Mediaboss Marketing

Image courtesy of General Dynamics Mission Systems.

In this Q&A with Brian Morrison, Cyber Systems vice president and general manager for General Dynamics Mission Systems, we discuss cost-effective strategies for crypto mod, how Layer 2 encryption will enable missions such as the Joint Warfighting Cloud Capability, and how organizations can keep cryptographic systems compliant with NSA requirements.

Breaking Defense: Lets set the scene. What is the steady state right now in cryptographic solutions? Where is modernization needed?

Brian Morrison, Cyber Systems vice president and general manager for General Dynamics Mission Systems.

Morrison: At a threshold level, NSA is the standard-setting organization and the certifier for all cryptographic equipment across the National Security Enterprise. Its fair to say that crypto modernization for NSA has always been viewed as a continuous process.

That is to say, you and I have email accounts that we originally set up with a strong password. But since then, maybe we used that password on other accounts, or there was a penetration somewhere, or compute power has increased such that password crackers are more capable today. So what was once a strong password ends up being a really weak one and a vulnerability.

Thats an oversimplification, but whats true for passwords is true for crypto gear. You can build the strongest crypto gear that exists but over time the security of that device, of the algorithms that underlie that device, of the protections that are wrapped around that device, all erode over time. Our adversaries get better at doing what they do. And were seeing new, persistent attacks due to network vulnerabilities.

Under the leadership of the NSA, we, as a National Security Enterprise, must continually refresh our crypto gear. That means discreet gates for Advanced Cryptographic Capability prescribed by NSA. It also means continuing to patch, maintain, and update all of our gear over time. And then at certain points in time, NSA says a particular family of cryptographic gear has to come offline because it has aged out; it cant be secure anymore.

Thats the way I look at crypto modernization: from new crypto boxes to upgrading existing crypto boxes, to removing legacy crypto boxes from a network. All of that is the process of crypto mod. Our reason for being at General Dynamics Mission Systems is to make sure that our customers and the national security establishment have the most secure crypto that American ingenuity can provide.

Breaking Defense: How should organizations approach crypto mod? Is it akin to a software patch or a new iOS update that downloads in the background while were asleep?

Morrison: I wish it were that easy. There are two aspects. One is we know, without speaking to crypto gear specifically, that the overwhelming majority of cyber-security penetrations happen because somebody has not patched and updated, or they have been phished.

Our customers operate in vast networks, widely dispersed networks, high-latency networks, and in tactical, DIL (disconnected, intermittent, limited) environments. Its very difficult for those networks with many pieces of gear to stay patched and updated all the time. At General Dynamics Mission Systems, we have what we call the GEM One Encryptor Manager, which is a software package that manages and updates all of the Type 1 crypto in the enterprise, including crypto devices made by other manufacturers. Remote management improves the health of the network and eases maintenance.

The second part of the problem is that our customers have thousands and thousands of cryptographic units in their inventory. The ongoing process of crypto mod, including the periodic deadlines that the NSA rightfully imposes, is difficult to manage from both a budgetary and a logistics perspective.

So were encouraging our customers to think proactively about what their needs are going to be for crypto in 6, 12, 18, 24, 36 months out. That helps them plan from a budget perspective so that we are able to plan from a manufacturing-capacity perspective so that when the time comes to switch out boxes, theyve got the budget for it and were ready to satisfy their demand on time and within their budget. Thats easy to say and hard to do because theyre substantial investments. At the same time, theyre investments in the security of the most important secrets the nation has.

Breaking Defense: Is crypto mod more of a hardware or a software modification, or both?

Morrison: When we talk about crypto mod, were normally talking about updates to the hardware. But there are major software updates that we can do to provide compliance with crypto mod gates from the NSA. For example, our TACLANE-FLEX, TACLANE-10G, TACLANE-Nano, TACLANE-Micro, and Sectra vIPer phones have all been software upgraded to the NSAs Advanced Cryptographic Capabilities standard of modernization.

Breaking Defense: What is involved in keeping data-protection solutions up to date. Im assuming were talking about NSA requirements and certifications.

Morrison: Yes, the NSA is the certification authority for Type 1 crypto. If you want to pass classified information across the network, youve got to do it over a piece of crypto that the NSA has certified. For the vendors and programs that develop new crypto, that certification process is every bit as rigorous, complicated, and demanding as you would imagine. And, frankly, as rigorous as you would hope as these are high-stakes networks. For the missions that consume the crypto, the fact that NSA has certified the encryptor makes the long-term management of the crypto infinitely simpler and more stable.

