The Army's Current Network Defense System

I was personally confronted with this very issue a few hours after attending the recent NACD Research Triangle Chapter session “Why Board and C-Suite Alignment is Critical to Managing Cyber Risk.”

Highly trained Coast Guard Crypto/Cyber personnel’s technical prowess, perishable skills and experience are not currently being fully utilized and a corrective course of action is required to develop, sustain and retain a workforce needed for our services complex, global missions. Intelligence Specialists (IS) and Information Technician (IT) have a wide range of potential billets and specialties within their individual rate they may receive assignment to throughout their careers, but that doesn’t provide the Coast Guard a highly trained professional workforce within the Crypto/Cyber field. The Coast Guard must create a Crypto/Cyber enlisted rate.

However, the current relationship among the user, solution providers, and resource sponsor preclude incentives for innovation. For example, there is little motivation to reduce the number of personnel supporting the garrison networks. The operator is not responsible for funding their support. Likewise, any reduction in labor funding does not result in a corresponding effort to innovate to replace the lost labor since the solution provider is not responsible for service delivery. This is a governance issue that requires a policy, resource, and technical

BLUF: MG Smith’s intent is to host Chris Roberts, a cybersecurity professional, to speak to leaders within the Alabama National Guard, as well as other state and civilian agencies. This presentation will focus on the threats we face in the cyber world today. MG Smith extended an invitation to Mr. Roberts as discussed in the background section of this paper. The date, location and audience are to be determined.

Deploying the right security products – IT security today has a wide range of technologies that are aimed specifically at lowering risks and threats.

The author of this response is asked to answer to a few questions relating to cyber-attacks at several different mission-critical or otherwise very sensitive agencies or companies in the area. The ramifications of each incident and who will be affected by the same will be discussed. The outcomes of each will also be mentioned. The author is also asked to identify the steps and recovery path for one of the incidents in particular

1. UMUC (2012).The Future of Cybersecurity Technology and Policy, CSEC 670 (Module 2). Document posted in University of Maryland University College CSEC 670 9042 online classroom, archived at: http://webtycho.umuc.edu

My project will be a case study on how effective the USCYBERCOM has been in supporting the DoD Cyber Strategy, specifically exploring how the organization has developed and adjusted to the cyber battlefield. Additionally, I will explore what U.S can expect from the USCYBERCOM now that the organization has just recently been elevated combatant command, which comes with the responsibilities of managing its forces, being prepared to conduct operations during crises, and for training and equipping cyber forces.

Due to today’s ongoing conflicts and the rapid change of technology, Cyber has been one of the most challenging programs for Northrop. Furthermore, the full-spectrum cyber solutions delivered by the company are crucial to our national security. Northrop is benefiting from being one of the major

Blue Moon Financial (BMF) is a large financial services firm that has recently started to understand the value of protecting the organizations network resources, largely in response to a recent rash of network intrusions that have victimized other firms within the industry. BMF has allocated additional funds for the acquisition of technical resources and additional training for technicians in order to help mitigate any breaches that may significantly impact the sustainability of the company and services provided to its clients. As the Senior Security Analyst at BMF I am awaken one night by a phone call from a technician who

We have been engaged in business for some time, and have been very successful, however we need to re-examine our network configuration and infrastructure and identify that our network defenses are still reliable, before we make any changes. We need to take a hard look at our current configuration of host, services and our protocols within our organization. Data from a large number of penetration tests in recent years show most corporate networks share common vulnerabilities. Many of these

The new cyber-center partner, Georgia Bureau of Investigation (GBI), is going to be a little complicated due to the company needing privacy, space, and a secure environment. GBI basing a cybercrime unit at the facility not only needs physical space to hold an investigation team, interns, computer labs, secure servers, evidence, and equipment, but it also needs a secure and private environment. With GBI having security demands around the workplace that are so sensitive, structured, private, and with chain of custodies, it makes it hard to interact and collaborate with other personnel in the center. One believes the collaboration will work if, “steps are in place to ensure that there will be able opportunity for interpersonal communication across teams”. (page 19)

In July 2011, I attended the IASO training. The IASO training focused on threat and vulnerability management of information systems, as well as what countermeasures could be implemented to minimize these treats. This was my first true experience into Cybersecurity, and I’ve never looked back. I got my first taste of creating and enforcing security policies, and was responsible for creating the Brigade Headquarters Tenant Security Plans for both the Non-Classified Internet Protocol Routing (NIPR) and Secret Internet Protocol Routing (SIPR) networks. As the IASO, I conducted monthly vulnerability scans for the SIPR computers, and conducted quarterly and yearly risk assessments for the Brigade and Battalion headquarters. As my role changed with the Brigade, I was asked to prepare reports and present weekly updates on the Brigades network readiness. This task was completely foreign to me, as most of the interactions I had up to this point had been with other technicians or IT professionals. I had to quickly learn to fully explain each process in a way that made sense for non-technical individuals. I was exposed to the process of creating an IT roadmap, as well as planning a budget to support the outcomes of the roadmap.

Our program incorporates these security capabilities into a comprehensive, multi-layered defensive approach for ensuring the confidentiality, integrity, and availability of the public’s sensitive personally identifiable information. As we continue to provide new opportunities for better customer service through new online services, we must remain vigilant in continuing to strengthen our cyber terrorism program capabilities. To that end, we proactively try to penetrate our own information systems daily to rigorous test and analyze any points of vulnerability. We continuously learn more about the ways hackers may try to gain access to our systems, and we continuously devise ways to stop them. Therefore, our cyber terrorism defense program will overpass the performance standards to remain strong, we will continue to evolve our cyber terrorist defense program to reflect changes in technology, changes to business processes, and changes in the complexity of internal or external threats. Continued investments in cyber terrorism projects and initiatives will ensure we have the resources needed to accomplish our agency’s mission and thus maintain public confidence in the agency’s ability to protect their

The modern military, especially the Air Force, relies heavily on its troops assured access to the internet and other drives. For this very reason, although the military remains at the forefront of cyber security,