Cybersecurity defence is the foundation of cyberspace combat capability and an important guarantee for military operations. Guided by the idea of military and industry-led collaboration, the United States of America and the United Kingdom make full use of industry technologies and capabilities to strengthen research and development of cybersecurity technologies and equipment, as well as improve performance in its defence capabilities.
In
August 2021 the US Defense Information Systems Agency (DISA) awarded to the
cybersecurity firm Forescout-Active Defense for the Enterprise of Things a 115
million US dollar contract to promote a zero-trust security model. Also known
as zero-trust architecture (ZTA), zero-trust network architecture (ZTNA) or
perimeter-less security, it describes an approach to designing and deploying IT
systems. The main concept behind the zero-trust security model is “never trust,
always verify,” which means that devices should not be trusted by default, even
if they are connected to an authorized network such as a corporate LAN and even
if they were checked and verified before.
DISA
selected the Forescout platform as part of the Compliant Connectivity (C2C)
project. The Department of Defense expects C2C to provide a suite of computing
and IT capabilities to manage all resources in the Department’s network. One of
the C2C-enabled capabilities of the Forescout platform is end-to-end visibility
into the Department’s connected networks and will also enable DISA to upgrade
security processes, including the automation of essential security functions
and improved information sharing.
DISA
also plans to develop a prototype of the Thunderdome zero-trust architecture,
the production of which will begin in early 2023. The new architecture promises
to improve security, reduce complexity and save costs, while replacing current
defence-in-depth approaches to cybersecurity.
At the
same time, the Defense Advanced Research Projects Agency (DARPA) developed a
new drone cybersecurity software, namely the High Assurance Cyber Military
System (HACMS), and invited hackers to attend the DEFense readiness CONdition
(DEFCON) cybersecurity Conference in the United States of America in August.
The results show that even professionals are not able to crack such software –
although I believe that those who could do it would stay hidden, preferring to
declare themselves “beaten” rather than exposing themselves in the open.
HACMS
uses “formal method” techniques to mathematically ensure that there are no
software flaws that would allow hackers to enter and take a computer system
over. The software architecture strictly separates the various functions of the
task-specific control system, and even if hackers were able to break into the
drone’s camera software, they would not be able to hijack its command and
control system. Furthermore, in September DARPA launched the Hardening
Development Toolchain Defense Against Burst Execution Engine (HARDEN) project,
which aims to help developers understand contingency and emergency behaviour in
computers to prevent cyber attackers from using the built-in capabilities of
critical systems to generate malicious and accidental computations.
In
January 2022 the Defense Innovation Agency (DIU) announced it had awarded to
the cybersecurity firm CounterCraft an additional settlement agreement for new
technology to capture and block insider threats on compromised networks. The
technique, known as a “cyber deception platform,” creates a trap for
adversaries to leave behind the techniques, tools and command architecture they
use after compromising a network. CounterCraft says the technology is
essentially “honeypots” and “honeynets”, i.e. cybersecurity techniques that
create tempting traps (honeypots) and link these traps together (honeynets).
The attackers’ behaviour in a honeypot environment can be classified, thus
enabling institutions to visualize their vulnerabilities in infiltration
chains.
DIU
addressed the industry in July 2021 for advanced endpoint detection and
response capabilities (a communication endpoint is a type of node in the
communication network; it is an interface that consists of a communicating part
or communication channel).
DIU has
stated that the US Cyber Command and the service’s various cyber components
want to be ever more the “crown jewel” on the defensive network and defensive
weapon system to oppose malicious cyber activity around which DIU is deploying
deceptive elements to essentially create pre-filtering sensors and
capabilities, as well as pre-filtered data collection devices. This is
essentially a method for deploying fake artifacts, decoys, erroneous algorithms
and honeypots, and deploying highly customized and targeted recalls and
endpoints in very specific traffic data and pre-filtering indicators in an
environment that enables us to understand the details of threats by visualizing
interactions with fake artifacts. If the methods and techniques described above
are proven over time, these tools will change the rules of the game as to how
the Department of Defense, and any Agency, protect their networks and data.
This
means that cyberspace defenders can develop tailored protection plans and
responses that are more specific to any part of the Department of Defense or
any other Ministry, rather than trying to adopt a one-size-fits-all approach to
cyber protection.
The US
Army is leveraging new technologies to advance the development and deployment
of cyber weapons, incorporating enhancements into existing systems to ensure
the continued effectiveness of cyber defenses. Among them, the Network Analysis
and Detection (CAD) project is based on the Army’s Big Data Platform – called
Gabriel Nimbus – which can run on various classified networks, thus increasing
storage space; adding new data sources; and integrating special applications
and tools..
Moreover,
the User Activity Monitoring (UAM) program enables analysts to identify
high-risk user activity in the Army’s networks in near real-time to address
insider threats. This helps leverage all the tools, applications, as well as
data streams and flows in the Gabriel Nimbus. Threat emulation is the project
that enables users to simulate hostile capabilities on their networks with the
aim of finding vulnerabilities before actual attacks. This is expected to be
implemented in the coming months.
The
Deployable Defensive Cyberspace Operations. Systems-Modular (DDS-M) projects
are configurable with the hardware kit for use by Cyber Protection Teams
(CPTs). The Garrison Defensive Cyberspace Operations Platform (GDP) project is
a system capable of high-speed data capture and is moving to the cloud as a
software-based military weapon.
Three
GDP versions are being developed, with the fourth and fifth ones expected to be
launched in 2022 and 2023.
The US
Army Cyber Command issued an announcement last August asking for information
about the Endpoint Security Solutions as a Service resources: a potential
resource for the Army to find endpoint security solutions and hosting services,
with the aim of improving overall security and reducing risk. Cyber Command
seeks to increase visibility on endpoint security across all Army’s operational
domains and track compliance metrics that provide robust protection of assets
and systems to detect and respond to cyber threats appropriately in all
locations and environments.
***Giancarlo
Elia Valori; Advisory Board Co-chair Honoris Causa Professor Giancarlo Elia
Valori is an eminent Italian economist and businessman. He holds prestigious
academic distinctions and national orders. Mr. Valori has lectured on
international affairs and economics at the world’s leading universities such as
Peking University, the Hebrew University of Jerusalem and the Yeshiva
University in New York. He currently chairs “International World Group”, he is
also the honorary president of Huawei Italy, economic adviser to the Chinese
giant HNA Group. In 1992 he was appointed Officier de la Légion d’Honneur de la
République Francaise, with this motivation: “A man who can see across borders
to understand the world” and in 2002 he received the title “Honorable” of the
Académie des Sciences de l’Institut de France. “