U.S. ARMY GARRISON, GRAFENWOEHR, Germany - Today, nearly every world event or crisis has a cyber-aspect to it, and the decisions made in cyberspace affect our physical or conventional activities and capabilities.
Cyber Endeavor, a regional seminar, addressed these issues and more from Sept. 17-20 during Exercise Combined Endeavor 2013 as an independent event focusing exclusively on cyber security.
In its fifth year, Cyber Endeavor is not an exercise, but one of four regional seminars held in separate countries. Combined Endeavor participants can attend the speaker sessions but “the overall purpose of the program is to build partnership capacity with the partner nations,” said Trina Zwicker of U.S. European Command’s J-6 Cyber Outreach Division.
Speakers for the event included representatives from Microsoft, Hewlett Packard, Cisco, the National Defense University, Verizon and many others. For the presenters, Cyber Endeavor was an opportunity to speak to military cyber experts from more than 30 countries.
Sam Ceccola, Hewlett Packard Department of Defense Technologist, presented insider threat analytics, platform concepts and cloud computing.
“Today we spend a lot of time protecting from outsider threats and we need to spend an equal amount of time protecting from insider threats,” Ceccola said.
Verizon’s Michael Young, a senior account manager for enterprise solutions in Europe, Middle East, and Africa supporting U.S. Federal sales, discussed his company’s publication called the “Data Breech Investigations Report.” According to Young, the report is “an analysis of data breeches that happened over the past year, how they happened, how the attackers got in and what was compromised.”
“Verizon believes that EUCOM and its partners can use this model to create a similar report,” Young said. This report could be used to demonstrate what the cyber landscape looks like and what the threat environment looks like as well.”
The cyber business of Microsoft was presented by David Aucsmith, senior director, Microsoft Institute for Advanced Technology in Governments. Aucsmith is responsible for technical relationships with agencies of the U.S. and other governments, as well as special projects.
“Our product is not only used by our government, but by the governments of our adversaries,” Aucsmith said. “Microsoft is the most attacked place on Earth. We have been attacked by every country on the planet and once from McMurdo Station in Antarctica. That guy is in jail now.”
There are three types of attacks, according to Aucsmith: warfare, where the object is to deny, degrade and destroy your target; espionage, where unauthorized access is the objective; and criminal, where fraud and/or theft are the goal of the attackers.
“If you’re a victim of one of these attacks, you don’t know which one is hitting you. If the attack is warfare in cyberspace, the attack is sustained, it’s continuous unlike conventional warfare,” said Aucsmith.
Aucsmith believes that as long as there is an adversary a static device can’t remain secure. “We need to produce systems that can change and modify in the presence of those adversaries activities.”
Closing remarks were given by U.S. Army Brig. Gen. Bruce T. Crawford, director, EUCOM J-6 C4/Cyber.
“Not doing the basics of cyber security is like building a house on a weak foundation,” Crawford said “The most likely threat vectors are the most routine things out there; the threat vectors are not overly sophisticated.”
“My view is that we have to fix the fundamentals and the thinking about cyber security to bring it to the forefront, a security violation can be just as dangerous as losing a weapons system,” said Crawford.