Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Pentagon. Show all posts

DOD Officially Launches New Cyber Policy Office

 

The Office of the Assistant Secretary of Defence for Cyber Policy has been formally constituted, the Pentagon announced in a statement last week. Congress directed the Pentagon to set up the office, elevating cyber policy within the office of the Secretary of Defence, as mandated by the fiscal 2023 National Defence Authorization Act. 

There was some backlash when the department chose to take extra time to consider what would fall within the purview of that agency, including the potential inclusion of electronic warfare and information warfare, rather than establishing it in the timescale lawmakers had initially asked for. 

The release states that it was finally created on March 20. 

“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” Sasha Baker, acting undersecretary of defense for policy, noted in a statement.

According to the Pentagon, the assistant secretary will report to the undersecretary of defence for policy and serve as the principal senior officer responsible for overseeing Department of Defence cyber strategy and operations. The official will be the DOD's top cyber advisor as well.

As to the press statement, the newly appointed assistant secretary will be the point of contact for the current deputy assistant secretary of defence for cyber policy.

The Pentagon stated that the new office's tasks include, among others: 

  • Creating, organising, assessing, and managing the implementation of DOD cyber policy and strategy. 
  • Overseeing and certifying the Department of Defense's cyberspace operations budget, as well as providing fiscal and budgetary oversight to the $3 billion annual execution of US Cyber Command's enhanced budget authority. 
  • Monitoring the programmes and actions related to cyber workforce development, recruiting, and retention. 
  • Managing the integration of cyberspace activities and capabilities into operational and contingency plans.
  • Developing DOD cyber policy advice for private sector outreach, engagement, and agreements. 
  • Leading the DOD's execution of national cyberspace policies. Leading the development, execution, and supervision of cybersecurity-related activities for security cooperation. 

Last month, President Biden revealed his intention to nominate Michael Sulmeyer to take on the new post. Sulmeyer is currently the Army's top cyber adviser and has previously held positions in the Pentagon, Cybercom, and the National Security Council relating to cyber policy and operations. 

Ashley Manning is acting as the assistant secretary until Sulmeyer is confirmed by the Senate.

Pentagon Concludes Review Following Discord Leak, Tightens Controls on Classified Info

 

The Pentagon has completed a comprehensive assessment lasting 45 days to evaluate the military's protocols regarding classified information, following a case where a National Guardsman leaked unnecessary classified information on Discord despite having a top-secret clearance.

The individual involved, Jack Teixeira, held his clearance due to his position as an information technology technician at Otis Air National Guard Base in Massachusetts. However, the fact that he leaked information he did not require prompted Defense Secretary Lloyd Austin to initiate the review. While the review was ordered on April 14, the U.S. Defense Department released its findings and recommendations on Wednesday.

According to investigators from the Defense Department, the vast majority of personnel granted access to classified national security information demonstrate compliance with security policies and understand the criticality of maintaining information security for national security purposes.

"At the same time, the review identified areas where the department should improve its security posture and accountability measures," the Defense Department said in a fact sheet.

The Pentagon said it will "reinforce existing security policies and practices" down to the bottom ranks and update them to reduce "ambiguity" while examining opportunities to tailor training and education to "better address current and evolving security needs," among implementing other recommendations.

"The department is mindful of the need to balance information security with requirement to get the right information to the right people at the right time to enhance our national security," the fact sheet reads.

"As DoD implements the recommendations and associated actions from this review, careful consideration will be given to guard against any 'overcorrection.'"

The Defense Department announced that Secretary Austin has concluded his examination of the findings and subsequently issued instructions to senior military leaders outlining necessary actions to enhance accountability measures in the short and medium term.

In a memorandum, Austin instructed Defense Department leaders to ensure that all personnel are accurately included and accounted for within designated security information technology systems by August 31.

Military leaders who are not part of the intelligence community have been instructed to validate the necessity of their personnel accessing sensitive compartmented information. Furthermore, they must ensure that all individuals with access to such information have a duly completed non-disclosure agreement on file by the end of September.

Austin has directed the Pentagon to establish a centralized tracking system by year-end for sensitive compartmented information facilities and special access program facilities. Additionally, employees working in these facilities must certify their adherence to policies that prohibit the use of personal electronic devices.

