US Cybersecurity Mag - Spring 2015

Spring 2015 Issue | Volume 3 | Number 7
United States
{CYBERSECURITY}
Magazine
Feature Article
Cyber Security
Forum Initiative
Defense in the Age of
Cyber-Warfare
Page 40
2015: It’s All about the Data Who’s Watching the Back Door? Diving into the Deep Web
BLACKOPS Partners e-End USA Emagine IT
Master of Science or Post-Master’s
Cybersecurity
CAN BE COMPLETED ONLINE
PART-TIME MS IN CYBERSECURITY;
10 COURSES TO COMPLETE DEGREE
3.0 GPA
LEARN MORE TODAY

EP.JHU.EDU/CYB
800-548-3647
We currently are not accepting applications to the Cybersecurity program from online students who reside in AR or KS.
Residents in these states may apply to Johns Hopkins Engineering for Professionals programs
offered at any JHU campus location. For additional online education state authorization information, visit ep.jhu.edu/oesa.
“…train my hands for war
Technology Services, Inc and my fingers for battle.”
Cybersecurity Training 5072616973652062

6520746f20746865
Chiron’s cyber training mantra is simple – train like you fight – and Chiron’s 204c4f5244206d79
cleared instructors bring years of real-world experience to bear on the most
challenging areas in Computer Network Operations today. 20526f636b2c2077
686f20747261696e
• Expertise in computer network exploitation, malware reverse engineering,
network analysis, digital forensics, and more 73206d792068616e
• Challenge students through highly technical and hands-on real-world
scenarios based upon today’s dynamic cyber environment 647320666f7220776
• Classes held in a laboratory environment with state-of-the-art equipment
1722c206d79206669
free from rigid network security restraints
6e6765727320666f7
Chiron Cybersecurity Training enriches the student experience through
real-world challenges – and successes. 220626174746c652e20
Wireless Exploitation and Attack CNO Developer Course

• Technical Breakdown of 802.11 Protocol • Fuzzing Applications and Exploit Development
• Advanced Wireless Exploitation Techniques • Defeating Overflow Protection Mechanisms
• Wireless Device and Computer Forensics • Using SEH for Execution
• Survey, Targeting, and Attack Scenarios • Hooking Library Functions
Mobile Device Exploitation Embedded Systems Attack

• Android/iOS File Systems Analysis • Discovery and Analysis of Unreleased Vulnerabilities
• Android/iOS Vulnerability Assessment and Exploitation • Weaponizing Exploits
• Mobile Device Security • Customizing and Deploying Custom Firmware
• Reversing Malicious Applications • Persistent Access Techniques
• Rootkit Development
Network Attack and Active Defense Network Exploitation and Tradecraft

• Advanced Packet Analysis & Packet Carving • Advanced Scanning and Vulnerability Assessment
• CNA Simulation and Attack Scenarios • Windows and UNIX Exploitation Techniques
• Latest Exploit Dissection Methods • Anti Virus and Firewall Evasion
• Security Flaws and Remediation Techniques • SQL Injection and Cross-Site Scripting Attack
• Creating Custom Payloads
To Learn More About Our Training: 410.672.1522 x 113 | training@chirontech.com

Main Office: Chiron Technology Services, Inc. 7021 Columbia Gateway Drive, Suite 250, Columbia, MD 21046
Tel: 410.672.1522 | Fax: 410.672.3187
/chirontech /chirontech /chirontech /chirontech www.chirontech.com
United States Cybersecurity Magazine | www.uscybersecurity.net 01

Got Contracts?
COMPREHENSIVE MARKET INTELLIGENCE
DISCOVER OPPORTUNITIES BEFORE THEY ARE RELEASED
THE NATION’S PREMIER ONLINE GOVERNMENT CONTRACTING TOOL
ACCESS THE LARGEST GOVERNMENT

CONTRACTING DATABASE
The largest number of Federal, State and Local bids available online.
HIGH QUALITY, HIGH PROFIT OPPORTUNITIES

DEPARTMENT OF DEFENSE ~ ARMY ~ NAVY ~ AIR FORCE ~ NASA
plus 80,000 other buying agencies
BILLION DOLLAR CONTRACTS

EVERYTHING NEEDED TO WIN MORE GOVERNMENT CONTRACTS
Federal, State and Local Government
Contact us at 301.741.4446 or info@govpurchase.com

8401 Colesville Rd., 3rd Floor • Silver Spring, MD 20910
www.GovPurchase.com
02 United States Cybersecurity Magazine | www.uscybersecurity.net

from the {PUBLISHER}
United States
{CYBERSECURITY} Greetings,
Magazine
Welcome to the Spring 2015 issue of the United States Cybersecurity Magazine!
United States Cybersecurity Magazine
All Rights Reserved We are honored to be able to continue raising the level of awareness of
A Division of American Publishing, LLC
cybercriminality and bringing solutions to the forefront to educate and protect
Publisher: Karen A. Austin the United States of America’s government, private sector, and citizens.
Editor: Amanda Fortner

We would like to thank each and every person who contributes to the cybersecurity
Director of Operations: Charles H. Austin, Jr. industry. Our military and our intelligence agencies, our teachers and students,
our energy sector, entrepreneurs, government agencies, and consumers are all
Art Director: Patrick Brzozowski
Graphic Designer: Stacy Brzozowski
participating in protecting their businesses and families from the malicious acts of
cyber criminals.
Graphics Representative: Pamela Schisler
Administration: Tiana Coley These cyber criminals do not sleep. Malware continues to spread across the net;
valuable intelligence and intellectual property is stolen; data breaches expose
App Development: Jason Johnson, thousands to fraud and theft. Picking up the pieces from these attacks is time-
PROJECTSEVEN
consuming and expensive. The only true solution is to continue our research and
To place a display advertisement, development into preventing and predicting these cyber crimes, and to continue
please contact: educating our children, our future cyber defenders, and our general public on how
Kimberly Horn at 410.755.1014 to protect themselves from bad actors.
Mary Engelbrecht at 443.850.9900
Charles Coleman at 313.333.4733 In this issue of our magazine, we hear from voices on the front lines of these efforts,
To subscribe, visit:
developing new methods to predict cyber events before they occur; protecting our
www.uscybersecurity.net/subscribe. cities and critical infrastructure; and training the new generation of cyber warriors
to continue the fight. But as many of our contributors stress, cybersecurity is
Download our app on the App Store
important for more than just corporations and government agencies: it’s necessary
or Google Play, or contact Karen Austin
at 443.453.4784
for everyone. Small businesses face just as much risk of cyber attacks as large ones,
and sometimes more. Everyone needs to know the threats they face and how to
To submit an article, please contact: stop them. Our nation’s cybersecurity is only as strong as its weakest links: when
Karen Austin at 443.453.4784 one of us is vulnerable, we are all vulnerable.
Amanda Fortner at
a.fortner@uscybersecurity.net
We must continue on our mission. We want 100,000 readers by the end of 2016.
American Publishing, LLC provides no warranty and Everyone should have a copy of the United States Cybersecurity Magazine, and
accepts no responsibility regarding the services/ everyone should download our app, available for both iOS and Android, to continue
products of the advertisers, either in print or online, receiving the most relevant information on cybersecurity from the top experts
in the United States Cybersecurity Magazine.
in the field. The fight for the cyber defense of our nation’s citizens, soldiers, and
The views and/or opinions expressed in the
advertisements and articles in the United States businesses does not stop, and neither will we.
Cybersecurity Magazine, either in print or online,
are not the views and/or opinions of American The cybersecurity industry deserves a voice of its own; hence, the
Publishing, LLC.
United States Cybersecurity Magazine.
American Publishing, LLC provides no warranty and
accepts no responsibility regarding such views and/ May God Bless America.
or opinions, other than its own.
The United States Cybersecurity Magazine contents

may not be reproduced without prior written
permission from American Publishing, LLC. Karen A. Austin
Publisher
is not an official publication of
U.S. Cyber Command.

CYBER {CONTENTS }
26 Cyber Maturity: It’s Time to Be Accountable for Our
United States Cybersecurity Magazine Own Destiny
Adam C. Firestone, President & General Manager
05 From the Publisher Kaspersky Government Security Solutions
80 Index of Advertisers While cybersecurity professionals have been and will continue to do all they can to protect end
users from vulnerabilities and threats, their warnings are useless if they are not heeded. As
Adam Firestone asserts, part of the responsibility for defending against cyber attacks rests with
those being attacked.
Cybersecurity and the Modern World
08 Diving into the Deep Web Cyberthreat Landscapes

Kris Martel, Chief Information Security Officer
Emagine IT 30 2015: It’s All about the Data
Much like the surface of the ocean, the Internet that most people know is only a fraction T. Casey Fleming, CEO & Eric Qualkenbush, Board of Directors
of what exists. Kris Martel offers a look under that surface, into the murky waters of drugs, BLACKOPS Partners
weapons trafficking, and other nefarious activities that take place in the deep web.
The brave new world of cybersecurity is also a terrifying one of major data breaches, insider
13 2015: What’s Old is New Again threats, and countless bad actors looking for innovation and valuable data. T. Casey Fleming
and Eric Qualkenbush discuss important considerations and motivations to prevent your
Daren Dunkel
company from being the next one in the headlines.
While the looming threat landscape in 2015 may look very different, Daren Dunkel explains that,
according to numerous experts in the field, the vulnerabilities and insecurities that have plagued 32 Cyber in the City: the Art and Business of Shielding
government and enterprise security – and the efforts needed to counter them – remain, in their
essence, quite similar to those we’ve faced before.
Today’s Cities
Gary Hayslip, CISO
16 Calm Your Bits: Why the Internet of Things Isn’t a City of San Diego
Cybersecurity Nightmare As CISO for the City of San Diego, Gary Hayslip protects his city against cyber threats both large
Chris Castaldo, Senior Cyber Security Analyst and small. During his career he has developed a set of tools to mitigate and manage the
Visionist Inc. ever-evolving risks of securing one of today’s cities.
The Internet of Things is increasingly a hot-button topic that can panic information security
professionals. But as Chris Castaldo explains, the IoT doesn’t have to be your worst nightmare:
34 How to Win at Cyber-Chess:
managing it can be as easy as a dream. Leveraging Neuro Analytics in Your Cyberspace
Dr. Alenka Brown, Senior Managing Member &
18 Lone Star Rising: San Antonio’s Cybersecurity Boom Jason Christman, MS, CISSP, PMP
Jim Brodie Brazell, CEO McClure, Brown, & Associates LLC
Armour.io In order to stay a step ahead of cyber criminals and insider threats, Dr. Alenka Brown and
San Antonio’s commitment to cybersecurity research, defense, and development, especially Jason Christman discuss the concept of using neuro cyber analytics as a means to identify and
in the areas of critical infrastructure, makes it a model for the United States in the cyber arena. track bad actors in cyberspace.
Jim Brazell takes us through the city’s past and present involvement with cybersecurity,
making it clear why you don’t mess with Texas.
Cybersecurity and the United States Military
The Human Factor
38 Living on the Edge: Pushing the Boundaries of Cybersecurity
for the Marine Corps Forces Cyber Command
20 Eyes on Employees: Federal Agencies’ Top Assets and
Patric Petrie, Lead Writer
Biggest Security Threats SSC Pacific
Chris LaPoint, Group Vice President of Product Management In the wake of its earlier successes with SPECTRA, Patric Petrie details how SSC Pacific is focusing
SolarWinds its attention on new initiatives to support the Marine Corps Forces Cyber Command with the
Employees are simultaneously the problem and the solution when it comes to maintaining data development of SPECTRA+ to further defend against and even anticipate cyber attacks.
security. As Chris LaPoint explains, the importance of educating employees – and maintaining
visibility of their network activities – cannot be understated in preventing security breaches.
24 Opening the Door for Women in Cybersecurity Protecting Your Data

Kathleen Smith, Chief Marketing Officer
ClearedJobs.net 46 Don’t Become Extinct: the Evolution of Information Security,
A crisis exists in the cybersecurity community: a dearth of diverse and well-trained cybersecurity Part One
professionals. Kathleen Smith takes a look at what employers can do to advance the recruitment
of one of the most under-represented groups in the profession: women. Will Janssen, Business Development Director
Signals Defense
The techniques and practices necessary to protect sensitive information have evolved over
time, culminating in what Will Janssen terms the “Third Wave” of information security. In Part
One of his series, Mr. Janssen lays out his vision of the development of information security
and its practical applications for our current IT environment.

Feature Article
50 How Connected is Too Connected? Cybersecurity for a 40 Defense in the Age of Cyber-Warfare:
Fully Networked World the Cyber Security Forum Initiative
Darin Anderson, Chairman & Founder
CyberTECH Amanda Fortner, Editor
The Internet of Things is a highly exciting and rapidly expanding field for both consumers and United States Cybersecurity Magazine
businesses, but that rapid growth can also invite disaster. Darin Anderson advises prioritizing
security in Internet-connected devices during their development stage, looking towards safety in
the present rather than attempting to fix issues in the future.
52 Looking to Make Your Leap: Protecting Yourself from Threats 68 Who’s Watching the Back Door?
and Breaches in the Cloud Arleen Chafitz, Owner & CEO & Steve Chafitz, President
Vaughan Emery, President & CEO e-End USA
CENTRI Technology
Businesses may have excellent front-end security, but without proper attention paid to data
While transitioning your organization’s data to the cloud may provide any number of benefits, on end-of-life devices, they may find themselves at risk of losing classified and valuable
it also carries the attendant risks of data breaches and security threats. Vaughan Emery explains information out their back door and into the hands of identity thieves, causing serious and
the importance of an end-to-end encryption solution in protecting your data while navigating costly data breaches.
this new technology.
72 Small Businesses, Big Threats: Cybersecurity in Small
Enterprise Environments
Cybersecurity Law Megan Clark, Help Desk Technician & Amanda Fortner, Editor
Bryn Mawr College United States Cybersecurity Magazine
54 The Problem of Attribution in Cyber Attacks: the Sony Example If you think your business is too small to be a target for bad actors, think again: small
businesses face just as much risk as large corporations, if not more. Megan Clark and Amanda
Ira E. Hoffman, Esq., Principal in Cybersecurity, Government Contracts Fortner present important considerations for cybersecurity professionals in small enterprise
and International Law environments to prepare, protect, and educate their communities.
Offit Kurman, P.A.
While the actions of the attacking forces are usually readily apparent in conventional warfare, 74 Keep It Secret, Keep It Safe: Nine Steps to Maintaining
attributing attacks to any particular party is far more complicated in cyber-warfare. Ira Hoffman Data Security
uses the recent attack on Sony Pictures Studios as a lens through which to view this
Alvita Fitgerald, Vice President of Administration &
complex issue.
Jessica Schneider, Strategic Commuications Specialist
57 A Shopper’s Guide to Cyber Liability Insurance Megadata Technology
Holly Winger, Esq. Maintaining knowledge of and control over your important data may sometimes seem like
Brenner, Saltzman & Wallman LLP an impossible task, but as Alvita Fitzgerald and Jessica Schneider explain, nine simple steps
can help you keep your cyber information well in hand and reduce your risk of catastrophic
While most businesses have some form of insurance protection, many have not updated cybersecurity breaches.
their insurance to protect themselves from claims and suits that may arise from data breaches
and other risks associated with operating an e-business. Holly Winger discusses important
considerations when evaluating whether you’re properly protected by cyber liability insurance.
Education
Cybersecurity & Your Business 76 Creating Your Ultimate Code-Cracker: the Design of Digital
Forensic Workstations
60 Getting Cybersecurity off the Back Burner and into John Samborski, CEO
the Boardroom Ace Computers
Rick Lipsey, Senior Strategic Cyber Lead In any craft, it’s important to have the right tools for the job, and the same is true of digital
LMI forensics. John Samborski discusses many of the considerations necessary to keep in mind
when designing a workstation that will perform the often highly intensive computing tasks
Recent high-profile security breaches have galvanized many employers into making required by many digital forensics operations.
cybersecurity a greater priority. Rick Lipsey offers suggestions for how to prioritize resources
and present recommendations to make the transition to greater organizational security as 78 Cyber Innovation Center: a Pioneer in Cyber-Education and
seamless as possible.
Workforce Development
64 A Blueprint for Cybersecurity Government Contracting: G.B. Cazes, Vice President
Phase One Cyber Innovation Center
Kim Harwell, National Procurement Manager The United States is facing a critical dearth of cybersecurity professionals in the near future, but
GovPurchase G.B. Cazes offers hope: the National Integrated Cyber Education Research Center has developed
a vertically integrated, multi-disciplinary, project-driven curriculum to advance the development
The world of IT government contracting can often be a fast-paced and confusing place, but and direction of teachers and students.
Kim Harwell sheds some light on the subject with a clear, defined series of steps to research,
development, and bidding success.

Kris Martel
Chief Information Security Officer
Emagine IT
08
With all of the recent advancements in technology,
including the ability for anyone to know what is going on
secure it.
around the world with just a few keystrokes or finger swipes,
it is amazing that anything can be a mystery anymore.
When I was young, you had to rely on the newspaper,
nightly news programs on the TV or radio, or books and
consulting.
magazines. Encyclopedias were the old-school version of
the Internet, but you had to know what to look for. Now
Twitter, Facebook, Google, LinkedIn, and endless other
social media and Internet search tools allow you to get technology.
any information you need when you need it. You don’t
even have to know exactly what you are looking for to get
leadership.
more information on a topic than you could read through
in a year. Simply plug a few keywords into your favorite
Internet search engine and you will be on your way to a
subject matter expert in minutes.
Yet what most people think of as the Internet is only a

fraction of what is available. The Internet as most people government business and IT solutions.
know it is actually called the surface web. The deep web
is essentially the Internet – the complete Internet. It is
www.eit2.com
the rest of the Internet that is unsearchable with regular
web browsers. If you do a quick search on the deep web,
you will see that it is a hotbed of illegal and nefarious
activities, including the sale of drugs, human organs,
weapons, stolen identities, hit man services, and more. web. The only way to search the deep web is through The
A lot of bad content exists in the deep web and can put Onion Router (TOR)1 network. TOR is a free modified web
your organization at risk. browser that allows you to anonymously surf the deep
web. This anonymity gives rise to the deep web being
No one knows how big the deep web is, but recent known as the “hidden web,” “deepnet,” or “dark web.”
estimates have put the content of the deep web as much U.S. government agencies are frustrated and scared by
as 500 times the amount of content available on the surface the deep web because they:
• Can’t control or access all areas of the deep

Security Professionals Knowledge of the Deep Web
web; it is simply too big
• Can’t stop it because the connections to
TOR cannot be controlled
• Can’t track the sources and destinations of
traffic
Did not know about
deep web
60% So why should your organization be worried
Know how to access deep web Lack of knowledge of deep web about the deep web? Most organizations
20% 78%
have standard desktops that do not include
the TOR browser, and think that the deep
web is not a threat. Unfortunately, the threat
Heard of deep web but
didn’t know how to access is still real and every organization is at risk.
18% TOR is a free application and is gaining in
Explore the popularity for home use. There are even TOR
deep web
2% apps for smartphones that allow you to surf
the deep web anywhere you have service.

the dangers of the deep web. The
deep web has been around for
years but it is still unknown to most
people. I conducted an informal
survey with consummate security
Most common sites visited
professionals and almost 4 out of
without concern
every 5 could not tell me what the
Sites for downloading pirated material deep web was or how to access it.
Remarkably, only 2% have actually
Large numbers of users sharing browsed the deep web.
downloads
TOR browser required to enter this level, which
The deep web is something new
grants access to directories and downloads
and exciting to many. Like a child
Onion Chan forums, portals, hackers for who doesn’t understand what a hot
hire, child pornographic material, sale of stove is until he or she touches it
stolen goods, objects, and drugs
and gets burned, your employees
may want to dive into the deep
TOR will only become more mainstream as time goes web until they or your organization get burned. It is only a
on and there is little to nothing that can be done, as the matter of time before diving into the deep web becomes
software to access the deep web is free. as common as surfing the web is today. I urge other CISOs,
CIOs, and executives to ask your staff and employees
Organizations have no control over what individuals do about the deep web. Make it an impromptu question so
in their personal time. Anyone choosing to explore the they cannot go research and give you what appears to be
depths of the deep web, regardless of the reason, is a an educated answer. Ask your security personnel to explain
target for malicious attacks. In order to maintain anonymity the deep web to you and be ready for a lot of blank stares.
(the main purpose of the deep web), there are TOR Then ask yourself how vulnerable your organization and
browser configurations that disable certain content from your data really is.
being viewed within the browser. Much of the content is
downloadable, and smart hackers and evildoers will lure
Sources
in their prey with irresistible content that won’t load in
the web page but is conveniently available to download 1 <https://www.torproject.org/>
and view offline.
These downloaded files are often laden with malicious

content such as viruses, Trojans, or keyloggers. With a
simple double click of the seemingly benign file, your
About the Author
employee has now become a security risk to your
organization. Intruders can watch everything your Kris Martel, CISSP, CISM, CRISC, CGEIT, and
employee does on a compromised machine. They can MCSE is the Chief Information Security Officer
(CISO) at Emagine IT, a Minority-Owned, 8(a)
install additional hacking tools and break into other certified, Small Disadvantaged Business (SDB)
devices in the same household. Hackers can even infiltrate with extensive experience providing reliable
smartphones, steal contact information, listen to calls, and information technology support services, project
check emails. Once an employee checks work email from management, and quality technology services
since 2002. Kris has over 15 years of experience in the creation
their personal computer (most organizations have some and deployment of solutions protecting networks, systems, and
form of webmail), a hacker will have the user credentials information assets for diverse companies, organizations, and
to your network and can then begin hacking attempts on federal agencies.
your organization.
What can you do about this threat? Organizations should

address the deep web. Be creative with your approach and
emagine
develop training that is fun and interactive but stresses

The
Fort Meade
Corporate
Center
Conference Facility Available!
Your Closest Class A Office Space NOW

In Proximity to Fort Meade, NSA, AVAILABLE
Incubator
U.S. Cyber Command and DISA! through
60k sf
We Can Accommodate SCIF Spaces!

