July 16, 2020 | International, C4ISR, Security
Teresa Shea
With cyber threats constantly evolving and increasing in sophistication, a strong national cybersecurity posture has never been more important. COVID-19 is causing an uncertainty across industry sectors, and criminals as well as adversaries are increasing their cyber-attacks and taking advantage of our increased digital work from home dependence. It is especially important to protect the organizations that comprise the U.S. Defense Industrial Base.
Defined as the “worldwide industrial complex that enables research and development, as well as design, production, delivery, and maintenance of military weapons systems, subsystems, and components or parts, to meet U.S. military requirements,” Defense industrial base networks host mission-critical information and operational assets vital to national security. If infiltrated, the ramifications could plague the U.S. national security strategy, hamper our warfighting edge, create chaos within the critical infrastructure and ultimately undermine adversary deterrence.
To effectively protect the Defense Industrial Base, the government and private sector must both work to secure the U.S. critical infrastructure. Organizations should prioritize collaboration to bolster the nation's cyber resiliency and collectively defend against malicious cyber actors' intent on doing us harm.
Proactively defend networks
It's widely known that, in an ideal world, organizations should stop threats before they reach their targets. However, to deter effectively, organizations need to have real-time situational awareness of their network infrastructure and supply chain, which can be a difficult undertaking.
Threat intelligence information sharing between the government and the private sector companies that comprise the Defense Industrial Base is essential to achieving a strategic view of an advanced threat actor.
Today, targets can only know what is happening to their own assets without insight into the attacker's intent. The Defense Industrial Base Cybersecurity Program allows both the DoD and private companies to share cyber threat information, mitigation and remediation strategies, which helps key players in both sectors increase cyber situational awareness and be more proactive in their security efforts. However, this program is currently voluntary, meaning that the crucial information uncovered within the program is only available to those who proactively join the program. Moving forward, both the public and private sectors must work to enact policies that require collaboration. It is no longer acceptable to rely on incident response protocols, performance assessments of existing systems and one-off reactions to threats without coordination. Increased information sharing is key to staying one step ahead of our adversaries.
Follow government-suggested guidelines
The U.S. government has dedicated time and resources to help secure the Defense Industrial Base, and organizations must act upon the recommendations provided. Earlier this year, the Cyberspace Solarium Commission released a report on the U.S. government's cyber readiness, which found that “the U.S. is currently not designed to act with the speed and agility necessary to defend the country in cyberspace.”
The commission's findings place an emphasis on protecting the Defense Industrial Base's intellectual property, and called on Congress to require that these firms share threat data with the DoD and conduct threat hunting on their networks. Both sharing threat data and conducting threat hunting are proven to result in increased defense of our networks.
A secure future
As noted in a recent LawFare blog, “Cyber-enabled intellectual property theft from the DIB and adversary penetration of DIB networks and systems pose an existential threat to U.S. national security.” Given the abundance of cyber-attacks focused on Defense Industrial Base networks, penetrating them is high on our adversaries' target list. They're currently zeroing in on the U.S. critical infrastructure, attempting to poach the intellectual property that secures our very nation. Until we are willing to come together across sectors to share threat data, and commit to hiring strong talent, we will remain at a disadvantage. Fundamentally, it is about trust and our ability to put the greater defense above individual interests. If accomplished, the U.S. cybersecurity posture and resiliency will remain strong, deterring malicious cyberattacks against our Defense Industrial Base.
June 16, 2023 | International, Aerospace
Defense News has confirmed which contractor is sending drones to Ukraine, after the U.K. released a video without identifying the systems shown.
March 7, 2022 | International, Aerospace
'The problem is on the other side of the Rhine," said Dassault CEO Eric Trappier, laying the blame on Germany's Airbus defense business.
June 22, 2023 | International, Other Defence
Dear Canadian Innovators, On Monday, 19 June, NATO DIANA launched its first three pilot challenges. Applications are now open to world-class innovators who have exceptional ideas to help solve dual-use critical defence and security problems. DIANA’s Pilot Challenge call focuses on the following three areas: Energy Resilience: In an uncertain and changing world, there is an urgent need for more reliable, resilient, and efficient energy solutions – particularly in the aftermath of natural disasters or in conflict zones. Climate change and its consequences will only make that need greater. For this challenge, DIANA is therefore seeking technology solutions that enable the modular design of microgrids that can meet supply demands reliably. Of interest are technologies and systems that are capable of scaling and that are interoperable with other similar systems; renewable power generation; power storage; hardware and software for adaptive and intelligent power conditioning and management; and technologies for the detection and protection of the physical system and components from malicious cyber-attack. Download the Problem Statement here Secure Information Sharing: By secure information sharing, we typically mean the ability to exchange documents and other static content with others safely, without the risk of interference by malicious actors. However, while protecting document-based information transfer in an office environment is important, it is a simpler task than securing multiple forms of information flow when working in the field or on the move, as is often the case with first-responders, peacekeeping forces and the military. For this challenge, DIANA is looking for ways of creating a secure and trusted information environment – with the emphasis on live data streams such as those used to provide near real-time video, augmented reality feeds, digital radio and more. Of particular interest are hardware and software solutions that operate over open networks and that can function in ‘austere’ or ‘disadvantaged’ environments. Download the Problem Statement here Sensing and Surveillance: Coastal waters are vital to the economic and security interests of the countries whose borders they touch, and critical to all who rely on them for commerce, transportation, recreation, and food, for example. Yet, even today, our understanding of the undersea environment is limited – not least because many standard methods of observation don’t work well underwater and because the marine environment is difficult to access and to work in for extended periods. For this challenge, DIANA is seeking components and systems for sensing and information gathering in subsurface coastal zones. Applications of interest might include, but are not limited to, novel techniques and/or advanced capabilities for seafloor mapping, undersea infrastructure monitoring, manmade object and marine-life tracking, climate-change-effects sensing, and patterns-of-life visualisations. Download the Problem Statement here The call for proposals will be open until 25 August 2023. In Phase one of the DIANA accelerator program, approximately 30 innovators will receive grant funding of $150,000 CAD/ € 100,000 EUR starting in late 2023. At the end of Phase One, a smaller number of companies will be offered an additional grant of up to $450,000 CAD/ € 300,000 EUR and be invited to participate in Phase Two of the accelerator programme called ‘Scale’. During this second six months, companies will focus on demonstrating their technological solution, developing transition strategies, and working with investors and end users to identify pathways to adoption. Once DIANA achieves full operating capability in 2025, DIANA will run up to ten challenge programmes per year and have the capacity to interact with hundreds of innovators each year. The application portal can be accessed via DIANA’s official website. Through the web link and the DIANA LinkedIn page, you can also find additional information related to the initiative and stay notified on all of DIANA’s publications and updates. The Department of National Defence is looking forward to seeing our Canadian Innovator Community actively participating in the NATO DIANA program and wishes you luck in this process. Note – any questions related to DIANA challenges or eligibility should be directed to NATO DIANA via DIANA’s official website, linked here.