TeleCommunication Systems Won $49 Million Contract to Deliver Department of Defense Cyber Security Training

TeleCommunication Systems, Inc. (TCS), a provider of secure mobile communication technology, won a competitive five-year contract (a base plus five option periods) valued at approximately $49 million to provide the Department of Defense’s (DoD’s) military and civilian personnel with on-site computer network operations (CNO) training to support the government’s cyber security workforce development. The government’s workforce development effort is a key Obama administration initiative and is one of White House Cyber Security Coordinator Howard Schmidt’s top priorities.

Providing cyber security training for government workforce is one of the lucrative and dynamic sectors of the federal cyber security market - these are findings of a recently updated market study U.S. Federal Cybersecurity Market Forecast 2010-2015.

CARDIN INTRODUCES BILL TO PROTECT AMERICANS FROM CYBERCRIMINALS AND CYBERTERRORISTS

At the height of the cybershopping season and just as millions of Americans prepare to use their e-tickets to board airlines around the country for the holidays, U.S. Senator Benjamin L. Cardin (D-MD), Chairman of the Senate Judiciary Terrorism and Homeland Security Subcommittee, has introduced major legislation that would require the government to work with the private sector to propose minimum standards for Internet and cybersecurity safety designed to protect Americans from cybercrime and cyberterrorism. Speaking before hundreds of security, technology and intelligence professionals gathered at the launch the new Maryland Cybersecurity Center today, Senator Cardin outlined the need for such a bill and the malicious nature of cyber threats.

“Every computer connected to the Internet, whether a part of our nation’s critical transportation or energy infrastructure or sitting in a family living room, is a prime target for cyberterrorists, cyberspies and cybercriminals who want to steal our identities, corrupt our financial networks, and compromise or disrupt key resources. Users of computers and other devices that connect to the Internet are generally unaware that their computers and other devices may be used, exploited, and compromised by others with spam, viruses, and other malicious software and agents.

“We live in a digital world and we need to arm ourselves with the right tools to prevent a digital 9/11 before it occurs. Failure to take such steps to protect our nation’s infrastructure and its key resources could wreak untold havoc for millions of Americans and businesses, as well as our national security.”

Cybercrime is serious business. In 2008, the Federal Bureau of Investigation (FBI) uncovered a transnational crime organization that used sophisticated hacking techniques to withdraw more than $9 million in less than 12 hours from 2,100 ATM machines in 280 cities around the world, including the United States, Russia, Italy, Japan and Canada.

“Cybersecurity involves more than preventing identity theft and stealing money,” Senator Cardin said. Senior executives at three major American oil companies reportedly fell victim in 2008 to what security experts called “tenacious” and “clever” cyber attacks that exposed some of these companies most critical intellectual property after executives were unwittingly duped by unsolicited e-mails carrying data-extracting malware. Cyberterrorists can hit these kinds of financial targets but also more traditional enemies, such as when anti-Israel hackers reportedly connected to Hamas and Hezbollah crashed several Israeli government web sites by flooding them with bogus traffic. Countries like Russia, China and Serbia also have reportedly engaged cybersoldiers to disrupt critical infrastructure systems in advance of or simultaneous to more traditional military engagements.

The Internet and Cybersecurity Safety Standards Act would require the U.S. government and the private sector to work together to develop minimum Internet and cybersecurity safety standards for users of computers and other devices that connect to the Internet. “Just as automobiles cannot be sold or operated on public highways without meeting certain minimum safety standards, we also need minimum Internet and cybersecurity safety standards for our information superhighway,” said Senator Cardin.

Last year, Senator Cardin chaired a Subcommittee hearing entitled “Cybersecurity: Preventing Terrorist Attacks and Protecting Privacy in Cyberspace.” It reviewed governmental and private sector efforts to prevent a terrorist cyber attack that could cripple large sectors of our government, economy, and essential services. The hearing included witnesses from key federal agencies responsible for cybersecurity, as well as representatives of the private sector.