For Leasing Information, Contact:
Katherine C. Freehof | William B. Czekaj | Ingo Mayr, CCIM
301.287.8254 | www.CambridgeUS.com
2288 Blue Water Boulevard | Odenton, MD 21113

HOLY CYBERTUNITY!
A Platform For You To Do What You Do Best!
INFRASTRUCTURE. FINANCE. MENTORSHIP. COLLABORATION.
The Cybersecurity Accelerator • Venture Capital Fund for Cybersecurity

Accelerator Members
is a unique workspace platform
• Flexible and Creative Workspaces
developed for new and emerging • All Workspaces & Data Centers are
Cybersecurity companies. N+2 Redundant.
• Tier II & III, SOC 2, Type II, and SOC 3 SSAE-16
Compliant Data Center Environment
THE • Staffed 24 x 7 x 365 w/Biometric Hand and
Eye scanners
CYBERSECURITY
• No Boot Camps • No Time Limitations
ACCELERATOR
Powered by Metro Offices • Vital Resources and Tools to Advance
Your Business
Located in Northern VA’s Tysons Corner with Direct Access to Silver Line Metro Station • Meeting Rooms
8300 Greensboro Drive | Suite 800 | McLean, VA 22102 • Collaboration Spaces, Community Cafés &
Member Lounges all over town
703.287.8742 | www.csaccel.com
United States
{CYBERSECURITY}
Magazine
Subscribe today!
www.uscybersecurity.net/subscribe
C y b e r
Virtual Desktop
EndPoint Security Download the app today!
Available on Apple iOS and Android.
Search:
convergencetech.us | 301-860-1960 "United States Cybersecurity Magazine"

01110011 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01
01110111 00100000 01000001 01100111 01100001 01101001 01101110 01010111 01101000 01100001 01
What's
01011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00100000 01001111 01
01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000 01000001 01
OLD
01100001 01101001 01101110 01010111 01101000 01100001 01110100 01011100 00100110 00100011 00
00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01
00100000 01001110 01100101 01110111 00100000 01000001 01100111 01100001 01101001 01101110 01
01101000 01100001 01110100 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01
00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01
is
00100000 01000001 01100111 01100001 01101001 01101110 01010111 01101000 01100001 01110100 01
00100110 00100011 00110000 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01
NEW
00100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000 01000001 01100111 01
01101001 01101110 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00
01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00
01000001 01100111 01100001 01101001 01101110 01101001 01101110 01011100 00100110 00100011 00
Again
00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01
00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01
00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01
00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01
by: Daren Dunkel
As 2015 starts, there is no shortage of senior positions in operations, of the exercise still remain classified,
of articles, posts, and interviews analysis, strategic planning, research but the team was able to inflict
projecting the year ahead for and development, and finance considerable simulated damage. Even
cybersecurity trends, attack scenarios, during his time at the NSA, and served today, 17 years later, it seems that the
and countermeasures. I have as Deputy Director of Operations adage of “what’s old is new again”
reviewed numerous materials (from from 1991 to 1994, and Deputy applies. Systems still remain insecure
McAfee Labs, Trend Micro, FireEye, Director of the Agency from 1994 across the board – public and private.
Websense Security Labs, Symantec, to 1997. After retiring from the NSA Crowell says that “Eligible Receiver
etc.) highlighting similar themes he served as President and CEO proved an important point that is still
around critical infrastructure, mobile of Cylink Corporation, a leading relevant today in our efforts to secure
device attacks, and the evolution of provider of e-business security networks. The Internet Protocol was
hacking in general. One article cannot solutions, from 1998 to 2003.1 Bill designed to facilitate connections
cover all possible scenarios for the Crowell is an excellent resource for across the network and was not
year ahead, so I asked someone with all things cybersecurity – past, present designed to facilitate security. We
experience across both the public and and future. will live with this ‘ease of connecting’
private sectors at the highest levels as an anathema to security for a long
for his input. Mr. Crowell organized and deployed time to come.”2
Operation Eligible Receiver in 1997
Bill Crowell has led the NSA and been a while at the NSA. This US government Many 2015 threat reports highlighted
CEO in commercial industry. He sits on exercise used the NSA as a hacking the emergence of mobile devices and
multiple boards and has been heavily group in a simulated attack on the US sensors in driving the IoT (Internet of
engaged in the cyber market since its government to show how insecure Things) model. The IoT will integrate
inception. He is currently a partner in our critical systems were. The NSA 26 billion connected devices by 2020
the venture capital firm Alsop Louie team used techniques and software (Gartner’s estimates)3, while HP also
Partners, as well as an independent freely available on the internet at the recently published a report stating
consultant specializing in information time and did not allow the use of any that over 70% of current connected
technology, security, and intelligence special techniques or prior information devices contain major vulnerabilities.4
systems. Crowell held a number from the government. Many aspects While initially the consumer side may

001110 01100101 01110111 00100000 01000001 01100111 01100001 01101001 01101110 01010111
110011 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110
100001 01110100 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011
"The
110111 sophistication
00100000 01000001 01100111of attack
01100001 tools01101110
01101001 has advanced to 01100001
01010111 01101000
001111the point
01101100 where
01100100 defenders
00100000 must not
01101001 01110011 only
00100000 find new
01001110 01100101 01110111
011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00100000 01001111
000001ways to01100001
01100111 defend themselves,
01101001 but must
01101110 01011100 also
00100110 share
00100011 00110000 00110011
100000their knowledge
01001110 of the
01100101 01110111 threats
00100000 with
01000001 others
01100111 in a01101001 01101110
01100001
100000 01001111 01101100 01100100 00100000 01101001 01110011 00110011 00111001 00111011 011
coordinated way to reduce the uncertainties
100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000 01000001 01100111 0110
111011of evolving
01110011 computer
00100000 and01100100
01001111 01101100 network attacks."
00100000 01101001 0111001100110011 001
101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000
110000 00110011 0011100101
110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 11
not see the impact of cyber-attacks, order to hide their own attack vectors rapidly to stay ahead of the millions
the thousands of new devices being in the noise.”5 of attackers that currently cruise the
deployed in hospitals and healthcare network with impunity.”6
facilities are at much greater risk. The As these major attacks continue
same is true for the financial sector, as in 2015 we will see more lawsuits Considering 2015 in terms of
smartphone technology has brought against corporations and their boards cybersecurity and its impact on
innovation to the user experience but and, consequently, additional money risk management in general, a few
greatly broadened the attack surface. will be spent to protect systems, fundamental shifts continue to present
Hacking groups understand both the personal information, and corporate themselves. First and foremost, the
topology of enterprise networks and brand reputations. Businesses large adversary is getting more sophisticated,
unique user behaviors and interests, and small must now manage physical dangerous, and global. The hacking
thanks to social media. The skills of and digital risk across their entire community is evolving at every level,
advanced hackers seem to be mirroring organization and their extended from hacktivists to organized criminals,
the tools and tactics of intelligence supply chain. If 2014 was considered and using creative ways to distribute
professionals. Bill Crowell sees it this the year of the breach, 2015 may malware and make the average hacker
way: “The three major attack vectors have new surprises in store, if the more problematic. The cyber threat is
that have emerged since 2006 have recent Sony hack is any example. It growing, and active defense against
been distributed denial of service will take a coordinated global effort the three major attack vectors Bill
(DDOS) attacks, social engineering to truly combat these sophisticated Crowell cited above is an important first
(phishing, etc.) and zero day attacks. cyber-attacks. Bill Crowell concurs: step. The public and private sectors
All three seem to have come out of the “The sophistication of attack tools must also improve in the sharing of real
criminal, hacktivist and nation state has advanced to the point where time data about attacks and attackers.
skill pool and have spread throughout defenders must not only find new Corporations and individuals must
those three communities like wildfire. ways to defend themselves, but must better understand how and why they
Many of these attack mechanisms also share their knowledge of the are being attacked in order to protect
are freely available for sale or in the threats with others in a coordinated their most valuable information assets.
case of DDOS, for rent. The attack way to reduce the uncertainties of The job of collecting security event
vectors are being enhanced by their evolving computer and network data isn’t complete until action is
creators with far greater speed than attacks. In addition, new tools that taken to stop an attack and prevent
the security tools needed to deal with can use threat information to reduce reoccurrences. Actionable intelligence
them. There is also reason to believe the threat surface, and ensure that on real time information feeds will
that nation states and skilled criminal known threats do not succeed in be key in 2015 and beyond, to truly
hackers deliberately make attack penetrating their perimeters, and their understand when you are being
vectors available to script kiddies in applications will have to be deployed attacked and how to respond.

1 01101000 01100001 01110100 01011100 00100110 00100011 00110000 00110011 00111001 0011
0 01100101 01110111 00100000 01000001 01100111 01100001 01101001 01101110 01010111 0110
1 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 0110
1 01110100 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011 0010
1 00100000 01000001 01100111 01100001 01101001 01101110 01010111 01101000 01100001 0111
1 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 0010
1 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 0111
0 01101001 01101110 01011100 00100110 00100011 00110000 00110011 00111001 00111011 0111
110011 00100000 01001111 01101100 01100100 00100000 01101001 01110011 1001111 01101100 0110
00001 01101001 01101110 01101001 01101110 01011100 00100110 00100011 00110000 00110011 0011
111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01110011100
0 01000001 01100111 01100001 01101001 01101110 01101001 01101110 01011100 00100110 0010
100 01100100 00100000 01101001 010010
One thing is certain: 2015 will

be another interesting year in
cybersecurity.
Sources
1 Alsop Louie Partners: “Our Team: Bill Crowell,

Partner.”
<http://www.alsop-louie.com/team/bill-crowell/>
2 Crowell, Bill: Personal e-mail conversation with
author
3 Gartner, Inc.: “Gartner Says the Internet of Things
Installed Base Will Grow to 26 Billion Units By
2020.”December 2013. < http://www.gartner.com/
newsroom/id/2636073>
4 Miessler, Daniel: “HP Study Reveals 70 Percent of
Internet of Things Devices Vulnerable to Attack.”
July 2014. <http://h30499.www3.hp.com/t5/
Fortify-Application-Security/HP-Study-Reveals-70-
Percent-of-Internet-of-Things-Devicesbap/6556284#.
VNu3LvnF98E>
5 Crowell, Bill: Personal e-mail conversation with
author TH E M I L CO R PO R ATI O N UNDE R STANDS T H AT
6 Ibid.
TH E L ANDSCAPE O F SYSTE M SE CUR IT Y IS
R API DLY CH ANG I NG AND W E ’ R E H E R E TO
PROTE CT YO UR CR I TI CAL DATA .
About the Author
O UR CYB E R SE CUR I T Y SE CTO R DE V E LO P S ,
Daren Dunkel graduated TE STS, CE RTI F I E S, AND TR ANSIT IO N S
from Oklahoma State
University in 2014 with TE CH NO LO G I E S AND M E TH O DO LO GIE S TO
a business degree in E NSUR E TH AT O UR CUSTO M E R S AC H IE V E
Management Information O PE R ATI O NAL SUCCE SS AND O UT - PAC E
Systems and a certification
in Information Assurance (IA) from the POTE NTI AL TH R E ATS - E VE RY T IME .
National Security Agency (NSA). He is a sales
professional with Intel Security (formerly
McAfee), specializing in cybersecurity
solutions and countermeasures for the
commercial business market sector in
Northern California and Nevada. Daren
works in the domestic sales operation
center in Dallas, Texas.
THE
CORPORATION WWW.MILCORP.COM

Calm Your Bits:
Why the
Internet of Things
Doesn’t Have to Be a Security Nightmare
Chris Castaldo
Senior Cyber Security Analyst
Visionist Inc.
Industry buzzwords are a dime a

dozen, but few survive the passage
of time. A term that popped into
our lexicon in approximately 2006,
according to Google Trends, and
has been gaining traction in 2014,
is the “Internet of Things," or "IoT."
“Internet of Things” and “Internet of
Everything” are terms that have been
given to just about anything that
can be connected to an IP network
that’s not your standard workstation,
server, router, or printer. Think about
a toaster, refrigerator, or something
as advanced as an MRI machine.
The term "Internet of Things"

is now also trending as the new
security nightmare for enterprise
environments. As the popularity of
this terminology increases, so do
the articles and books lamenting
the dangers of incorporating these
technologies into our lives and
infrastructure. I’m here to provide a
sanity check: let’s relax a bit.

Most breaches
in 2014 were printer, switch, or router to your
Technology is forever changing and attributed to social network. Instead of being reactionary
advancing. Our best practices and engineering as and banning technology, we should
understand the technology and how it
policies will continue to evolve with
it. While we must take a disciplined
the initial access can benefit our environment logically
approach to introducing new vector, not Internet- and physically.
technologies into our networks, we
must also rely on the knowledge we’ve
connected coffee Years ago, a wireless network in the
built. Regardless of the vulnerability makers, smoke enterprise sounded like a very bad
idea. Today, the benefits far outweigh
surface new devices may introduce
into your network, your experience
detectors, or soda the risks, especially when implemented
should always prevail. If you are machines. correctly. If your organization is large
not pragmatic about adapting to enough to employ an information
the evolution of your network, your security team, they should consult and
security posture will suffer. implement the SANS Top 20 Security
Controls.2 If you can afford to take it
a well-designed enterprise security
In 2014, datalossdb.org (an online to the next level, execute item number
plan in place, anything with an IP
database of security breaches) 21: a hunt team to actively attempt to
address should fit into it just fine.
counted 1,150 incidents that resulted penetrate your network.
The first question should always be
in the theft of millions of personally “do we need this device?” If so, do
identifiable information (PII) records.1 We are no longer afforded the luxury
you need all of its features enabled?
Unreported incidents, of course, of merely sitting back, applying
Customer data isn’t suddenly that
presumably dwarf this number. An patches, and updating firewall rules.
much more vulnerable because your
attacker will move through your Being proactive is the key to winning
employees are wearing Wi-Fi- or
network like water, taking the path the long game. There’s always a flaw in
Bluetooth-enabled health tracking
of least resistance. Most breaches the system; it’s only when we become
devices to work. On the other hand,
in 2014 were attributed to social complacent that it’s easily exploited.
if your enterprise security plan does
engineering as the initial access Next up, your morning coffee choice:
not include restrictions on what
vector, not Internet-connected coffee will it be red mug or blue mug?
USB devices may be plugged into
makers, smoke detectors, or soda your existing machines, you have a Sources
machines. While these devices might problem. The fact that many of us are 1
Open Security Foundation. Datalossdb.org:
not be the first point of entry into your so used to accepting thumb drives “Data Loss Statistics.” 2011.
<http://www.datalossdb.org/statistics>
internal corporate network, they most from our coworkers without a second
likely will not be the end target either. thought as to where those drives have 2 SANS Institute: “Critical Security Controls.” 2009.
<https://www.sans.org/critical-security-controls/>
Credit cards and intellectual property been alludes to an obvious conclusion:
are not stored or transmitted through humans will always be the weakest link
a smart thermostat. About the Author
in a network.
Chris Castaldo has been
Like almost every piece of hardware crafting his passion for
So what should you do when the new
information security for
and software, security is often an office refrigerator requires a wireless 15 years in the commercial
afterthought in the Internet of Things. network connection to take advantage and DoD sector. Chris
While there are plenty of sensational of all of its bells and whistles? Relax, c u r re n t l y w o r k s f o r
Visionist Inc. in Columbia,
and eye-catching headlines about the take a deep breath, and allow your Maryland as a Senior
IoT-driven security nightmare that is cybersecurity team to apply your Cyber Security Analyst providing subject
besieging our Chief Information corporate policies and standards as matter expertise to the DoD.
Security Officers and white hat they would any other device. There
cybersecurity teams, the day to are no additional risks beyond those
panic is not yet upon us. If you have of adding another workstation, server,

Lone Star Rising:
San Antonio’s
Cybersecurity Boom
Jim Brodie Brazell
CEO
Armour.io
San Antonio may not be the first city you think of when concerns about the responsibilities of the various groups
you think cybersecurity, but it might be time to start. in a crisis situation and the existing legislation that might
The Alamo City has a long history of cybersecurity regulate and promote the city’s preparedness. Not just
innovation and development, being the birthplace of the concerned with cybersecurity on a macro scale, the city
first analog computer used for gas pipelines in 1955, the also focused on the micro with Cyber Storm, an exercise
first protocol for the Internet of Things, ARCNET, in 1975, designed to test the readiness of small and medium
and the first network intrusion detection system in 1998. enterprises.
San Antonio plays host to 81 cybersecurity companies In April, San Antonio will host the Cyber Texas National
across the spectrum of start-up, mid-market, and some of Cyber Security Conference for the federal event’s sixth
the largest defense industrial players in the United States. It year. This year’s event will feature Bob Butler, the former
holds 7,500 SCI-cleared personnel and the second-largest Deputy Assistant Secretary of Defense for Cyber Policy,
concentration of data centers in the country, as well as a convening a panel on Energy Critical Infrastructure
booming startup scene. It’s also an established national Protection (CIP). Butler speaks glowingly of San Antonio’s
research and development center, with organizations like past and present as a leader in the cybersecurity industry:
the Southwest Research Institute (SwRI), home to the US “San Antonio is the ideal location for a national forum on
Automotive Consortium for Embedded Security (ACES) cyber security and critical infrastructure protection. The
and the first Department of Homeland Security Cyber city is the #1 U.S. city for first responders – cyber, medical,
Security Research & Development Program. logistics, and hazardous materials; the #2 market in the
United States for data centers; and has one of the largest
San Antonio also took part in the 2003 DARK SCREEN cyber workforces – certified security systems professionals,
cybersecurity exercise, the first in America to evaluate or CISSPs, in America.”
a city’s ability to respond to a cyber-attack. Born of a
challenge made by Representative Ciro Rodriguez (D-TX) Butler is a Senior Advisor to the Chertoff Group, a fellow
to the city of San Antonio and its surrounding environs at the Center for New American Security (CNAS), and a
to test its cybersecurity preparedness, DARK SCREEN’s founding member of the Texas Cybersecurity, Education,
first phase kicked off in September 2002 with a tabletop and Economic Development Council (TCEEDC), one of the
scenario. The second phase involved a joint military/ catalysts for the Cyber Texas event. His history with San
civilian exercise designed to test the responses of multiple Antonio has led him to the opinion that its commitment to
branches of the military and municipality to respond to cybersecurity research and development has been of the
cyber terrorism. The exercise raised useful questions and utmost importance, and will only grow more so in the future:

“Since September 11, 2001, San Antonio efforts have
convened global, national, state, and local stakeholders
across sectors to foster responsibility for being proactive
in safeguarding critical infrastructure – especially important
to Texas and the nation in the energy sector.” In the wake
of 2010’s Stuxnet attack, it has become apparent to those
responsible for our nation’s cyber defense that online
threats can have real-world consequences. San Antonio’s
commitment to protecting its critical infrastructure and
developing new methods of defense is a model for cities
around the world.
San Antonio is also active in developing national and

global cybersecurity talent. Concurrent with the Cyber
Texas conference, the National Collegiate Cyber Defense
Competition (NDCCDC), in partnership with Raytheon,
will host America’s top student cyber defenders in a
bracketed team competition for the cybersecurity national
collegiate title. According to Dr. Greg White, Director of
the Center for Infrastructure Assurance and Security at
UTSA, “Cyber security is now the underlying platform for
economic and national competition… Some of America’s
largest companies attend and sponsor the recruiting dinner
where individuals and even whole teams are recruited from
college to the workforce.” In this way, the competition
serves as a kind of a cybersecurity Super Bowl and draft
day all in one.
With its existing industry and infrastructure, its commitment

to research and preparedness, and its development of the
new generation of cyber professionals, the Alamo City
stands out as a gold standard for cybersecurity innovation.
The city’s past and present efforts have definitely made it a
rising star in the contemporary race for cybersecurity.
About the Author

Jim Brodie Brazell is CEO of Armour.io, one of San
Antonio’s cybersecurity start-up teams housed at
Geekdom.com. Armour.io enables data security
for Big Data platforms such as Apache Hadoop.
Prior to Armour.io, Jim was co-founder of Area
52 Games in Seattle and a venture accelerator,
helping a dozen start-up companies in the past
decade. He is a nationally known public speaker and technology
forecaster, delivering 35-50 speeches a year for the past decade
to audiences ranging from NSA AEDT to the National School
Boards Association.

p l o y e e s :
Ey es on Em
Federal Agencies’ Top Assets
and Biggest Security Threats
by: Chris LaPoint

Group Vice President of
Product Management
SolarWinds
Federal employees play a huge part in keeping our country

Additional noteworthy findings from the survey include:
running safely and efficiently, from gathering intelligence to
protecting our borders to running our national parks. That
said, they are also an increasing source of concern for IT • Nearly two thirds of respondents—64 percent—
security departments. believe malicious insider threats can be as damaging,
or more so, than malicious external threats, like hacks
In December 2014, market research firm Market Connections, by foreign governments, which have traditionally been
in conjunction with SolarWinds, conducted a survey1 of 200 seen as the greater threat.3
IT security decision-makers and professionals in the federal
• More than half of respondents—57 percent—believe
government, military, and intelligence communities with the
breaches caused by accidental or careless insiders can
goal of uncovering their most critical IT security challenges.
be as damaging, or more so, than those caused by
The results were enlightening, to say the least.
malicious insiders.4
According to the survey, more than half of the • Respondents cited the most common causes of
respondents—53 percent—identified careless and accidental insider breaches as phishing attacks (49
untrained insiders as the greatest source of IT security percent), data copied to insecure devices (44 percent),
threats at their agencies, up from 42 percent in a similar accidental deletion or modification of critical data (41
survey conducted last year.2 Why is this significant? Because percent), and use of prohibited personal devices (37
trusted insiders have access to a vast array of classified percent).5
government information. A single careless act or successful
phishing attack can mean a breach of national security with • Nearly half of the respondents, 47 percent, said
consequences that impact many different departments, their agency data is most at risk on employees’ or
including the military and intelligence communities. contractors’ desktops or laptops.6

Identifying the sources of potential federal security risks is We can all presume
important, but overcoming these challenges and mitigating
the risks they present is critical. the “Why?” of
external security
Overcoming Insider Threat Challenges
threats, but the
We can all presume the “Why?” of external security threats,
but the “Why?” of an inside threat is elusive. Government
“Why?” of an inside
agency employees should have some level of trust in
the organizations they support and the employees that
threat is elusive.
are working alongside them, shouldn’t they? Yet the
unpredictability of human behavior persists. Fortunately,
there are things federal IT pros can do to help identify the
“who” and the “what,” and even uncover the “where” and
“when” of insider activity so they can isolate threats and
address them before security is breached.
Policies and Processes
According to our study, 85 percent of federal IT pros said

they have formal IT security policies, which is excellent
news. 7 The challenge is in the implementation and
communication of these policies. Nearly half of the study
respondents, 46 percent, noted insufficient security training
for employees as an obstacle to accidental or careless
insider threat prevention.8
It is critical for all employees to practice good net hygiene

as consumers of IT. All federal employees must understand Mount a Better Defense
the importance of IT security protocols and the impact that for Today’s Threats with
a security breach can have. Training should highlight how SolarWinds Cybersecurity &
to avoid phishing attacks, the rules against copying data Continuous Monitoring Solutions
to insecure devices, how to handle critical data, what types
of personal devices are prohibited—and that carelessness
in any of these areas can result in a critical security breach.
IT Management & Monitoring
Most federal IT teams are required to implement regular
security training. That said, simply handing out a security
Solutions for Government
policy handbook and assuming employees will read it and NETWORK • APPLICATION & SERVER •
understand the rules – and the consequences of breaking LOG & SECURITY • VIRTUALIZATION
those rules – is not a sufficient security procedure. Make STORAGE • HELP DESK • FILE TRANSFER •
sure all staffers are up to date on their security training. Even DATABASE MANAGEMENT
better, send out weekly or monthly “good hygiene” tips
and provide regular, consistent communication. Federal
877.946.3751
IT and security teams should be working to ensure that IT
SolarWinds.com/federal
security is a recurring topic of conversation, and keeping @SolarWinds_Gov
their doors open for questions and concerns.

