The Cyber Security Landscape Today

The Cyber Security Landscape Today

I am going to do things a little differently this week. Since there are no major cyber attacks to cover at the time that I am writing this, I am going to discuss the Cyber Security Landscape of Today. As we have seen and conveyed to you, the reader of this blog, we live in a period of the evolution of security. What was once conventional wisdom is now a threat or antiquated. We no longer stress the relationship between clients and servers as we once did.

More and more products and services are moving to the “cloud,” making everyone more reliant (than we already are) on internet connectivity. This makes for an interesting portrait to be painted with regards to hackers, governments, and companies in terms of how they approach it to achieve their objectives, regardless of how criminal or ethical their motives are.

Department of Defense Perspective

The United States Department of Defense (DOD) has been working over the past few years to increase their cyber presence across all services. This culminated with the creation of the U.S. CYBER COMMAND, a sister organization to the National Security Agency (NSA). Lisa Ferinando, of (DOD News states that “A change in culture is needed to protect against threats in the rapidly changing cyber domain, the Defense Department’s chief information officer said here yesterday.”
It was conveyed that for a minimal investment, an attacker (whether a loner or state-sponsored) could spend little capital and cost the DOD millions, based on the success of the attack. “In 2013, the command embarked upon a ‘four-year sprint’ to bring 133 new cyber teams together across the military services, involving some 6,200 people ( Ferinando , 2015).
The Pentagon “is building a massive, electronic system to provide an overview of the vulnerabilities of the military’s computer networks, weapons systems, and installations, and help officials prioritize how to fix them, the deputy commander of U.S. Cyber Command said on Thursday” (Reuters, 2015). This is effectively a “score card” system in response to escalating probing and attacks from China, Russia, and Iran. The Army and Navy are currently working on training their cyber warfare defense teams to unify the missions and mitigate any insider threats, based on actions from Edward Snowden and Bradley Manning, among others.
This comes at a vital time, when the U.S. and China are in discussions about, for lack of a better term, a cyber truce. Many are speculating that China is behind attacks on Blue Cross and Blue Shield and OPM as well. China’s president is meeting with President Obama in the near future. It is speculated that l “the US and China are said to be working on a cyber arms control accord in which both sides would agree not to use certain types of cyber attacks during times of peace” (The Verge, 2015). We covered this in our blog about the Department of Energy cyber attacks.

Presidential Election

While we are seeing all sorts of banter about various candidates (ahem, Donald Trump) on TV and we have already had 2 televised debates for the Republican Party, we have not heard much from the candidates about Cyber Security. This is a hot button issue, especially if the United States were the perpetrators of planting STUXNET on Iran’s Nuclear Program. There has been much talk about the military and international relations, especially with the more ‘hostile’ nations (i.e. North Korea, Russia, and Iran) and talk about Iran’s nuclear program.
An article in The Concord Monitor by Art Coviello sums it up well:

Over the coming election cycle, we should be looking for candidates who are willing to attack this issue head on with comprehensive policy positions that address the concerns and needs of all constituencies: the private sector that controls 85 percent of our nation’s critical infrastructure; law enforcement, that strives so hard to protect us from unseen enemies and criminals; our departments of Homeland Security and Defense, which, along with our intelligence agencies, must find and stop terrorists and defend us from nations that would harm us economically or physically; citizen/consumers and privacy advocates, who have legitimate concerns about our personal freedoms and how our personal information is used; and our allies, who should be working more closely with us against the whole spectrum of adversaries.

Perhaps some candidates may make their stance(s) on Cyber Security more known in the coming weeks. We will attempt to get comments from the teams of the top candidates on both tickets and post them here. Cyber security and cyber warfare will likely play an important role in our Nation and Military’s history from this point forward.

References

DOD News
Reuters
The Verge
Concord Monitor

Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.

Enter your email address:

Delivered by FeedBurner





Contact Us


Subscribe to our mailing list

* indicates required







About Joe Gray

Joe Gray is a native of East Tennessee. He joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Since leaving the Navy, Joe has lived and worked in St. Louis, MO, Richmond, VA, and Atlanta, GA. His primary experience is in the Information Assurance (IA) and Cyber Security compliance field. He has worked as a Systems Engineer, Information Systems Auditor, Senior UNIX Administrator, Information Systems Security Officer, and Director of IT Security.

Joe is in pursuit of his PhD in Information Technology (with focus in Information Assurance and Security). His undergraduate and graduate degrees are also in Information Technology (with focus in Information Assurance and Security) from Capella University, where he graduated Summa Cum Laude for both degrees and completed a Graduate Certificate in Business Intelligence. He also is a part-time (Adjunct) Faculty at Georgia Gwinnett College.

Joe holds the (ISC)² CISSP-ISSMP, GIAC GSNA, CompTIA Security+, CompTIA Network+, and CompTIA A+ certifications. In his spare time, Joe enjoys reading news relevant to information security, blogging, bass fishing, and flying his drone in addition to tinkering with and testing scripts in R and Python.