Cyberwarfare is changing the very nature of armed conflicts. Nations, terrorist groups, hacktivists and criminal organizations are moving beyond the traditional means of destruction into using technology as a method of disrupting systems and networks.
Militaries are struggling to find ways to not only defend the resources necessary to conduct a modern war but how to engage and deny the enemy access to their resources as well. Command and control systems, air defense networks and the civilian infrastructure that supports the military are the new battlefield prizes armies will seek.
For example, in 2011 an Israeli attack on a Syrian nuclear facility was preceded by a cyber and conventional electronic warfare onslaught which denied the Syrians the ability to use their air defense system effectively.
The U.S. Army’s Plan for Convergence
At the AFCEA TechNet Augusta 2015 conference I was fortunate enough to hear military and private sector leaders discuss threats the U.S. Army faces in cyberspace. Maj. Gen. Stephen G. Fogarty, a panelist at the conference, and commander of the U.S. Army Cyber Center of Excellence (CoE) at Fort Gordon in Georgia shared a slide with this problem statement from the Army Warfighting Challenges:
“How does the Army in conjunction with joint, intergovernmental, multinational, and commercial partners assure access to critical data and information networks across multiple domains that are operating in an increasingly contested and congested operating environment, while simultaneously denying the same to the enemy?”
To meet this challenge the U.S. Army is implementing a strategy of convergence to maintain a tactical edge in the cyber battlefield of the future. Convergence is a concept where silos and organizational barriers are broken down so that isolated chunks of data can be turned into knowledge through analytics and are distributed quickly and securely to those who need it, be it an officer in a tactical operations center or a soldier in the field.
Under this new model, the Army’s Tactical Operations Centers (TOCs) will be integrated into a streamlined Department of Defense Information Network (DoDIN). The network will be access controlled and micro segmented to allow tailoring of the appropriate level of access regardless of rank and location.
The primary benefits of convergence will be the enhancement of situational awareness for decision makers and those in the combat field. Taking threat sensor data, removing noise and analyzing the data, will provide decision makers with the ability to forecast, gain up-to-date battle damage assessments (BDA) and supply geolocation information of the enemy and the electronic signatures our own forces generate.
Convergence is going to be achieved by consolidating its cyber forces operating across multiple departments into single cross operational units removing impediments to information sharing. By fiscal year 2017, the U.S. Army Cyber Command (ARCYBER) will eventually have 41 Cyber Mission Forces operationally capable. They will combine cybersecurity, electronic warfare and signal doctrine into single units. The units will use past lessons learned to develop new doctrines in cyber security.
Challenges to Convergence
With convergence allowing the U.S. military and its allies to protect their own cyberspace and domain, why then is convergence so difficult to achieve?
First and foremost, it is about resources. There are not enough qualified cyber personnel in the pipeline to fill the in-demand cybersecurity positions. The Army’s Cyber Center of Excellence is still in the process of adding facilities and is expected to grow to four times its current size. That growth however is several years away.
The other major reasons are cultural and financial. With cutbacks, there is competition within the Army for funding. There can be resistance to change. Often, there is a data management structure that is stove piped into seemingly unbreakable silos. Also, there is a fundamental lack of understanding of how these new strategic and tactical tools fit in with the tactical lessons of past wars.
Cyber Warfare Can Target Any Enterprise
While the Army is reorganizing, the private sector is facing its own challenges on the cyberwarfare front. Cyberwarfare is no longer limited to military and government facilities. As an example we only need to look at last year’s data breach at Sony.
Hackers leaked information about unreleased films and embarrassing employee emails, harming Sony’s reputation and creating the loss of intellectual property. Cyber criminals crippled Sony’s IT operations because the satire movie “The Interview” included an assassination attempt on North Korean leader Kim Jong Un. The FBI believes North Korea was behind the attack. What the breach at Sony demonstrates is that any organization’s involvement with political issues can lead to an attack by a group or nation that feels that it has suffered harm or embarrassment.
Gaining access to confidential information or vital infrastructure, like a power plant, may be easier than we think. An attacker needs only to be talented enough to conduct a social engineering exercise against the operator plant and then spear phish the operator into installing malware such as BlackEnergy. The malware will allow the attacker to issue commands to the Industrial Control System (ICS). The malware can sit undetected in the plant’s environment for years waiting for the commands to shut down power.
If the plant’s primary customer was a naval base, that resource and the civilians supplied by that power plant would be adversely impacted. While this scenario may sound like fiction, this type of malware attack has already occurred and may be a harbinger of worse things yet to come. The U.S. Department of Homeland Security has defined 16 critical infrastructure sectors and has recommendations as to their protection.
The Lessons of Convergence
The Army has recognized that the impediments to swiftly responding to an attack are not only technical but cultural. Developing a strategy that simplifies data acquisition and distribution allows for a rapid response to an incident, be it from a hacker or a nation state. Looking at what the Army is doing to reorganize may help you apply their convergence strategy to protect your business. Here are some suggested steps:
- Adopt the National Institute of Standards (NIST) Risk Management Framework, Special Publication 800-37. This framework is structured around understanding potential risks and the controls to manage risks (NIST SP 800-53 r4).
- Instill in your future leaders an understanding and appreciation of cybersecurity.
- Close skills gaps and build a resilient cyber workforce that is prepared to mitigate risk.
- Think like the enemy and define the cyberspaces you need to defend. Attackers want to disrupt your operations so focus your resources on protecting them.
- Consolidate your networks and knowledge sharing mechanisms. For example you could leverage cloud technology like the army does to consolidate your data for more efficient data management, analysis, visualization and protection.
Security and risk management is very hard. Leveraging the lessons learned from organizations such as the Army’s Cyber Command whose very existence depends on security, can help your enterprise to strengthen its cyber defense posture.
- CAP Prep Course
- Department of Defense (DoD) Risk Management Framework (RMF) Process
- CISSP Certification Prep Course
- SSCP Certification Prep Course
- Over 100 courses are mapped to The National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. Please call 1-800 Courses for more information.