• Device-tracking software allows IT pros to see
where a user is connected on the network, down
All federal to the specific wireless access port or switch port,

where they have been, and if they were connecting
employees must with a device not on the whitelist or on a watch list.
understand the • IP address management software will track IP

address allocation and identify any conflicts. If
importance of IT someone brings in an unauthorized laptop and uses

an already-allocated IP address, IT staff will know
security protocols immediately. While an IP address conflict may not

be malicious, it certainly means proper procedures
and the impact that are not being followed.
a security breach • Log and event management software, as well as

security information and event management (SIEM)
can have. software, can help collect a wealth of information on

network activity. The greatest benefits of tools like
these is when they can be viewed together through
a central console, allowing IT pros to correlate
information, look for patterns, and accelerate the
identification and termination of suspicious activity.
Insider threats are a growing concern, but the solution is

knowledge. The more you know—the more information
you have gathered and analyzed in advance—the more
effectively you can mitigate risks and prevent insider threats
before they happen.
Enhanced IT Infrastructure Management and Visibility
Sources
1
SolarWinds and Market Connections: “SolarWinds Federal Cybersecurity Survey
In addition to enhancing training and communication Summary Report.” Slide 2. February 2015. <http://www.solarwinds.com/resources/
surveys/solarwinds-federal-cybersecurity-survey-summary-report-2015.aspx>
processes, federal IT pros should consider which
2 Ibid. – Slide 7
infrastructure management tools will provide them with 3 Ibid. – Slide 10
real-time visibility into network behavior. This visibility is key 4 Ibid.
to identifying and targeting internal breaches—malicious 5 Ibid. – Slide 17
6 Ibid. – Slide 8
or accidental—before critical information is shared or
7 Ibid. – Slide 11
destroyed. 8 Ibid. – Slide 13
For example, IT pros can use IT infrastructure management

tools to monitor connections and devices on the network
and maintain logs and data of user activity. With this About the Author
information, they can see what assets were on the network, Chris LaPoint is the Group Vice President of Product
where those assets were, who was logged into them, and Management at SolarWinds, an IT management
software provider based in Austin, Texas. Chris leads
what activity took place. With added visibility from a tool the company’s fanatical devotion to understanding
that monitors network performance, the team can quickly customer needs and delivering user-centric products
that solve real problems. He has spent the last decade
and easily identify anomalies. building IT management software, first as a software
engineer and then as a technical evangelist and product
There are a range of additional tools federal IT departments manager. Chris has worked at a number of IT management companies
like Sun, UnboundID, NetIQ, Pentasafe, and Tivoli.
can implement to further that visibility into network and user
behavior, enhancing their ability to identify and terminate
suspicious activity and mitigate the risks of insider threats.
Here are several examples:

Earn a
Graduate Degree in
Cyber Security
from the #1 Program
in the Nation
Nationally Recognized Program

UTSA was ranked the No. 1 Cyber Security program in the
country according to a survey by the Ponemon Institute.
The UTSA Cyber Security program was one of the first

programs in the nation to be designated as a Center of
2015 Academic Excellence in both Information Assurance/Cyber
Defense Education and Information Assurance Research
by the National Security Agency and the Department of
Homeland Security.
securing Master of Science

the internet in Information Technology
of things
The Master of Science in Information Technology degree
program with a concentration in Cyber Security focuses
on hands-on experience using state-of-the-art tools in
2015 events about areas such as digital forensics, network security, intrusion
detection and response, systems analysis and design,
San Francisco The Internet of Things (IoT) is the term for the
phenomenon where people and things (physical
database administration and data analytics.
April 20 | Terry Gallery
Securing the Internet of Things Forum devices) are connected to networks that are linked to
the Internet and communicating vast amounts of
valuable data.
San Antonio
April 23-24 | Henry B. González Convention Center CyberTECH is at the forefront of bringing together the
CyberTexas 2015: Securing the Internet of Things
best minds from across the globe to tackle tough For additional information contact:
problems around Internet of things (IoT) privacy and
security. Now in its third year, the 2015 CyberTECH John Warren, Ph.D.
Las Vegas Securing the Internet of Things Series (SIOT)
August 4 | Charlie Palmer Steak House
Securing the Internet of Things Masters
features global thought leaders, industry experts and Associate Dean of Recruiting and Associate Professor
luminaries exploring the IoT phenomenon from the
private, government and academic perspectives.
Topics including IoT security, privacy, innovation and
(210) 458-6303
San Diego
October 1
the inﬂuence of policy provide forward thinking and john.warren@utsa.edu
CyberFest 2015: Securing the Internet of Things
actionable intelligence in an evolving, competitive
marketplace.
www.siotforum.com
http://business.utsa.edu/it
@CyberHiveSD
Baltimore
October 28-29 | Baltimore Convention Center 1855 First Avenue, Suite 103
CyberMaryland 2015: Securing the Internet of Things San Diego, CA 92101

Opening the Door
for Women in
Cybersecurity
Kathleen Smith
Chief Marketing Officer
ClearedJobs.Net
As an industry, cybersecurity encompasses everything

from government programs to healthcare, from power
plants to automobiles. It touches nearly every aspect
of our lives. Cybersecurity no longer is a separate
industry but one that permeates every other industry.
Previously the only defensive posture we had to take
was with our military, business, or intellectual property,
but now we are faced with the daunting reality that all of
our private, public, personal, or professional information
is at risk of an attack or even theft and sale on the
black market.
There are not enough workers or warriors to protect

these assets. Amidst this shortage we are similarly
reminded that there are not enough women or girls
participating in IT careers. Why are women needed
in cybersecurity?
Marketing and Working on the Public Image
From government agencies to corporate boardrooms, Popular culture has not always been kind to the image
the call has gone out that we need more cybersecurity of the cybersecurity worker, painting it as a very solitary
defenders. We can all honestly say that we are woefully profession. Many people who are considering cybersecurity
unprepared to mount an adequate defensive action as a career may have this stereotype as their only frame
against hourly and sometimes even by-the-minute attacks, of reference, and may decide not to pursue the career
let alone establish an offensive to protect our country and because they find it unappealing. It's important to make
community assets, with the workforce that we have now. an effort to change that image in order to draw in an even
more diverse pool of applicants.
We need leaders, innovators, and entrepreneurs to make
the U.S. cybersecurity industry a force to be reckoned A recent survey of college freshman women stated that
with. Women from a wide range of industries, including only 0.4% were interested in Computer Science, a major
cybersecurity, have shown clearly that they can provide the that is in heavy demand for many cybersecurity careers.2 In
talent, leadership, and innovation to fill this gap. the entertainment industry there is a focus on casting more
female role models through the Sciences and Entertainment
Diversity in our workforce leads to innovation. Exchange, a group working with the National Academy
Studies have shown that diverse teams provide different of Sciences. The Sciences and Entertainment Exchange
perspectives that frequently outweigh and enhance helps writers and producers with access to scientists to
individual contributions.1 Women make up the majority provide insight and background to roles. We can thank
of the workforce, are a major economic force, and are early them for changing Natalie Portman’s role in Thor from a
adopters in technology. So how do we get more women nurse to an astrophysicist.3 But Hollywood is not accessible
involved in cybersecurity? for everyone in the cybersecurity community.

Celebrate Today’s Heroes
A great method for improving the image of women in prospects. The women inside the company can help create
tech fields is to celebrate the women who are in the an employment branding campaign that will be successful
ranks now. Communications departments could make an for them. The women can also join the recruiters at job
effort to focus on some of the standout women in their fairs and other community outreach events to share their
companies. A few companies have written blog posts companies’ culture and benefits with women or girls
about their women engineers but this is an exceptionally interested in STEM.
small percentage. What would happen if every company
that had a female engineer celebrated this employee with Fix the Job Descriptions
a blog post, featured them in an employee newsletter, Job descriptions in these particular fields are dominated
brought them to a job fair, or set up a mentoring program by listings of programming languages and certifications
to help develop new female employees? required by the position, but they often don’t speak to
other important values that professionals can bring to the
Mentoring and Community-Building position. To attract more women, job descriptions should
The outcry for women mentors is palpable, especially in include not only technical requirements but the critical
the computer science and engineering fields. Women thinking, team building, and innovation that the candidates
have dealt with harassment in many industries and have will be contributing to the organization.
overcome this in part due to mentoring, role models, and
community enforcement. The harassment doesn’t always While more cybersecurity training may raise the technical
come from men - women sometimes can be as bad as or proficiency of the talent pool and provide women with
worse than men in discriminating against and harrassing more access to technical jobs, we still need to address the
other women. inherent questions of why we want a diverse workforce.
The skills and expertise that women bring to cybersecurity
While networking and mentoring groups are growing can be more valuable than a computer science degree.
in popularity, there is still more that needs to be done. Once we understand this and create the messaging that
Several women in the industry have taken the time women can have a major impact on developing solutions
to set up these networking groups and are looking for and defending the community, we will no longer have a
corporate partners, such as the Women in Cybersecurity shortage of women in the industry.
conference and Women’s Society of Cyberjutsu. Many
companies are looking to set up their own internal Sources
groups for public relations and human resources priorities 1
Barta, Thomas, Markus Kleiner, Tilo Neumann: “Is there a payoff from top-team
rather than supporting existing community groups. It diversity?” McKinsey Quarterly, April 2012.
< http://www.mckinsey.com/insights/organization/is_there_a_payoff_from_top-
would be even more productive to spread the resources team_diversity>
in both ways. 2 Griswold, Allison: “Google’s Workforce Is Mostly White And Male.” Slate.com, May 2014.
<http://www.slate.com/blogs/moneybox/2014/05/28/google_diversity_data_
the_workforce_is_almost_all_white_and_male.html>
Finally, the community would benefit from one-on-one
3
Rampell, Catherine: “I Am Woman, Watch Me Hack.” The New York Times
encouragement, even from women in other industries Magazine, October 2013.
if mentoring groups are not available to them in STEM/ < http://www.nytimes.com/2013/10/27/magazine/i-am-woman-watch-me-hack.
html?ref=catherinerampell&_r=2>
IT fields. Exclusion, harassment, and discrimination are
present in all industries, and women should be able to
support each other rather than compete.
Change the Recruiting Process About the Author

The recruiting industry is dominated by women, but this Kathleen Smith is the Chief Marketing Officer for
does not seem to be translating into more women being ClearedJobs.Net, a veteran-owned job board and
hired into science and technology roles. The number-one job fair company focused on the security-cleared
and cyber communities. Kathleen is involved in
way companies find employees is through referrals, and if
several women's leadership communities including
men still dominate these fields, the referrals are still going Women in Cybersecurity, Women in Intelligence,
to sway toward men. and Women in Homeland Security.
One solution is for women programmers and engineers to

partner with their companies’ recruiting teams to develop
strategies unique to their companies for attracting female

Cyber
Maturity
It’s Time to Be
Accountable Security professionals are a quiet bunch. It’s rare for them
to publicly discuss known vulnerabilities used to attack
for Our Own

targeted organizations. There are many reasons for this
reticence. For one, a professionally laconic demeanor is
standard issue in a group for whom operational security
Destiny
is a way of life. For another, today’s victim may very well
be tomorrow’s customer. But perhaps the most important
driver behind this code of silence is an extraordinary aversion
to blaming the victim. Cyber defenders see themselves
as guardians, charged with protecting organizations and
individuals from actors whose motivations range from petty
mischief to pure evil. Shifting fault to the victim is seen as
an illustration of the defenders’ own shortcomings.
by Adam C. Firestone Chivalrous as this view may be, it hasn’t yielded much in
President and General Manager the way of operational success. Ever. The reality is that
Kaspersky Government Security Solutions, Inc. unless the defended are fully enfranchised and engaged
@ACFirestone in their own defense, the defenders, cyber or otherwise,
cannot be successful. This principle is as true in physical
space as it is in cyberspace.
During the early days of American involvement in the

Second World War, merchant shipping departing the US
East Coast for England suffered grievous losses at the
hands of German U-boats. The Germans called the period
between January and August 1942 the “Second Happy
Time,” during which they were able to inflict massive
damage at little risk to themselves. In total, some 3.1
million tons (609 ships) of shipping were sunk against the
loss of only 22 U-boats.

In large part, the Germans’ success was due to the
resolute determination of American mariners not to
submit to what they saw as unnecessary interference from There is a defensive
“Cyber Trinity” that, if
maritime authorities. Experts on safe navigation through
submarine-infested waters (e.g., the British Royal Navy)
faithfully and assiduously

issued recommendations, but were ignored for months.
Coastal shipping continued to sail along marked routes
implemented, can reduce

with navigation lights blazing. Coastal blackouts were
not enforced. American merchantmen insisted on sailing
cyber risk as rapidly and as

alone across the Atlantic, even though lone ships were far
more likely to fall victim to a U-boat than ships making the
crossing in a convoy (e.g., a group of vehicles, typically
motor vehicles or ships, traveling together for mutual effectively as convoys and
support and protection).
blackouts reduced the risk
Finally, in April 1943, the US Navy imposed a limited
convoy system. Full convoys were in operation by mid-
May. The result was an immediate and dramatic reduction
from hostile submarines.
in shipping losses off the East Coast. The convoy system
was later extended to the Gulf of Mexico with similar
dramatic effects.
process. Others automate the process so that important
In contemporary cyberspace, the role of the marauding updates are automatically downloaded and installed, often
U-boat is played by hackers, cyber criminals, and nation- with a reboot. (If you’ve ever wondered why your system
state actors while the hapless mariners are public and slows to a crawl every other Tuesday while it downloads a
private sector organizations under constant electronic few hundred megabytes of data, now you know.)
assault. Cast as the (often unheeded) Royal Navy are
modern cybersecurity experts. The analogy carries over to All of this is a response to the reality that software is
solutions as well. As with the measures that rendered the effectively delivered broken. For example, Microsoft
U-boats less effective (e.g., coastal blackouts, operating products, which undergo one of the most stringent quality
in convoys with navigation lights extinguished, etc.), the control regimes, ship with about 0.5 defects per thousand
means to dramatically reduce the effectiveness of cyber lines of code.1 Windows 7 contains approximately 65
threats are deceptively simple. million lines of code. If you believe the numbers, that
works out to about 32,500 potential defects, any number
There is a defensive “Cyber Trinity” that, if faithfully and of which may be exploitable vulnerabilities.
assiduously implemented, can reduce cyber risk as rapidly
and as effectively as convoys and blackouts reduced the Manufacturers are aware of the risks posed by these
risk from hostile submarines. vulnerabilities, and work to issue patches and updates as
soon as they are discovered, often within hours. Ultimately,
The elements of this trinity are: though, the responsibility for ensuring that systems are
running the latest and most secure operating systems
1. Patch and update management
and applications, and that the requisite configurations are
2. Endpoint security implemented, falls to their owners. In many cases, systems
3. User training and discipline simply aren’t maintained. This is well-known and well-
exploited. In fact, most hacks exploit either known – and
patched – vulnerabilities or simple failures to ensure that
It’s no secret that many (if not most) popular operating systems are updated to current security standards. The
systems and application software packages are delivered in 2014 JP Morgan breach was eventually traced to a single
a vulnerable state. In fact, many software packages have a server that hadn’t been updated with the bank’s two-factor
software version and patch update as part of the installation authentication policy.2

It’s difficult to dispute that responsibility for basic
Cyber criminals and

cybersecurity hygiene falls to users and owners. The
question is how to incentivize a non-technical community
hackers are all about

to implement a basic set of technical controls. The answer
isn’t difficult. For other communities facing operational risk,
a combination of fiscal carrots, such as insurance discounts
outsized return on and tax breaks, and regulatory sticks, such as fines and
withholding operating licenses, has worked well. However,
investment. Given this, until there is a collective admission and understanding that
failure to maintain good cyber hygiene is an assumption of
it’s no surprise that they risk, the status quo will continue.
seek to leverage known The word victim implies a lack of control over one’s destiny,
and victims should not be blamed for an attacker’s actions.
vulnerabilities as often The word for failing to take basic prudence and caution into
account, however, is negligence. That’s a strong word, and
as they can. one that will, hopefully, inspire the necessary accountability
and action.
Sources
1 Mayer, Dan: “Ratio of Bugs Per Lines of Code.” November 11, 2012.
Cyber criminals and hackers are all about outsized return <http://www.mayerdan.com/ruby/2012/11/11/bugs-per-line-of-code-ratio/>
on investment. Given this, it’s no surprise that they seek to 2 Mimoso, Michael: “Two-Factor Snafu Opened Door to JP Morgan Breach.”
December 24, 2014. <http://threatpost.com/two-factor-snafu-opened-door-to-
leverage known vulnerabilities as often as they can. Why jpmorgan-breach/110119>
go to the time and trouble of finding a new zero-day when
3 Sjouwerman, Stu: “Ponemon: Phishing part of 50% of APT’s.” December 4, 2013.
you can simply surf the National Vulnerability Database < http://blog.knowbe4.com/bid/356934/Ponemon-Phishing-part-of-50-of-APT-s>
or the Common Vulnerabilities and Exposures database? 4 IBM Global Technology Services: “IBM Security Services 2014 Cyber Security
Attackers have a similar philosophy with respect to their Intelligence Index.” June 2014.
<http://media.scmagazine.com/documents/82/ibm_cyber_security_intelligenc_20450.pdf>
malware tooling. This is where endpoint security comes in.
A good endpoint security suite can identify and neutralize
more than 99% of known malware.
About the Author
However, endpoint security suites are only useful if they’re a) Adam Firestone is President and General Manager
of Kaspersky Government Security Solutions,
installed and b) updated with the latest malware signatures, Inc. He is responsible for providing world-class
behaviors, and definitions. Failure to keep an endpoint cybersecurity intelligence and systems engineering
security product current with respect to its comparator data services as well as innovative product solutions
to meet the needs of government, government
results in it being the software equivalent of a brick. As contractor, and national critical infrastructure
with patching and updating, the ultimate responsibility for organizations. Adam leverages more than 20
managing endpoint security falls to the owner. years of experience in the defense, intelligence, and government
contracting industries. In addition to his duties at KGSS, Adam is
also an adjunct professor at Georgetown University and teaches
Finally, there are the carbon-based units in the chairs in graduate courses in Technology and Systems Engineering
Management. Prior to joining Kaspersky Lab in 2013, Adam
front of the silicon-based units on the desks: the users. led the defense and federal subsidiary of a global middleware
The single most effective means that an attacker has for company where he was responsible for understanding and crafting
gaining entry to a system remains an email phishing attack. advanced technology solutions for the challenges faced by military,
intelligence, and government organizations. Adam is a graduate
Between 50% and 60% of sophisticated malware attacks of Yale University, a former United States Army officer, and also
gain initial penetration when a user clicks on a link or holds a Juris Doctorate degree, and has practiced law in New York.
opens an attachment in an email.3 Up to 95% of incidents
can be attributed to “human error” and misconfiguration.4
Unfortunately, neither training nor disciplinary processes
have been adequate in stemming the effectiveness of
phishing attacks.

Migration to the Cloud
Challenges and Vulnerabilities/
JUNE 17, 2015 Opportunities and Solutions
SAVE THE DATE!

www.GovConnectsCyber.com
Sponsorship, Exhibitor and Tech Talk opportunities are now available!

In 2015, It’s All about
T. Casey Fleming , CEO
BLACKOPS Partners Corporation
Eric Qualkenbush, Board of Directors

the Data
BLACKOPS Partners Corporation
2014 taught us that massive security breaches are the new normal for U.S. companies, government
agencies, and universities. Some of the most prominent were Target, Home Depot, Neiman
Marcus, Apple's iCloud, Michaels, the U.S. Postal Service, the IRS, Community Health Services,
UPS, Staples, the State Department, Sands Casinos, USIS, eBay, PF Chang’s, JP Morgan
A New Chase, and, to sum up the year, Sony Pictures. The sobering reality is that it is now no
World longer a matter of if but when and how often that we’re going to be breached. In 2014, we
witnessed CEOs being fired, CIOs let go, boards of directors personally sued, and company
data stolen or sabotaged on a grand scale. What will the extent of the damage be to our
company, shareholders, and customers? What are the bad actors really after?
Innovation is the primary engine that has driven the U.S. economy over the past 100 years.
Our innovation has evolved over decades of extensive and compounded investment in trade
secrets, technology, and processes, including personally identifiable information (PII). Today,
companies have untold trillions of dollars invested in U.S. innovation. It is precisely our
Holy Grail innovation that is of superior value to data thieves. An estimated $500 billion is stolen
from U.S. companies and the U.S. economy each year. It is much faster, cheaper, and more
effective for bad actors to steal our innovations than to make their own investments in dollars,
people, and time. Nearly all of our innovation is converted and stored electronically as data.
A more frightening fact is that most of the breaches reported in 2014 were from retailers - which
account for only 20 percent of breaches. Publicly held companies are required to report all
breaches and that is especially true for retailers when it involves consumer PII. Conversely,
80/20 80 percent of (non-retailer) companies either choose not to report the breach due to a
Rule potential stock hit or, worse, don’t know that they have been breached. Innovation and
trade secrets are more nebulous than PII and therefore more difficult to protect and notice
when breached or stolen. This fact is sobering.
The data protection strategy on which most companies focus today is defending the
“perimeter” or “castle walls.” This strategy has evolved over the past two decades with a
collage of products to address an array of security issues. By definition, individual products
Perimeter have inherent limitations and quickly become obsolete. When mapping numerous vendors’
products together into a security solution, gaps in coverage appear. These gaps are further
widened by the assault on access points by smartphones, apps, and pervasive free Wi-Fi. In
2014, we became painfully aware that the perimeter strategy is no longer effective.

