandon the prefix.

PLEASE SEE ATTACHED PDF FILE FOR FULL ARTICLE.

Artificial Intelligence in the Cyber Fight

posted Aug 4, 2018, 10:59 AM by James Caroland   [ updated Aug 4, 2018, 11:03 AM ]

By Michael Lenart 

Article Summary

Artificial intelligence (AI) and machine learning are significantly changing how attackers and defenders operate in cyberspace. The increasing ability of machines to perceive, learn, decide, and act on their own – and to do so much more quickly than humans can – is forcing cyber operators to cede some ground to AI in what is an increasingly machine-speed fight. This trend is reinforced by the rise of the Internet of Things, which exponentially increases the vectors through which attacks can occur and therefore places a premium on machines' ability to process large amounts of information relatively quickly. Besides affecting everyday cybersecurity practices, the increasing use of AI will also affect how military cyber operations are conducted. Nevertheless, machines do not currently possess humans' judgment, sense of context, or general intelligence. As such, for the foreseeable future, the optimal use of AI will pair machines' processing power and speed with humans' higher level thinking skills.

PLEASE SEE ATTACHED PDF FILE FOR THE FULL ARTICLE.

Image credits (in order of appearance): cheatsheet.com, medium.com, The Convex Lens, Raytheon, thenextweb.com

Certifications: Are They Worth It?

posted Jul 17, 2018, 7:12 PM by James Caroland   [ updated Jul 17, 2018, 7:12 PM ]

By LTC BE Rhodes, Colorado Army National Guard 

Article Summary

Across the Cybersecurity field, the value of professional certifications is regularly debated.  Holding a certification does not equate to experience and "know-how".  At a minimum, it does demonstrate an ability to learn and retain information.  In the ever-changing world of Cyber, showing the desire to be a lifelong learner is highly desirable for prospective employers.  This article aims to provide a brief introduction to certifications and guidance on where to start.

PLEASE SEE THE ATTACHED PDF FILE FOR THE FULL ARTICLE.

Untangling the Cyberspace Domain: What Members of the Intelligence Warfighting Function Should Know

posted Jul 6, 2018, 7:15 AM by James Caroland   [ updated Jul 6, 2018, 7:16 AM ]

By LTC Galen Kane, CPT William Sanz, and CPT Wallie Lacks, United States Army

Article Summary

Cyberspace is now the most active, contested, and congested of the warfighting domains.  Given the pace of operations and the rate of change in the environment, new ways of operating are being developed at a rapid pace.  The changes involved with the technology and the extent to which cyberspace is affecting the land and human terrain are significant today and we must be bold and innovative to stay ahead of threats that exists.  Conditions now reflect a full and complete convergence of the human terrain with cyberspace.  One of the greatest opportunities for growth and innovation lies in the Intelligence Warfighting Function (IWfF).  Professionals within the IWfF must evolve their understanding of the cyberspace domain and its impact on future conflict must evolve beyond a rudimentary user-level understanding.  

There are a few common misperceptions prevalent amongst members of the IWfF that operate in the Cyberspace Domain.  These myths contribute to gaps which tangle and impede the IWfF’s ability to effectively support Cyberspace Operations (CO).  The four myths are 1) complexity of the Cyberspace Domain necessitates implementation of unique intelligence support models; 2) Intelligence Preparation of the Battlespace is not applicable to the Cyberspace Domain; 3) complexity of cyberspace inhibits decide, detect, deliver, and assess targeting methodology; and 4) Signals Intelligence is the only source of intelligence that matters in the Cyberspace Domain.

The IWfF is presented with several opportunities to sustain and improve intelligence support to CO. These opportunities include: 1) ensuring all-source intelligence products relevant and accurate; 2) cyberspace enabling functions like the IWfF must possess detailed knowledge and understanding of the Cyberspace Domain; 3) the IWfF’s personnel require proper training and experience to be responsive to the Cyber Mission Force’s intelligence requirements; 4) Finally, the IWfF must take full advantage of the opportunity to disperse the fog and friction that clouds today’s cyberspace operating environment.  For only through these continued examinations will the IWfF move forward most effectively and fully employ our Joint Force to meet challenges in the Cyberspace Domain. 