Pentagon's Secret Service: Monitoring Social Media for Criticism of Generals

 

According to reports from The Intercept, the Army's surveillance unit has been scanning social media platforms for posts that criticize or demean generals and other military leaders. The unit is said to be specifically targeting tweets and comments that contain derogatory language or threats. While the intention behind this surveillance is to protect military personnel, it also highlights the increasing scrutiny of online speech by government agencies.

The justification for such monitoring lies in the potential risks posed by online threats and the need to ensure the safety of military personnel. Social media platforms have become hotbeds for hate speech, harassment, and even radicalization. It is only natural for authorities to be vigilant in their efforts to identify and mitigate any potential dangers.

However, concerns arise when the surveillance extends to monitoring and policing online criticism or dissent. Freedom of speech is a fundamental pillar of any democratic society, and citizens should be able to express their opinions, even if they are critical of those in power. This practice by the Pentagon's secret service raises questions about the erosion of civil liberties and the chilling effect it may have on public discourse.

Critics argue that such surveillance can stifle dissent and discourage individuals from voicing legitimate concerns. It also raises concerns about the potential misuse of personal data and the infringement of privacy rights. There is a fine line between monitoring for security purposes and encroaching upon individuals' rights to free speech and privacy.

As technology advances, it is essential to strike a balance between security measures and the preservation of civil liberties. Clear guidelines and oversight mechanisms should be in place to prevent overreach and abuse of power. Transparency is key, and the public should be informed about the extent of these surveillance practices, as well as the criteria used to identify and target social media posts.

Moreover, it is important to invest in comprehensive strategies to address the root causes of online extremism and harassment. Focusing solely on monitoring and surveillance without addressing the underlying issues is a short-term solution at best.

The revelation that the Pentagon's secret service is actively trawling social media for mean tweets about generals brings into focus the delicate balance between national security and individual freedoms. While ensuring the safety of military personnel is paramount, it is crucial to safeguard citizens' rights to free speech and privacy. Striking the right balance between security measures and civil liberties is vital for maintaining a healthy and democratic society. The public's trust in these surveillance practices can only be earned through transparency, accountability, and a commitment to protecting individual rights in the digital age.

Pentagon Weapons Systems Have 'Nearly All' Vulnerabilities

 


It appears as though the United States has penetrated Russian military and intelligence services deeply in the past year, as evidenced by the revelations of secret Pentagon documents that have been leaked online through social media, revealing that Washington also appears to be spying on some of its closest allies, including Ukraine, Israel, and South Korea, by releasing a trove of secret Pentagon documents. 

The Pentagon is attempting to leverage artificial intelligence to outfox, outmaneuver, and dominate future adversaries of the United States. Despite its unsteady nature, AI is a technology that could present opponents with another way to attack if not handled carefully. 

There is a newly established unit within the Joint Artificial Intelligence Center, established by the Pentagon to assist the US military in exploiting artificial intelligence. This unit is charged with collecting, testing, and distributing machine learning algorithms from open source and industry across the Department of Defense for use. Artificial intelligence for military purposes raises some major challenges, which are expressed as part of that effort. A Testing and Evaluation Group, or "tasked with probing pre-trained AI models for weaknesses", is called a "red team" in machine learning. There is also a cybersecurity team that examines AI code and data for potential vulnerabilities hidden in them. 

Pentagon officials should not limit their efforts to protect their data networks or just their industrial and information systems, as their vehicles and weapons are also among the most vulnerable at the Pentagon. 

The military cannot manage even the simplest internal systems. This is one of the main reasons for the military's limited ability to defend these systems. 

There was evidence that Washington was spying on some of its closest allies based on the documents provided. The national security officials in the country were listening in on conversations between senior members of the country's national security council about whether the country would be selling artillery shells that were used in Ukraine. As a result, a political backlash was initiated in Seoul on Monday, where opposition lawmakers denounced the United States' abuse of its sovereignty as a clear violation of the sovereignty of the people. 