Today, security strategies must quickly evolve into a hybrid model that critically focuses
on the data itself. Data must be classified as to its importance, with emphasis placed on
Hybrid carefully controlling and vetting access all the way through the supply chain. A hybrid
model must also address all aspects of the human element, including insider threats,
external spies, disgruntled, separated, or careless employees, contractors, and suppliers.
A vacuum exists in nearly every company between the tactical and strategic views of information
security. Those career-focused employees who take the initiative to take personal ownership
of the 360-degree view will become indispensable to their company executives and fellow
Get employees. Employees who become experts in both perimeter and hybrid data-centric
Engaged models of defense and the current intelligence that drives them can expect to advance
rapidly as they fill important gaps in their companies. There are also opportunities
for C-level executives to engage their boards of directors in providing relevant
intelligence and solutions.
Data and information security is the responsibility of every employee, executive, board
member, contractor, and supplier. Each individual must be trained and certified each year
All with the latest intelligence-driven and research-based tools. Training raises the awareness
Hands level among all employees to maintain a higher level of data security for the protection
of everyone’s jobs. Awareness creates and maintains vigilance. Data security is everyone’s
responsibility, because stolen data may mean lost jobs.
About the Authors

T. Casey Fleming serves as Chairman and Eric L. Qualkenbush is a member of the Board of Directors of
Chief Executive Officer of BLACKOPS Partners BLACKOPS Partners Corporation. Eric is a former intelligence
Corporation, the leading management advisors community senior executive with extensive experience leading large
of America’s elite executive thought leaders from multicultural organizations through transformational change. He is an
intelligence, technology, federal law enforcement, innovator who has created organizations and programs that deal with
information security, and management consulting. the worldwide proliferation of weapons of mass destruction, insider
Mr. Fleming is a leading expert in the advanced threat, and competitive intelligence. During his CIA career, Eric led
protection of innovation, trade secrets, and competitive the CIA’s principal training organization and the office that created
advantage for Fortune 500 companies, U.S. government agencies, and managed cover arrangements for all CIA personnel and others in
universities, and research facilities. Mr. Fleming is a former
the US government. Eric also managed undercover CIA operations in
innovative information security and management consulting
five overseas offices. Eric has done pioneering work on mitigating the
executive who created organizations for Good Technology,
threats from insiders in private and public organizations.
Deloitte Consulting, and IBM Global Services.
®
PARTNERS

Cyber in the City:
The Art and Business of
Shielding Today's Cities
by: Gary R. Hayslip
Deputy Director and CISO
City of San Diego
It’s 2 A.M. on a Tuesday morning and I awake to my phone chirping. Quickly looking at it,
I realize it’s a text from one of my city’s prime contractors who provides our security services.
As I roll over and make the phone call, I realize we have an issue that will require me to start
my day earlier than planned. We have a zero day attack never seen before and technicians are
afraid it may have progressed into the department’s share drive. As the day unfolds and this
incident is cleaned up and remediated, we discover that a simple phishing email received by
an employee on the evening work shift set this event in motion.
In today’s city environment, as in any private company, phishing attacks and infections
caused by attachments and links to hacked web sites have become common occurrences.
However, in the disparate network environments of today’s large cities, these types of
attacks can be catastrophic due to the inherent blending of old and new technologies found
in city enterprise networks. The repercussions of new malware attacks on this intertwined
infrastructure can result in loss of critical services to the city’s customers: its citizens.
To counter these ever-evolving threats, I have come to use three tools to shield my city:
Communication, Inventory, and Continuous Assessment.

The first tool in my toolbox, Communication, is used to Due to the dynamic technology portfolio that many
build and manage my human network. This network is large cities have you will want to use the last tool,
made up of the members of my teams and my various Continuous Assessment, as a foundation for your
stakeholders. I have learned that an effective cybersecurity cybersecurity program. This last tool involves looking
program does not work in a vacuum, but will flourish in at the information you have collected with a critical eye
a community. I use the Communication tool to build a and measuring it against known frameworks to establish
community of people within my city who see cyber in all a baseline of allowable risk. One of the first steps I would
of their projects and business work processes. This sense suggest with Continuous Assessment is to look at any
of shared community starts with visiting my stakeholders previous audit and compliance reports. The findings from
to answer questions and share with them information I these reports will provide crucial information about how
have on current threats, upcoming projects, new policies, the cybersecurity assets in your portfolio are deployed
or needed changes in workflows to reduce risk to our city. and if there are any identified security gaps. Another step
I also spend time with them to learn about issues they with this tool is to consistently review the information your
have and what services they need to succeed. As you use cyber security suite is generating. You will find that you
this tool, understanding their business processes is critical must continually scan, review, and remediate the findings
because they are your customers. Your team provides those generated by your security suite. This will ensure you have
services and you need to understand what is important to the visibility you need into the data flows of your city’s
them. To be an effective security leader, you need to be able enterprise network environment.
to communicate your vision of cyber to your community,
and that starts with building your human network. I have found that using these tools together enables me
to manage the risk I find in evaluating new technologies
The next tool that I recommend, Inventory, is extremely for my stakeholders. These tools give me visibility into
important because it is very hard to protect your how my city’s enterprise environment is built, how data is
organization if you lack information. I start with collecting used by my stakeholders, and which older technologies
information about the standing policies and procedures need to be updated or replaced. In the end, using these
for how cybersecurity is managed in my city. I also three tools together in concert will enable you to manage
collect information on previous and current IT budgets, the threat to your organization’s network environment and
asset inventory for both hardware and software, and the lead your team and stakeholders in shielding your
current metrics used to measure the effectiveness of my organization from risk.
cybersecurity program. As you collect this information be
sure to also collect and review all contracts your city has
with IT service providers. Review any reports, service level About the Author
agreements, and metrics used to measure the delivery of
As Chief Information Security Officer for the City
IT services. You will find that as you use the Inventory tool
of San Diego, Gary advises the City’s executive
to gather this information, you must continuously assess it leadership, consisting of Mayoral, City Council,
to ensure its accuracy. City network environments are very and over 40 city departments and agencies. Gary
dynamic, made up of intertwined disparate equipment oversees citywide cybersecurity strategy and the
enterprise cybersecurity program, operations,
that constantly changes over time as city employees compliance, and risk assessment services. His
implement new solutions to provide innovative services to mission includes creating a “risk aware” culture that places high
their citizens. This constant change of technologies results value on securing city information resources and protecting
personal information entrusted to the City of San Diego.
in an inventory that shifts and requires continuous oversight
to reduce risk to your stakeholders and your city.

How to Win at
Cyber-Chess:
Leveraging Neuro
Analytics in Your
Cyberspace
by:
Dr. Alenka Brown
Senior Managing Member
McClure, Brown, & Associates LLC
Jason Christman
MS, CISSP, PMP
McClure, Brown, & Associates LLC The cyber domain presents limitless opportunities
for cyber threat actors while causing significant
challenges for cybersecurity professionals. While
our current time might be construed by historians
as the golden age of cybercrime, it is also an age
that offers new ways and means to counter these
crimes. Neuro-behavior forensics is such a means,
permitting the extraction of analog indicators1 to
identify an intruder’s internal thought process –
more specifically, the neurocognitive ‘decision’
pattern that aligns with the system or network
behavior. This is possible because cyber intruders
leave behind cognitive fingerprints with neuro
psychometric markers2 that can be translated
into cognitive patterns.3 Neuro cyber analytics
deciphers these indicators, of analog or digital
origin,4 into a cognitive print (Cogni-print®)5, or
signature, in order to make sense of how the
intruder thinks in the context of committing a
cybercrime. Neuro cyber analytics unravels the
footprint of cyber intruders using an engineering
system approach in order to help professionals
‘protect, detect, respond, and recover’6 from
unwarranted or unexpected cyber acts.

Neuro cyber analytics
is a process by which
cues are translated into
neurocognitive patterns,
and from which expected
behaviors, biases,
and beliefs could be
Neurocognitive Patterns determined.
Cyber threat is derived from an individual or a collective
group making calculated decisions. These decisions exhibit
behaviors based on a person’s neurosensory experience –
how they see, hear, and feel within a given context. As a Convergence of Digital and Analog
person processes information from their environment, they (Human) Forensics
unconsciously show neuropsychometric indicators that are
embedded within their verbal and nonverbal behavior. Since cyber intruders leave residual Cogni-prints® within
cyber-ecosystems they exploit, these prints are potential
These cues, or tells, reveal how people sort, order, and forensic evidence. The use of Cogni-prints® as e-discovery
sequence their thoughts into distinct neurocognitive evidence, aligned with digital forensics, offers cyber
‘decision’ patterns. These tells are found in various operators or analysts a powerful new tradecraft (neuro cyber
forms in cyber domains: videos, audio, photographs, analytics) for solving and outmaneuvering cyber incursions.
social media postings, website layout, emails, keystrokes,
and so forth. They are key in determining the internal We know digital forensics produces valuable information
strategies at play of how people establish a preferred that is used by cybersecurity professionals to track
neurocognitive pattern, and when the cognitive pattern and monitor system-network behaviors. By adding
changes depending upon context and their state of mind. analog forensics, neuro cyber analytics can draw further
conclusions for cyber investigators about strategies used
Neuro cyber analytics is a process by which cues are by intruders in setting up and performing intrusions.
translated into neurocognitive patterns, and from which The ability to form Cogni-prints® from analog or digital
expected behaviors, biases, and beliefs can be determined. forensics to assess and monitor incongruent behaviors
Neuro cyber analytics tell us whether a person’s behavior is essential for continuous authentication and attribution
is based on their preferred cognitive pattern, such as of an individual actor or collective of cyber actors. This
deceptiveness within a specific context. As in a polygraph, integrated approach to forensics paves the way for an
a baseline is first obtained by establishing a person’s automated Cogni-print ® engine that would enable
preferred or ‘normal’ behavioral responses to stimuli and intrusion prevention by dynamically defending the
is then monitored for changes. Significant changes in system at network speed, adapting to an adversary’s
behavioral responses for a given context indicate a shift decision processes. This provides a more effective way
in the baseline that may warrant further investigation. to hunt cyber-intruders as one’s Cogni-print® is extremely
The same holds true for people operating within cyber- difficult to conceal.
ecosystems. A baseline Cogni-print® is collected when
a user is first authenticated and granted access to the These patterns identify behaviors one can expect to see
information systems. This baseline is then used to of intruders and the cyber professionals who hunt them, in
continuously monitor for significant shifts in the user’s addition to their strengths and weaknesses when moving
behaviors, correlated to various network behaviors. This through a particular cyber act. Consequently, neuro
is especially useful for detecting possible insider threats cyber analytics, whether employed as a tradecraft or as
to an individual or organization, anomalies in system an automated capability, can help frontline cyber operators
behaviors, falsified identities, or time-sensitive or critical and analysts gain a human-dimensional edge against the
courses of action. onslaught of current and future cyber threats.

Using neuro cyber
analytics, operators can
strategically draw on
knowledge of how an
intruder reasons or
solves problems.
Notes
1 Analog indicators are attributes like facial features, breathing, heart rate, eye
movements, tones, and so forth.
2 Neuro-psychometric indicators are non-verbal and verbal ‘tells’ or ‘markers’ that

translate to one of our five senses.
3 Cognitive patterns are the repetitive process that humans use for mapping their
Operationalized reality in making decisions.
4 Digital indicators (in this article) are verbal indications, like words and phrases.
5 Cogni-print® is a registered trademark of McClure, Brown, and Associates LLC.

As part of an overall cyber risk management strategy,
neuro cyber analytics has a role to play in every phase 6
Core activities to achieve specific cybersecurity outcomes outlined in the NIST
Cybersecurity Framework.
of deploying, operating, maintaining, and defending a National Institute of Standards and Technology: “Framework for Improving
Critical Infrastructure Cybersecurity.” February 2014. < http://www.nist.gov/
networked technology infrastructure, be it a commercial cyberframework/upload/cybersecurity-framework-021214-final.pdf>
enterprise, industrial control system, or military weapons
system. Network and system security administrators can
implement Cogni-print® active authentication as another
factor in their identity and access management strategy.
External cyber intruders or insider threat actors would find
About the Authors
gaining authenticated access to networks challenging,
since it would be quite difficult to impersonate the Dr. Alenka Brown is a Senior Managing Member of McClure, Brown,
& Associates LLC. She is a leading expert in neuro cyber analytics
cognitive patterns of a legitimate user. Cyber hunters and Cogni-print®. She has a diverse background encompassing
would use neuro cyber analytics to continuously monitor applied research, system integration, policy, energy, intelligence,
the user’s neuro cybermetrics for user-system behavior special operations, and cognitive autonomous systems. She is
currently a member of NIST’s working group for cloud overlay and
anomalies, flagging incongruent behaviors linked to a set
security reference architecture, cloud forensics, and continuous
of cyber personae for attribution. monitoring. She is also a member of OSSI’s Strategic Planning
working group and NCOIC’s Cybersecurity Integrated Project Team
Using neuro cyber analytics, operators can strategically and cloud computing working group.
draw on knowledge of how an intruder reasons or solves Jason Christman, MS, CISSP, PMP is an industry leader and
problems. Thus, they can become more proactive in domain expert in cyber operations planning and execution, threat
mitigating security risks. Cyber analysts, operators, and intelligence analysis, and human decision analytics. His strategic
planning, mission management, and technology development
planners can become more proficient strategists with background spans the homeland defense, intelligence, special
the ability to move pieces in positions of influence for an operations, and commercial telecommunication business arenas.
ultimate checkmate. Jason is an ardent supporter of human-centered computing and
is a proponent for the convergence of neurocognitive technology
and cyber ecosystems.
Acknowledgement
We wish to acknowledge Dr. Joe McClure VanHoozer,
Senior Managing Member of McClure, Brown, & Associates
LLC, and leading expert in neuro analytics, neurolinguistics,
and Cogni-print® for his generous time in reviewing and
editing this article.

partner with trust
Are you fully protected?

Customized Security Solutions for Growing
On the cyber front, we have your back. Companies in the Intelligence Community
For more information, visit our Cybersecurity
www.NobleOfferings.com
and Government Contracting practice groups
at www.offitkurman.com/service/cybersecurity. • Primary or Alternate FSO/CSSO Services • JPAS Account Services
• New FSO/CSSO Mentoring • DD254 Preparation
• Inspection Preparation Support • SCIF Construction Consultation
• Security Awareness Training • Customized Security Databases
• E-Verify Employer Agent • Candidate Pre-Screening
WASHINGTON I BALTIMORE I PHILADELPHIA I WILMINGTON I VIRGINIA I FREDERICK www.offitkurman.com Phone: 240.778.1899
By CISOs for CISOs

Featuring News, Data, Analysis,
Practical Advice, Discussion and Research
www.securitycurrent.com
United States
{CYBERSECURITY}
Magazine
Subscribe today!

Living on the Edge:
Pushing the Boundaries
of Cybersecurity for the
Marine Corps Forces
Cyber Command
Patric Petrie | Lead Writer | SSC Pacific
Organizational Relevance
Cyber is a vital focus area at SSC Pacific. This experience has become a key
component in MFCC’s mission success and ultimately their proactive support
for the U.S. Navy.
U.S. Marine Corps photo by Sgt. Emmanuel Ramos
As an example, MFCC realized the potential security risks in networks that

rely on the Secure Socket Layer (SSL) and Transport Layer Security (TLS) for
authentication and privacy, which are used throughout the Department of
Background Defense (DoD). This realization championed the development of the Service-
oriented Public-key Enablement Compliance Testing & Reporting Application
Marine Corps Forces Cyber Command (SPECTRA) at SSC Pacific in fiscal year (FY) 2013, with funding from U.S. Cyber
(MFCC) faces a big challenge often Command (USCC).
experienced by other cyber agencies:
achieving a clear and consolidated Why?
picture of the cyberspace domain.
“Inexpensive jammers, signal detectors, computer processors, and radios
MFCC plans, coordinates, integrates, make it easier for unfriendly states, terrorists, and criminals to manage their
synchronizes, and directs the full efforts while jamming our own ability to sense and communicate. Meanwhile,
spectrum of Marine Corps cyberspace the number of users in the EM spectrum has grown dramatically over the last
operations, including Department two decades. The result is an environment we struggle to sense, understand
of Defense Global Information Grid ,and use in warfare. We need a concerted effort to harness the EM and cyber
operations and defensive cyber environment to give us a warfighting edge,” said Admiral Jonathan Greenert,
operations. Chief of Naval Operations.1
When directed, it also plans and Technological Solutions

executes offensive cyberspace SSC Pacific has supported MFCC since December 2010, when MFCC contacted
operations that support Marine Air SSC Pacific and asked for subject-matter experts to help establish and operate
Ground Task Force (MAGTF) with the newly created MFCC.
joint and combined cyberspace
requirements that enable freedom of As part of the Navy, MFCC works closely with Navy Fleet Cyber Command
action across all warfighting domains to support USCC. MFCC leads cyber operations that enable access across
while destroying or crippling the all warfighting domains, and deny the same to adversarial forces. It provides
enemy’s ability to make effective and subject-matter expertise in intelligence, planning, and cyber operations. The
timely decisions. Command supports mission operations shift work and participates in cyber
regional planning teams from the following commands:
Through combined resources,
both SSC Pacific and SSC Atlantic • U.S. Central Command (CENTCOM)
support MFCC in its mission to plan, • Special Operations Command Central (SOCCENT)
coordinate, integrate, synchronize, • U.S. Special Operations Command (SOCOM)
and direct cyberspace operations • U. S. European Command (EUCOM)/U.S. Africa Command (AFRICOM)
supporting USCC. • U.S. Pacific Command (PACOM).

SSC Pacific and SSC Atlantic support MFCC on-site with day-to-day operations Way Ahead
allowing MFCC to provide a broad range of intelligence, analysis, planning,
SPECTRA demonstrated to MFCC
training, operational, and logistical support. Furthermore, SSC Pacific and SSC
that SSC Pacific could rapidly
Atlantic provide technical assurance into their acquisition processes, as well as conceive new technology and deliver
supporting MFCC’s contractual requirements through the systems command’s it. MFCC and DISA were pleased with
contractual capabilities. SPECTRA because it helps identify
vulnerabilities early on.
Integrated Product Team (IPT) leads from both systems centers hold a regular
weekly “sync” to discuss the latest in support, resource, and funding concerns SSC Pacific is now looking into
for the MFCC. SSC Pacific’s team supports strategic and planning expertise building extra plug-in logic that
inputs, while MFCC leadership determines current and future priorities. SSC identifies new policies and test cases
Pacific has also provided new technology development for MFCC. to detect new attacks, such as the
latest of many SSL attacks known
SPECTRA is a new science and technology (S&T) capability developed to as Heartbleed. Detecting attacks
ensure that deployed and future Department of Defense (DoD) Web servers such as Heartbleed is intrinsically
are properly secured using Public Key Infrastructure (PKI) concepts. The tool difficult given our current reactive
provides a dynamic and secure method for auditing Web servers for proper mechanisms, but with efforts such
PKI compliance. Misconfigured Web servers can allow cyber attackers with a as SPECTRA we are moving closer
minimal skillset and training to create the following security threats: to DoD’s view of what cybersecurity
means and how to achieve it.
• Man-in-the-middle attacks and eavesdropping on (believed to be) secure
communications between users and a vulnerable Web server The SSC Pacific team continues to
• Extraction of sensitive public key information from users’ Common Access explore how SPECTRA can support
existing networks but also seeks
Cards (CAC), which the attacker can then use to impersonate users
to develop SPECTRA+, which will
• Theft of session keys and other sensitive information in order to redirect
look at supporting future networks.
users to a malicious website with the intent of extracting additional critical
SPECTRA+ will provide the following
information.
advantages, not available from any
tool today:
SPECTRA was developed largely as a rapid S&T effort in which the team
leveraged time and resources to deliver a new capability that accomplishes • Real-time configuration support
the following: for Host-Based Security System
(HBSS)
• Provides the ability to test for complex PKI-related security settings • Targeted penetration testing of
• Provides robust reporting on identified deficiencies Web servers
• Recommends remediation actions to the user • Early-warning indicators and
• Automates part of the process, such as scheduling periodic Web anomaly-detection capabilities
server audits regarding Web server attacks.
• Simplifies the user interface
• Supports the rapid integration of additional capabilities to detect emerging SPECTRA+ will continue to push the
PKI vulnerabilities. boundaries of security, especially with
its projected ability to support users
The SPECTRA development team established a new technology that was in understanding what a cyberattack
scalable, used by a variety of users, and reported capabilities beyond MFCC’s looks like and help them identify
expectations. SPECTRA was delivered to MFCC in FY13. The Defense such attacks early on. Future work on
Information Systems Agency (DISA) is expected to deploy the tool DoD-wide security metrics and their visualization
on infrastructure that supports regular testing of Web servers across the Global will be key in ensuring that efforts such
Information Grid (GIG). as SPECTRA and SPECTRA+ make
SSC Pacific’s vision of information
dominance a reality.
About the Author Sources
Patric Petrie is the lead staff writer for Space and Naval Warfare Systems 1 Greenert, Admiral Jonathan: “Adm. Greenert:
Center Pacific, based in San Diego, California. Petrie is a veteran Wireless Cyberwar, The EM Spectrum, And The
Changing Navy.” BreakingDefense.com, April 2013.
journalist and a former Navy hospital corpsman. <http://breakingdefense.com/2013/04/adm-greenert
-wireless-cyber-em-spectrum-changing-navy/>

Defense in the Age
of Cyber-Warfare:
the Cyber Security
Forum Initiative
Amanda Fortner | Editor


Paul de Souza was the Chief Security Engineer for AT&T when he started noticing that the
cyber-attacks he saw out in the field were changing, transitioning from what we think of as
“traditional” cybercrime – done for money, information, or just “the lulz” – to something
far more potent: attacks that were political in nature, and sometimes even sponsored by
domestic or foreign governments. Intrigued, de Souza went looking for more information,
and found very little. The lack of available information on the topic, and the dearth of
communication between the experts in the field, inspired him to start a public forum on
LinkedIn – what would eventually become the Cyber Security Forum Initiative (CSFI), with
nearly 50,000 members from more than 150 countries.