Today, the NSA is in the midst of introducing a new specification for what we call Layer 2 encryption. This is a new standard for encryption at a different network layer that is intended to deliver much higher speeds over the next few years. Were very much a part of that effort and have made significant investments in delivering some mind-boggling speeds.

Breaking Defense: Speeds for what exactly?

Morrison: For the defense and intelligence establishments migration to the cloud. With defense networks operating in cloud environments, you have data center to data center transfers that have to happen at a very high rate of speed because those data center to data center transfers are aggregated traffic.

These transfers must be as bandwidth efficient as possible while keeping high security standards. When you move to Layer 2, you open up the possibility of much higher speeds at any given compute power. At the same time, we are pushing the boundaries of what compute power is available. Were always looking for more compute power to deliver higher and higher speeds.

As we address the data center market for government data centers, we need to be able to deliver speeds that there isnt even a market for today, but we know there will be tomorrow.

Breaking Defense: It almost sounds like the future of cloud computing in the DoD, particularly the Joint Warfighting Cloud Capability, is dependent on Layer 2 encryption. Is that an oversimplification?

Morrison: I dont think it is. The cloud providers likely can, with their existing or soon-contemplated infrastructure, handle what is already within the boundaries of their clouds. But as we know, defense customers are going to require hybrid clouds. Theyre going to require data transitioning from cloud to cloud, and thats where we really need those higher speeds.

Breaking Defense: What do you see as hindrances to proper crypto modernization?

Morrison: Im always sympathetic to the fact that the business Im in, the crypto business, is often perceived by some of our customers as an unfunded mandate. Its a real challenge.

That often stands in the way, even though nobody wants their systems to not be secure. Their number one concern is the life of their soldiers, sailors, airmen, and Marines. That necessitates the security of national security information traveling across their networks. But for many missions, crypto is not the core mission, its the thing that enables the mission.

As new requirements come online and as standards for crypto mod continue to evolve, tactical units might want to upgrade their crypto but just dont have the budget or logistics bandwidth. In response to that, we have added more remote management features to ease the logistics burden of crypto mod. And a couple of years ago, we introduced the smallest, lightest, least expensive Type 1 crypto in its class the TACLANE-Nano which brought affordable crypto to the tactical market.

Breaking Defense: Your point about crypto enabling the mission and not being the mission is well taken. Can you offer a scenario where TACLANE-Nano is particularly valuable to a warfighter and also an affordable and effective crypto solution?

Morrison: Sure. The last decade or more has seen a large increase in the use of unmanned and unattended systems. The nice thing about the TACLANE-Nano is that it is at a price point where you can put it on an unmanned or unattended system, insert it into your adversarys territory, for example, and not worry if it is lost or you lose connectivity; you can remotely zeroize that device. That means that if the cryptographic unit falls into the hands of our adversaries, it cant be used against us.

You cant do that with a big, heavy piece of crypto or one that costs $60,000 because thats not the way those types of unmanned missions run by and large. Were talking about much smaller, lighter airframes. We dont think of those classes of UAVs as attritable, but it may be approaching the attritable market.

Breaking Defense: Final thoughts?

Morrison: Any customer in the national security space has to be thinking about, worrying about, and planning for crypto mod. It is not something that any of us can ignore and then play catch up later on. The planning and logistics behind replacing legacy gear and modernizing a network cryptographic solution is complicated and long tailed.

Thats what General Dynamics Mission Systems is all about. We are a leader in crypto mod and are ready for both todays gates and tomorrows gates from the NSA. Our goal is to partner with our customers, help them understand and implement their modernization needs, and ensure their networks and communications are as secure as anyone can keep them.

More here:
Modernization of crypto isn't the core mission for DoD and the IC, it's what enables the mission - Breaking Defense

SAVE THE DATE

March 21st - 25th 2023

Announcements & Meetings

RENEW YOUR MEMBERSHIP DUES

NOT A MEMBER - JOIN NSA NOW!

Institutional Subscriptions to the Journal of Shellfish Research

Statement on Racism and Discrimination

Congratulations to the 2021 student awardees!

The Journal of Shellfish Research received a 2020 APEX Awards for Publication Excellence!

NSA Cookbook: SIMPLY SHELLFISH

Order your copy from Sandy Shumway!

The 2021(4) NSA Quarterly Newsletter is now available!

Upcoming Meetings/Workshops:

23rd International Pectinid Workshop: Apr. 20-26, 2022. Douglas, Isle of Man.