The technique behind modern AI, machine learning, is fundamentally different from the traditional methods used to write computer code and is often more powerful. By learning from data, a machine learns its own rules by itself, rather than writing the rules themselves for the machine to follow. The problem with this learning process is that it can produce strange or unpredictable behavior in AI models because of artifacts or errors in the training data, and this can render the model unreliable. 

There have been several explosive reports released by the Government Accountability Office (GAO) this month that concluded the Pentagon's $1.7 trillion procurement pipeline contains "nearly all" weapons systems with major cybersecurity holes. 

It is certain that cyber breaches involving weapons systems during a crisis or, in the case of a military conflict, could result in grave consequences, as they could potentially allow an enemy to misfire or cause military failures as a result of breaches. 

The Pentagon's systems are becoming enticing targets for hackers, the report said, as they have become easier to hack over the past decade. It is not the first time this warning has been issued -- at least a half-dozen military studies have raised alarms since the 1990s. 

It was only in 2014, the GAO noted in its report on cyber vulnerabilities in weapons systems that the Pentagon began to conduct routine checks for these vulnerabilities. It is estimated that as many as 80 percent of systems have never been tested. In a recent report, the Department of Defense [the Department of Defense] said that cybersecurity was not given the top priority in the acquisition of weapon systems until recently. Currently, the Department of Defense is seeking to understand how to apply cybersecurity to weaponry systems. 

It is expected that the Pentagon will develop its offensive capabilities for reverse engineering, poisoning, and subverting its adversaries' AI systems shortly. Currently, the focus of the effort is to make sure that American military AI is unattackable and cannot be compromised. As he puts it, "We have the option to proceed with the aggressive strategy." He says, "Let's just make sure it isn't something we can do against us, but it will be possible." Allen does not want to comment on whether the US is developing offensive capabilities. 

To ensure that their economies can leverage the power of this powerful new technology to the fullest extent, many nations have developed national AI strategies. 

During this period, big tech companies, in particular in the United States and China, are jockeying for positions in the commercialization and exportation of the latest AI techniques. This is to gain an advantage.  

There is a need to protect the algorithms that are important to the military supply chain or contribute to the making of critical decisions that affect the mission.      

Pentagon to Unveil Zero-Trust Cyber Strategy


The U.S. Department of Defense is preparing itself to publish a zero-trust strategy in the coming days. The motive behind this act is to achieve a new level of cybersecurity since cyber threat groups are advancing their methods of targeting primary firms constantly. 

Following the announcement, Pentagon Chief Information Officer John Sherman reported on Monday that he gave his approval to the new plan last Thursday and it is now going through the public review process. He also added that the documents will be out very soon. 

The department previously had reported that the framework of the new look of cybersecurity would be unveiled in September and seeks to put the Defense Department on a path to reach what’s referred to as a “targeted” level of security by the year 2027. 

David McKeown, deputy chief information officer for cybersecurity, said at the Billington Cybersecurity Summit, “We have a definition of what it takes to check the box and fulfill that particular capability. Those 90 capabilities are going to get us to what we’re calling targeted zero trust.” 

The framework is being prepared on the seven pillars of zero trust and comprises more than 100 activities including applications, automation, and analytics, to keep critical data secure. The Pentagon has increasingly been focusing on a zero-trust framework because it assumes a network is always at risk of being exposed to threats and it is a necessity that all users should be authenticated and authorized. 

“A key tenet of a zero trust architecture is that no network is implicitly considered trusted — a principle that may be at odds with some agencies’ current approach to securing networks and associated systems and all traffic must be encrypted and authenticated as soon as practicable,” according to the memorandum. “A couple are at the 90% level for meeting those targeted zero trust capabilities. So we’re really excited about that, that we have those three offerings. The fact that we’re pointing to the cloud continues our strategy overall in the department to increase our cloud utilization and it also furthers the federal government’s goal of increasing cloud utilization.”

The department also explained that the framework includes three methods to target zero trust goals which include uplifting each service and agency’s current environment to satisfy the 90 capabilities and implementing a zero trust cloud on-premises that meets the highest level of zero trust.


Millions of the Pentagon’s Dormant IP Addresses Sprang to Life, Just Minutes Before Trump Left Office

 

While the world was focused on President Donald Trump's departure on Jan. 20, an obscure Florida corporation quietly revealed a shocking development to the world's computer networks: it was now controlling a vast unused swath of the internet that had been owned by the US military for decades. 

