For decades, adversaries of the United States have attempted to hack into DoD network systems. The main adversaries are constantly trying to steal sensitive military secrets and gain economic advantage over the United States and other nations. If access to a network is accomplished, malware is installed and valuable information is forwarded to the hackers. The following organizations: Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the DoD have recently discovered a malware called TAIDOOR linked to the Chinese government.
The CSIAC Podcast
The CSIAC Podcast features discussions with Subject Matter Experts on emerging topics in the fields of cybersecurity, modeling and simulation, software engineering and knowledge management. One-on-one and round-table discussions are held to provide insight into highly technical topics and increase user awareness.
Hypertext Markup Language (HTML) Smuggling
Cybersecurity personnel have identified a new malware using a combination HMTL smuggling techniques, using HTML5 and JavaScript code.
The malware downloads data stored in blobs (Binary Large Objects) and installs the malware on computers of unsuspecting victims. Detailed analysis reveals that the source was not a URL, but generated by JavaScript code. HTML smuggling is highly complex and requires continuous defensive security measures.
Security Threats and Attack Vectors
Cybersecurity attacks on government, healthcare, and financial institutions have been increasing at a significant rate in both frequency and sophistication. Each hacker has his own specialized skillset and personal reasons for launching a cyberattack. Hackers often seize on particular situations in an attempt to exploit potential vulnerabilities. Major recent examples include the U.S. presidential election and the COVID-19 global pandemic.
This podcast will discuss some of the more common cyberattack motives as well as explore the typical attack vectors often employed by hackers.
Securing the Soft Underbelly of a Supercomputer with BPF Probes
This special podcast is geared toward developers and users who want to understand HPC and BPF broader functionality as part of the Kernel Runtime Security to assist with improving detection of security threats.
Explore the Innovare Advancement Center
This podcast will provide an overview of the Air Force Research Lab (AFRL) Information Directorate’s open innovation initiative and the Innovare Advancement Center. AFRL envisions Innovare becoming a global catalyst to converge world-class talent with cutting-edge facilities and focused technology challenges to accelerate the development of game-changing capabilities that protect and empower our country. Innovare is building a magnetic ecosystem in which, together, a globally-recognized community of information scientists, engineers, and entrepreneurs will create new technologies, spin out new startups, and catalyze new investments to push the boundaries of the human-machine partnership in furtherance of our national security and economic competitiveness.
Cybersecurity Maturity Model Certification (CMMC): The Road to Compliance
The Cybersecurity Maturity Model Certification (CMMC) introduces a verification mechanism that will ensure the necessary security mechanisms are in place to better protect Controlled Unclassified Information (CUI) and other sensitive data made available to contractor organizations.
CMMC will soon be incorporated into Defense Federal Acquisition Regulation Supplement (DFARS), making it a requirement for DIB contractors that wish to be eligible for contract awards. This podcast provides an overview of CMMC for DoD contractors and subcontractors that are new to this requirement.
A Brief Side-by-Side Comparison Between C++ and Rust – Part 3
The series ends by answering key questions and provides advice as to where to get started with this new language that is quickly being adapted by Fortune 500 companies.
A Brief Side-by-Side Comparison Between C++ and Rust – Part 2
This discussion between a moderator (Mr. Patch) and two software engineering subject matter experts (Mr. Corley and Dr. Fawcett), walks through a set of common functions, first implemented through C++ and then in Rust, to note initial speed, performance and security of memory access differences. This episode describes how the comparison was conducted by using both Rust and C++ to perform the same function under the relatively same conditions.
A Brief Side-by-Side Comparison Between C++ and Rust – Part 1
This discussion between a moderator (Mr. Patch) and two software engineering subject matter experts (Mr. Corley and Dr. Fawcett), walks through a set of common functions, first implemented through C++ and then in Rust, to note initial speed, performance and security of memory access differences. This podcast covers the ground rules for the side-by-side comparison to ensure the methods used are thoroughly understood.
Assessing the Operational Risk Imposed by the Infrastructure Deployment Pipeline
A generalized Infrastructure Deployment Pipeline (IDP) reference architecture is presented to assist with risk assessment and mitigation. An experiment was conducted to determine if application of the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) can mitigate the risks inherent to the IDP workflow process. The author concludes that while the NIST CSF does largely mitigate IDP cybersecurity risks, additional controls are still required to fully assure cybersecurity for the CD process.
