What happens when you bring together some of the nation’s leading hackers, the Pentagon’s chief of training and an Air Force Academy professor who teaches cyber skills to cadets? They all agree on one thing: The government’s approach to cyber security is coming up short.

They sat on the dais, an unusual assortment of experts at a conference for military simulation and training experts. No prepared speeches, just a wide open Q&A.

Their message in three bullets:

• You can’t teach cyber defense without a thorough understanding and expertise in cyber offense 
• Cyber is all about breaking the rules. If you try to break cyber defense into a series of check-box requirements, you will fail
• The Fifth Domain, as cyber is sometimes called in the military (joining air, land, sea and space) is not like the others. There is no high ground and the weapon... Read More >

Hackers pose myriad threats to government organizations, but vulnerabilities aren’t all coming from the outside. Insider threats – both malicious and unintentional – may be even more dangerous.

Roughly half of Federal agencies suffered an insider threat in the past year and almost one-in-three lost data in a breach, according to a MeriTalk study that surveying 150 Federal IT managers knowledgeable about their agencies’ cyber security programs.

The National Insider Threat Program was established in Executive Order 13587 four years ago to deter, detect and mitigate compromises of classified information by malicious insiders. The order requires Federal agencies to establish their own insider threat detection and prevention programs under guidance from the National Insider Threat Task Force (NITTF).

The NITTFT was established in response to the Wikileaks scandal... Read More >

During 14 years of war in the Middle East, Marines and soldiers came to rely on having ready access to computers. And the more capability they had, the more they wanted.

“What that evolved into was a tremendous demand for power and cooling that drove a need for fuel for generators,” said Kenneth Bible, the Marine Corps deputy director of C4 [command, control, communications and computers] and deputy chief information officer.

Fuel trucks became targets for insurgents, and defending them became an extra burden for troops. Clearly, a more efficient solution was needed.

Meet the “tactical cloudlet.” It brings the same concepts of distributed cloud computing to a remote and mobile battlefield scenario. The Marine Corps, Army, and university researchers are all working on... Read More >

When the Defense Department (DoD) set out to create an enterprise-wide email system in 2007, the vision was a single platform with all 4.5 million DoD email users onboard by 2016.

Turns out it’s not so easy.

The Department of Defense Enterprise Email – DEE – launched in 2011and today counts 1.7 million users, according to the Defense Information Systems Agency (DISA), which operates the system. Few additional users are currently scheduled to join.

DEE aimed to simplify email across the entire department, eliminating hundreds or even thousands of separate email servers in data centers all over the world, in favor of a cloud-based system spanning the entire defense enterprise and allowing users to maintain a single email address for an entire career, even with regular change-of-station moves from one part of the globe to another. DISA operates unclassified – NIPRNet – and classified – SIPRNet – versions of its enterprise email.

Advocates say moving to a single centrally managed email system will... Read More >

It’s autumn and California’s Santa Ana winds sweep in from the desert, carrying the threat of wildfires across the mountains to a land already tormented by drought.

The Santa Ana Wildfire Threat Index (SAWTI) tracks and predicts the extent of the threat, calculating daily just how dangerous the situation may become. Developed by the U.S. Department of Agriculture’s Forest Predictive Services, SAWTI helps agencies and citizens anticipate risk and prepare accordingly.

It’s one of a whole new range of digital tools in use today to help curb wildfires. Developed and managed by numerous agencies and often on shoestring budgets, these systems pull... Read More >

The Federal government is losing billions of dollars every year to fraud, waste, and abuse. The IRS and the Department of Health and Human Services are among the most victimized in government. Overwhelmed by data and the speed of business, they are the favored targets of cheaters and thieves who hope to score quick payments and then disappear in the crowd.

Finding fraud is like locating the proverbial needle in a haystack. But now new analytic tools are helping to stop improper payments – by ferreting out the fraud, waste and abuse that hides like needles in a haystack among legitimate bills and requests.

At the IRS, voluntary compliance among citizens and trust on the part of the Federal government are the twin pillars on which the system is founded. To maintain trust with taxpayers, for example, the government pays out tax refunds before it can compare tax returns with W-2 wage and earnings statements. Fraudsters exploit that trust by... Read More >

The case of a Massachusetts man sentenced Oct. 6 to 37 months in prison for importing thousands of counterfeit integrated circuits from China and Hong Kong and then reselling them for use in U.S. Navy submarines, is the latest in a series of incidents in which fake electronics were wormed into the government’s supply system.

Counterfeit technology comes in many forms, affecting both hardware and software. Security experts in January spotted Trojan malware in imported smartphones from China. Embedded in a ringtone app, the malware secretly enabled attackers to phish personal information and prompt downloads of more malware through Google Android application package files (APKs). The knockoff phones looked like Samsung GS4s and other common models.

Around the same time, Microsoft investigators found forged versions of its Windows operating system on a number of new laptops purchased in China. They also found viruses including the aggressive Botnet virus Nitol, on 20 percent... Read More >

In New York, a sanitation worker used a driver’s license to impersonate his dead twin brother and draw more than $500,000 in disability benefits. In Iowa, an escaped bank robber got nailed when he applied for a driver’s license to fake his identity. A New Jersey man was caught applying for two fraudulent commercial driver’s licenses, even though his licenses had been suspended 64 times.

In each of these cases, reports Stateline, a service of the Pew Charitable Trusts, authorities used facial recognition technology to trip up would-be cheaters at the local department of motor vehicles office.

Facial recognition is here to stay, and the uses and potential uses are burgeoning. Motor vehicle agencies are using them to stop people from... Read More >