The concept that cyber-attacks can affect real-world spaces
as well as the Internet has made cyber-warfare a hot topic
among not just cybersecurity professionals, but pretty much
everyone.
CSFI came about in a particularly interesting time for a hot topic among not only cybersecurity professionals,
cybersecurity and hacking: the age of Stuxnet. Discovered in but anyone who uses electricity, running water, and
June 2010, the Stuxnet worm attacked and badly damaged Bluetooth – which is to say, pretty much everyone. De
the PLCs (programmable logic controllers) of many of Souza cautions that it’s more important than ever to focus
Iran’s nuclear centrifuges, setting the country’s nuclear on this topic, as “the way cyber can be used to cause real
development program back heavily. Due to the Iranian effect in the physical domain as a precise weapon system
government’s reticence, the extent of the damage has not that can be acquired by any nation on earth at a very low
been fully defined, but some estimates put the worm as investment” means we have, in effect, entered a new arms
having ruined nearly one fifth of the country’s centrifuges.1 race: nations scramble to pick up exploits and zero-day
Cybersecurity experts from dozens of countries worked vulnerabilities that can be held in reserve for strategic use
– or retaliation. Given that attacks like Stuxnet can be used
together to figure out the worm’s provenance. While
to affect industrial and public infrastructure, such as the
it has not been definitively proven, many concluded that
power grid or manufacturing equipment, cyber-warfare can
the sophistication and scope of the attack, as well as
have far-reaching real-world consequences for even private
its particularly targeted nature, pointed to the work of one
citizens of the nations waging silent war in cyberspace.
or more governments, as few believed an independent
hacker or group could have had the time, resources,
The issue is not going away anytime soon: as de Souza
skill, and motivation to create a worm that behaved as cautions, “Asymmetric warfare will not stop growing; it is
Stuxnet did.2 here to stay.” The growth and prevalence of the Internet of
Things, and its increasing permeation into every aspect of
Experts like de Souza had been interested in the concept our lives, means that attacks have the potential for more and
of state-sponsored hacking for some time, but the public more real-world consequences. In 2013, white-hat hackers
nature and scope of the attack brought the issue forcefully Charlie Miller and Chris Valasek were able to control the
into the public eye. Suddenly, hacking was not just speed and braking functions of a car using a computer
something that lived on the Internet, a crime on the level connected to its On-Board Diagnostic System.3 Nearly two
of vandalism committed by “some high school or college- years later, many cars are so much more connected that
aged kid living in his mom’s basement who could deface Senator Edward Markey warned in a report to the Senate
the main webpage of the local community college,” as de Commerce Committee in February that it was theoretically
Souza said. It had even gone beyond “more sophisticated possible for not just speed and braking, but also steering
threats to society like identity theft or financial fraud via and other critical functions to be remotely hijacked.4 It’s not
insecure websites.” In forming CSFI, de Souza realized that hard to imagine the serious damage that could be done
“cyberspace had quickly become a war-fighting domain, by determined, directed bad actors who can control the
just like land, air, space, and sea.” critical functions of millions of cars.
The concept that hacking and cyber-attacks can have The shift from money- or achievement-motivated hacking
effects not just on computers and the Internet, but on to targeted, government-sponsored attacks is a real point
physical spaces and infrastructure, has made cyber-warfare of concern for de Souza and for his forum members, who

come from a wide variety of backgrounds: CSFI draws its to the continued protection of the global cyber domain.
members from the public and private sector, military and “I am a firm believer in crowdsourcing and reaching out
businesses large and small. Eventually the foundation grew to the cyber community when looking for answers,” de
so large that it was divided, at the request of some of its Souza said. CSFI also enables its members to engage with
partners, into two divisions: CSFI-CWD (Cyber Warfare other cybersecurity professionals through social media,
Division) and CSFI-LPD (Law and Policy Division). The conferences, workshops, and training.
divisions allowed members to focus on the projects and
issues most important to them, sharing information, advice, One area on which de Souza is keen to focus his members’
and solutions among those in their own fields. Because minds is tabletop exercises, defined by Ready.Gov as
both divisions are still under the umbrella of CSFI, however, “discussion-based scenarios where team members meet…
the channels of communication stay open. to discuss their roles during an emergency and their
responses to a particular emergency situation. A facilitator
Communication in the age of cyber-warfare is another guides participants through a discussion of one or more
focus of CSFI's. Many cybersecurity professionals have scenarios.”5 One commenter characterized tabletop
decried the siloing of information that could prevent exercises as something like Dungeons and Dragons for
attacks from becoming massive affairs like the Sony and disaster preparedness. A common tool for businesses and
Target hacks, or keep them from happening at all. One government agencies in developing emergency plans,
of the pillars upon which CSFI stands is collaboration, CSFI has been working to popularize the use of the TTX in
the exchange of pertinent information between the cybersecurity situations – after all, a serious data breach is
public and private sector, and agencies and businesses its own form of emergency. In using the tabletop exercise,
within those sectors that have much to gain through that cybersecurity professionals and warfighters can develop
exchange. “Our collaboration efforts have helped to break plans to handle both previously-encountered scenarios
down stovepipes and ‘closed networks’ that exist inside and zero-day attacks: hacks exploiting vulnerabilities that
government and industry to enable greater information have never been seen before in the wild. Having such plans
sharing and increased capabilities,” de Souza said. “We already in place before attacks occur enables experts to
practice what we preach and have developed a capability be ready for whatever the new cyber-warfare domain can
to collaborate on special projects involving specialists throw at them, and to minimize the damage that may occur.
and volunteers to break down, decompose, and better
understand threats and security-related issues.” These Education is another of CSFI’s priorities. One of de Souza’s
efforts manifest themselves in the form of white papers main concerns about today’s cybersecurity climate is the
and “the development of countermeasures for unique and professionals in the field “who lack basic understanding of
sophisticated cyber-attacks, and the identification of not full-spectrum cyberspace operations and the complexities
only problems, but solutions,” de Souza explained. of the cyberspace environment, as well as planning,
organizing, and integrating cyberspace operations.” In
CSFI’s ability to provide a platform on which its members that wise, CSFI has launched several educational initiatives,
can share ideas, intelligence, and warnings across over 150 aimed at various elements of the public and private sectors.
countries is something its founder sees as being invaluable These efforts draw inspiration from the words of Major

As we live more and more of our lives digitally,
it becomes more important than ever to listen
to what cybersecurity researchers have to say,
and demand more information on how to
protect ourselves in the future.
General Daniel O’Donohue, Commanding General for the professional and as CSFI’s founder, de Souza has taken
U.S. Marine Corps Force Cyberspace (MARFORCYBER): the pulse of the cybersecurity landscape, a vision that he
“We believe the solutions to our shared problems in shares with his members and with anyone in the general
cyberspace revolve around our people, and not systems. public for whom cybersecurity is a necessity – which is to
However, we must provide our workforce the training, say, in today’s connected age, everyone. “Minimize the
tools, and resources they need to defend our nation.”6 threat surface,” de Souza advises. “You cannot completely
eliminate the threat, but you can minimize the risk. Be
CSFI has also partnered with Capitol Technology University creative! Understand the environment, shape it to your
to increase professional awareness, proficiency, and advantage, and stay operational. Stay current, and never
certification. “There is a global demand for more qualified stop learning.” De Souza encourages sharing important
cyber security professionals,” said Dr. Michael T. Wood, information and collaborating with others in order to
President of the University. “To address this need, Capitol catch vulnerabilities before they become large-scale
and the CSFI will work to educate and train individuals and breaches, but he urges caution when doing so: “When
award them credits towards certifications and masters and sharing vulnerabilities, please make sure to also share the
doctoral degrees in information assurance at Capitol.”7 countermeasure or workaround. There are many ways of
Professionals and students can undertake ICWOD and sharing information, from open-source to classified means,
DCOE training, providing them with transfer credits but no matter the medium, always be aware that no system
towards masters and doctoral-level courses in Information is 100 percent secure. Practice good security standards for
Assurance at the University. transmitting information and also maintaining data at rest.”
A little bit of incaution from cybersecurity professionals,
CSFI develops its training efforts collaboratively with even with good intentions, can become a big problem for
qualified members of the Initiative who possess relevant everyone from end users to entire governments.
skills, education, and experience, both from the public
and private sectors. In terms of cyber warfare, some of the From Stuxnet to Heartbleed, Target to Home Depot,
training initiatives have included “cyberspace operations the world is gradually waking up to the concept that
methodologies, the integration of cyberspace capabilities, cybersecurity is important for everyone. Organizations
the role of Information Assurance in cyberspace operations, like CSFI work to enable the transfer of information in a
training and developing the cyber workforce, and designing trickle-down fashion: the more industrial sysadmins, white-
cyber-related organizations,” de Souza said. Each of these hat hackers under government auspices, private security
topics could be its own foundation; CSFI’s global reach researchers, and others can communicate important
and scope enables it to tackle these concepts, and others, information and collaborate on research and development,
and provide relevant information and training to all of its the more cybersecurity will become incorporated into
members and more. our daily lives. The increased visibility and impact of
cybersecurity incidents mean that private individuals are
From his experience both as a cybersecurity industry starting to realize that cybersecurity should be a priority

for them too: poor net hygiene or a successful phishing
attempt can lead to public embarrassment, as in the case of About Paul de Souza
Paul de Souza is the Founder and President of
the iCloud breach that led to the exposure of thousands of CSFI (Cyber Security Forum Initiative) and its Cyber
private celebrity photos, and financial ruin, as anyone who’s Warfare and Law and Policy Divisions. Mr. de Souza
ever had their credit card information stolen can tell you. has over 15 years of cyber security experience and
has worked as the Chief Security Engineer for
As we live more and more of our lives digitally, it becomes AT&T, where he designed and approved secure
more important than ever to listen to what cybersecurity networks for MSS (Managed Security Services).
researchers have to say, and demand more information on He serves as an advisor for the MCPA (Military Cyber Professionals
Association), Federal Director of Training and Education for
how to protect ourselves in the future. Norman Data Defense Systems, and as a CENTRIC (Centre of
Excellence in Terrorism, Resilience, Intelligence & Organized Crime
De Souza sees maintaining security as “a journey and not Research) Visiting Researcher at Sheffield Hallam University in the
UK. Mr. de Souza is a recipient of the Order of Thor Medal and is
a destination. One of the main issues I see in the cyber a Visiting Research Fellow at the National Security Studies, Tel Aviv
domain is the illusion of many that cyber can offer people University, Israel (INSS) - Cyber Security and Military & Strategic
Affairs Programs. He also teaches Cyber Defense Strategies at
a quick shortcut to wealth and fame. There is a price to
George Washington University. Mr. de Souza has consulted for
pay, and many want the cyber title but are not willing to several governments, military organizations,
do the work it takes to really make a difference in this and private institutions on best network
security practices. He is a co-author
operational domain we call cyber. We are our own main
of the book Strategic Intelligence
obstacle.” CSFI tackles this obstacle through collaboration, Management (National Cyber
knowledge-sharing, training, and education. In a world Defense Strategy).
where cybersecurity is more important than ever, CSFI is a
Learn more about CSFI and how
leading light in guiding the global domain of cyberspace you can support their mission at
towards a place of greater safety and cooperation. www.csfi.us.
Sources
1
Kelly, Michael B: “The Stuxnet Attack On Iran’s Nuclear Plant Was ‘Far More 5 Ready.Gov: “Exercises.”
Dangerous’ Than Previously Thought.” BusinessInsider.com, November 2013. <www.ready.gov/business/testing/exercises>
<http://www.businessinsider.com/stuxnet-was-far-more-dangerous-than-previous-
thought-2013-11> 6
Major General Daniel O’Donohue: “Cyber Operations: Improving the Military
Cyber Security Posture in an Uncertain Threat Environment.” Congressional
2 Gross, Michael Joseph: “A Declaration of Cyber-War.” VanityFair.com, April 2011. Hearing Rayburn HOB-2118, March 2015.
<www.vanityfair.com/news/2011/04/stuxnet-201104> <www.csfi.us/?page=training>
3
Goodin, Dan: “Tampering with a car’s brakes and speed by hacking its computers: 7
Capitol Technology University: “Capitol Technology University Partners with the
A new how-to.” ArsTechnica.com, July 2013. Cyber Security Forum Initiative (CSFI).” CapTech.edu, October 2014.
<arstechnica.com/security/2013/07/disabling-a-cars-brakes-and-speed-by-hacking- <http://captechu.edu/news-events/news-headlines/1925>
its-computers-a-new-how-to>
4
Goodin, Dan: “Senator: Car hacks that control steering or steal driver data way too
easy.” ArsTechnica.com, February 2015.
<arstechnica.com/security/2015/02/senator-car-hacks-that-control-steering-or-steal-
driver-data-way-too-easy>

The Evolution of
Information Security
In 1980 Alvin Toffler famously declared that there are three
Part One waves of civilization – Agricultural (lasted centuries), Industrial
(lasted decades), and the Information Age (now).1 Each
new wave pushes the preceding wave aside. Information
security operates in the Physical, “Wired” IT (information
technology), and Radio Frequency (RF) operational domains.
by: Will Janssen So, in a similar vein to Alvin Toffler, information security has
Business Development Director three conceptual waves occurring in the three operational
Signals Defense domains. The first wave is Physical Security (documents
locked up).The concept has been around since Julius Caesar
created his cipher to protect information. The second wave
is “Wired” IT Security (network & servers hardened), which
started the concepts of information security and information
assurance. The third wave is RF Security (transmission) and
has characteristics requiring different approaches than the
first two waves. Similar to the accelerating pace of Toffler’s
three waves of civilization, the three security waves are
growing in impact, especially as RF replaces wired systems,
increasing flexibility and reducing cost. There is no question
that this is a broad characterization but it has value in creating
new probing questions to ensure that as a community we
are adequately supporting our organizations.

The value of the three-wave waves, but has game-changing
security model is that it encourages differences. The RF Security Wave
analysis and action to make sure an follows most of the concepts in the
organization is not caught unawares by previous waves, but methods of
change. Understanding the transitions reaction in the RF operational domain
is important to successful adaptation, will be different. The reason RF is
and this article will identify some of used instead of wireless comes
the key concepts business leaders and from the fact that RF encompasses
security experts should consider to intentional protocols and unintentional
keep their businesses profitable and signals containing information.
long-lasting. While the terms used Wireless is often conceptualized
may not be standard, they provide as common protocols like 802.11
an opportunity to open new insights. and 4G/LTE, but the reality is that
there are many other RF systems
The Physical Security Wave (1st) used. Some examples include those
of information security can be used in “smart buildings” with ZigBee
characterized as controlling access to and other protocols, manufacturing The value of
secured areas with barriers or control processes, point of sale (POS) the three-wave
points. Physical Security principles devices/operations, and Bluetooth.
include portals for entry, methods Additionally the RF domain includes security model is
for identification of individuals, rogue devices, listening devices, that it encourages
barriers created to prevent access of implants, devices used to steal analysis and action
perceived threats, response strategies information, and exploitable signals
for intrusions, and protected enclaves that are emitted unintentionally. to make sure an
for the most important locations. organization is not
Physical and IT “Wired” Waves have disadvantaged by
The “Wired” IT Security Wave (2nd) created standards, frameworks,
uses abstractions of the Physical regulations, practitioner certifications, not recognizing
Security Wave model to solve similar audit methodologies, organizations, change.
problems. The “Wired” IT Security and culture. When “Wired” IT Security
Wave also is concerned with access came into being it took a fairly long
controls to protect information similarly time to create a new culture with
to Physical Security using location. proven technologies to mitigate risk
and gain acceptance by business
“Wired” IT security has portals
community. This lag in risk response
for entry to parts of a network,
has resulted in many of the attacks
methods for identification of
which are still seen daily. The RF
individuals or machines, and barriers
operational domain exacerbates the
to prevent access of perceived threats.
problem because of the invisibility
The tools in this wave include firewalls,
of RF transmission. In the physical
security monitoring systems, tokens, domain where Physical Security is
intrusion response strategies, and applied you see the walls, and with
protected enclaves for the most “Wired” IT Security you see the wires
important information. and are told security is applied. In the
RF operational domain, however, you
The RF Security Wave (3rd) uses many do not see the extent of where your
of the abstractions of the previous information is exposed.

Beyond being invisible and not basic. Full 3rd Wave RF assessments
discernable by our physical senses, what require having the right tools and an
Beyond being makes the RF operational domain risky understanding of RF propagation,
is how information propagates beyond antennas, and current attack methods.
invisible and not Physical and “Wired” IT Security
discernable by our boundaries or controls. Imagine a After the assessment, actionable
physical senses, skyscraper in any major city, where recommendations should be provided
WiFi networks propagate into adjacent so that an organization can prioritize,
what makes the spaces of other building tenants or into based on threat, their investment to
RF operational other towers in the vicinity. This can be mitigate the risks. The objective of the
domain risky is easily demonstrated by accessing email 3rd Wave of security is to create a more
from your cell phone: most likely you will secure work environment and to add
how information be shown many WiFi accounts that you persistent monitoring just as is present
propagates can potentially access. Often they will in the 1st and 2nd Wave of security.
beyond Physical show a lock symbol, but a moderately
skilled hacker can get on the network Part 2 will go into more detail on
and “Wired” and gain access to information. In the c re a t i n g m o re s e c u re w o r k
IT Security same way you see the WiFi networks of environments. It will appear in the
boundaries or other organizations, they undoubtedly Summer 2015 issue of the United States
see yours. This is obviously not good, Cybersecurity Magazine.
controls. unless you feel bulletproof.
Sources
The good news is that steps can be
1 Toffler, Alvin: The Third Wave. Bantam Books, 1980.
taken to rectify your risk position.
The first step is to get a full spectrum
assessment that looks at all three
waves of security. RF penetration
testing should assess the full and
useable spectrum of data exfiltration
from an environment typically from
300 MHz to 6 GHz, and not just the About the Author
WiFi portion of the spectrum. There Will Janssen is the Business Development
are many companies that have fairly Director for Signals Defense. Mr. Janssen has
over 30 years of experience in information
mature tools and processes to assess
security and signals intelligence. He was
your organization’s Physical and IT Boeing Corporation’s Executive site
Security risks, but fewer have the skills director for a DoD customer, a Senior
for the 3rd Wave of security. RF security Executive in DoD, and has worked in the
banking industry expanding information
is more problematic in that the tools security practices internationally.
required are more extensive than just
having a laptop with some penetration
software typically used in information
security assessments. Even 3rd Wave
“warwalking” to find open or rogue
WiFi devices is insufficient and too

United States
{CYBERSECURITY}
Magazine
Subscribe today!
Download the app today!
Search "United States Cybersecurity Magazine"
C y b e r
www.uscybersecurity.net | 443.453.4784
Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.

How Connected
Is Too Connected?
by: Darin Andersen
Cybersecurity for a Fully
Chairman & Founder
CyberTECH Networked World
The Internet of Things (IoT) has become one of the hottest Cisco’s prediction of 50 billion Internet-connected devices
topics among security and privacy experts in the last two by 2020,2 Ashton’s original premise was that nearly all
years. In October 2013, when CyberTECH produced data collection is dependent on human, not machine
“Securing the Internet of Things,” the first “think tank” collection, and thus he suggests that the IoT should focus
event on the topic, most people where just coming to on physical, not digital domains.
terms with what the IoT was and what its impacts on
security and privacy might be. Successful IoT products leverage a relationship between
humans and the data they generate. IoT sensors capture
Ubiquitous connectivity and advances in cloud and inform intelligent devices that generate analysis-ready
computing that enable storage and real time analytics of data that is further transformed to make the device itself
collected sensor data are powering the explosion of smarter. Ashton’s insight about the Internet of Things is
the IoT. From the automated home to the smart factory that if computers can know everything about “things”
floor, startups and well-established companies alike are without dependency on human-collected data, then
launching solutions that simplify our work and private lives smart devices can track and count everything and greatly
by implementing systems that anticipate our needs and reduce waste, loss, and cost, know when things need to
save us precious time. be replaced or repaired, and thus enable humans to live
more productively.
The term “Internet of Things,” coined by Kevin Ashton for
a marketing presentation at his then-employer, Proctor and This idea is supported by evidence that “dumb”
Gamble, noted that humans were more responsible for computers have been relatively slow in driving productivity
data collection than computers.1 While many emphasize improvements. In 1987, computers of all kinds were

selling 15 to 20 million units annually. It was not until A recent report issued by the Federal Trade Commission
after the year 2000 that economists showed a statistically validates the findings of the Ponemon DPD group and
significant impact of computers on productivity. By this strongly suggests that IoT manufacturers need to build
time, computer sales were exceeding 300 million units security and privacy into their products and solutions
each year and since then have gone from 300 to 400 during the product design phase, not after security
million PCs to nearly a billion smartphone devices sold vulnerabilities have been exploited or privacy is violated.4
each year.3
We will see rising pressure for government regulation,
Ashton’s focus on the human as the central figure which should be considered in collaboration with business,
powering a fully connected world of smart devices is academic and other stakeholders. We don’t have much
spot on, and he naturally focuses on what he sees as the longer to get ahead of the curve and the time is rapidly
main problem going forward (i.e., better collection and approaching when we may ask why things aren’t connected
analysis of the data) with little or no emphasis on IoT data to the Internet instead of why they are.
security and privacy.
Before we know it, new IoT wearables, autonomous
The twin issues of privacy and security have a central role vehicles, and many other connected devices will start
in the connected world that is being filled in around us to flood the market. The issues of security and privacy
like a composite picture being drawn a pixel at a time. require additional attention if consumers, government,
The Internet was originally built on trust, but in the post- law enforcement, schools, and corporations are going to
Snowden/Anonymous era, trust has been obliterated. get ahead of impending challenges and opportunities. To
Centralized systems with trusted partners cannot be relied be successful in the marketplace, these new technologies
upon in a connected IoT world. Today’s IoT solutions will have to be impervious to cyber attack and diligent in
enable centralized actors (manufacturers, governments, protecting the privacy of users and other players with a
and service providers) to gain full access to the devices stake in the Internet of Safe Things.
collecting and analyzing user data.
Sources
We are rapidly losing the ability to determine the “right” 1 Ashton, Kevin: “That ‘Internet of Things’ Thing.” RFID Journal, June 2009.
<http://www.rfidjournal.com/articles/view?4986>
level of our own connectedness; it is being determined
2
Evans, Dave: “The Internet of Things: How the Next Evolution of the Internet Is
for us by the very systems we have engineered to better Changing Everything.” Cisco, April 2011.
our lives. In the best-case scenario, humans will enjoy <http://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf>
the promise of intelligent devices and improved user 3

Brody, Paul and Veena Pureswaran: “Device Democracy: Saving the Future of
experiences. Those opting out of the highly mechanized the Internet of Things.” IBM Institute for Business Value, September 2014.
<http://public.dhe.ibm.com/common/ssi/ecm/gb/en/gbe03620usen/
IoT will fall behind their connected peers who have tethered GBE03620USEN.PDF>
themselves to their everyday devices that manage critical
4
FTC Staff: “Internet of Things: Privacy & Security in a Connected World.”
aspects of their lives in unprecedented ways. Federal Trade Commission, January 2015. <http://www.ftc.gov/system/files/
documents/reports/federal-trade-commission-staff-report-november-2013-
workshop-entitled-internet-things-privacy/150127iotrpt.pdf>
At a recent CyberTECH Data Privacy Day (DPD) event
held in San Diego, California, Dr. Larry Ponemon, Founder
of the Ponemon Institute, designed a scenario-based About the Author
group exercise that assigned subgroups the responsibility Darin Andersen is a distinguished Internet of
for specific roles as consumers, consumer protection Things (IoT) and cybersecurity professional
advocates, manufacturers, law enforcement, the legal with over 15 years of experience in the security
industry. Mr. Andersen is the Chairman & Founder
community, and members of the manufacturing supply of CyberTECH, a global cybersecurity and IoT
chain of an everyday device. There were several key network ecosystem providing cybersecurity and
findings from the day. First, the security industry needs IoT resources, strategic programs, and quality
to do a better job of educating consumers about the IoT thought leader IoT Forums across the nation. Andersen is also the
founder of CyberUnited, Inc., a cybersecurity, IoT security, and
and the steps they should take to protect the personal predictive analytics consultancy firm with offices in San Diego,
information being generated by IoT devices. At the same CA and Columbia, MD.
time, we need to urge industry to engineer better and
more secure and privacy-enabled products and emphasize
product safety as key driver in this process.