PLEASE SEE THE ATTACHED PDF FILE FOR THE FULL ARTICLE

Military Cyber Professionals Take the Hill

posted Jun 27, 2018, 2:23 PM by James Caroland   [ updated Jun 27, 2018, 2:23 PM ]

By Alycia Farrell, MCPA Legislative Affairs Committee 

Article Summary:
 

The Military Cyber Professionals Association (MCPA) Legislative Affairs Committee held its first Capitol Hill event on June 4th, 2018.  The event theme focused on how military cyber operations are impacted by the legislative process.

PLEASE SEE THE ATTACHED PDF FILE FOR THE FULL ARTICLE.

Cyber Shield 2018

posted Jun 17, 2018, 4:54 PM by James Caroland   [ updated Jun 27, 2018, 2:07 PM ]

By LTC BE Rhodes, Colorado Army National Guard 

Article Summary

Cyber Shield is a recurring national-level exercise.   Cyber Shield 2018 involved more than 800 participants in one of the largest US National Guard’s cyber-operations exercise. Participants include members of the Army National Guard, Air National Guard, Army Reserve and representatives of State and Federal government agencies, Industry partners and Academia taking part - to test their collective skills and evaluate their defensive capabilities in response to cyber warfare.

Cyber Shield 2018 incorporated two phases: the first week focused on military, government and private sector training on vital cyber skills. The second week challenged National Guard Soldiers and Airmen to face off against experienced opposing force adversaries, utilizing their training and skills to defend networks to mitigate the effects of cyber-attacks against vulnerable infrastructure. The Exercise week scenario consisted of an infiltration by hacktivists, to key infrastructure operated within a Transportation Industry network. Governors requested National Guard support to provide traditional and cyber incident response support.

MCPA sponsored the Cyber Shield Social event at the conclusion of Cyber Shield 2018 training week.

FOR THE FULL ARTICLE ABOUT CYBER SHIELD 2018 AND MCPA'S CYBER SHIELD SOCIAL, PLEASE SEE THE ATTACHED PDF

The Three M's of the Cybersecurity Insider Threat Revealed

posted Jun 13, 2018, 7:03 AM by James Caroland   [ updated Jun 13, 2018, 7:04 AM ]

By John Galliano, Contributing Editor 

Article Summary
:  

Very likely, as a military cyber professional, you work in well secured environment with next-generation firewalls, intrusion detection/prevention and other specialized sensors to safeguard your perimeter and protect your organization's information. But how often do you consider your internal defenses and the trusted people already on the inside? The cyber insider threat should be of concern to military cyber professionals because it puts your organization, your data, and your people at heightened risk. Given the associated tangible and intangible costs, clearly the insider threat is an important issue. 

The cyber insider threat is not a new problem. Operating from the inside and unconcerned with perimeter defenses, insiders like Snowden and Manning have arguably caused unparalleled damage to the U.S. intelligence and diplomatic missions. Insiders in the context of cybersecurity have access to an organization’s network, system, or data and may intentionally exceed or use that access in a manner that negatively impacts the C-I-A of the organization’s information or information systems. 

By examining the cyber insider threat in this article, I clarify the meaning, the motivation, and the mitigation of the cyber insider threat. Insider threat attacks are costly both in terms of time and money, and ultimately may put military operations and lives in jeopardy. Insiders are influenced by a range of motivations including personal gain, perceived injustice, and the greater cause. The good news for military leaders is that a number of mitigating factors may be employed to counter the potential impacts of the cyber insider threat including education, monitoring, and control. Implementing a strong and vigilant insider threat program is your first line of defense and your best protection.

PLEASE SEE THE ATTACHED PDF FILE FOR THE FULL ARTICLE

The Role of Foreign Expertise in the UAE's Strategy for Cyber Security

posted Jun 12, 2018, 5:35 AM by James Caroland   [ updated Jun 12, 2018, 5:39 AM ]

By Al Stovall, Contributing Editor 

Article Summary:  

The United Arab Emirates is in the process of completing a multi-stage plan to establish itself as a major cyber power in the Middle East. Currently, the Emirati government focuses on identifying and recruiting cyber professionals from the United States and Europe that can increase its cyber capabilities while it develops indigenous expertise. Its pursuit of these professionals has become more aggressive in response to its increasing cyber security needs as a popular target for cyber attacks.

