Enable Department of Defense (DoD), civilian government, and industry organizations to acquire, develop, operate, and sustain software systems that are innovative, affordable, enduring, trustworthy and employ Software Engineering (SE) as solutions to unravel real-world problems. Software Intensive Systems Engineering (SE) includes the entire field of software and systems engineering and related technologies; specifically as related to information, documentation, databases, model and architecture repositories, analysis, training, testing, data synthesis, hardware, software, standards, economic consideration of selection of techniques and processes, and interoperability in support of the acquisition and RDT&E communities
-
Integration of Smart City Technologies to create Smart Bases for DoD will require due diligence with respect to the security of the data produced by Internet of Things (IOT) and Industrial Internet of Things (IIOT). This will increase more so with the rollout of 5G and increased automation “at the edge”. Commercially, data will be moving to the cloud first, and then stored for process improvement analysis by end-users. As such, implementation of Secure Cloud Architectures is a must. This report provides some use cases and a description of a risk based approach to cloud data security. Clear understanding, adaptation, and implementation of a secure cloud framework will provide the military the means to make progress in becoming a smart military.
-
Cyber as a domain and battlespace coincides with the defined attributes of a “wicked problem” with complexity and inter-domain interactions to spare. Since its elevation to domain status, cyber has continued to defy many attempts to explain its reach, importance, and fundamental definition. Corresponding to these intricacies, cyber also presents many interlaced attributes with other information related capabilities (IRCs), namely electromagnetic warfare (EW), information operations (IO), and intelligence, surveillance, and reconnaissance (ISR), within an information warfare (IW) construct that serves to add to its multifaceted nature. In this cyber analysis, the concept of hypergaming will be defined and discussed in reference to its potential as a way to examine cyber as a discipline and domain, and to explore how hypergaming can address cyber’s “wicked” nature from the perspectives of decision making, modeling, operational research (OR), IO, and finally IW. Finally, a cyber-centric hypergame model (CHM) will be presented.
-
Data-Centric Environment Rise of Internet-Based Modern Warfare "iWar" - Survivability, Availability and Accessibility without Geographic Borders
Volume 7 Issue 4This journal addresses a collection of modern security concerns that range from social media attacks and internet-connected devices to a hypothetical defense strategy for private sector entities.Posted: 04/09/2020 20:20:55Journal -
CSIAC SME and member of the American Bar Association's Information Security Committee, Richard "Rick" Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks.
-
CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives an overview of the Cybersecurity Issues facing Security Managers.
-
The Internet of Things (IOT) is based upon the integration of commercial TCP-IP networks with ubiquitous, embedded, Control Systems hardware attached to such things as wall plugs, speakers, lights, cameras, thermostats, and multiple other domestic appliances. To date the implementations have been networked at the home or facility end using distributed Wi-Fi or Zigbee interfaces, hooked into standard ISP backbones. The implementation of this by industry has not been without security concerns and actual exploits, such as the 2016 IOT Botnet DDOS event.
-
This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).Posted: 09/04/2019 18:23:42Journal
-
In response to a DOD Chief Information Officer (CIO) directive, the Defense Information Systems Agency Services Development Directorate deployed Department of Defense Secure Access File Exchange (DOD SAFE) Aug. 15. DOD SAFE, a replacement for the U.S. Army Aviation and Missile Research Development and Engineering Center (AMRDEC) Safe Access File Exchange (SAFE) slated to be…
-
Cybercriminals have developed many methods to exploit browser applications in order to obtain individual’s credentials. One such method, Emotet is a Trojan malware that targets windows-based computers and was originally designed to steal sensitive, private information from banking customers. Later versions of this software were modified to enable Emotet to be spread via spam emails. In the latter half of 2018, modifications were made to the Emotet code to add a capability to exfiltrate email. This enhanced Trojan malware entitled TrickBot became the top threat attackers employed to penetrate organizational business networks.