What happened after that was even stranger when Global Resource Systems LLC, the company, continued to expand its zone of influence. It quickly claimed the Pentagon's 56 million IP addresses. After three months, the number had risen to nearly 175 million dollars. That's nearly 6% of a coveted traditional segment of the internet known as IPv4, where such vast pieces are worth billions of dollars on the open market. 

Telecommunications powerhouses of well-known names like AT&T, China Telecom, and Verizon dominate the largest swaths of the internet. Global Resource Systems, a company created only in September with no publicly known federal contracts and no apparent public-facing website, was now at the top of the list. 

On Friday, a receptionist at the shared workplace told a reporter that she couldn't give her any details about the company and asked her to leave. Global Resources Systems' control of Pentagon addresses was only revealed in the mysterious world of Border Gateway Protocol (BGP), the messaging system that instructs internet companies on how to channel traffic around the world. Messages started to arrive informing network administrators that IP addresses previously allocated to the Pentagon but inactive could now accept traffic if routed to Global Resource Systems. 

After the introduction of BGP in the 1980s, network administrators have been speculating about the most drastic change in IP address space allocation. The Defense Digital Service, an elite Pentagon agency that reports directly to the Secretary of Defense, is responsible for the transition. The DDS describes itself as a "SWAT team of nerds" associated with solving departmental emergency problems and doing groundbreaking work to enable significant technical advances for the military. 

The Pentagon's DDS, which was founded in 2015, has a Silicon Valley-style office. In recent years, it has worked on a variety of special initiatives, including designing biometric software to help service members distinguish between friendly and enemy forces on the battlefield and ensuring the encryption of emails Pentagon personnel exchanged with third parties about coronavirus vaccines. 

The DDS's director, Brett Goldstein, said in a statement that his unit had approved a "pilot effort" to publicize the Pentagon's IP room. According to Goldstein, “this pilot will analyze, evaluate, and prevent unauthorized use of DoD IP address space.” In addition, this pilot could reveal possible security flaws. 

The plan, according to Goldstein, is one of the Pentagon's many attempts to constantly improve the cyber posture and security in response to advanced persistent threats. “We're working together through the Department of Defense to ensure that any possible vulnerabilities are addressed,” he added.

The details of what the campaign is attempting to accomplish are still unknown. The Pentagon refused to answer a variety of questions about the project, including why Goldstein's unit used a little-known Florida company to carry out the pilot rather than having the Defense Department itself "announce" the addresses via BGP messages, which would have been a much more common method. 

The Global Resource Systems announcements, on the other hand, seem to have directed a flood of internet traffic toward Defense Department addresses. According to Madory's tracking, large-scale internet traffic movements started almost immediately after the IP addresses were announced on January 20. 

Russell Goemaere, a spokesman for the Defense Department, confirmed in a statement to The Washington Post that the Pentagon still owns all the IP address space and hadn’t sold any of it to a private party. 

Since the programme isn't public, a person familiar with the pilot effort agreed to speak on the condition of anonymity. He said it's critical for the Department of defense to have "visibility and accountability" into its various cyber tools, including IP addresses, and to maintain the addresses appropriately so they'll be available if and when the Pentagon needs them.

U.S. Cyber Military Forces Execute Retaliatory Cyber-attack Against Iran




In a retaliatory cyber-attack against Iran, U.S. cyber military forces cut down a database utilized by its Revolutionary Guard Corps to target ships in the Persian Gulf, just hours after 'the Islamic Republic shot down an American Drone'.

Right now, Iran still can't seem to recuperate the majority of the data lost in the attack and is attempting to re-establish military communication networks connected to the database.

As indicated by the Washington Post, the U.S President Donald Trump purportedly approved the U.S. Cyber Command's strike however the government has not openly recognized its occurrence.

A U.S. official who addressed the Washington Post additionally noted that the cyber-attack was intended to harm for Iran – however not to the degree that would further heighten pressures between the two sides.

Elissa Smith, a Pentagon spokesperson said in a statement, “As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence, or planning.”

