Public Group
active 1 day, 11 hours ago
Enable Department of Defense (DoD), civilian government, and industry organizations to acquire, develop, operate, and sustain software systems that are innovative, affordable, enduring, trustworthy and employ Software Engineering (SE) as solutions to unravel real-world problems. Software Intensive Systems Engineering (SE) includes the entire field of software and systems engineering and related technologies; specifically as related to information, documentation, databases, model and architecture repositories, analysis, training, testing, data synthesis, hardware, software, standards, economic consideration of selection of techniques and processes, and interoperability in support of the acquisition and RDT&E communities
-
CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives an overview of the Cybersecurity Issues facing Security Managers.
-
The Internet of Things The Internet of Things (IOT) is based upon the integration of commercial TCP-IP networks with ubiquitous, embedded, Control Systems hardware attached to such things as wall plugs, speakers, lights, cameras, thermostats, and multiple other domestic appliances. To date the implementations have been networked at the home or facility end using distributed…
-
This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).Posted: 09/04/2019 18:23:42Journal -
In response to a DOD Chief Information Officer (CIO) directive, the Defense Information Systems Agency Services Development Directorate deployed Department of Defense Secure Access File Exchange (DOD SAFE) Aug. 15. DOD SAFE, a replacement for the U.S. Army Aviation and Missile Research Development and Engineering Center (AMRDEC) Safe Access File Exchange (SAFE) slated to be…
-
Cybercriminals have developed many methods to exploit browser applications in order to obtain individual’s credentials. One such method, Emotet is a Trojan malware that targets windows-based computers and was originally designed to steal sensitive, private information from banking customers. Later versions of this software were modified to enable Emotet to be spread via spam emails. In the latter half of 2018, modifications were made to the Emotet code to add a capability to exfiltrate email. This enhanced Trojan malware entitled TrickBot became the top threat attackers employed to penetrate organizational business networks.
-
CSIAC SME and member of the American Bar Association's Information Security Committee, Richard "Rick" Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks. This report provides updates to an earlier report on cyberlaw from March of 2019 which can be viewed here: https://www.csiac.org/csiac-report/emerging-developments-in-cyberlaw-2019/ The 2018 cyberlaw…
-
Large data volumes (aka “big data”) coupled with the use of new technologies can greatly increase the amount of Personally Identifiable Information (PII) data collected by an organization. Correspondingly, there has been an escalation of security breaches involving PII data which has contributed to the loss of millions of records over the past few years.… -
It may be difficult to figure out where and how Artificial Intelligence (AI) and its various sub-types (Machine Learning, Deep Learning, etc.) fit into our world as we move into the future. In some cases it seems straightforward; AI/ML speech recognition is astoundingly good and can be applied across many domains in a meaningful way.…Posted: 04/29/2019 12:36:42Journal -
The Open Web Application Security Project (OWASP) Amass project was originally created when the project lead was showing organizations what they look like on the Internet. During this process, he noticed that the tools available were returning incomplete results relative to what could be discovered manually. With the identification of this gap in capabilities for… -
This report details key concerns discussed during the JFAC/DAU/CSIAC Software Assurance (SwA) Cyber Experiment (CYBEX) on 7 Aug 2018. In addition to evaluating newly developed software SwA guides for program managers and developers, the exchange included addressing/bringing back foundational software/system engineering concepts to address root of fundamental Software Assurance (SwA) issues as well as adopting common language in the areas of functionality and risk in order to identify issues early. Balances/trade-offs of those issues could normalize PM and system developer practices to ensure a resilient capability. The report also has several concerns of getting ahead of technology problems both in development, and the technology itself, especially as Agile concepts rapidly become critical for DoD to achieve technological dominance over its adversaries.
-
CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks. These slides focus on emerging issues such as consumer privacy rights, forensic border search of computers, search consent, biometrics, expectations of privacy from…
-
The Science of Security and Privacy (SoS) Initiative, sponsored by the National Security Agency Research Directorate, fosters a self-sustaining, open, and public security science research community to discover key cyber principles necessary to support improved explanations, predictions and confirmation or validation of predicted outcomes. The discipline of Science of Security and Privacy draws on the… -
On January 29, 2019, the Director of National Intelligence Daniel R. Coates released the Worldwide Threat Assessment of the US Intelligence Community. The unclassified report covers both global and regional threats to US national security from the perspective of the US intelligence community.
-
As software development methodologies have evolved the shortfalls and the inefficiencies of traditional software development methodologies have become increasingly apparent. The realization for the need to pursue better methodologies, tools, and architectural approaches has been a major motivation behind the recent DevOps movement. A side effect of the DevOps movement is the explosion of game… -
Innovation Based Ecosystems
Volume 6 Issue 3
New buzz words like 'innovation ecosystems' often symbolize a departure from a legacy system to a more modern system and an underlying shift focus from operations management to service delivery with better user experience, reduce operational cost, minimize disruption, and enable personnel to do more with less. This issue of the Journal of Cyber Security…Posted: 11/01/2018 11:59:22Journal -
The Defense M&S Catalog was established by Defense Modeling & Simulation Coordination Office to support the visibility component of the DoD data strategy and to provide an avenue for M&S organizations to make resources available for reuse. The Catalog is a collection point for enterprise discovery and actively seeks contribution of resources from M&S organizations.… -
President Trump Unveils America’s First Cybersecurity Strategy in 15 Years. The National Cyber Strategy identifies decisive priority actions to protect the American people. This strategy makes clear that the Federal Government will never stop defending our interests, and that we will bring every element of American power to bear to protect our people in the digital domain.
-
In this episode of the CSIAC Podcast, SMEs discuss a DDos attack on GitHub, a data breach suffered by the U.S. Marine Forces Reserve, an iPhone hack, and an Army Research Lab contract for "Internet of Battlefield Things". -
Abstract Machine learning is revolutionizing many industries and forever changing how we interact with computer systems and each other. The revolution is occurring in cyber security, where machine learning is already being applied to assist human analysts and security experts ingest and make sense of increasingly large amounts of data so that they can identify…
-
Cyber-As-Zoo: Multidisciplinary Cyber Struggle
Volume 6 Issue 2
This quarter’s CSIAC Journal contains five articles that offer some perspectives to address the often-heard phrase “Cyber Is Hard”, usually associated with gnashing of teeth and exasperated sighs.Posted: 08/09/2018 18:10:03Journal - Load More