Maryland is at the center of our nation’s cybersecurity efforts. The new United States Cyber Command (USCYBERCOM), was established in June of last year, and is located at Ft. Meade, MD. More than 50 key security and intelligence federal facilities and 12 major military installations are or will soon be located in our state, and combined, these facilities and installations will employ nearly 200,000 well-educated, highly-skilled government employees and contractors in cutting-edge research and development, as well as important scientific, medical and technological innovations. In total, Maryland has one of the highest concentrations of technology jobs in the nation, and led the nation in 2009 with the largest growth in computer systems design jobs.

The Internet and Cybersecurity Safety Standards Act

The Internet has had a profound impact on the daily lives of the people of the United States by enhancing communications, commerce, education, and socialization between and among persons regardless of their location

The Internet and Cybersecurity Safety Standards Act (ICSSA)

• Requires the Secretary of Homeland Security, in consultation with the Attorney General and the Secretary of Commerce, to conduct an analysis to determine the costs and benefits of requiring internet service providers and others to develop and enforce minimum Internet and cybersecurity safety standards
• Requires all relevant factors to be considered, including the effect that the development and enforcement of minimum Internet and cybersecurity safety standards may have on homeland security, the global economy, innovation, individual liberty, and privacy
• Requires consultation with relevant stakeholders in the Government and the private sector, including the academic community and groups or institutions that have scientific and technical expertise related to standards for computer networks, critical infrastructure, or key resources
• Requires report to Congress within one year on recommendations for minimum Internet and cybersecurity standards for computers and other devices that connect to the Internet to prevent them from being used, exploited, and compromised by terrorists, criminals, spies, and other malicious actors

New Public-Private Cybersecurity Partnership: NIST, DHS and Financial Sector

Memorandum of understanding (MOU) has been signed on Dec. 6, 2010 between NIST, the Department of Homeland Security and the Financial Services Sector Coordinating Council. The parties agreed to work together to speed the application of research into practice for better cybersecurity for the critically important financial services sector. A new public-private partnership has been formed to spur cybersecurity innovation in the financial services sector, leverage the core cybersecurity expertise, research and development capabilities and other resources to explore the benefits of new cybersecurity technologies and develop new processes that benefit critical financial services functions.

The three members of the partnership have complementing capabilities:

• NIST’s Information Technology Laboratory advances the state of the art in information technology and cybersecurity through innovations in mathematics, statistics and computer science and conducts research to develop the measurement and standards infrastructure for emerging information technologies and applications. Working with industry, other government agencies and academia, the institute accelerates the development of and deployment of IT systems that are reliable, usable, interoperable and secure.
• The Financial Services Sector Coordinating Council—whose members include banks, credit unions, insurance companies, payment services, trading firms and others—supports research and development initiatives to protect the physical and electronic infrastructure of the banking and finance sector and to protect its customers by enhancing the sector’s resilience and integrity.
• The S&T Directorate is the Department of Homeland Security’s research and development arm. Among its priorities, S&T conducts—in cooperation with other Federal agencies, state, local, and tribal governments, universities, and private industry—cybersecurity research and development to secure the Nation’s current and future cyber and critical infrastructures.

Nearly all modern financial services—banking and credit card transactions, insurance, trading and funds management, and many other business and consumer financial activities—are delivered online to all parts of the economy and society. Online services are also integral to international commerce. Both the public and private sectors have vital interests in securing financial services against threats.

The groups will develop and implement use cases and the supporting test plans to facilitate high assurance network infrastructures, advanced identity management technologies and improved usability of security technologies. Outputs of this collaborative research also are expected to be applicable to health care and Smart Grid cybersecurity needs.

Stuxnet Changes Rules of the Game

Stuxnet specifically targets computer systems that control electricity, water treatment, nuclear and chemical plants, pipelines, communications networks, transportation systems and other critical infrastructure, and it is unique in its complexity, flexibility, and resilience. Neither its creator nor its target is known. Stuxnet was called a “game changer” at a hearing of the Homeland Security and Governmental Affairs Committee on the implications of the recently discovered malware potentially far more destructive than any previously known cyber threat.