World Congress on Genetics Applied to Livestock Production - "Challenges and Solutions in Shellfish Aquaculture" session: July 3-8, 2022. Rotterdam, the Netherlands

Aquaculture Canada/WAS North America 2022: Aug. 15-18, 2022. Newfoundland, Canada

Aquaculture America 2023: Feb 19-22, 2023. NewOrleans, Louisiana.

116th NSA Annual Meeting 2024, March 22-26, Charlotte, North Carolina

See the article here:
NSA home - Shellfish

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published updated guidance about how to harden Kubernetes for managing container applications.

Kubernetes is an open-source system that automates deployment, scaling, and management of applications run in containers.

The updated guidance refreshes the two agencies' first Cybersecurity Technical Report regarding Kubernetes hardening guidance from August 2021. CISA says the update contains additional details and explanations based on feedback from industry, including more detailed info on logging and threat detection in addition to other clarifications.

SEE: What is cloud computing? Everything you need to know about the cloud explained

Some of the updates are subtle but important for those who protect Kubernetes clusters. NSA and CISA do not list what the changes are in the updated guidance, but the initial recommendations weren't met with universal approval.

For example,NCC Group noted that advice about Kubernetes authentication was "largely incorrect when it states that Kubernetes does not provide an authentication method by default", whereas most customer implementations NCC Group had reviewed "support both token and certification authentication, both of which are supported natively." NCC Group advised against both for production loads because Kubernetes does not support certificate revocation, which can be a problem if an attacker has gained access to a certificate issued to privileged accounts. The updated guidance now says that "several user authentication mechanisms are supported but not enabled by default."

Otherwise, key points of the original document appear to be unchanged. It looks at hardening within the context of typical Kubernetes cluster designs that include the control plane, worker nodes (for running containerized apps for the cluster), and pods for containers that are hosted upon these nodes. These clusters are often hosted in the cloud and across multiple clouds in AWS, Azure, Google and elsewhere.

The agencies maintain that Kubernetes is commonly targeted for data theft, computational power theft, or denial of service. Historically, flaws in Kubernetes and various dependencies as well as misconfigurations have been used to deploy crypto miners on victim's infrastructure.

It also maintains that Kubernetes is exposed to significant supply chain risks because clusters often have software and hardware dependences built by third-party developers.

For example, security analysts last year warned of attacks against Kubernetes clusters via misconfigured Argo Workflows container workflow engines for K8s clusters.

Besides supply chain risks, other key actors in the agencies' threat model include malicious outsiders and insider threats. These help define its hardening recommendations.

For example, there is a common cloud case where workloads that aren't managed by a given Kubernetes cluster share the same physical network. In that instance, a workload may have access to the kubelet and to control-plane components, such as the API server. So, the agencies recommend network-level isolation.

The agencies provide advice on how to ensure strict workload isolation between pods running on the same node in a cluster, given that Kubernetes doesn't by default guarantee this separation.

Announcing the updated guidance, the NSA says: "Primary actions include the scanning of containers and pods for vulnerabilities or misconfigurations, running containers and pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing."

The agencies also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are accounted for and security patches are applied.

SEE: There's a critical shortage of women in cybersecurity, and we need to do something about it

But patching is not easy in the context of Kubernetes. CISA regularly publishes alerts about new Kubernetes-related vulnerabilities. In February, for example, it warned of a critical (severity score 8.8 out of 10) privilege escalation flaw,CVE-2022-23652, which affected the capsule-proxy reverse proxy for Capsule Operator.

But as NCC Group points out: "patching everything is hard", partly because of the pressure to avoid downtime, but also because vulnerabilities span Kubernetes,Containerd, runc, the Linux kernel, and more.

"This is something that Kubernetes can help with, as the whole concept of orchestration is intended to keep services running even as nodes go on and offline. Despite this, we still regularly see customers running nodes that haven't had patches applied in several months, or even years. (As a tip, server uptime isn't a badge of honour as much as it used to be; it's more likely indicative that you're running an outdated kernel)," NCC Group noted.

Read the original here:
NSA and CISA: Here's how to improve your Kubernetes cluster security - ZDNet

Lucknow: The Uttar Pradesh government on Tuesday said action under the National Security Act (NSA) will be taken against those involved in organised copying racket in high school and intermediate exams conducted by the UP Board of Secondary Education.

The directives were given at a meeting held by chief secretary Durga Shankar Mishra with all divisional commissioners, police commissioners, district magistrates and SSPs through video conferencing, an official statement said.

He directed that zonal and sector magistrates should be deputed in districts to conduct copying-free examinations and they should regularly inspect and supervise the examination centres.

Action under the NSA should be taken against those involved in organised copying racket, the officer said, adding that special attention should be paid to those spreading rumours.