PLEASE SEE THE ATTACHED PDF FILE FOR THE FULL ARTICLE

Using Recombinant Innovation for Post-Cyber Strike Recovery Means

posted May 6, 2018, 4:55 PM by James Caroland   [ updated May 6, 2018, 5:00 PM ]

By LtCol John Dobrydney, U.S. Marine Corps, CISSP, Contributing Editor  

Article Summary:  

A large-scale cyber strike is expected to disrupt many governmental, economic, and societal processes that rely on the Internet’s inherent connectedness.  The disruption is expected to cause cascading second and third order effects through society that are not easily recoverable given an increasing reliance on all things digital.  One major challenge with the aftermath of a debilitating cyber-strike is how to return to a functioning “normal” without the expected conveniences, Internet provided communications capabilities, or even the resident knowledge and processes from the old, “analog” processes.

Applying the economic principle of rational people acting to satisfy unlimited wants with limited means, Recombinant Innovation provides a means to repurpose previously unconsidered processes and resources to solve the post-strike challenges.  Automobile manufacturing, the music industry, and even medical surgery materially benefited from recognizing a need and then satisfying it with recombining existing processes and resources.
 
Effective post-strike recovery begins with proper planning prior of the disaster.  Those members of society closest to the emerging post-strike problems are best suited to solve them; therefore, government agencies should encourage and support Recombinant Innovation at the lowest governmental and societal levels and provide guidance and resources as society rebuilds its capabilities.    

PLEASE SEE THE ATTACHED PDF FILE FOR THE FULL ARTICLE

Image credits for article (in order of appearance):  Time, sportskeeda.com, i-Vigilant Technologies, pluspng.com, philmckinney.com

Leader's Guide to Protecting Cyber and Operational Security

posted Feb 26, 2018, 7:32 PM by James Caroland   [ updated Mar 2, 2018, 10:08 AM ]

By Major Michael Senft, U.S. Army

Cyberspace is a contested domain of warfighting and information technology. Capable and intelligent adversaries, namely state and non-state actors, seek to asymmetrically disrupt U.S. advantages in communications by targeting the weakest link in our technical and human defenses1,2. A single weak security practice can result in the widespread compromise of a network or information system, endangering not only the lives of U.S. military and civilian personnel, but also business viability3,4. The purpose of this guide is to provide leaders with a concise outline of significant Cybersecurity and Operational Security (OPSEC) concerns with recommendations to protect network dependent warfighting and other essential functions including mission command, fires, intelligence, and sustainment. Cybersecurity and OPSEC are processes that should be incorporated into all phases of operations to protect people, equipment, and ensure mission success3. This guide will cover three topics: Cybersecurity concerns, OPSEC concerns, and recommendations.  Let’s address the foundational cybersecurity concerns first.


Cybersecurity Concerns:

Rob Joyce, the former Chief of the National Security Agency’s Tailored Access Operations and current White House Cybersecurity Coordinator, succinctly captured this concern by stating, "If you really want to protect your network, you really have to know your network"5,6. Knowing the network is essential to defending your key cyber terrain. Leaders must consider that:

  • Every device that emits a signal or has a processor is a potential vulnerability4
  • Three primary attack vectors within your formations3,4,5,7:
  • Email – Spear phishing emails can fool even experienced security professionals6,8,9
  • Removable media –  Adversaries use removable media to gain access to systems9
  • Websites – Adversaries compromise trusted websites to precisely target specific user groups6,10



The second concern is the threat posed by privilege escalation and lateral movement. Leaders must identify, monitor, and protect high-value assets within their organizations by considering the following11:
  • Mission critical data, systems and networks12
  • Network and system configuration, security, and monitoring systems13
  • Users with elevated privileges (e.g., network and system administrators, users with removable media writing or cross-domain data transfer rights, etc.)14


OPSEC Concerns:

The first thing leaders should understand is that large enterprise networks including the Non-classified Internet Protocol Router Network (NIPRNET) are not secure. Sensitive but Unclassified (SBU) information should be encrypted prior to transmission via email as communications can be targeted for interception and exploitation at any time16. Likewise, SBU data stored on mobile computing devices (data-at-rest) should be encrypted to prevent compromise in the event of loss or theft of these devices [9]. SBU data includes, but is not limited to:
  • Network Configuration Files, Network Architecture Diagrams, and Network Vulnerability Reports15
  • Password and System Credential Files15
  • Personally Identifiable Information (PII)15
  • Very Important Person (VIP) Travel15
  • Locations, movements and mission planning of essential elements15
Secondly, leaders must understand and mitigate operational vulnerabilities created by cell phones4,16,17
  • Cell phones are prime targets for enemy Signals Intelligence (SIGINT) and Electronic Intelligence (ELINT) even when used in a disciplined manner4
  • Compromised smart phone applications can provide adversaries with geo-location and other valuable intelligence16
  • Loss or theft of cellphones and other mobile devices can provide an avenue of attack for adversaries to gain access to enterprise networks or provide access to sensitive information
Third, leaders must understand and mitigate operation vulnerabilities created by insider threats18
  • Insider threats abuse their authorized access to information and information systems to execute theft, espionage, fraud and sabotage18
  • Unintentional insider threats may unknowingly aid adversaries to gain access to systems or exfiltrate data18
Finally, leaders should gain increased understanding of and seek to mitigate the vulnerabilities introduced by the use of social media, social engineering, and PII. 
  • Adversaries use social media to gather intelligence and target Service Members, their families and others4,16,17,19 
  • Social engineering is a highly effective and low-cost attack vector used by threat actors to bypass the most effective defenses to compromise systems and gain access to sensitive information20
  • Awareness and training are the most effective countermeasures20
  • Adversaries target PII to exploit financial and other personal interests of Service Members, their families and others4

Recommendations:

To counter the dual concerns of cybersecurity and OPSEC, leaders should foremost train their people, but also implement and enforce best practices. For cybersecurity concerns, the following recommendations will strengthen your ability to know your network and defend against the insider threat:

Protect Credentials 
  • Implement the Principle of Least Privilege to limit account rights to the minimum required by the user5,6,7
  • Log and monitor privileged user activity and the use of administrative tools6,7,12
  • Enforce password management since default, weak, or stolen passwords enable adversaries to gain access to and elevate privileges12,21

Defend Against the Insider Threat 

  • Know your Service Members and employees
  • Know the behavioral indicators of malicious threat activity18
  • Employ security technology, including multifactor authentication, to detect and prevent insider attacks12,18

Even the most secure network can be compromised, thus it is essential to harden the network and introduce resiliency [4].
  • Disable unnecessary services.  Unnecessary services provide potential avenues of attack for adversaries6,7,21
  • Disable use of insecure protocols (FTP, SNMPv1, Telnet, etc.).  Insecure protocols transmit user names and passwords in the clear.
  • Identify systems that are not patched on a continuous basis and apply other risk mitigations such as traffic filtering and network segmentation to reduce the attack surface.  Program of Record systems are an example as they typically receive software updates and patches on a quarterly basis21
  • Prevent unauthorized devices from connecting to the network [6,14].  Unauthorized devices provide avenue of attack for adversaries to gain access to systems or exfiltrate data6,14
  • Restrict physical access to network devices and infrastructure to the greatest extent possible [23].  Physical access enables a skilled adversary to quickly bypass technical security measures to gain full control of systems23
  • Develop Continuity of Operations Plans to operate despite degraded or disrupted communications.1,11  Ensure communications Primary, Alternate, Contingency, and Emergency (PACE) plans enable mission command even in the event unclassified and/or one or more classified networks are compromised or disrupted.4,11
As outlined in this guide, a single weak security practice can result in the widespread compromise of a network or information system. Protecting network dependent warfighting and other essential functions requires incorporating cybersecurity and OPSEC into all phases of operations. Like good OPSEC, effective cybersecurity requires the development and promotion of an organizational culture that is cyber risk and adversary threat aware, and emphasizes and enforces standards and practices that minimize vulnerabilities to Department of Defense and corporate networks, systems, and information.3



About the Author

Major Michael Senft is a Functional Area 26A Information Network Engineering Officer and has multiple deployments in support of Joint and Special Operations units. He holds a Master's Degree in Computer Science from the Naval Postgraduate School and a Master's Degree in Engineering Management from Washington State University.



End Notes

1. U.S. Department of the Army. (2014). The Army Operating Concept, Win in a Complex World. TRADOC Pamphlet 525-3-1. Retrieved from http://www.tradoc.army.mil/tpubs/pams/tp525-3-1.pdf

2. U.S. Army Asymmetric Warfare Group. (2016) Russian New Generation Warfare Handbook. Retrieved from https://www.milsuite.mil/book/docs/DOC-334149 (CAC Login Required).