Looking to Make Your Leap:
Protecting Yourself from
Threats and Breaches Three Potential Areas of
Data Breaches
in the Cloud
There are three potential areas in the transfer
of data that attacks can occur: in transit, at
the endpoint, and when data is at rest, such
as on a hosted server.
Vaughan Emery In Transit

President and CEO Hospitals, banks, utilities, and other
CENTRI Technology organizations are increasingly providing
their employees with smartphones and
tablets. Those devices are great for giving
More businesses are moving their data to the cloud, employees anytime, anywhere access to
due to its many attractive benefits: lower capital and cloud-based resources; however, they also
operational overhead, faster and more efficient scalability, create an added security risk when accessing
and increased flexibility, to name a few. According to a private data on insecure networks. For
RightScale study,1 87 percent of businesses surveyed example, public Wi-Fi hotspots are generally
have migrated some or all of their communications and less secure than using cellular data and create
IT infrastructure to the cloud. increased vulnerability.
While the cloud provides many benefits, it also creates

At the Endpoint
new security challenges and threats for businesses, Bring-your-own-device (BYOD) is a
which – if precautions are not taken – could cause serious common emergent trend, where companies
repercussions to a company’s financial bottom line and encourage employees to use their personal
reputation. For example, companies such as Dropbox, smartphones and tablets for work because
JPMorgan Chase, Snapchat, Sony, Target, and Anthem they otherwise couldn’t afford to buy
have all had high-profile cloud data breaches, which have them those devices. These BYOD policies
damaged public perception. can create back doors into the cloud,
such as when employees install malware-
infected content on their personal devices.
To ensure that organizations are prepared to mitigate
the risks of transitioning to the cloud, it’s important to
At Rest
understand the potential vulnerabilities and weak points
in the data transfer process. The good news is that with When an organization migrates to the
ironclad encryption technologies and knowledge of the cloud, its data now resides on another
insecurities in the data transfer process, companies can entity’s infrastructure. Many organizations
secure their data and reduce the risks of these detrimental are reluctant to implement encryption and
cybersecurity attacks. security tools on the devices where the data
is at rest, due to fear of latency. This leaves
them vulnerable to attacks.

yZwoqL6+ic204N97elhVl6ZVkXelft1hd1i6myTTyh7ihYsr1DyJ5D
a0G/fFigG10ntED0rjm5n8g1VGGzX15tZnWIN7HSOrbWPWqC5hj-
WZBDu+JJuMRfgetoSEzNCGBRRKK2ivH07iYX9Rs0yEwIby0n5uyu
7wxqmXLrrHOKTk2yk0oteo2znfmITEyISghMCHtrIsuvEcyefN1oR-
5cThDngLy06n7eDkPPsO1KyX4DiFgbAVtMPImHmb/rWdNasggTdf-
pW12l9xO6IB25iTxRyFOqsviZymmwhMzQhzmPoT+9JMUpsNugtX
TvqD/k4iWggrzzrg5UrJhjTJHdOpW7Ec29rpoF5HT3ZguoqqlAW0l-
BFjM7yiyMtcqQzwIGHFO4hMzQhFKX0bhGXe11ZFDJYaxSsyAF09n-
NyeVvVEritoUUUOT2shAX9KynkPU/xIMtnYKVo9fKmOcNnba27Gex
4hb6P0l788NNT5QMCeLoG+iQyUIakm6M5HUSDuXfEj83IdyEzOSGf
QB/A4p+M6GVtKKmGEpxy7xVSeha84HrDjuUr8RQk0LSbbldVuLHfp
oETOcvyITMzIW18ITAhkXv4fdDygiEzOSEdqkCxEs4VSP3YMPxIjzD/
cLGytmHMGeJH1vHLzbjpaGzWPCWjVRwHXA==
Why Encryption is a Must-Have for architecture, which minimizes overhead and, therefore,
reduces latency. By comparison, block encryption takes
Securing Cloud Data a large amount of data and encrypts it over time. That
approach increases latency and thus undermines a cloud
Encryption is an ideal way to maximize cloud security. Even
service’s ability to provide an on-premise user experience.
if firewalls and other safeguards fail, a hacker still won’t
have the keys to encrypted data and thus can’t do anything
with the information that’s been stolen. It is critical to have Encryption to Secure your Data
an end-to-end strategy, where data is encrypted at rest,
in transit, and at the endpoints. While new technologies like the cloud can make businesses
more efficient, cost-effective, and flexible, they must
Encryption also can avoid the limitations of other security ensure that they are protected against cybercriminals that
tools. For example, SSL (Secure Sockets Layer) – a standard are trying to obtain their highly valuable and proprietary
security technology for establishing an encrypted link data. Encryption is the key to securing the cloud, and
between server and client – is computer-intensive. Even organizations that utilize these technologies will be better
when a laptop, smartphone, or tablet has a multicore prepared to mitigate risk while also taking advantage of
processor that can handle SSL’s workload without affecting all of the benefits that the cloud has to offer.
other tasks, that workload still can take a significant toll
on battery life. By avoiding these and other drawbacks, Sources
encryption helps cloud services achieve a key goal: 1
Kim Weins: “Cloud Computing Trends: 2014 State of the Cloud Survey.” April
providing a user experience that feels the same as if 2014, Cloud Management Blog. <http://www.rightscale.com/blog/cloud-industry-
insights/cloud-computing-trends-2014-state-cloud-survey>
everything were on-premise.
Not All Encryption is Created Equal

About the Author
There are varying degrees of encryption, and not all
solutions provide the same level of protection and Vaughan Emery is the president and CEO of
CENTRI Technology. He works closely with
performance. One example is how key management is technology partners to deliver the company’s
handled: it gets complex when it involves thousands or mobile and cloud solutions to its customers.
millions of keys. Plus, if a key is lost, so is the data that it Throughout his career, Vaughan has developed
key business relationships with service providers,
locks up. mobile operators, and technology partners within
the US, Asia, and Europe. Previously, he founded a mobile security
This challenge is why savvy organizations increasingly technology company, which developed an advanced malware
security solution for mobile phones and embedded devices. He
prefer hybrid solutions, which combine private/symmetric
has over 20 years of leadership experience in commercial product
and public/asymmetric architectures. This strategy development, technology services, and business development.
eliminates the key-management complexity that afflicts
public/asymmetric solutions.
The ideal encryption solution also uses a streaming

The Problem of Attribution
in Cyber Attacks:
The Sony Example
Ira E. Hoffman, Esq.
Principal in Cybersecurity
Government Contracts and International Law
Offit | Kurman, P.A.
At Fort Sumter, Union troops quickly identified the forces 2. the series of strategic cyber attacks that disabled
that were bombarding them as newly minted Confederate Georgian command and control systems in 2008,
artillery. Similarly, at Pearl Harbor, the U.S. Navy immediately which coincided with a Russian military intrusion across
identified Japan as the source of the bombing raid because the Georgian border, but which were later determined
of the unmistakable markings on the low-flying aircraft to have begun with online Russian hacking groups;
overhead. In attacks involving conventional warfare, and
“attribution,” or the identification of an attacker, is readily
apparent. In the case of attacks in cyberspace, however, 3. the Stuxnet attack on nuclear centrifuges in Iran in
attribution is a much more complex problem, as the recent 2010, which has been attributed by various sources
hack on Sony Pictures Entertainment demonstrates. The to the U.S., Israel, or both.2
purpose of this article is to explore the issue of attribution
through the prism of the Sony hack, which many analysts, In contrast to the Estonia and Georgia examples, where
but by no means all, attribute to North Korea. the victimized governments sought to publicize evidence
that would point the finger at the Russian government,
attribution in the Stuxnet case has been made virtually
Background impossible by the fact that the Iranians have declined
As a report by the Congressional Research Service (CRS) to disclose either the extent or source of the damage,
explains, “blurry lines” between various types of malicious presumably because such evidence would have revealed
activity in cyberspace make it difficult for investigators to the progress that Iran had made to that date in its
attribute an incident to a specific individual, organization, nuclear weapons program and/or would have exposed
informal group (e.g., the hacker group Anonymous), or vulnerabilities in its network.
even foreign government.1 As examples of such blurry
lines, CRS cited In any event, each of the foregoing three examples
involved cyber attacks on important assets of a foreign
1. the 2007 distributed denial of service (DDOS) attacks government. In the case of Sony, however, the importance
launched against Estonia, which the Estonians originally of the attribution issue has been dramatically extended to
attributed to Russia, but investigations subsequently victims in the private sector.
led to unofficial Russian-language chatrooms and
the conviction of one ethnic Russian student;

The Sony Hack as a Case Study First, the release of personal emails having nothing to
do with The Interview is much more consistent with the
In late November 2014, computer screens across the motives of hacktivists than with those of nation-states.
Sony network were defaced with the image of a skull Then, in early December 2014, Jamie Blasco, Director of
accompanied by a message threatening to expose secrets AlienVault Labs, analyzed the malware and told writers
obtained through hacking. The disruption to the network from ComputerWorld that he began to suspect insiders.6
was so crippling that Sony employees were reduced to In the same report, cyberthreat intelligence analyst Scot
working with pen and paper. In the meantime, hackers Terban concluded that it was “unlikely” that North Korea
released embarrassing emails and personal details about was responsible. Pointing to the use of Korean language
Sony executives and movie stars; uploaded several Sony encoding in the malware, he is quoted as stating that if
films that had yet to be released; and threatened movie it had been North Korea that attacked Sony, then “there
theaters and theatergoers if Sony continued with its plans would be no evidence of Korean coding.”7 Then, on
for the Christmas release of The Interview, a comedy December 29, 2014, Politico reported that researchers
involving a plot to assassinate Kim Jung-un, the ruler of from Norse, a cyber intelligence company, said that their
North Korea. own investigation “doesn’t point to North Korea at all,
and instead indicates some combination of a disgruntled
The first group claiming responsibility for the hack identified employee and hackers for privacy groups is at fault.”8 In
itself as the “Guardians of Peace,” or, ironically, the “GOP.” addition, a report by Taia Global stated that a linguistic
After discovering the hack, Sony requested the assistance analysis of messages from the purported hackers points
of the FBI. On December 19th, the FBI issued a press to speakers of Russian, not Korean.9
release announcing that, as a result of its investigation,
it had “enough information to conclude that the North Through the end of February 2015, when this article is
Korean government is responsible” for the Sony hack.3 being sent to press, we still don’t know the source (or
Although the FBI expressly stated that it could not reveal sources) of the Sony hack. In other words, attribution
all of the information it had obtained, its conclusion was remains difficult.
based, in part, on the following:
Sources
• Technical analysis of the data deletion malware used 1 Congressional Research Service: “Cybercrime: Conceptual Issues for Congress
and U.S. Law Enforcement.” CRS No. R42547, at 11. January 2015.
in the attack disclosed links to other malware that “the 2 Ibid – page 10
FBI knows North Korean actors previously developed,” 3 FBI National Press Office: “Update on Sony Investigation.” Washington, D.C.,
December 2014.
i.e., similarities in “specific lines of code, encryption 4 Ibid.
algorithms, data deletion methods, and compromised 5 Comey, James B.: “Addressing the Cyber Security Threat.” Fordham University.
International Conference on Cyber Security, New York, NY: January 2015, page 3
networks”; 6 Kirk, Jeremy and Martyn Williams: “North Korea unlikely to be behind Sony
Pictures attacks.” Computerworld, December 2014 – page 2
• Observation of “significant overlap” between the 7 Ibid. – page 3
8 Kopan, Tal: “U.S.: No alternate leads in Sony hack.” Politico Pro, December 2014
infrastructure used in the Sony hack and “other – page 1
malicious cyber activity that the U.S. Government 9 Ibid. – page 2
had previously attributed to North Korea,” e.g., IP
addresses associated with known North Korean
About the Author
sources; and
Ira E. Hoffman, Esq., is a Principal in the
• Similarity to the tools used in a cyber attack in March Cybersecurity, Government Contracts and
2013 against South Korean banks and media outlets, International Practice Groups in the Bethesda,
which “was carried out by North Korea.”4 MD office of the multi-state law firm, Offit Kurman,
P.A. He is a Fellow of the Cyber Security Forum
Initiative (CSFI); a member of the Advisory Boards
Then, in a speech delivered in January of 2015, the FBI of CyberMaryland and CyberMontgomery; an instructor for the
Director, James Comey, reiterated that “[i]t was the North Public Contracting Institute (PCI); and a frequent speaker, and
author of several articles, on cybersecurity law and policy. He
Koreans who hacked Sony.”5 In contrast to the certainty can be reached at 240-507-1723 or at ihoffman@offitkurman.com.
professed by the FBI, there are a number of other
cybersecurity analysts who point out that the evidence
linking North Korea to the Sony hack is not definitive.

HARFORD COUNTY
OFFICE OF ECONOMIC DEVELOPMENT
ENTREPRENEURIAL
Come START UPS
GROW 3D/ADDITIVE
with
US!
MANUFACTURING
MARYLAND’S
CYBER/DEFENSE
SOLUTIONS
AG RESEARCH &
EXPOSITION
ECONOMIC GARDENING
www.harfordcountymd.gov
www.harfordbusiness.org
410-638-3059
BARRY GLASSMAN
Harford County Executive
KAREN HOLT, DIRECTOR
Office of Economic Development

A SHOPPER’S GUIDE
TO CYBER LIABILITY
INSURANCE
Holly Winger, Esq.
Brenner, Saltzman & Wallman LLP
As the insurance specialist at Brenner, Saltzman & HVAC contractor. At a recent Connecticut Bar Association
Wallman, I have reviewed a variety of insurance policies program, an executive of one of the major insurers noted
for clients with cybersecurity needs. Some host websites that fully 38% of claims regarding data breaches came
for marketing commercial real estate; others develop from companies with 100 employees or less.1 Hackers may
software to assist hospitals with monitoring patients target smaller companies specifically because they may
for serious chronic conditions, or coordinate billions of not have large IT departments focused on cybersecurity.
credit transactions for retailers. These policies came to Between costs of:
me when our clients faced some unusual claims or were
preparing to enter new areas of business and wanted to • satisfying statutory requirements to notify customers
know whether their existing insurance would protect them. concerning releases of personal identifying
My clients and I were often surprised to learn that they information (PII)
were not as well-protected as they hoped by the policies • diverting personnel to investigate and address the
they had purchased. This article shares some basic tips data breach
acquired through these coverage surveys which will help
you shop for cyber liability insurance or evaluate whether • damage to critical data and hardware
your existing insurance coverage will protect your business • decreased revenue from lost customer trust,
from cyber liability claims.
recent losses calculated from data breaches averaged over
You may think that you are not a target (or Home Depot) $5 million each.2
which would interest a hacker, and thus don’t really need
cyber liability insurance. Yet even small businesses are at Regular property and liability policies generally are not
risk: Target’s computer system was hacked through its designed to and will not offer any robust protection for

On multiple occasions, when
seeking coverage for claims, you can bear in the form of a “self-insured retention” (SIR)
my clients and I learned that or deductible. The higher the SIR/deductible, generally,
the policies that they had the lower the premium. The higher the limit of protection,
the higher the premium.
purchased either did not
offer coverage for what they While you may not have had much input in the purchase
actually did or contained of your business’s general liability or auto insurance policy,
you will benefit from working closely with your broker to
exclusions for claims arising find the right cyber liability policy. First, offer your broker
from activities that they a complete description of what your business actually
engaged in regularly. does, so he/she can make an educated search for the
right product and the insurer’s underwriters can focus on
the real needs of your business. Unless the brokerage
cyber liability risks. My experience reviewing these policies understands the specifics of your business, it may focus
for our clients suggests that insurers have become savvy at on more traditional insurance products with which it has
limiting their risk for cyber liability in these policies. They experience rather than exploring new products, even
regularly exclude “data” from the definition of “property” when more established coverages may not match the
that is protected or exclude operation of websites from specialized needs of your e-business. For example, a client
coverage for “personal injury” such as defamation or whose software assists hospitals with monitoring chronic
improper publication of private information. conditions got a “medical products” policy designed for
manufacturers and sellers of devices like artificial joints. It
If your business depends on sharing and storing information contained exclusions for coverage for unauthorized release
electronically, specific cyber liability insurance may be a of Protected Health Information (PHI) and costs of notifying
worthwhile cost of the new way business gets conducted. persons affected by data breaches. It’s important to look
Decide whether the money your business may have saved out for and be aware of exclusions like this in traditional
on cloud storage instead of paper records and accounting policies that may leave you exposed.
software instead of bookkeepers would be well-spent on
new insurance to: When the cyber liability policy arrives, review it promptly
to check whether its coverage matches what you do and
• better protect electronic records exclusions for key functions have not been added. On
multiple occasions, when seeking coverage for claims,
• cover new costs of doing business, such as notifying
my clients and I learned that the policies that they had
customers whose PII may have been improperly
purchased either did not offer coverage for what they
released and restoring any corrupted data.
actually did or contained exclusions for claims arising
from activities that they engaged in regularly. Often the
Cyber liability policies can address those ecommerce “binders” that a broker forwards for your approval do not
risks. Most of these policies are relatively new and are describe all policy exclusions. You can request a more
“manuscripted,” meaning that rather than being standard complete description of all exclusions and, where you and
forms, they may be written for particular businesses or your broker recognize that exclusions may create a serious
industries, with the language and coverage differing hole in desired coverage, your broker can ask the insurer
substantially among different insurers. Insurers may whether it will delete exclusions for an adjustment of the
negotiate provisions specific to the needs of a particular premium to see whether it will be worth the cost to plug
business to a greater or lesser degree, if requested. The that hole.
same insurers with which you carry your general liability
and other policies may offer their own separate, specialty Your business’s description should be reviewed each time
coverage for this growing risk. Pricing may depend on policies come up for renewal. Your broker will need to
what level of coverage your business needs or that business know about new locations where you operate both online
partners require you to carry and what kind of up-front costs and off, as well as new products or services that you offer.

010110101101011010101010101011010101000010101101010110101000101
010101010101010101011101101011011010011010110101010101010101011
011001011010101011010101101101101010000010111010100001010101010
0001010101000101010101011010 0101101011010110101010101010110101
010110101000101010101101010110101010101010101010111011010110110
but operate it under your original

another business
ommercial
1000010101010101011110101010100010101010001010101010101
company name. Check
C
010101010101011010110101011010110010110101010110101011011011010
Tell your broker if you have purchased
whether you have or anticipate new customers which may: INSURANCE

• create different risks for your business
managers
A Mumpower Enterprise
• require your business to maintain different or more

insurance than you currently have.
For example, a client which originally coordinated credit Cyber Liability Insurance
card transactions for gas retailers was approached by
a major medical provider about handling payments.
Suddenly, concerns about the unauthorized release of When domestic or foreign hackers,
PHI jumped to the fore. When your business shifts or employees, or other third parties invade
grows in new directions, check your coverage and adjust your computer networks, be assured
it according to your new needs. If, as you plan the growth that we can provide first and third party
of your business, you find that you cannot insure against protections for:
certain risks of your e-business, you can take other steps
to address or plan for those risks. • Loss of Digital Assets
• Non-Physical Business Interruption
Other tools to reduce exposure for cyber liability include and Extra Expense
placing appropriate limitations of liability in invoices and • Cyber Extortion Threat
contracts with customers or clauses in contracts requiring
another party to indemnify your business for cyber liability. • Security Event Costs
You should also determine whether those parties have • Network Security & Privacy Liability
insurance that can back up those indemnification claims. Coverage
Be aware that over 30% of cyber liability claims arise • Employee Privacy Liability
from human error.3 Properly training your employees to
recognize and avoid cyber risks and enforcing company • Electronic Media Liability
policies which address those risks remain important tools • Cyber Terror
to limit your company’s exposure. • Special Expenses Aggregate
Sources • Customer Notification Expenses
1 Johnson, Karen I. and Gregory Podolak, Esq.: “Ensuring Data Confidentiality and • Public Relations Expenses
Insuring Cyber Exposures.” Cyber Liability Insurance Coverage CLE, Connecticut
Bar Association. New Britain, CT: November 2014.
2 Ibid.
3 Ibid.
About the Author

Holly Winger practices at Brenner, Saltzman &
Wallman in New Haven, Connecticut, where
she helps businesses fully utilize insurance as
an important tool to offer protection against
commercially significant risks and allocate or
shift risk appropriately among parties to business Gordon M. Mumpower, Jr.
0101101011010110101010101010110101010000101011
arrangements. She assists clients in securing the
coverage that is available under their policies when claims arise,
President
0010101010110101011010101010101010101011101101
so that her clients benefit from their premium dollars. She also 0101101010101010101010110101101010110101100101
clarifies and explains the limitations of currently available coverage 0101101101101010000010111010100001010101010101
to assist with business planning and to address or control risk, 0001010101000101010101011010 010110101101011010
where possible.
410.799.2142
1010101000010101101010110101000101010101101010
1010101010111011010110110100110101101010101010
www.businsure.com
1101010110101100101101010101101010110110110101
0100001010101010101111010101010001010101000101

Maybe it was the Sony hack, with corporate executives initially bowing to
hacker demands while trying to recover from a multi-million dollar virtual
smash-and-grab. Maybe it was the compromise of the Navy network and
the resulting necessity of a task force to assess and shore up their defenses.
Maybe it was the loss of 80 million records from one of the nation’s largest
health insurers. Or maybe it was just the cumulative effect of an unending
parade of headlines trumpeting one high-profile hack after another.
Getting Cybersecurity off the Back Burner

and into the Boardroom
Whatever the reason, your government leaders are developing
boss is now interested in a better understanding of the linkage
cybersecurity. between cybersecurity and mission
success is welcome, if overdue.
Cybersecurity has But before running into the boss’s
historically been office with a requisition for the
relegated to “the geeks latest next-generation firewall or a
in IT,” but the CEOs recommendation to shut down access
of Sony, Target, and to Twitter, it’s important to help your
JPMorgan can tell you organization get the right perspective.
why it’s rapidly becoming
a priority in boardrooms First, cement the commitment.
around the world. Military Business continuity and mission
commanders are actively success are inherently leadership
working to understand how actions responsibilities. These are subjects
in cyberspace can spell the difference that belong in the boardroom or
by: Richard A. “Rick” Lipsey between mission success and mission the commander’s office, not in the
Senior Strategic Cyber Lead failure. Government executives want IT department. While cybersecurity
LMI to know that the sensitive information professionals can bring technical
they maintain on taxpayers, veterans, expertise and make recommendations,
and healthcare beneficiaries isn’t management focus and resource
vulnerable. And nobody wants to be commitment must come from the
on the front page of the Washington top. Help your boss (and others in
Post or the New York Times. leadership) understand that linkage.
For cybersecurity professionals, the Next, approach the problem from a

news that corporate, military, and mission or operational perspective.

