Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Search Tags: Cyber
Cyber attacks are a growing vulnerability for our homeland security and broader national interests - and federal employees are on the front lines. In fact, Politico recently reported that Congress and other government agencies face an average of 1.8 billion cyber attacks per month. Both the number of attacks and their sophistication continue to increase at an alarming rate.
In many instances, the key to successfully combating an attack is stopping it at its entry point, which is often the unsuspecting federal employee. For example, the Politico report pointed out that "…attacks are increasingly focused on infiltrating application software on Hill staffer computers…,"noting:
- In the last five months of 2009, 87 Senate offices, 13 Senate committees and seven other offices were attacked by spear-phishing attacks, which appeared as e-mail messages to staffers urging them to open infected attachments or click on bad links.
- Cyber security must be an agency priority. Cyber security education and training are much like any other agency initiative: if leadership indicates that something is a priority, agency employees will take action. Agency leadership must make it clear that cyber security education and training are a priority, model the behavior they ask of their employees, and dedicate resources to address the problem and its solution. If they do so, federal employees will respond accordingly.
- Education and training must be continuous. Hackers, terrorists, and other bad cyber actors do not wait for reporting requirements or other compelling organizational issues to decide when to attack - they just do. Education and training efforts should be ongoing, consistently updated, and test employees' understanding of the topic on a regular basis. Agencies must be as persistent and agile in their training as cyber attackers are in their efforts to do harm.
- All agency employees must be included in training. All agency employees, and their contractors, are vulnerable to cyber attacks. No grade level is too high or too entry-level to be excluded from standard education and training.
- Reporting and accountability measures must be implemented. Accountability mechanisms should be used to not only identify those personnel who have or have not received cyber security training, but also on how well they retain the information they have learned. The use of cyber security quizzes or other mechanisms to test the workforce's cyber knowledge provide a quantitative measure of the effectiveness of the training program as well as targeting specific personnel or subjects for deeper training.
The techniques used to attack information networks and exploit information are quickly evolving to the point where it is almost impossible to distinguish intrusion activity. The federal government must use an educated workforce on the cyber threat as a force multiplier as part of its cyber security strategy. Individual employees and agencies must share the responsibility for anticipating and preventing cyber attacks from succeeding.
The non-profit Bipartisan Policy Center recently hosted Cyber ShockWave - a live, mock cyber attack against the nation. The exercise simulated the government's response to a cyber crisis with former Cabinet and national security experts acting as presidential advisors in the fictional drill. The exercise highlighted the dangers of cyber-terrorism and the government's preparedness to respond to such an attack.
Hackers, terrorist organizations, cyber criminals, and nation states routinely target government and corporate entities for financial gain, military intelligence, warfare, and sometimes just for notoriety and fame. Government agencies and corporations have traditionally addressed this threat independently, but the evolution of cyberspace has changed the rules. A unified front between the private and public sector has become more critical to combat these cyber threats.
The public and private sectors are becoming increasingly interdependent - the operation of our nation's critical infrastructure, including the national power grid, transportation systems, and communication networks, depends upon the ability of public and private sector networks to share information via cyberspace. Likewise, our nation's economic superiority is predicated on our ability to maintain competitive advantages in capital markets. Our enemies are not only looking for ways to exploit vulnerabilities in our critical infrastructure, but they are also increasingly looking for ways to steal our private sector's intellectual property in order to weaken our economic standing and gain an advantage in the global economy.
Google's disclosure of "sophisticated" cyber attacks on its infrastructure reportedly originating in China offers a good example. The Washington Post recently reported that Google and the National Security Agency (NSA) are forming an alliance "to better defend Google - and its users - from future attack." Putting the agreement in place will enable the NSA and Google to share critical information to analyze the attack without violating privacy laws or policies. This alliance will help Google better defend its intellectual property critical to our nation's economy while providing NSA key insight into the attack methods and motives of the attackers.
The need for such partnerships is certain to grow and will most likely extend to organizations that are not as large and resourced as Google but are just as critical to the strength of our nation's economy. Our adversaries are using similar attack methods to compromise systems across both sectors but they have not effectively partnered to share threat intelligence or early warning indicators. A formal partnership between the private and public sector allows the country to develop a unified and coordinated approach to defending our nation's assets.
There is a new alliance in the battle for cybersecurity. Though neither side has confirmed it, The Washington Post recently reported that Google has asked the NSA to help investigate the mid-December cyber attack against its networks "to better defend Google - and its users - from future attack." This partnership demonstrates the increasing interdependencies between the public and private sector in defending against cyber threats.
Dennis Blair, Director of the Office of National Intelligence, delivered the Intelligence Community's annual threat assessment to Congress last week. Cyber threats topped the list with the Director describing malicious cyber activity as occurring on an "unprecedented scale with extraordinary sophistication" and citing network convergence and channel consolidation as increasing vulnerabilities.
As the Defense Department's proposed Cyber Command awaits confirmation hearings on its proposed commander, the services are moving forward to establish their own cyber organizations. Vice Admiral Barry McCullough reported for duty on January 29th as Commander of the newly reconstituted 10th Fleet, officially standing up the U.S. Navy's Fleet Cyber Command.
Thursday, December 17th, 2009 at 2:05pm
In the growing on-line world of quick and unmonitored transactions and communications, virtual identities have become common elements of people's daily lives creating limitless opportunities for criminals to recruit, launder their money, and communicate under the cloak of anonymity. A panel of leading government experts discuss the way that our adversaries use these systems and how organizations can better prepare for the threats they are facing. From a commercial, law enforcement and security perspective, panelists will explain the scope of the problems and the potential benefits that can be derived from new social media
Tags: technology , Booz Allen Distinguished Speaker Series , Virtual Identity , cyber , crime , James A. Lewis , Dr. Reobert E. Young , Roy D. Dotson , Secret Service , Department of Homeland Security , Gary Cubbage , Booz Allen Hamilton