After Twenty Years of Cyber – Still Unchartered Territory Ahead

The general notion is that much of the core understanding of cyber is in place. I would like to challenge that perception. There are still vast territories of the cyber domain that need to be researched, structured and understood. I would like to use Winston Churchill’s words: “it is not the beginning of the end; it is maybe the end of the beginning.” In my opinion, the cyber journey is still in a very early stage. The cyber field has yet to mature, and the big building blocks for the future cyber environment are not yet in place. The Internet and networks that support it have increased dramatically over the last decade. Even if the growth of cyber might be stunning, the actual advances are not as impressive. In the last 20 years cyber defense and cyber as a research discipline has grown from almost nothing to a major global enterprise and the recipient of considerable resources. In the winter of 1996-1997, there were four references to cyber defense in the search engine of that day (AltaVista). Today, there are about 1.3 million references in Google. Cyber knowledge has not developed at the same rapid rate as the interest of, concern and resources for cyber. The cyber realm is still struggling with elemental challenges such as attribution. Traditional topics in political science and international relations such as deterrence, sovereignty, borders, the threshold for war and norms in cyberspace are still under and discussion. From a military standpoint, there is still a debate about what cyber deterrence would look like, what the actual terrain and maneuverability are like in cyberspace,...

The Number One Vulnerability in the Future of Cyber Security: A Critical Lesson for all Organizations

Since 1958, NASA has been the foremost symbol of American excellence in science and exploration, inspiring generations of engineers around the globe to achieve the impossible through advanced technology. With each of its defining events, NASA pushes humanity further into the future, bringing scientists more information about our universe than ever dreamt possible. But while NASA was reaching for the stars, other forces were secretly at work. In the dark recesses of the agency’s computers and network servers, intruders were lurking. After months of covert access, a hacktivist group called AnonSec obtained 276GB of sensitive data including flight logs, videos, and personal information from thousands of employees (Thalen 2016). This post examines how such an established institution of advanced technology could fall prey to cyber hacking, the glaring warning signs, and the one key lesson all organizations should learn from this historical event. The Back Story What sets the 2014 NASA data breach apart from other hacking events is the unprecedented insight provided by the hackers themselves. AnonSec, a hacktivist group claiming responsibility for compromising over 720 websites and networks, claimed the NASA breach. To support their claim they posted large quantities of supporting evidence. AnonSec also publically-posted paper called “Zine”, detailing on how they gained access to NASA’s networks and computer systems, the content they obtained, and why. Although their writings appear to focus on exposing drone and “chemtrail” technology, this was not their primary objective. When AnonSec initially hacked NASA they were looking for “interesting/profitable” data on the NASA networks (AnonSec 2015). But as they dug deeper into the systems, they discovered more than they were originally...

A Cyber Discussion

In 1920, the then CPT Dwight Eisenhower wrote an article, titled “Tank Discussion”, for the United States Infantry Association’s Infantry Journal championing the integration of motorization (particularly tanks) into combat arms maneuver. As a member of the minority, his faith in the potential of motorization and the tank resulted in intense scrutiny from the Infantry establishment, which almost ended his career early.  Undoubtedly, the tank later proved critical to the Army’s success in WWII. The Strategic Initiatives Group at the Army Cyber Institute conducted a short experiment with the first three paragraphs of “A Tank Discussion”.  We replaced occurence of “tank” with “cyber” and updated some language to modern terminology and context.  The result is a remarkably relevant commentary given the current tensions in Army during the growth of the Cyber branch. For your consideration is ACI SIG’s “A Cyber Discussion” and CPT Eisenhower “A Tank Discussion”: Written by: The Army Cyber Institute’s Strategic Initiatives Group with special appearance from the Ghost of CPT Dwight D. Eisenhower The establishment of the Cyber Branch in September 2014 by Army Secretary John McHugh and Army Chief of Staff General Odierno provided that here-after Cyber will be part of the Army service component. It therefore becomes increasingly important for combat arms officers to study the question of Cyber; its capabilities, limitations, and consequent possibilities of future employment. Cyber, as a type of weapon, was a development in the late wars. Many officers who served with the fighting Brigade Combat Teams (BCT) never had an opportunity to take in an action supported by Cyber, and their knowledge of the power and deficiencies of Cyber is based on hearsay. Others...