In spite of the attack, the Islamic Republic has stayed rather active in the Strait of Hormuz, holding onto the English oil tanker Stena Impero in mid-July.

Recently discovered Fox News, it happened in June that Iran shut off a portion of its military radar sites around the time the U.S. was ready to dispatch retaliatory strikes, thusly it’s not clear if those radar sites were killed by cyber-attacks or if Iran shut them off intentionally fully expecting them.

In any case these strikes are not first major operations executed by the U.S. Cyber Command, as the organization a year ago had disrupted a Russian entity's endeavours to utilize Internet trolls to cultivate discontent among American voters during the 2018 midterm elections.


"US’ Giant Military Contract Has a Hitch", Says Deap Ubhi, an Entrepreneur of Indian Descent.





The founder of a local search site “Burrp!”, Deap Ubhi is a lesser known entrepreneur.

He joined Amazon in 2014 and motivated start-ups and other organizations to embrace cloud computing products.

He in less than a couple of years left, on a journey to start a company that furnished technology to restaurants.

Later on, he joined a Pentagon effort to employ techies. He wished to make a super effective search engine and according to what he said, also to help American people.

But as it turns out, Ubhi’s part in the Pentagon has landed him right in midst of one of the most prominent federal IT contracts.

A $10 billion deal of getting cloud computing to Pentagon, attracted the top tech companies when the project was announced in 2017.

Microsoft, Amazon, IBM, Oracle and Google, all wanted to seal the deal in their own ways.



But there was a catch to it all; the contract would go to only ‘one’ cloud vendor. And Amazon happened to close the deal with the capability of fulfilling Pentagon’s demands.

This is where Ubhi came in, especially his ties with Amazon, a place where he now works again.

Oracle, who under no circumstances could have landed the deal, vehemently criticized the one-vendor attitude.

The organization is now fighting in a federal court about Ubhi’s alleged inclination towards Amazon and its effect on the said deal.

Before the suit was filed, Pentagon had no found no suspicious influence of Ubhi and hence kept evaluating the deal despite Oracle’s lawsuit.

Further on, more information about Ubhi was discovered and Pentagon declined a request for disclosing it.

The winner of the deal was to be announced in April. When contacted by Amazon, both Ubhi and Pentagon refused to comment.

Oracle didn’t comment on the issue outside the court but during the proceedings it mentioned Ubhi’s outspoken inclination towards Amazon by providing the proof of a tweet via Ubhi’s handle.

According to the White house press secretary, the president of the US is not a part of this war of the vendors.



President Trump has never been involved in a government contract before so if he as much as even points at something regarding this situation it would be a first.

The cloud contract is being overseen by a Defense Department Procurement Official, commonly known as the Joint Enterprise Defense Infrastructure (JEDI).

The detection of the officials who’s actually chose the winner has not been made yet.

The Pentagon’s transition to cloud computing is being seen to by a team directed by the chief information officer, Dana Deasy.

Cloud computing would contribute a lot in the battlefield and hence the American government is keen on giving the contract to the best.

Reportedly, for some time Ubhi worked on a market research for JEDI while he was working at Pentagon.

Oracle in the court cited the internal documents where Ubhi articulated support towards a single cloud approach.

Oracle also thinks Ubhi had something to do with the decision to select a single cloud provider.



In return, Amazon said that Ubhi worked on JEDI only for seven weeks that too at the early stages and that there were over 70 people involved in the development.

Amazon and Ubhi’s ‘Tablehero’ were to engage in a partnership of which there is no proof as yet. Ubhi hasn’t been replying to the emails of investors either.

Pentagon mentioned that the single cloud would let the movement be faster and ensure more security. This statement was later asserted by the Government Accountability Office.

Both IBM and oracle filed heavy protests against the Government accountability Office which was later denied in Oracle’s case and rejected for IBM.

Oracle, which has a small cloud market shares, then took the issue to the federal courts of the US.

The Oracle lawsuit stands to profit Microsoft as it now has improved capabilities and hence could be a strong competitor to Amazon.

It doesn’t matter whether Ubhi molded the contract. Pentagon’s justifications support its decision to use a single cloud approach.

The major motivation behind the decision has always been helping the defense make better data driven decisions.