In the meeting, additional chief secretary (ACS), secondary education, Aradhana Shukla, said 51,92,689 candidates will appear for the UP board examination at 8,373 examinations centres in the state.

CCTVs have been installed in each examination hall.

The examinations will start from March 24.

(PTI)

Read more from the original source:
UP Govt to Slap NSA Against Those Involved in Copying Rackets in School Exams - The Wire

The increasing incidence of aggressive cyber activity from Russia, China, Iran and North Korea, together with heightened concerns over the war in Ukraine, raises an important question: should the free world unite with a global cyber alliance in response?

At Cybertech Tel Aviv 2022 (March 1-3, 2022), founder of VC firm JVP, Erel Margalit, called for a global cyber alliance in response to the Russian invasion of Ukraine. Leadership is required to establish a democratic cyber alliance, including NATO and other free countries, in order to lead values-based cyber that will support democracies and people, and will say enough! to dictators and to those who support them, he said.

At the same time, on March 2, 2022, Robert Silvers of the U.S. DHS and Israels National Cyber Directorate director-general Gaby Portnoy signed a cyber collaboration deal between the two countries. This followed a new agreement between the UK and Israel announced in November 2021 which was described by the UK government as something that will enable closer working in diplomacy, defense and security, cyber, science, technology, and many other areas.

Such agreements never publicly disclose the extent to which the intelligence agencies of the different countries will work together, but we can assume that it is part of the arrangement. A third new alliance, known as AUKUS, was more upfront about its design and ability to deliver offensive cyber operations, clearly focused on the Indo-Pacific region and Chinas activities.

It is important to understand what we have before asking what we need.

Israels emergence as a cyber ally

Israel is not known for its cyber relationships, but is well known for its cyber capabilities. It is generally thought that Israel worked with the NSA on the delivery of Stuxnet against the Iranian nuclear facility at Natanz in the early 2010s but it must be noted that the U.S. has never declared or admitted any involvement.

The continuous conveyor belt of new and innovative cybersecurity companies being formed by Israeli Defense Force (IDF) alumni also attests to the depth of cyber knowledge and training within the country.

The Belfer Center at the Harvard Kennedy School published a ranking of national cyber power in September 2020. It produced a list of the most comprehensive countries with the highest level of intent and capabilities comprising, in this order, the U.S., China, the UK, and Russia as the top four.

Belfer placed Israel at number 11 in the world. Its methodology was to add data to a mathematical model. The International Institute for Strategic Studies (IISS) takes a different approach, and adds qualitative assessments to Belfers quantitative approach. IISS separates cyber power into three tiers. Tier #1 has the U.S. on its own as the sole world cyber superpower. Tier #2 includes China, the UK, Russia, Canada, Australia, France and Israel.

Clearly, the addition of Israel to the free worlds cyber alliances is a good thing.

AUKUS and theFive Eyes

AUKUS was announced on September 15, 2021. There are two parts to AUKUS a vehicle to provide nuclear submarines to Australia, and the formation of defensive and offensive cyber capabilities to counter Chinese activities in the Indo-Pacific region. There was some surprise at this new alliance since the three countries are three of the five countries comprising the existingFive Eyesalliance. However, theFive Eyesis primarily signals intelligence while AUKUS is likely to deliver offensive cyber operations where necessary. It was the U.S., UK and Australia that together performed cyber operations against the Islamic State.

The Five Eyes (U.S., UK, Canada, Australia and New Zealand) evolved as an extension of the UKUSA treaty that itself grew out of the informal agreement between the U.S. and UK during World War II. The agreement was formalized in March 1946, and expanded in subsequent years to include Canada, Australia and New Zealand. Other countries, such as Germany, the Philippines and some Nordic countries, have joined as third parties but the core remains the originalFive Eyes.

The Five Eyes intelligence relationship is probably the closest and most powerful intelligence relationship in history.

At first, the existence of theFive Eyesremained secret (just, in fact, as the very existence of the NSA and GCHQ remained secret for many years). The Prime Minister of Australia didnt learn aboutFive Eyesuntil 1973; it was not disclosed to the public until 2005; and it was only in June 2010 that the full text of the UKUSA agreement was made public.

This treaty is often considered to be the basis of the so-called special relationship between the U.S. and the UK.

NSA and GCHQ

The core of theFive Eyes remains the NSA and GCHQ. This is a complex relationship that is so close that the two organizations are sometimes described as twins. This is wrong. The two organizations have very different structures and primary purposes.

