Retour aux nouvelles

2 janvier 2019 | International, C4ISR

Four big questions for cybersecurity in 2019

By:

How will cybersecurity experts remember 2018?

In the past year, the Trump administration announced it would take more offensive hacking operations against foreign countries, the Department of Justice announcedsweeping indictments against Chinese hackers and the U.S. intelligence community reported that foreign countries continued to interfere in American elections.

So what comes next? Here are four overarching questions for the cybersecurity community in 2019:

What will the new Pentagon chief do with expanded cyber powers?

In August, the president gave the secretary of Defense the ability to conduct cyberattacks against foreign countries so long as they do not interfere with the national interest of the United States, according to four current and former White House and intelligence officials. But the resignation of Jim Mattis, the Defense secretary, means the next Pentagon chief will have a broad arsenal of cyber authorities.

For the cyber community, Patrick Shanahan, the current acting secretary, is a relative unknown. He has not given significant insight into how he views the role of offensive cyberattacks for the Pentagon, and his scheduled Jan. 1 elevation comes as some in the Trump administration and U.S. Cyber Command have pushed for even more authorities. However, he has spoken at length about the need for the defense industry to bolster its own cyber practices.

Although the appointment of Shanahan as acting Pentagon chief is temporary, he is on the short list of officials who may take on the job full time.

The new Pentagon chief may also have to decide when the National Security Agency and U.S. Cyber Command should split.

Both bodies are led by Gen. Paul Nakasone, but that may change. Cyber Command is in the process of gaining its own infrastructure to conduct offensive cyberattacks, and a Pentagon official told Fifth Domain in November that it appeared the split was all but certain to happen in the coming years, although no formal decision as been made.

What comes next in the U.S.-China cyber relationship?

The Department of Justice released a flurry of indictments against Chinese hackers in 2018, accusing Beijing's cyber sleuths of infiltrating American government agencies and defense contractors.

The most recent round of allegations came Dec. 18, and the legal action could continue in 2019. While announcing the most recent indictments, Deputy Attorney General Rod Rosenstein accused China of breaking an agreement not to use hacked materials for commercial use, although he did not offer evidence.

The hacking allegations come amid a broader trade war between the United States and China. Experts have told Fifth Domain a trade war could increase digital tension between the two nations. If the trade war continues, experts say they see little incentive for China to limit its cyberattacks.

Will America suffer blowback for more offensive cyber operations?

When the Trump administration announced the United States would take more offensive actions in cyberspace, some in the federal cybersecurity community criticized the plan as faulty.

“The side effects of the strategy of ‘persistent engagement' and ‘defend forward' are still ill-understood,” Max Smeets and Herb Lin, experts at Stanford University wrote for Lawfare. “A United States that is more powerful in cyberspace does not necessarily mean one that is more stable or secure.”

Experts also warn of making any rush judgments about the effectiveness of these offensive cyberattacks. Current and former intelligence officials worry that uncovering and attributing a hack can take more than a year, and, even then, that process is not perfect.

One former official pointed to the leaked documents about Russian targeting of American election infrastructure in 2016 that was sent to the news organization the Intercept. It took months for the intelligence community to understand the full extent of the hack, the official said, an example of how long it takes to detect a cyberattack.

However, all of that means it is reasonable to expect that the merits of the new offensive cyber operations may not be known publicly for years.

Will Congress take action to streamline cybersecurity contracting and research?

Yes, changing the way government does business is ambitious. But experts argue that if the United States wants to keep up with digital innovations from China and other countries it is necessary to change the American government's relationship with the private sector and academia. The effort to streamline cybersecurity funding and research will fall to the new Congress, in which Democrats will take over the House of Representatives.

But when it comes to the U.S. government's relationship with the cyber industry, structural barriers to innovation remain.

On average, it takes roughly seven years for an idea to get a contract inside the U.S. government. In that length of time, a product is already two generations old. Former Pentagon officials have used the digital fight against the Islamic State as an example of how long the process takes. It took roughly two years for Cyber Command to receive the proper equipment and training after the order to digitally defeat the Islamic State, officials told Fifth Domain.

In addition, the cybersecurity industry is watching a series of bills in Congress. Sen. Mark Warner, D-Va., has pushed for a streamlined security clearance process, and industry officials told Fifth Domain they expect him to continue the effort in the new year. The bill could make it easier and cheaper to get a security clearance.

And many in the federal cybersecurity community have called for a change in academia's relationship with cybersecurity.

The universities and research institutions in the United States focusing on quantum computing are “subpar,” George Barnes, deputy director at the NSA said in June.

Experts say that quantum computers will make traditional cybersecurity methods obsolete because of the expansive computing power.

