Public Group
active 1 day, 17 hours ago
Enable Department of Defense (DoD), civilian government, and industry organizations to acquire, develop, operate, and sustain software systems that are innovative, affordable, enduring, trustworthy and employ Software Engineering (SE) as solutions to unravel real-world problems. Software Intensive Systems Engineering (SE) includes the entire field of software and systems engineering and related technologies; specifically as related to information, documentation, databases, model and architecture repositories, analysis, training, testing, data synthesis, hardware, software, standards, economic consideration of selection of techniques and processes, and interoperability in support of the acquisition and RDT&E communities
-
Cybercriminals have developed many methods to exploit browser applications in order to obtain individual’s credentials. One such method, Emotet is a Trojan malware that targets windows-based computers and was originally designed to steal sensitive, private information from banking customers. Later versions of this software were modified to enable Emotet to be spread via spam emails. In the latter half of 2018, modifications were made to the Emotet code to add a capability to exfiltrate email. This enhanced Trojan malware entitled TrickBot became the top threat attackers employed to penetrate organizational business networks.
-
CSIAC SME and member of the American Bar Association's Information Security Committee, Richard "Rick" Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks. This report provides updates to an earlier report on cyberlaw from March of 2019 which can be viewed here: https://www.csiac.org/csiac-report/emerging-developments-in-cyberlaw-2019/ The 2018 cyberlaw…
-
Large data volumes (aka “big data”) coupled with the use of new technologies can greatly increase the amount of Personally Identifiable Information (PII) data collected by an organization. Correspondingly, there has been an escalation of security breaches involving PII data which has contributed to the loss of millions of records over the past few years.… -
It may be difficult to figure out where and how Artificial Intelligence (AI) and its various sub-types (Machine Learning, Deep Learning, etc.) fit into our world as we move into the future. In some cases it seems straightforward; AI/ML speech recognition is astoundingly good and can be applied across many domains in a meaningful way.…Posted: 04/29/2019 12:36:42Journal -
The Open Web Application Security Project (OWASP) Amass project was originally created when the project lead was showing organizations what they look like on the Internet. During this process, he noticed that the tools available were returning incomplete results relative to what could be discovered manually. With the identification of this gap in capabilities for… -
This report details key concerns discussed during the JFAC/DAU/CSIAC Software Assurance (SwA) Cyber Experiment (CYBEX) on 7 Aug 2018. In addition to evaluating newly developed software SwA guides for program managers and developers, the exchange included addressing/bringing back foundational software/system engineering concepts to address root of fundamental Software Assurance (SwA) issues as well as adopting common language in the areas of functionality and risk in order to identify issues early. Balances/trade-offs of those issues could normalize PM and system developer practices to ensure a resilient capability. The report also has several concerns of getting ahead of technology problems both in development, and the technology itself, especially as Agile concepts rapidly become critical for DoD to achieve technological dominance over its adversaries.
-
CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks. These slides focus on emerging issues such as consumer privacy rights, forensic border search of computers, search consent, biometrics, expectations of privacy from…
-
The Science of Security and Privacy (SoS) Initiative, sponsored by the National Security Agency Research Directorate, fosters a self-sustaining, open, and public security science research community to discover key cyber principles necessary to support improved explanations, predictions and confirmation or validation of predicted outcomes. The discipline of Science of Security and Privacy draws on the… -
On January 29, 2019, the Director of National Intelligence Daniel R. Coates released the Worldwide Threat Assessment of the US Intelligence Community. The unclassified report covers both global and regional threats to US national security from the perspective of the US intelligence community.
-
As software development methodologies have evolved the shortfalls and the inefficiencies of traditional software development methodologies have become increasingly apparent. The realization for the need to pursue better methodologies, tools, and architectural approaches has been a major motivation behind the recent DevOps movement. A side effect of the DevOps movement is the explosion of game… -
Innovation Based Ecosystems
Volume 6 Issue 3
New buzz words like 'innovation ecosystems' often symbolize a departure from a legacy system to a more modern system and an underlying shift focus from operations management to service delivery with better user experience, reduce operational cost, minimize disruption, and enable personnel to do more with less. This issue of the Journal of Cyber Security…Posted: 11/01/2018 11:59:22Journal -
The Defense M&S Catalog was established by Defense Modeling & Simulation Coordination Office to support the visibility component of the DoD data strategy and to provide an avenue for M&S organizations to make resources available for reuse. The Catalog is a collection point for enterprise discovery and actively seeks contribution of resources from M&S organizations.… -
President Trump Unveils America’s First Cybersecurity Strategy in 15 Years. The National Cyber Strategy identifies decisive priority actions to protect the American people. This strategy makes clear that the Federal Government will never stop defending our interests, and that we will bring every element of American power to bear to protect our people in the digital domain.
-
In this episode of the CSIAC Podcast, SMEs discuss a DDos attack on GitHub, a data breach suffered by the U.S. Marine Forces Reserve, an iPhone hack, and an Army Research Lab contract for "Internet of Battlefield Things". -
Abstract Machine learning is revolutionizing many industries and forever changing how we interact with computer systems and each other. The revolution is occurring in cyber security, where machine learning is already being applied to assist human analysts and security experts ingest and make sense of increasingly large amounts of data so that they can identify…
-
Cyber-As-Zoo: Multidisciplinary Cyber Struggle
Volume 6 Issue 2
This quarter’s CSIAC Journal contains five articles that offer some perspectives to address the often-heard phrase “Cyber Is Hard”, usually associated with gnashing of teeth and exasperated sighs.Posted: 08/09/2018 18:10:03Journal -
Machine learning is revolutionizing many industries and forever changing how we interact with computer systems and each other. The revolution is particularly relevant to cyber security, where machine learning is used to help human analysts make sense of increasingly large amounts of data to identify threats and mitigate vulnerabilities. While this symbiotic relationship is improving… -
Knowledge Management (KM) is a discipline that is as much art as it is science. Like the conversations that take place in stodgy art galleries over the definition of censorship, opinions on the definition of knowledge management are many and varied. As art aficionados write articles advocating vehemently for one perspective or the other, so…
-
Developing a knowledge management framework for any organization presents a number of challenges and questions. Where do I start? What is the ultimate goal? Is this effort top-down, bottom-up, or middle-out? How many systems do we have and how many do the same thing? When faced with such a task, knowledge managers could be quickly… -
Cybersecurity solutions for critical energy infrastructure are imperative and they must be carefully engineered to develop reliable systems. Cybersecurity for the modernized power grid is bringing together two different communities: Information technology (IT) and Operational technology (OT). The IT and OT environments differ in important ways but each has benefits that can be gained from… - Load More