The NSA is run by a military officer currently General Paul Nakasone. Nakasone is a four-star general who also heads U.S. Cyber Command. For the first he reports to the undersecretary of defense for intelligence, and for the latter he reports directly to the secretary of defense. There is a strong military theme that runs through the NSA. Officially, its purpose is to secure DOD and U.S. military networks. More directly offensive operations are conducted by U.S. Cyber Command and the CIA.

GCHQ, on the other hand, is run by a civilian reporting to the Foreign Secretary. Its responsibilities support the military but go beyond this, working closely with law enforcement to go after serious organized crime within the UK such as pedophile networks.

The two agencies are different. The relationship is complex and close, and it is difficult to think of any closer intelligence alliance. But they do not automatically share all information between themselves nor the otherFive Eyespartners. There are things the NSA will want to do without sharing it with other agencies, and GCHQ is the same.

Neither the NSA nor GCHQ are officially charged with offensive cyber operations but both have done so in the past. A more recent development in the UK has been the formation of a National Cyber Force (NCF), which brings UK cyber operations more in line with the U.S. model and for the first time acknowledges that GCHQ may have some offensive responsibilities. Plans were announced in 2018, but it wasnt effectively established until 2020.

NCF is part of the MoD, the Defense Science and Technology Laboratory, the Secret Intelligence Service, and GCHQ. The government describes it as a partnership between defense and intelligence, it is responsible for operating in and through cyberspace to disrupt, deny, degrade and contest those who would do harm to the UK and its allies, to keep the country safe and to protect and promote the UKs interests at home and abroad. It clearly has the remit to direct offensive cyber operations against the enemy in justified cases.

NCF is the equivalent of the U.S. combining the cyber operations of Cyber Command, CIA, FBI, and the cyber operations of the military forces into a single organization. But there is also an element of necessity the UK simply doesnt have the budget to maintain the separate number of 3-letter agencies that exist in the U.S.

Long-term relationships and short-term politics

There is one surprising element of the major international intelligence treaties their longevity and persistence. They survive political change with a broader collective interest that transcends the coming and going of individual politicians.

In recent years there was concern that the U.S./UK special relationship (the one based on the NSA and GCHQ relationship) might fail with the U.S. change from Trump to Biden. It was generally acknowledged that President Biden had scant regard for Prime Minister Johnson because of the mutual admiration between Trump and Johnson. And Biden even issued warnings to Johnson over the sanctity of the Good Friday Agreement in Ireland following Brexit.

The Good Friday political agreement was signed in April 1998. It brought an end to the so-called Troubles in Northern Ireland between loyalists wanting to stay within the UK, and the Irish Republic-favoring republicans. Now Northern Ireland is part of the UK while Southern Ireland is part of the EU and the potential for new tensions has returned. But despite Bidens less-favorable view of the UK, UKUSA just continues.

A similar concern now occurs for GCHQ the fear that Brexit would break the ties with EU national intelligence agencies. The European Commission has had concerns over GCHQ and personal privacy ever since Snowdens leaks about GCHQ and the NSA; and has even threatened legal action. But the individual relations between GCHQ and the individual EU member state intelligence agencies seems to be persisting aided, perhaps, by the absence of national security from the EUs political remit.

Where are we now?

Out of necessity, we have concentrated on the major international free world cyber and intelligence relationships. In reality, there is a global patchwork of individual agreements between different nations throughout the free world; many of them ultimately coalescing around theFive Eyeshub. For the most part, these are security information sharing arrangements relatively few nations have the ability or confidence or political will to engage in offensive cyber operations. In this sense, there are two separate networks: gathering intelligence (for example,Five Eyes), and responding offensively to that intelligence (for example, AUKUS).

Does the free world need a single global cyber intelligence organization? The answer is almost certainly No. Firstly, such a move would likely drive Russia and China closer together perhaps including Iran and North Korea and Russian and Chinese satellite nations into their own special relationship.

Secondly, it would be unworkable. Friends keep secrets from friends when the economic or political necessity demands. Just consider the French reaction to the AUKUS announcement. France described it as a stab in the back, and within a couple of days recalled its ambassadors to both the U.S. and Australia. France lost a multi-billion euros submarine deal over AUKUS.

Related: Russia, Ukraine and the Danger of a Global Cyberwar

Related: Russia-Ukraine: Threat of Local Cyber Ops Escalating Into Global Cyberwar

Related: Talking Global Cyberwar With Kaspersky Lab's Anton Shingarev

Related: The United States and China - A Different Kind of Cyberwar

Here is the original post:
Does the Free World Need a Global Cyber Alliance? - SecurityWeek