3. U.S. Army Chief Information Office/G-6. (2015). Leaders Information Assurance/Cybersecurity Handbook. Retrieved from https://www.army.mil/e2/c/downloads/299601.pdf

4. R. Leonhard, (2016). The Defense of Battle Position Duffer – Cyber Enabled Maneuver in Multi-Domain Battle. Retrieved from https://www.milsuite.mil/book/docs/DOC-332615 (CAC Login Required).

5. R. Joyce, (2016). Disrupting Nation State Hackers. USENIX 2016 Presentation. Retrieved from https://www.usenix.org/node/194636

6. Center for Internet Security. (2016). Critical Security Controls for Effective Cyber Defense. Retrieved from https://www.cisecurity.org/critical-controls/documents/CSC-MASTER-VER61-FINAL.pdf

7. National Security Agency. (2015). NSA Methodology for Adversary Obstruction. Retrieved from https://www.iad.gov/iad/library/reports/nsa-methodology-for-adversary-obstruction.cfm

8. FireEye. (2016). Spear-Phishing Attacks - Why They are Successful and How to Stop Them. Retrieved from https://www.fireeye.com/current-threats/best-defense-against-spear-phishing-attacks.html

9. Defense Security Service (n.d.) Common Cyber Threats: Indicators and Countermeasures. Retrieved from http://cdsetrain.dtic.mil/cybersecurity/data/pdf/Common_Cyber_Threats_Indicators_and_Countermeasures.pdf

10. FireEye. (2015). Zero-Day Danger. Retrieved from
https://www.fireeye.com/current-threats/recent-zero-day-attacks.html

11. BG P. Frost and  M. Hutchison, (2015). Top 10 Questions for Commanders to Ask About Cybersecurity. Retrieved

from http://smallwarsjournal.com/jrnl/art/top-10-questions-for-commanders-to-ask-about-cybersecurity

12. Verizon. (2016). 2016 Data Breach Investigations Report. Retrieved from http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

13. P. Stone,and A. Chapman, (2015). WSUSpect – Compromising the Windows Enterprise via Windows Update. Retrieved from https://www.contextis.com//documents/161/CTX_WSUSpect_White_Paper.pdf

14. U.S. Department of the Navy (2014). Commander’s Cyber Security and Information Assurance Handbook. COMNAVCYBERFORINST 5239.2A. Retrieved from https://www.cool.navy.mil/usn/ia_documents/5239_NCF_Cybersecurity_IA_HANDBOOK.pdf

15. National Security Agency. (2016). JCMA Findings and Trends – 2016 Information Assurance Symposium. Retrieved from https://www.iad.gov/iad/library/ias/defense-at-cyber-speed/jcma-findings-and-trends.cfm

16. CrowdStrike. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian Field Artillery Units. Retrieved from https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf

17. U.S. Computer Emergency Readiness Team. (2011). Cyber Threats to Mobile Phones. Retrieved from https://www.us-cert.gov/sites/default/files/publications/cyber_threats_to_mobile_phones.pdf

18. National Cybersecurity and Communications Integration Center. (2014). Combating the Insider Threat. Retrieved from https://www.us-cert.gov/sites/default/files/publications/Combating%20the%20Insider%20Threat_0.pdf.

19. Wired. (2017). Meet Mia Ash, the Fake Woman Iranian Hackers Used to Lure Victims. Retrieved from https://www.wired.com/story/iran-hackers-social-engineering-mia-ash/

20. U.S. Department of State Overseas Security Advisory Council. (2015). Social Engineering: Threats and Best Practices. Retrieved from https://www.osac.gov/Pages/ContentReportDetails.aspx?cid=18454

21. U.S. Army Cyber Center of Excellence. (2016). Cyberspace Operations Bulletin 16-13. Retrieved from https://lwn.army.mil/documents/2802697/3387032/cyberspace+bulletin+2.pdf (CAC Login Required)

22. US Army Communications-Electronics Command (CECOM) Software Engineering Center. (2014). Software Engineering Center Productions and Services Catalog. Retrieved from http://www.sec.army.mil/secweb/files/SEC%20Products%20and%20Services%20Catalog%20v3.0.pdf

23. D. Ollam, (2008). Ten Things Everyone Should Know About Lockpicking & Physical Security. Retrieved from https://www.blackhat.com/presentations/bh-europe-08/Deviant_Ollam/Whitepaper/bh-eu-08-deviant_ollam-WP.pdf


Image credits (in order of appearance):  Pixabay, Moody Air Force Base, U.S. Department of Defense

1-10 of 62