Volume 13, Issue 2

Volume 13, Issue 2 Editorial

Stylized Image of the Word Editorial

APRIL 2014

To all readers, we are very excited about this issue. This is a special edition of the Journal of Information Warfare (JIW) and the first of its kind where we have collaborated with the Information Assurance Directorate (IAD) of the National Security Agency (NSA). In this publication, we bring you 10 articles from current and highly technical subject matter experts from NSA, all of which focus on cyber-security efforts that attempt to realize their theme of Confidence in Cyberspace. We hope you enjoy this special issue, and it is our desire to continue this new effort as an annual tradition.

Achieving Confidence in Cyberspace in an Ever-Changing Ecosystem

ABSTRACT

The Information Assurance Directorate (IAD) of the National Security Agency is charged with developing security solutions that protect and defend National Security Systems. This cannot be accomplished by NSA alone. Partnerships with industry, academia, U.S. and foreign government entities are critical to delivering solutions that will meet and defeat cyber challenges of today and tomorrow. A comprehensive approach and strategy are needed. Key components of this defensive strategy include collaboration, security automation, resiliency, and a robust, sustainable cyber workforce. While the United States Government (USG) will certainly benefit from the successful implementation of these strategies, ultimately the entire global ecosystem will be more strongly protected by the advanced level of secure systems and capabilities available, and through a greater awareness of the harm that sophisticated and determined adversaries can cause to the cyber ecosystem.

Information Assurance Standards: A Cornerstone for Cyber Defense

ABSTRACT

NSA has a rich history of contributing to standards that enable cyber defense. This paper examines that history, tracing the evolution of NSA’s involvement in the development of early commercial encryption standards, through its more public contributions to network security protocols, to its current efforts to promote and create cyber standards that support the Department of Defense’s use of commercial products to protect classified information.

Cyber-Mugging: Summary and Analysis of a Simulated ICS/SCADA Attack

ABSTRACT

In a representative Industrial Control System (ICS)/Supervisory Control And Data Acquisition (SCADA) laboratory environment, a simulated cyber attack suggests that an attacker with a low to moderate level of technical proficiency may utilize common, publicly-available tools and techniques to obtain complete control of the ICS environment. The cyber-physical relationship between information systems and industrial machinery has created environments where limited resources may be leveraged to trigger significant physical effects. The feasibility that such an incident has the potential to cause significant disruptive effects directly challenges the current paradigm that state-level resources are required to inflict catastrophic results.

Building Future Generations of Elite Cyber Professionals (CNODP)

ABSTRACT

With the increase in cyber attacks, defending America’s networks is one of the primary Department of Defense challenges in the 21st century. It is a national imperative to have elite cyber-warfare forces trained and ready to protect the country’s National Security Systems and critical infrastructure against attacks in cyberspace. To that end, the National Security Agency has created the Computer Network Operations Development Program (CNODP), a highly effective cyber-defense workforce-training program. The CNODP is NSA’s premier vehicle for developing skilled civilian and military personnel into highly effective cyber warriors and capability creators who build on their degrees in computer science, electrical and computer engineering, mathematics, and information assurance. Rotational work assignments provide program participants with challenging technical experiences in multiple locations, missions, and disciplines, as well as continual and enduring networking and mentorship within the broader Computer Network Operations community.

Introducing the National Security Cyber Assistance Program (NSCAP)

ABSTRACT

The demand to improve the robustness and survivability of National Security Systems (NSS) continues unabated, as each year the number and sophistication of cyber attacks from a variety of sources—nations, criminal and hacking groups, and individuals with malicious intent—increase. As a measure to address this problem, the National Security Agency/Information Assurance Directorate (NSA/IAD) has launched the NSCAP accreditation initiative, designed to make available a pool of qualified cyber-security service providers for supporting NSS owners and operators when similar services are not readily available from within their organizations. The NSCAP accredits service providers who meet NSA-developed criteria in the field of Cyber Incident Response Assistance (CIRA). In the future, NSCAP may be expanded to include the accreditation of Vulnerability Assessment and Penetration Testing (VAPT) service providers.

Active Cyber Defense: A Vision for Real-Time Cyber Defense

ABSTRACT

Cyber operations consist of many functions spanning cyber management, cyber attack, cyber exploitation, and cyber defense, all including activities that are proactive, defensive, and regenerative in nature. A subset of cyber defense, Active Cyber Defense (ACD) focuses on the integration and automation of many services and mechanisms to execute response actions in cyber-relevant time. ACD is comprised of a set of logical functions to capture details from enterprise-level architecture to operational realization with the primary objective to become a living part of DoD cyber operations to help defend the nation from cyber-based adversaries.

Securing the Cloud

ABSTRACT

This paper will review cloud technology utilized to support the Intelligence Community and will specifically address the National Security Agency’s research into vulnerabilities and risks related to cloud-based systems. Current implementation plans will be discussed for a multi- agency private cloud architecture that is under development. The paper will also review security challenges for a cloud architecture and will address specific technologies, such as data tagging, digital policy management, encryption, identity and access management, and auditing, along with intrusion detection and prevention.

How IAD Leverages Big Data for Anomaly and Malware Detection (v10.2)

ABSTRACT

Malware is growing increasingly sophisticated. Threats are becoming more targeted and moving to places where existing defenses have limited visibility. Proactively addressing these threats means leveraging insights gained from Big Data and the fusion of multiple sources of information. Operational Fusion and Analysis, OFA, an organization within the National Security Agency’s Information Assurance Directorate utilizes Big Data to provide battlespace awareness and critical intelligence on the attack lifecycles of intrusions to decision makers and network defenders. This is accomplished by performing qualitative and quantitative analysis, summarization, fusion, and trending of data across multiple networks, customers, and domains. The more insight the OFA gains into a network or series of networks, the more easily abnormal activity can be identified.

Outmaneuvering Cyber Adversaries Using Commercial Technologies

ABSTRACT

NSA characterizes assurance as having confidence that United States Government (USG) missions and networks can withstand attacks from determined adversaries. By Presidential Directive Order, the Director of the National Security Agency (DIRNSA) is the authority for National Security Systems (NSS), and this authority is delegated to the Information Assurance Directorate (IAD) to determine standards and policies for the nation’s most critical security systems.

Using Classified Intelligence to Defend Unclassified Networks

ABSTRACT

Intelligence services, such as the National Security Agency, have access to unique information about adversarial cyber-exploitation and -attack capabilities. Nations such as the United States should be employing this unique but sensitive information in the defense of national security, government, critical infrastructure, and other networks, but doing so may expose the sources and methods behind the intelligence. Once exposed, access to that unique information may be lost. This paper describes the dilemma, presents a partial taxonomy of use cases for which solutions are needed, and offers avenues for supplying those solutions. In particular, solutions to the problem of using classified intelligence for defense of unclassified networks fall into three approaches. Properties and examples for each approach are presented, and advantages and disadvantages discussed.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com