“Much attention has been paid to cyber crimes such as identity theft and to cyber attacks intended to steal proprietary information or government secrets. But lurking beyond those serious threats are potentially devastating attacks that could disrupt, damage, or even destroy some of our nation’s critical infrastructure, such as the electric power grid, oil and gas pipelines, dams, or communication networks. The newest weapon in the cyber toolkit was introduced to the world in June, when cybersecurity experts detected a cyber worm called Stuxnet”, said Collins.

“Stuxnet really takes the reality of the cyber threat to a new level and should awaken the skeptics,” Lieberman said. “It is really chilling, in terms of its effect. I would compare it to a guided missile in conventional warfare… But the reality is that the current, porous state of our nation’s infrastructure means that it wouldn’t take malware as robust and sophisticated as Stuxnet to cripple many of our critical systems. We want to make sure we put proper security in place before a major attack.”

Here’s how Stuxnet works: It initially infects computers through tainted USB thumb drives, and exploits four different Microsoft Windows security vulnerabilities that had been unknown until Stuxnet was set loose. Stuxnet has some 4,000 functions; by comparison, the software that runs the average email server has about 2,000 functions. Stuxnet can even update itself automatically.

The “Protecting Cyberspace as a National Asset Act of 2010″ (S.3480) would give the federal government modern tools to secure and defend the nation’s most critical cyber networks and establish public/private partnerships that will help set those kinds of national cyber security priorities. Specifically, the bill would establish a National Center for Cybersecurity and Communications within the Department of Homeland Security and empower that Center to help secure critical infrastructure networks. This would raise the security bar for all systems, making attacks more difficult, and putting in place processes that will help remediation after a successful attack. Lieberman said that the discovery makes passage of cyber security legislation that he, Collins, and Senator Tom Carper, D-Del., drafted and passed out of Committee all the more important. He promised it would be a top Committee priority in the 112th Congress since the White House and other key members of Congress did not engage sufficiently to pass the bill in the lame duck session.

Gates: Cyber Attacks Present Huge Threat

By Elaine Wilson, American Forces Press Service

Leaders are taking steps to bring defense industrial and domestic partners under an umbrella of protection from cyber attacks, Defense Secretary Robert M. Gates said.

“There is a huge future threat and there is a considerable current threat [from cyber attacks],” Gates said here yesterday during a question-and-answer session at the Wall Street Journal’s CEO Council. “That’s just a reality we all face.”

The DOD already has implemented effective protections for “.mil,” he said, and is working with its partners in the defense industrial base to offer them similar protections.

Leaders also would like to extend this protection to the government’s domestic side, Gates said, noting the importance of the National Security Agency to the nation’s defense against cyber threats and attacks.

“The only defense the United States has … against nation states and other potential threats in the cyber world is the National Security Agency,” he said. “You cannot replicate the National Security Agency for domestic affairs. There isn’t enough money, there isn’t enough time, and there isn’t enough human talent.”

The challenge, however, is offering the government’s domestic side access to NSA while also taking into account concerns for privacy and civil liberties, Gates said.

With this issue in mind, President Barack Obama recently approved a memorandum of understanding based on recommendations from Gates and Homeland Security Secretary Janet Napolitano. The MOU creates a Homeland Security Department cell within NSA, Gates said, with the authority to task NSA, but using its own attorneys to ensure privacy and civil liberties are kept at the forefront.

The cell offers a domestic security agency an opportunity to reach into NSA in a “real-time way” for protection, Gates said.

“My hope is over time that this will lead to better protections for both .gov and .com,” he said.
Gates also touched on the need for “real” competition in regard to acquisition, a topic that dovetails into his initiative to slash $100 billion from the DOD’s overhead –- or the “tail side” — and reinvest savings into the “tooth side” of the department.