At the end of the day,
At the end of the day, what’s most have previously been what’s most important
important to the organization and its unimaginable. But to the organization
leadership team? Annual revenue? these capabilities
Projecting combat power? Providing exist in a complex (and and its leadership team?
patient care? Mission analysis is increasingly hostile)
Mission analysis is critical
critical to uncovering the principle environment that is
objectives of your organization and the constantly evolving. In to uncovering the
subordinate activities that contribute
to those ends.
October 2014, the number
of devices connected to the
principle objectives of
Internet surpassed the population your organization and
Once the team understands its
business or operational goals,
of the Earth, and this growth shows no
signs of slowing.1 An example of the
the subordinate activities
identify and prioritize your cyber consequences of our dependencies on that contribute to
dependencies. This is often harder this multi-tiered environment occurred
than it sounds. Businesses and several years ago, when a Predator
those ends.
government organizations have drone flying over a combat zone in the
embraced computing and network Middle East unexpectedly returned to
capabilities because they enable base due to loss of its control signal.
services and efficiencies that would The cause: Verizon was performing

It’s been said
there are two types maintenance on succeed. With that in mind, an
of organizations: a cable vault in

Chicago. Identifying
organization’s objective should be to
establish cyber resilience – the ability
those that have and prioritizing cyber

dependencies requires
to quickly recover from an attack and
get back to the mission.
been hacked, and the valuation of key
data, systems, networks, Lastly, speak the right language. By
those that don’t services, and personnel that focusing on the organization’s mission
support operations. and linking your recommendations to
know they’ve their impact on that mission, you’ll gain
been hacked. Once you’ve prioritized your

cyber dependencies, perform a risk
more support from the top than with
your expert analysis of why Firewall X
analysis. What threats does your is better than Firewall Y. Work with
organization face from nation-states, your boss to speak the language of
major cybercrime organizations, petty the boardroom or the command
criminals, hacktivists, or insiders? center, and together you’ll help ensure
What are your vulnerabilities? What organizational success and, hopefully,
are the consequences to your mission keep your boss off the front page.
if a breach occurs? The results of
this analysis will help you prioritize Sources
your efforts to prevent, detect, 1 Mohr, Christopher: “There are Now More Active
Mobile Devices than People on Earth.”
respond, and recover. This will MobilityTechzone.com, October 2014.
also shape resource management <http://www.mobilitytechzone.comtopics/4gwireless
evolution/articles/2014/10/07/390731-therenow-
decisions by placing them within a more-active-mobile-devices-than-people.htm>
risk management framework. There
is no “one size fits all” solution to
cybersecurity, and adjustments to About the Author
budgets, personnel, processes, and Richard A. “Rick” Lipsey
technical architecture should be driven is senior strategic cyber
by mission-risk considerations. lead for LMI, a not-for-
profit consulting firm
dedicated to advancing
As you formulate your proposed the management of
mission-based strategy, the correct government. He coordinates a robust,
multi-disciplinary portfolio of cyber-related
mindset is essential. While defense- management and analytical services.
in-depth architectures will keep out He is a 28-year Air Force veteran and led
more adversaries than single-point the establishment of DoD’s first combatant
command network warfare center, led Air
solutions, there’s no such thing as a Force communications and networking
perfect defense. It’s been said there support in Southwest Asia, and served
are two types of organizations: those as Vice Commander of 24th Air Force
(Air Force component of United States
that have been hacked, and those Cyber Command).
that don’t know they’ve been hacked.
Help the organization understand
that, despite your best efforts, a
sophisticated attacker will inevitably

CYBER AND Take Your Organization’s Pulse,
TECHNOLOGY Anywhere, Anytime.
TRAINING
Need an Industry Certification?
Take a prep course with AACC so you can walk into the exam
feeling prepared. Check us out at www.aacc.edu/it.
NTW 548 Cisco Certified Network Associate (CCNA)
NTW 541 CompTIA A+
NTW 554 CompTIA Certified Technical Trainer (CTT+)
NTW 549 CompTIA Healthcare IT Technician Monitor, Detect, Respond
NTW 550 CompTIA Linux+
- Broad-Spectrum Continuous Visibility
NTW 546 CompTIA Network+
NTW 547 CompTIA Security+ - Detection and Alerts for Rogue, Vulnerable,
NTW 545 EC-Council Certified Ethical Hacker (CEH) and Suspicious Devices
NTW 553 (ISC)2 Certified Authorization Professional (CAP)
- Assess and Enforce Critical Controls
NTW 521 (ISC)2 Certified Information Systems Security Professional (CISSP)
NTW 551 Red Hat Certified System Administrator (RHCSA)
NTW 552 Red Hat Certified Engineer (RHCE)
www.pwnieexpress.com
We also have a variety of online options!
For information contact us at
technologytraining@aacc.edu or call 410-777-7126.
Visit us on the Web at www.aacc.edu/it.
Like us on Follow us
Facebook on Twitter
Agility. Ingenuity. Integrity.
It all starts with an idea.
You can make a difference. Supporting national security is

more than a job to Sotera employees; it is our passion. Every
day Sotera employees are engaged in delivering innovative,
technology-based cyber systems and solutions to make a real
difference in advancing the security of our nation.
IT Consulting
INFO@P7N.NET www.soteradefense.com

The Blueprint to Cybersecurity
Government Contracting:
Phase One
Kim Harwell
National Procurement Manager
National Bid Network/GovPurchase
The road to government contracts can seem complicated, What many contractors often ignore or underestimate is
even to a seasoned professional government contractor. It the value of historical data in understanding the number
does not have to be that way. In this article I will attempt of contracts.
to simplify government contracting business development
and explain its initial phases honestly and simply. Government spending is budgeted on an annual basis.
The fiscal year ends on September 30th. Knowing how
Identify your capabilities by using government-recognized many contracts were awarded the previous fiscal
criteria. Capabilities statements are necessary in year in a particular NAICS code is the first step in the
government contracting, but understanding North blueprint to IT government contracting. This number will
American Industry Classification System (NAICS) codes be proportionate to the budget approved by Congress.
From a contractor’s perspective these budgets do not
and properly identifying your company’s capabilities in
vary much from year to year. Therefore knowing the
this fashion is critical. Learn more about the NAICS codes
number of contracts awarded in the previous fiscal year
you are using and understand the differences and the
is the clearest sign of the number of contracts that will
value in having the right NAICS codes. For sales and
be awarded during this current fiscal year.
marketing purposes, do not use too many NAICS codes
that represent various industries unless these are core
The next step is knowing the agencies, and which
capabilities of your company. Once you have identified
departments inside of the agencies, awarded contracts
your prospective NAICS codes, review the description of
in the last fiscal year. This information helps you identify
each code to better understand the subtleties and slight
which agencies you should target, during the current and
differences between them.
future fiscal years.
Key NAICS Codes and Properties

Awards
NAICS Name Contracting Agencies
2014
541511 Custom Computer Programming Services 9254 146
541512 Computer Systems Design Services 9574 145
541513 Computer Facilities Management Services 2884 120
541519 Other Computer Related Services 33978 157

Knowing which agencies and sub-agencies spent money Knowing the volume or dollar amounts the government
in the past gives you the best indication of which ones will spends in your NAICS codes is the best indication of the
spend money in future years. Also this information assists competitiveness of the NAICS. This step is where you may
you in creating or enhancing your Agency Profiles. begin to notice gaps, potential pain points, and other
niches your company might fill.
Step three is understanding the competitive landscape.
Knowing who already does business in any given NAICS Now is the time to review active solicitations, before
code is essential to planning your next move. 90 percent of performing more market research. You need to know what
government contracts already exist, so you want to know the government is actively looking for right now. How many
who holds the current contract in your field of interest. potential opportunities are there in the market for you to
Having complete information on the incumbents helps bid on, based on your unique company profile? While
you identify potential competitors, but also assists you there are literally tens of thousands of open solicitations
in identifying potential teaming partners and commercial available, your focus should be on only those opportunities
customers. Depending on the situation, understanding that fit your company’s unique capabilities.
who is really a competitor, partner, or potential commercial
customer, and having good intelligence on their companies You should review the number of companies that have
and business practices, makes the seemingly blurry General Services Administration (GSA) Schedules in
government contracting business development picture your various NAICS codes against the total number of
much clearer. contracts awarded. This will allow you to further determine
if you should have a GSA Schedule in order to compete.
What’s your potential piece of the government pie? Most of the time the answer will be no. The key is to use
Knowing how big your market is will determine how many the education that comes from doing business with the
resources you will need to capture potential opportunities, government to further make your determination regarding
and what you should expect as far as potential returns a GSA Schedule. You can also use the revenue earned
on your investments of time, money, and resources. from your government contracting activities to pay for the
professional development of your GSA Schedule.
At this point, you have enough intelligence to quickly

review active solicitations and better understand the
real time landscape, while making accurate bid/no bid
decisions. You now have more assurance that you will
not be overwhelmed by the number of open solicitations
available and not understand where or how to begin.
You are now in a position to review current government
needs and perhaps respond to the appropriate requests
for proposals (RFPs), but the next step in the blueprint
gives you the real key to government contracting business
development: advanced market intelligence.
90% of all government contracts that appear on government

contracting bid sites (FedBizOps, TACOM, MICOM, NECO,
ASFI, Dibbs, etc.) are based upon work currently being
done by another company, and are renewed, reissued,

re-competed, or otherwise re-advertised. This is the opportunities that fit your company’s capabilities. However,
origin of what most people think of as open solicitations. to truly get the edge in government contracting, you need
The ability to obtain enough information about expiring to develop a pipeline of opportunities so that you know
contracts far enough in advance to determine your future which contracts are coming up before they’re active.
opportunities is the key to government contracting. Key Having a pipeline of contracts lined up years in advance
information required is: will help you:
• What is the contract? What is the contact number? Is • Forecast future sales
the contract on a GSA Schedule? • Focus on specific ops by agency, dollar amount, etc.
• What are the individual tasks’ orders? • Develop necessary relationships with contracting and
end user staff up front
• What agency awarded the contract?
• Develop internal capabilities and resources to be
• Which facility is the point of performance location? prepared in advance
• Develop necessary relationships with potential
• Who is the current vendor? Do they have any set aside
partners, and contractors in advance
status? Is it expiring?
• Create an action plan for pursuing upcoming
• What is the dollar amount of the contract and the opportunities, so you are prepared when they arrive
individual task orders?
• When was the contract awarded? Most importantly, In the past, only large prime contractors understood
on what date does the contract end? these steps and had the resources required to
perform this valuable research and business
Armed with this and the information from the previous development. Armed with this information, however, you
steps, we can develop our pipeline and determine will be prepared to play in the big leagues of government
how far in advance we should begin to plan for certain contracting too.
expiring contracts.
Once you have completed the previous research and begun

to make your determinations on the exact opportunities you
should pursue, there is one more vital piece of information About the Author
required: the names, phone numbers, email addresses, Kim Harwell is a National Procurement Manager
physical addresses, and possibly recent purchases of of National Bid Network (NBN) and its subsidiary
GovPurchase. He is a consummate entrepreneur
the buyer. and has more than thirty years of business and
technological expertise in the government,
This information also helps you determine if you should telecommunications, and marketing fields.
Founding and leading organizations that have
be prime or a subcontractor in any given situation. If generated an aggregate of several billions of dollars in revenue,
you determine you should be a subcontractor, you are Mr. Harwell is a highly sought-after source in business, government
already familiar with the prime contractor because of your relations, and technological advances.
previous research.
Every company’s goal is to win government contracts, and

you should be constantly reviewing open solicitations for

CYBER
WARRIORS
WANTED
APR 3OTH COLUMBIA, MD JUNE 3RD TYSONS CORNER, VA NOV 4TH MCLEAN, VA
SHERATON COLUMBIA TOWN CENTER RITZ-CARLTON TYSONS CORNER CHECK WEBSITE
Are you a Cyber Warrior and seeking a new employment

opportunity? If so, don't miss the TECHEXPO Cyber Security
hiring event and interview with the nation’s leading IT companies.
Companies looking to exhibit & recruit at these hiring events contact:

Bradford Rand at 212.655.4505 ext. 223 or BRand@TechExpoUSA.com
www.TechExpoUSA.com

Who’s Watching the
Back Door?
by: Arleen Chafitz, Owner and CEO, e-End

Steve Chafitz, President, e-End
Ping, ping, ping... End-of-Life Vulnerability

You know what that sound means. It’s a hacker trying to When data-containing equipment reaches its “end-of-
break in through your front door. They want to reach your life” stage and is taken out of service, the high level of
network, which is securing valuable data. So how do you front door security it was previously given may be totally
stop them? You spend thousands of dollars, maybe more, ignored. Along with servers and PCs, items such as copy
to create a fortress-like defense to prevent the criminals machines, printers, medical equipment, cell phones, phone
from crashing the front gates -- and gaining access to the systems, and a variety of other devices have hard drives or
keys of the castle. other storage media in them that retain data.
Whatever definition you use for “cybersecurity,” the Visit any company or government agency and you’ll find
common denominator is to implement policies and this data-filled equipment stored unsecured in hallways,
procedures for protecting networks, computers, and data storage rooms, and offices. Even when the hard drives are
from an attack and ultimately prevent costly data breaches. removed from this equipment, the media can still end up
on bookshelves or in boxes in the IT department waiting
While the major focus of cybersecurity is keeping the front to be sanitized.
door impenetrable from global criminal activities, according
to the 2014 Bitglass Healthcare Breach Report, 68% of By not placing enough emphasis on the proper handling of
breaches originate from the inside.1 Part of this epidemic is data from end-of-life equipment, your IT department may
from a significant amount of data-rich electronic equipment leave hard drives untouched for weeks or months waiting
and devices going out the back door.

for someone to destroy the data. Sanitization is not
their priority, plus it’s time taken away from other
important tasks. It can take three hours or longer
to sanitize a single hard drive. Think about the 600
man-hours, or more, if there were 200 drives.
In addition to an IT department not being able to

“self-certify” their own work, data sanitization
experts will tell you that reformatting, deleting,
or even drilling holes in hard drives doesn’t
destroy data beyond all methods of forensic
reconstruction. With the proper equipment,
complete data destruction is accomplished following
basic guidelines in the National Institute of Standards
and Technology (NIST)’s 800-88R1 Publication.2
Unfortunately, too many businesses and agencies look

at old equipment as “cash in the pocket.” They’ll sell
equipment online or at auction, or even donate it for a
tax deduction. With some of this equipment still retaining All too often, hard drives
data, confidential information may wind up going to the will be left sitting unprotected
highest bidder. until they can be sanitized by the
IT department.
By creating vulnerability for a data breach, your operation
may be in violation of one of the numerous federal
each.3 For GLB there are also severe penalties for non-
regulations for safeguarding personally identifiable
compliance: imprisonment for up to 5 years, steep fines,
information (PII) and other confidential information. While
or both. A financial institution can be fined up to $100,000
most people have heard of HIPAA, the acronym maze of
for each violation; officers and directors can be fined up to
regulations you must become familiar with includes SOX,
$10,000 for each violation.
GLB, FACTA, COPA, and FISMA.
If you think just because you’re not a healthcare provider
that HIPAA doesn’t apply to you, think again: some large
Are You Ready to Pay the Fines? companies and other entities fall under HIPAA data security
Not implementing the required safeguards can not only guidelines. Under the HITECH Act, HIPAA enforcement
allow a costly data breach, but can have a direct impact has increased and now the Attorney General (AG) of each
on your bottom line. Blue Cross/Blue Shield of Tennessee state is authorized to enforce HIPAA violations. Many AGs
was fined $1.5 million when 57 unencrypted hard drives have gotten their states millions of dollars by successfully
were stolen from a storage closet. In all, their total cost for imposing fines for data breaches.
remediation was over $18 million.
By using HIPAA requirements as a guide, no matter what
A data breach can cost US organizations an average of your business is, odds are you will remain in compliance for
$5.9 million and for HIPAA violations up to a maximum of protecting PII. The HIPAA physical safeguard requirement
10 years in prison. Medical records are among the most is very simple – “Implement policies and procedures to
sought-after prizes for data thieves. According to the address the final disposition of electronic protected health
Bitglass Report, credit card records have a black market information, and/or the hardware or electronic media on
value of $1.00 each, and medical records go for $50.00 which it is stored.”4

• Enter into a Business Associate Agreement (BAA).
• Consider “Data Breach Insurance” (a.k.a Cyber Liability
Insurance).
• Ensure proper recycling of equipment by securing a
vendor who is R2:2013 or e-Stewards certified.
Now is the time to act. Every moment you wait could

lead to the next big data breach, doing your company
irreparable harm. Certified data destruction is not only a
precaution, it’s a responsibility. Make it your priority.
Sources
1 Bitglass, Inc.: “The 2014 Bitglass Healthcare Breach Report.” Nov. 4, 2014: p.2.
<http://pages.bitglass.com/pr-2014-healthcare-breach-report.html>
2
Kissel, Regenscheid, Scholl, Stine: United States Department of Commerce.
National Institute of Standards and Technology. “NIST Special Publication 800-88
Revision 1: Guidelines for Media Sanitization.” December 2014.
<http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf>
3 Bitglass 5
4 United States Department of Health and Human Services: HIPAA Physical

Safeguards-DISPOSAL (R) - § 164.310 (d)(2)(i)
About the Authors

Arleen Chafitz is the owner and CEO of e-End, a
It’s a familiar sight: unused equipment Certified Woman Owned Small Business. Arleen
sitting in an unsecured room. began e-End in 2006 with the goal of keeping old
electronics out of landfills by proper recycling. As
more equipment began retaining data she shifted
her focus to data sanitization and preventing
data breaches. Arleen has been an entrepreneur
for over 40 years and has successfully operated
So how do you start to become compliant in protecting various businesses. She can be reached at:
data on end-of-life equipment? arleen@eendusa.com
• Create written policies and procedures for isolating
Steve Chafitz is President of e-End and is a subject
and securing old electronic equipment. Conduct spot- matter expert on sanitizing electronic media and
checks to ensure they are being followed. the recycling of electronics. He has briefed a variety
• Designate someone responsible for inspecting all of agencies and companies on data sanitization
procedures and spoken at numerous cybersecurity
equipment for data.
conferences as well as hosting webinars on
• Secure a NAID AAA-certified vendor who specializes protecting data on end-of-life equipment.
in data sanitization following NIST 800-88R1 and He can be reached at: steve@eendusa.com
NSA guidelines and can provide a Certificate of Data

Sanitization.
• Perform strict due diligence in selecting any vendor –
since you generated the data, you are still responsible
for safeguarding it.

u s i n e s s
Small B :
h r e a t s
Big T
Cybersecurity in Small Enterprise Environments

Megan Clark, Help Desk Technician Amanda Fortner, Editor
Bryn Mawr College United States Cybersecurity Magazine
Cybersecurity may not seem like the costs of ignoring cybersecurity can but for many groups the cost can
a priority for many small enterprise be much larger than the time and money be prohibitive, and it’s often difficult
environments - after all, you’re small. you may save by neglecting it. You may to mandate that time be spent on
Who would want to hack, phish, find yourself facing litigation or fines anything other than business as usual.
or spam you? But small enterprise that your organization is ill-equipped
environments face just as much, if not to handle, and it may be incredibly More pressure may therefore fall on
more, threat as large corporations. You difficult to recover from the blow to your your cybersecurity team (or individual)
need only look at recent news to see reputation and customer confidence to present relevant information more
why small businesses may be tempting that a security breach may cause.2 quickly and consistently than a
targets for bad actors: Reuters, Target, training program can. Think about not
just the needs but the culture of your
CNN, The Washington Post, and Time Small enterprise environments carry
community: what gets their attention?
were all compromised through their their own unique challenges. A
In some places, eye-catching posters
interactions with small to medium- small staff often means limited time
in highly trafficked areas help spread
sized businesses.1 and flexibility during the workday.
vital information (we've found that
For those in charge of providing
“How are passwords like underwear?”
Now that we’ve established that education on cybersecurity, this can
in bold with red cartoon briefs can be
you’re not just small fry but a tempting be the ultimate challenge: how to fit rather effective). Rewards and perks
catch, you need to consider how to accessible education for community can also boost interest. Hosting
promote cybersecurity awareness and members on cyber threats into an awareness events with quizzes and
best practices amongst coworkers already full business day. Programs prizes, such as a Swedish Fish for
and leaders to protect your entire like Securing the Human3 or Wombat4 every correct answer about phishing,
organization from becoming the next can go a long way towards giving can grab the attention of users who
headline - or a footnote. According to your community the cybersecurity are less likely to read through non-
the U.S. Small Business Administration, education and awareness they need, emergency emails.

Repetition will also help solidify multiple occasions, users of popular secure. No one person can keep you
understanding. Information presented social networks like Twitter have secure, but each individual taking
once can be easily forgotten; a nearly lost money, face, and control small precautionary steps can help
reminder or further education roughly of assets because attackers had remove the mysticism of cyber threats
once per month creates opportunities access to personal information.5 It’s and replace it with the confidence
to expand on or solidify previously incredible just how easy it is to fool of preparedness.
presented knowledge. Even a friendly the gatekeepers of supposedly secure
reminder in your email signature that services with just a few snippets of Sources
“we will never ask for your password” personal data, like old addresses and 1 Polanich, Jason: “The Soft Underbelly of Enterprise
can be what prevents a phisher from the last four digits of a credit card Cybersecurity: Small Business Readiness.” July 2014,
SecurityWeek.com.
gaining access. number, which may be freely available <http://www.securityweek.com/soft-underbelly-
with a little digging. 6 You’re not enterprise-cybersecurity-small-business-readiness>
Even the best-prepared communities trying to scare your end users, but it’s 2 U.S. Small Business Administration: “Cybersecurity
for Small Businesses.” <https://www.sba.gov/sites/
can eventually be compromised. important that they understand what default/files/cybersecurity_transcript.pdf>
Immediate intervention is key. As the risks are and why it’s important to
3 <www.securingthehuman.org>
soon as you are aware that someone maintain good net hygiene.
has given out their password, reset 4 <http://wombatsecurity.com/>
it, and then later help the user Be sure to leave the meeting with 5 Bryant, Josh: “How I almost lost my $500,000
reset it themselves. If you are in an instructions going forward: things Twitter user name @jb…and my startup.”
ArsTechnica.com, January 2014. <http://arstechnica.
environment without system-enforced to look for that are expected (like com/security/2014/01/how-i-almost-lost-my-500000-
password policies (e.g. via Active bounceback messages and replies twitter-username-jb-and-my-startup/>
Directory), you may need to have a to spam emails sent out from their 6 Hiroshima, Naoki: “How I lost my $50,000 Twitter
username.” ArsTechnica.com, January 2014.
conversation with the account holder account) and unexpected (seeing <http://arstechnica.com/security/2014/01/how-i-lost-
to ensure that they understand what’s messages appear in their Sent folder my-50000-twitter-username/>
happened and how to prevent it from that they did not send). It’s also
happening again. important to follow up with them
within one or two business days after About the Authors
This conversation should take place your meeting, both to make sure they
face-to-face whenever possible. Even haven’t seen any further issues with Megan Clark has worked
at Bryn Mawr College
better is working side-by-side with the their accounts and to answer any helping community
user to restore their account settings, questions they might have. members stay secure
allowing you to approach the issue since 2011. Inspired
in a personal and familiar way rather Though education and reaction are by a fascination with
social engineering and
than presenting information to them vital components of maintaining the ways interpersonal trust changes
like a lecture or reproach. Keeping the a secure environment, an ounce when socializing online, she seizes any
user in control of the mouse will show of preparation is worth a pound of opportunity to spread awareness of the
them clearly that someone has logged firewalls. Keep abreast of new threats potential dangers of internet anonymity.
into their email account and gained and be proactive about addressing Amanda Fortner is the
access to all it contains. them. Use current examples to ensure editor for the United
that your community members know States Cybersecurity
Now is also the time to clarify what these issues mean for them and Magazine. She worked
with Megan Clark to
what happened and ensure they how to defend themselves efficiently. protect, educate, and
understand the severity of someone Clearly and succinctly explain the prepare Bryn Mawr
other than themselves having importance of increased security College community members from cyber
access to their account. Be sure to practices, like password complexity threats from 2010 to 2013 and credits
Clark for teaching her (nearly) everything
discuss what else their username or expiration rules, so that your users she knows.
and password may grant an intruder see them as important protective
access to, like personal and financial measures instead of unnecessary
information, or accounts that store inconveniences. Perhaps most
credit card information, like Amazon importantly, show your community
or eBay. Also consider explaining the that you are working together with
dangers of social engineering: on them to keep your organization

Keep It Secret,
Keep It Safe:
Nine Steps to
Maintaining
Data Security
Alvita Fitzgerald Jessica Schneider
Vice President of Administration Strategic Communications Specialist
Megadata Technology Megadata Technology
Megadata Technology is a cybersecurity company located in National Harbor, Maryland, just across the river
from Washington, DC. As a company whose focus is on securing information for national organizations,
it is important for our clients and our staff to always be aware of potential security breaches and ways to
avoid them. Our years of experience and regular training to remain current in this field have helped us
form a multi-level approach for warding off cyber hacks. Megadata Technology believes that knowledge
is power, and it is our goal to secure your power. The following are nine simple steps that can help any
individual, business, or organization secure their cyber information.
1 Implement access control based on need-to-know

and least privileged concepts.
At Megadata Technology we implement access control
3 Know your data: you cannot protect what you do
not know.
Always be aware of what information you are storing on
based on need-to-know privileges. Always identify which your company’s systems. Implement an application to
employees need to have access to specific information, assist you in maintaining awareness. A good example
and grant privileges based on that need. Once you have is ISO 9000, which is a series of developed standards
ensured that certain information is accessible only to that define and maintain an effective quality assurance
specific individuals, it should be ascertained that data at system for all sensitive documents. Knowing what
rest, for example on a file server, is stored in accordance information is being stored also ensures that hardware
with the same information privileges. inventory is accurate.
2 Data sanitization: clear sensitive data from

hardware before disposal.
When equipment has ended its lifecycle, sensitive data
4 Implement personal firewalls.
A personal firewall offers antivirus and anti-spamware,

may still reside on hardware. This may include anything and prevents outside intruders from being able to probe
from hard drives to printers. Information cannot simply your machine. In order for a hacker to even try to infiltrate
be deleted, since new technologies can be used to your system, he must be able to get a response from it.
recover this information. The process of data sanitization Implementing a firewall will protect your machine and make
rids hardware of sensitive data that is no longer relevant it so that hackers are unable to elicit any responses from it
for services. The most effective methods for this process or gain any sensitive information. A business best practice
include physical destruction, shredding, or utilizing federal is to ensure that all of your desktops and workstations have
government-approved sanitization software. firewall protection.