-
CSIAC SME and member of the American Bar Association's Information Security Committee, Richard "Rick" Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks. This report provides updates to an earlier report on cyberlaw from March of 2019. This presentation was given at the annual meeting of the American Bar Association's Information Security Committee. The Committee is comprised of a diverse group of lawyers, security experts, technologists, auditors and other professionals, whose focus includes the examination and analysis of legal, business, and technical aspects of securing the confidentiality, integrity and availability of information. The Committee's focus spans across the spectrum of information security issues, including: emerging issues surrounding the protection of information and critical infrastructures within computer systems and networks, such as the Internet; all aspects of litigation involving computer ecosystems as well as the electronic information generated by them; and regulatory and legal information security compliance and contracting.
-
Large data volumes (aka “big data”) coupled with the use of new technologies can greatly increase the amount of Personally Identifiable Information (PII) data collected by an organization. Correspondingly, there has been an escalation of security breaches involving PII data which has contributed to the loss of millions of records over the past few years.…
-
It may be difficult to figure out where and how Artificial Intelligence (AI) and its various sub-types (Machine Learning, Deep Learning, etc.) fit into our world as we move into the future. In some cases it seems straightforward; AI/ML speech recognition is astoundingly good and can be applied across many domains in a meaningful way.…Posted: 04/29/2019 12:36:42Journal
-
The Open Web Application Security Project (OWASP) Amass project was originally created when the project lead was showing organizations what they look like on the Internet. During this process, he noticed that the tools available were returning incomplete results relative to what could be discovered manually. With the identification of this gap in capabilities for…
-
This report details key concerns discussed during the JFAC/DAU/CSIAC Software Assurance (SwA) Cyber Experiment (CYBEX) on 7 Aug 2018. In addition to evaluating newly developed software SwA guides for program managers and developers, the exchange included addressing/bringing back foundational software/system engineering concepts to address root of fundamental Software Assurance (SwA) issues as well as adopting common language in the areas of functionality and risk in order to identify issues early. Balances/trade-offs of those issues could normalize PM and system developer practices to ensure a resilient capability. The report also has several concerns of getting ahead of technology problems both in development, and the technology itself, especially as Agile concepts rapidly become critical for DoD to achieve technological dominance over its adversaries.
-
CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks. These slides focus on emerging issues such as consumer privacy rights, forensic border search of computers, search consent, biometrics, expectations of privacy from…
-
The Science of Security and Privacy (SoS) Initiative, sponsored by the National Security Agency Research Directorate, fosters a self-sustaining, open, and public security science research community to discover key cyber principles necessary to support improved explanations, predictions and confirmation or validation of predicted outcomes. The discipline of Science of Security and Privacy draws on the…
-
On January 29, 2019, the Director of National Intelligence Daniel R. Coates released the Worldwide Threat Assessment of the US Intelligence Community. The unclassified report covers both global and regional threats to US national security from the perspective of the US intelligence community.
-
As software development methodologies have evolved the shortfalls and the inefficiencies of traditional software development methodologies have become increasingly apparent. The realization for the need to pursue better methodologies, tools, and architectural approaches has been a major motivation behind the recent DevOps movement. A side effect of the DevOps movement is the explosion of game…
-
Innovation Based Ecosystems
Volume 6 Issue 3New buzz words like 'innovation ecosystems' often symbolize a departure from a legacy system to a more modern system and an underlying shift focus from operations management to service delivery with better user experience, reduce operational cost, minimize disruption, and enable personnel to do more with less. This issue of the Journal of Cyber Security…Posted: 11/01/2018 11:59:22Journal -
The Defense M&S Catalog was established by Defense Modeling & Simulation Coordination Office to support the visibility component of the DoD data strategy and to provide an avenue for M&S organizations to make resources available for reuse. The Catalog is a collection point for enterprise discovery and actively seeks contribution of resources from M&S organizations.…
- Load More