However, new investments in artificial intelligence and a new Solarium Commission, which was created to help contextualize cyber in the broader national and economic security discussion, may provide solutions to these problems.

https://www.fifthdomain.com/industry/2018/12/31/four-big-questions-for-cybersecurity-in-2019

Sur le même sujet

  • BAE Systems Receives $33 Million Contract to Produce Long Range Artillery Guidance System

    24 juillet 2020 | International, Aérospatial

    BAE Systems Receives $33 Million Contract to Produce Long Range Artillery Guidance System

    July 22, 2020 - BAE Systems has received a $33 million multi-year contract from the U.S. Army to further develop its Long Range Precision Guidance Kit (LR-PGK) for 155mm artillery shells, enabling the Army to conduct long range precision strikes in challenging electromagnetic environments. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20200722005518/en/ LR-PGK is a critical program in the Army's 155mm Extended Range Cannon Artillery (ERCA) munitions suite, designed to deliver accurate, lethal fires at greater ranges than near-peer adversaries. The BAE Systems solution builds on proven, mature technology, offering greater performance than current guidance kits through increased maneuverability and an incorporated anti-jam capability. “We're helping the Army meet its precision strike objectives with this critical long range artillery capability,” said John Watkins, vice president of Precision Strike at BAE Systems. “Our experience in precision guidance, rugged electronics, and artillery platforms has helped us develop a kit that improves mission effectiveness.” Under the new contract, BAE Systems will produce a series of LR-PGK fuzes for live-fire testing, further validating the solution and demonstrating its accuracy and reliability in challenging battlefield conditions. Prior to the award, BAE Systems successfully demonstrated the LR-PGK capability and performance at Yuma Proving Ground in September 2019. The company committed significant investment to deliver on the Army's modernization goals by intentionally designing the LR-PGK's modular architecture for low-cost production and upgradeability. LR-PGK is one of several BAE Systems programs that support Long Range Precision Fires, one of the U.S. Army's top modernization priorities. In addition to designing and manufacturing the M109 family of Self-Propelled Howitzers, BAE Systems has developed and delivered guidance systems for precision munitions for decades and is a major supplier of artillery round explosives and propellants. View source version on businesswire.com: https://www.businesswire.com/news/home/20200722005518/en/

  • Exclusive: Trump administration advances $2.9 billion drone sale to UAE - sources

    6 novembre 2020 | International, Aérospatial

    Exclusive: Trump administration advances $2.9 billion drone sale to UAE - sources

    By Mike Stone, Patricia Zengerle WASHINGTON (Reuters) - The U.S. State Department gave Congress notification it plans to sell 18 sophisticated armed MQ-9B aerial drones to the United Arab Emirates in a deal worth as much as $2.9 billion, people briefed on the notification said. The move comes on the heels of last week's notification of a potential sale of F-35 fighter jets to the middle-eastern country. This would mark the first armed drone export since the Trump administration reinterpreted a Cold War-era arms agreement between 34 nations to allow U.S. defense contractors to sell more drones to allies. Reuters has reported that UAE has long shown interest in purchasing drones from the United States and would be among the first customers in line after U.S. export policy changed this summer. A $600 million deal to sell four unarmed but weapons-ready MQ-9B SeaGuardian drones to Taiwan was the first to be formally notified to Congress on Tuesday. This informal notification for the Reaper-style drones is the precursor to the State Department's formal and public notification. The U.S. Senate Foreign Relations and House of Representatives Foreign Affairs committees - whose members have criticized UAE's role in civilian deaths in Yemen's civil war - have the ability to review and block weapons sales under an informal review process before the State Department sends its formal notification to the legislative branch. The U.S. State Department may wait to formally notify Congress of the sale once staff and members are briefed on the potential sale, one of the people said. The formal notification gives Congress 30 days to object to any sales. A U.S. State Department spokesman told Reuters, “As a matter of policy, the United States does not confirm or comment on proposed defense sales or transfers until they are formally notified to Congress.” The armed MQ-9B drones will also be equipped with maritime radar and could be delivered in 2024. The package notified to Congress is for 15 with an option for three additional drones, one of the people said. The UAE is also seeking a package of Boeing Co EA-18G Growlers, an electronic warfare version of the two-seat F/A-18F Super Hornet aircraft, that are capable of jamming radar and other advanced capabilities. Growlers are operated buy the U.S. and Australia. The United Arab Emirates, one of Washington's closest Middle East allies, has long expressed interest in acquiring the stealthy F-35 jets and was promised a chance to buy them in a side deal made when they agreed to normalize relations with Israel. The informal notification for 50 Lockheed Martin Co F-35 jets was made on Oct. 29. But any deal the U.S. makes to sell weapons in the region must satisfy decades of agreement with Israel where the U.S.-made weapon must not impair Israel's “qualitative military edge,” guaranteeing U.S. weapons furnished to Israel are “superior in capability” to those sold to its neighbors. https://www.reuters.com/article/us-usa-emirates-drones-exclusive/exclusive-trump-administration-advances-2-9-billion-drone-sale-to-uae-sources-idUSKBN27M06L

  • Why a threat campaign targeting Snowflake customers isn’t exactly a special snowflake

    24 juillet 2024 | International, C4ISR, Sécurité

    Why a threat campaign targeting Snowflake customers isn’t exactly a special snowflake

    An active threat campaign targeting Snowflake customers underscores an attack pattern of exploiting users’ cloud and SaaS identities and gaps in MFA coverage.

Toutes les nouvelles