8 Back it up! Backing up your computer can protect
your information and keep your files safe.
Backing up is important for continuity, in order to make
sure that you always have access to your files. Workstations,
laptops, desktops, etc. can often become corrupt,
inaccessible, and simply are not always reliable. Backing
up ensures that the data on these machines can still be
accessed, which is imperative for staff and businesses.
5 Secure your connections: use secured remote

connectivity and secured file transfer options.
Secure connections entail adhering to the HTTPS SSL
9 Keep your computer patched with automatic
software and system updates.
Unpatched machines are much more likely to have
protocol 443, which can often be identified by the lock vulnerabilities that can be exploited. Patching equipment
icon at the bottom of the screen. Always be sure to utilize provides it with the latest updates, which will ensure that
in-private browsing, which will restrict the sites being your system is using the latest revisions of any major
browsed from contracting viruses or cookies. Employing application, such as Microsoft Office, which may be running
secured remote connectivity, or Virtual Private Networks on the machine. Systems should be set to run automated
(VPN), is important because this mitigates the risk of a man- updates when necessary.
in-the-middle attack by creating layer 3 secured tunnels
from the source to the specified destination. Secure file
transfer options create a secure site to upload files in order
to protect the integrity of the data being transferred. This
prevents your data from being compromised while in The issue of cybersecurity has become more relevant as
transit, but also allows for information to be uploaded to attacks have impacted both individuals and corporations
protective sites. large and small, both at home and abroad. It is important
to be aware of operations being used to ensure that
information is being transmitted securely, protecting
valuable data from cyber thieves. Megadata Technology
6 Take advantage of training opportunities to stay makes it our business to protect our clients’ information,
current in the security field. and these nine steps can be easily implemented to help
Training is a great way to heighten IT skills, while you do so as well.
simultaneously helping to stay abreast of changes in
technology. This will empower individuals and companies
with the knowledge to secure information, and ward
off cyber-attacks. Megadata Technology implements a
About the Authors
monthly training for our staff that keeps them on track for
Alvita Fitzgerald is Megadata Technology’s Vice President of
required certifications, increasing our capabilities and our Administration and Director of Human Resources. Ms. Fitzgerald
staying power in the field. received both her Bachelor’s and Master’s degrees in Business
Administration from American Intercontinental University. In her
role at Megadata Technology, Alvita oversees all organizational
development strategies that drive and support talent management.
7 Install protective software to scan and update

your virus definitions regularly.
Ensuring that equipment has the latest virus definitions
Jessica Schneider serves as the Strategic Communications
Specialist for Megadata Technology. Jessica recently graduated
with her Master’s degree in Communication from George Mason
University, and is currently working on obtaining her Project
will result in the automatic update of systems, and will
Management Professional certification.
reduce the human error factor. Additionally, installing an
antivirus will periodically scan your machine, and although
this cannot protect equipment from all viruses, it is a best
practice to employ due diligence as a defense mechanism.

In order to design forensic workstations, the first
determination is both the source and the destination of
the media that needs to be forensically read, retrieved
from suspect data, and included in the chain of custody. In
other words, the workstation needs to have the ability to
demonstrate who has had access to the digital information
being used as evidence. Special measures should be taken
when conducting a forensic investigation if the results will
be used as evidence in a court of law. One of the most
important steps is to ensure that the evidence has been
accurately collected and that there is a clear chain of
custody from the scene of the crime, to the investigator,
and ultimately to the court.
Another key design decision is the workstation’s

purpose: data acquisition, processing, or both. Many
systems are multi-purpose and can perform forensic data
acquisition and processing equally well. Another important
consideration is the required processing speed and the
number of processors, processor cores, and amount of
memory anticipated for the data processing. Systems are
available with 1-4 processors and up to 1TB of RAM. A
Creating Your popular configuration involves two Intel® Xeon™ 6-core

(each) processors and 256GB of DDR4 memory. The
number of processors and cores per processor should be
Ultimate Code-Cracker: determined by the system requirements of the software

that the system will run.
the Design of It’s also important to consider the type of media the system
needs to acquire data from. Once this is established, the
Digital Forensic
next step is to plan and include write-protected data
acquisition methods. The most basic media is a hard
drive write-blocked forensic bridge. Write-blocked drive
Workstations
bay-mounted forensic bridges are available for all common
hard drive types such as IDE, SATA, SAS, SCSI, IEEE1394
(Firewire), and USB, with adapters for using 3.5”, 2.5”,
John Samborski, CEO and 1.8” drives. A write-blocked flash media card reader
is also useful for forensically reading media cards such
Ace Computers
as SD and CompactFlash cards. A read-only media card
reader is best, since it will prevent accidental corruption
Today most records of individuals, businesses, government or addition to the source data. A read-write switchable
agencies, and even criminal organizations are stored on reader can potentially be corrupted, but by using a model
various types of electronic media. In order to properly that is incapable of writing data, that source of error can
investigate a suspect, evidence needs to be extractable be eliminated. It’s simple to add a standard external flash
from electronically stored information (ESI) sources without reader/writer to the system. Although it will be obvious to
being corrupted. users that this external flash is capable of corrupting data,
the internal model should be write-blocked at all times.
Digital forensics is the acquisition, scientific examination,
and analysis of data retrieved from digital devices Optical media is another common source of forensic data.
(computers, mobile phones, game consoles, memory This media is typically not written to without specialized
sticks, etc.) in such a way that the information can be used software, so a standard DVD or Blu-Ray reader/writer will
in a court of law or for the purposes of the retriever without perform this work adequately.
any disturbance to that evidence. Digital forensics often
requires workstations that are dedicated to and designed Once the data can be read in a forensically safe manner, it
for the task. needs to be stored on either a target drive, a RAID array,

Security
or both. With the storage system defined, the design of
the RAID system or the allowance of destination drive bays
needs to be specified.
Another decision is whether graphic processing units
comes
(GPU) should be included for assistance in breaking
passwords. Normally, systems are shipped with a single
graphics card for display purposes, but users can also
leverage the intense processing power of the GPU for
assistance in brute-force password cracking through
built in.
massively parallelized iterative attempts. By using a higher-
end graphics card or multiple graphics cards, the forensic
system can also be used to shorten the time needed to
break a password installed on a system or to open up
files which have been encrypted. The current top-of-the-
line card is the NVIDIA GeForce Titan-X, which is a single
GPU card with 3,072 processing cores that costs about
$1000. While this is five times the cost of a standard
video card, it can be well worth the expense for password
breaking/decryption work.
Specialized password/decryption servers and clusters

with multiple GPU-optimized systems designed for 24-7
operation are also available, and are frequently used in the
federal market by major government and law enforcement
agencies.
Obviously, there are numerous items to consider when

designing a forensic workstation and since the system ACE® ForCE™ Series Forensic Workstations
components change often, it is best to work with a
systems integrator who is actively involved in the market.
The systems integrator will know how to optimize the See us at
design based on the latest software, hardware, and thermal
techniques. For government agencies, it also makes sense
to work with a firm that can custom-design a system to
exacting specifications and has popular contracting
vehicles available to facilitate the purchase directly without
the complications of contracting procedures.
About the Author

John Samborski, P.E. is a recognized expert in
Booth 214
forensic information technology, with an extensive
history of innovation and thought leadership
in system integration. Since founding Ace
Computers in 1983, he has aggressively pursued
the development of custom, cost-effective
products and services in concert with well-known
industry leaders. He was a founding member of the Intel Premier expect a per fect f it
Board of Advisors in 2002 and was awarded a lifetime position.
Ace Computers is one of the largest, oldest, and most respected
custom technology developers and builders in the U.S. and holds
numerous federal and state level contracts.
www.acetechpartners.com

A Pioneer in Cyber-Education
and Workforce Development
G.B. Cazes, Vice President | Cyber Innovation Center | Bossier City, Louisiana
What do you want to be when you grow up? This is a start writing, we must teach them the alphabet – and that
timeless question teachers across the country ask their foundation for success is what we provide through our
students. A typical response: doctor, nurse, lawyer, fireman, NICERC programs.
veterinarian. While these are great occupations, today’s
workforce not only includes these professions but also NICERC programs have become a national model for cyber
great opportunities for computer and data scientists, education, focusing on teacher professional development,
cybersecurity directors, digital forensics analysts, cyber curricular design, and collaboration in K-12 education.
threat managers, and other cyber-focused careers. As a Through a diverse, multi-disciplinary team of university
generation with empowering, educating, and developing faculty, subject matter experts, and master teachers,
our future leaders and workforce, our responsibility is NICERC has developed a vertically integrated, cross-
simple: at an early age students must be introduced to curricular, project-driven curriculum for middle school and
and prepared for cyber opportunities, including current high school classrooms. These curricula make up a robust
career fields and those that do not yet exist. cyber pathway rooted in strong STEM fundamentals.
Cyber is the integration of STEM and liberal arts
The nation and its citizens face an active and growing cyber disciplines, wrapped in a societal context with a technology
threat and a critical shortage of cybersecurity professionals. underpinning. Taking this broad approach provides context
To ensure our nation’s future security and economic growth, for the content being taught in the classroom and engages
we must build a strong cyber workforce. Today, there are a broader group of students. A sample of NICERC curricula
over 340,000 unfilled cybersecurity jobs.1 Further, a report includes STEM: Explore, Discover, Apply (STEM EDA);
to the President by the Council of Advisors on Science and Cyber Literacy; Cyber Science; Cyber Society; Cyber
Technology says, “The nation will require approximately Physics; and Advanced Math for Engineering & Science.
one million more science, technology, engineering, and NICERC has created a “Cyber Interstate” that allows
math (STEM) professionals than what will be produced at students to enter and exit at various points throughout their
current rates over the next decade.”2 Building a strong academic and professional careers. By building a strong
STEM foundation in the early years is the key to getting foundation, students can compete in cyber competitions,
students interested in related degrees and careers. Today’s earn industry certifications, explore new career fields, and
workforce requires students to possess STEM skills in order earn a variety of cyber degrees. It’s critical that students are
to be globally competitive. provided multiple opportunities to become aware of cyber
issues (enhance awareness), engage in cyber education
The National Integrated Cyber Education Research Center (expand the pipeline), and select cyber careers (evolve
(NICERC), an academic division of the Cyber Innovation the field). Cyber impacts every aspect of our lives, and our
Center in Bossier City, Louisiana, was created to design, ability to lead in this new domain is critical to our future
develop, and advance both cyber and STEM academic economic and national security.
outreach and workforce development programs across the
region and nation. NICERC’s objectives are to nationally The development and enhancement of the Cyber Interstate
disseminate innovative practices in cyber education; to begins with teachers. Teachers are vital players in creating
promote a culture of educational innovation; to serve a systemic and sustainable change in K-12 cyber education.
as a catalyst for future research in cyber education; and Imagine a classroom of students who are on the edge
to provide a focal point for continued interdisciplinary of their seats, filled with enthusiasm and questions, and
collaboration in STEM education reform. Cyber is like engaged in learning about how science, technology,
a well-written essay: before we can expect students to engineering, math, and liberal arts all integrate. It’s a unique

learning environment that many teachers strive to create for additional partners throughout the country who may
in their classrooms. Jonathon Ownby, a science teacher benefit from its professional development, curricular
in Louisiana, described the changes he has seen in his content, and programs (some of which are available at no
students: “There is an energy here that is very contagious. cost). If you are interested in connecting with NICERC, visit
My students are motivated, excited, and anxious to come our website at www.NICERC.org.
to school and work on Cyber/STEM modules. They have
also been inspired to do independent research and testing. Sources
Students who were unmotivated and uninvolved are now 1 Department of Homeland Security: “FY 2015 Budget Overview.” 2015.
<http://www.dhs.gov/sites/default/files/publications/DHS-Congressional-Budget-
key players in their small groups and have found an interest Justification-FY2015.pdf>
in academics they didn’t think they had.”
2
President’s Council of Advisors on Science and Technology, Executive Office
of the President: “Report to the President: Engage to Excel: Producing One Million
Through teacher empowerment, professional development, Additional College Graduates With Degrees in Science, Technology, Engineering,
and Mathematics.” February 2012. <http://www.whitehouse.gov/sites/default/
and classroom resources, NICERC aims to provide teachers files/microsites/ostp/pcast-engage-to-excel-final_2-25-12.pdf>
with the powerful capability to connect what they’re
already teaching students to the hundreds of thousands
of unfilled cybersecurity jobs. And those students, the
future cyber professionals, will help the nation address the About the Author
growing cyber threat to public and private networks and G.B. Cazes is the Vice President of the Cyber
improve critical infrastructure resiliency. The Department Innovation Center, serving as the Director of the
of Homeland Security has recognized NICERC’s efforts with National Integrated Cyber Education Research
a 2013 grant and funded the expansion of these programs Center (NICERC). G.B. has over eleven years of
experience in the Information Management and
to communities across the country.
Information Technology (IT) fields. His experience
includes working in the international, commercial,
NICERC offers professional development opportunities and government markets. He has served as the Assistant Director
for middle and high school teachers that use its curricula of the Information Technology Consulting Department and Director
to empower teachers and engage students. NICERC of Telecommunications Management Department for a Shreveport-
based IT consulting and software development company. G.B.
professional development programs include, but are
has a Master of Business Administration from Centenary College
not limited to, STEM EDA teacher workshops, the and serves on a variety of professional organizations, including
annual Education Discovery Forum (EDF), and Cyber the Military Affairs Council and the Louisiana EPSCOR Board. He
Discovery. These professional development programs also serves on numerous boards including the Bossier Chamber
enable teachers to bring new projects, technology, and of Commerce, the Bossier Parish Community College – Cyber
Information Technology Advisory Board, and the STEP Forward
curricula into their classrooms, creating a dynamic new
Executive Team. He was awarded the Partners In Education Award
learning environment. The results are increased student in 2010, the AFCEA Exceptional Contribution to STEM Education
engagement, development of soft skills, and a connection Award in 2012, and the 2012 Southern Growth Innovator Award
to necessary industry skills. for Workforce Development in Louisiana.
This is a replicable, teacher-focused, cyber education

and training model created to empower teachers and
transform classrooms. NICERC’s cyber curriculum is
currently being implemented in K-12 schools across the
country and continues to expand through a robust network
of partners and contributors. NICERC is currently looking

INDEX OF {ADVERTISERS}
Anne Arundel Community College - Cyber and Technology Training . . . . . . . . . . . . . . 63

Central Michigan University - Global Campus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 03
United States
Chiron Technology Services, Inc.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 01
ClearedJobs.net. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 {CYBERSECURITY}
Commercial Insurance Managers - A Mumpower Enterprise. . . . . . . . . . . . . . . . . . . . . 59 Magazine
Convergence Technology Consulting, LLC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
CyberMaryland 2015 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Cyber Montgomery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Download the app today!
Cyber Summit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 04
Search "United States Cybersecurity Magazine"
CyberTECH. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Scan with your Apple
CyberTexas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
mobile device
Emagine IT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 09
GovConnects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
GovPurchase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 02
Harford County, MD - Office of Economic Development. . . . . . . . . . . . . . . . . . . . . . . . . 56
Johns Hopkins - Whiting School of Engineering. . . . . . . . . . . . . . . . . . Inside Front Cover
LMI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
National Cybersecurity Institute at Excelsior College . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Noble Offerings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Offit | Kurman, P.A.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
C y b e r
Parrot Labs - KEYW Corporation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inside Back Cover
PROJECTSEVEN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Pwnie Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
securitycurrent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Signals Defense. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Solar Winds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
TECHEXPO Top Secret . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
The Cybersecurity Accelerator - Powered by Metro Offices. . . . . . . . . . . . . . . . . . . . . . . 12
The Fort Meade Corporate Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
The MIL Corporation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
United States Cybersecurity Magazine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Scan with your Android
mobile device
University of Maryland - A. James Clark School of Engineering. . . . . . . . . . . . Back Cover
UTSA - The University of Texas at San Antonio COLLEGE OF BUSINESS . . . . . . . . . . . . . 23
443.453.4784
Visionist Inc.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
www.uscybersecurity.net

KEYW’s Parrot Labs oﬀers hands-on
cybersecurity training courses for today’s
cyber professionals. Our instructors provide
in-depth curricula that engage and assess
students with state-of-the-art equipment to
prepare them for defending against advanced
persistent threats. Our goal is to make your
Powered by cybersecurity methods as advanced as the
threats against you.
UPCOMING COURSE SCHEDULE:
OFFENSIVE METHODOLOGY
& ANALYSIS
May 4 – 15
CYBER LEADER COURSE

April 22 – 23
KEYW Corporation
May 27 – 28
7740 Milestone Parkway
Hanover, MD June 24 – 25
cybertraining@keywcorp.com
TACTICAL DIGITAL FORENSICS

training.keywcorp.com June 1 – 12
ADVANCE YOUR
CAREER WITH A
MASTER’S DEGREE
OR GRADUATE
CERTIFICATE
IN CYBERSECURITY
Our graduate programs give you the technical expertise to

handle demanding positions protecting public and private
sector computer systems, electronic infrastructures, and
critical communications networks.
Move your career to the leading edge of Cybersecurity expertise
with a graduate degree from the University of Maryland.
www.advancedengineering.umd.edu/cyber-degree

US Cybersecurity Mag - Spring 2015

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

US Cybersecurity Mag - Spring 2015

Uploaded by

Copyright:

Available Formats

Spring 2015 Issue | Volume 3 | Number 7

CAN BE COMPLETED ONLINE

LEARN MORE TODAY

Cybersecurity Training 5072616973652062

Wireless Exploitation and Attack CNO Developer Course

Mobile Device Exploitation Embedded Systems Attack

Network Attack and Active Defense Network Exploitation and Tradecraft

To Learn More About Our Training: 410.672.1522 x 113 | training@chirontech.com

/chirontech /chirontech /chirontech /chirontech www.chirontech.com

United States Cybersecurity Magazine | www.uscybersecurity.net 01

ACCESS THE LARGEST GOVERNMENT

HIGH QUALITY, HIGH PROFIT OPPORTUNITIES

BILLION DOLLAR CONTRACTS

Contact us at 301.741.4446 or info@govpurchase.com

02 United States Cybersecurity Magazine | www.uscybersecurity.net

Editor: Amanda Fortner

The United States Cybersecurity Magazine contents

United States Cybersecurity Magazine | www.uscybersecurity.net 05

08 Diving into the Deep Web Cyberthreat Landscapes

24 Opening the Door for Women in Cybersecurity Protecting Your Data

06 United States Cybersecurity Magazine | www.uscybersecurity.net

United States Cybersecurity Magazine | www.uscybersecurity.net 07

Yet what most people think of as the Internet is only a

• Can’t control or access all areas of the deep

and view offline.

These downloaded files are often laden with malicious

What can you do about this threat? Organizations should

10 United States Cybersecurity Magazine | www.uscybersecurity.net

Your Closest Class A Office Space NOW

We Can Accommodate SCIF Spaces!

United States Cybersecurity Magazine | www.uscybersecurity.net 11

The Cybersecurity Accelerator • Venture Capital Fund for Cybersecurity

12 United States Cybersecurity Magazine | www.uscybersecurity.net

by: Daren Dunkel

14 United States Cybersecurity Magazine | www.uscybersecurity.net

100 01100100 00100000 01101001 010010

One thing is certain: 2015 will

1 Alsop Louie Partners: “Our Team: Bill Crowell,

United States Cybersecurity Magazine | www.uscybersecurity.net 15

Industry buzzwords are a dime a

The term "Internet of Things"

16 United States Cybersecurity Magazine | www.uscybersecurity.net

United States Cybersecurity Magazine | www.uscybersecurity.net 17

18 United States Cybersecurity Magazine | www.uscybersecurity.net

San Antonio is also active in developing national and

With its existing industry and infrastructure, its commitment

About the Author

United States Cybersecurity Magazine | www.uscybersecurity.net 19

by: Chris LaPoint

Federal employees play a huge part in keeping our country

20 United States Cybersecurity Magazine | www.uscybersecurity.net

Policies and Processes

According to our study, 85 percent of federal IT pros said

It is critical for all employees to practice good net hygiene

All federal to the specific wireless access port or switch port,

employees must with a device not on the whitelist or on a watch list.

understand the • IP address management software will track IP

importance of IT someone brings in an unauthorized laptop and uses

security protocols immediately. While an IP address conflict may not

and the impact that are not being followed.

a security breach • Log and event management software, as well as

can have. software, can help collect a wealth of information on

Insider threats are a growing concern, but the solution is

For example, IT pros can use IT infrastructure management