“Too often competition in Washington is, everyone wins,” the secretary said. “That’s not my idea of competition. My idea of competition in the acquisition arena is winner takes all.

“I think the more we can do this, and the more we can cause industry, particularly on relatively low-technology-risk programs, to share the risk with the government in terms of timeliness and costs, the better off the taxpayers will be,” Gates said. “And at the end of the day, I think, the better off business will be.”

Cyber Europe 2010 Will Be Held in November

The European Network and Information Security Agency (ENISA) has successfully completed “phase one” and a major milestone of the CYBER EUROPE 2010 -the first pan European exercise on 24th September. This first phase included the training and a dry-run. The second phase of CYBER EUROPE 2010, i.e., the actual exercise, is planned to take place in November 2010.

DOD and DHS Sign MOA Enhancing Coordination to Secure America’s Cyber Networks

The Department of Defense (DoD) and the Department of Homeland Security (DHS) have signed a memorandum of agreement that will align and enhance America’s capabilities to protect against threats to our critical civilian and military computer systems and networks. This MOA reflects US administration commitment to building an agency-wide approach to combating threats to national cyber networks and infrastructure. The agreement embeds DoD cyber analysts within DHS to better support the National Cybersecurity and Communications Integration Center (NCCIC) and sends a full-time senior DHS leader to DoD’s National Security Agency, along with a support team comprised of DHS privacy, civil liberties and legal personnel.

CSC Acquires Vulnerability Research Labs

CSC (NYSE: CSC) has acquired Vulnerability Research Labs (VRL), a privately held cyber threat intelligence firm. The acquisition enables CSC to enhance its cybersecurity support to public and commercial enterprises around the world by strengthening its ability to develop unique tools and techniques.

CSC’s cybersecurity offerings include vulnerability analysis and penetration testing, data loss prevention services, a full range of managed security services, a global cyber strike-force to respond to cybersecurity incidents, cyber forensics training and analysis, Common Criteria Test Laboratories in the US, Europe, and the Far East, and a worldwide infrastructure of Security Operations Centers. CSC’s nearly 2,000 cyber professionals serve commercial clients and public sector enterprises in the United States and overseas, including civilian departments and agencies, and defense organizations.

National Cybersecurity Awareness Campaign: Stop. Think. Connect.

The Department of Homeland Security (DHS) launches the “Stop. Think. Connect.” public cybersecurity awareness campaign—a national initiative that promotes simple steps the public can take to increase their safety and security online. “Stop. Think. Connect.” is a national public education campaign designed to increase public understanding of cyber threats and how individual citizens can develop safer cyber habits that will help make networks more secure. The campaign fulfills a key element of President Obama’s 2009 Cyberspace Policy Review, which tasked DHS with developing a public awareness campaign to inform Americans about ways to use technology safely.

“Stop. Think. Connect.” includes cyber forums hosted in collaboration with the National Centers of Academic Excellence to bring together diverse groups of community, private and government participants for dialogues on cybersecurity issues; opportunities for members of the public to get involved and help spread the word by leading or hosting campaign activities; and a coalition for public and private sector organizations.

Raytheon Acquires Technology Associates to Expand Cybersecurity Capabilities

Raytheon Company (NYSE: RTN) has acquired Technology Associates Inc., a privately held company that delivers full life-cycle computer engineering to mission-critical programs in the U.S. intelligence community. Technology Associates’ capabilities include data extraction and analysis; digital media intercept and exploitation; embedded system programming; and information assurance services. Established in 1990, Technology Associates has 110 employees and a proven track record of success in serving the intelligence community.

With headquarters in Reston, Va., Technology Associates becomes part of Raytheon’s Intelligence and Information Systems (IIS) business. Technology Associates President Preston Harrelle joins Raytheon and will continue to lead business operations while taking on a broader cyberstrategy role across the Information Security Solutions (ISS) product line.