At a glance.
- US Defense Department's network security report card.
- DOT&E wants better assessments of US Defense Department cyber offensive tools.
- NSA issues update to SIGINT guidelines.
- Rob Joyce to succeed Anne Neuberger at NSA's Cybersecurity Directorate.
Ongoing problems with DoD network security.
Since 2016, the Director of Operational Test and Evaluation’s (DOT&E’s) annual report has found the Joint Regional Security Stacks’ protection of Defense Department networks inadequate, C4ISRNET reports. The program is designed to defend both the Nonclassified Internet Protocol Router Network (NIPRnet) and the Secret Internet Protocol Router Network (SIPRNet) using “firewall functions, intrusion detection and prevention, enterprise management, and virtual routing.” SIPRnet migration was paused until 2023 over the security concerns, but NIPRnet migration continued. Congress has grown weary of the project, halting SIPRnet spending and issuing an October 1 deadline for deciding the program’s viability. DOT&E encouraged Defense to pursue zero-trust models as an alternative, but Defense Information Systems Agency plans show continued investment in the Joint Regional Security Stacks program through 2022.
Call for better assessment of offensive cyber tools.
The Directorate Operational Test and Evaluation (DOT&E) has issued its annual report and found issues with the Pentagon’s methods for testing disruptive offensive cyber capabilities (which C4ISRNET notes run the gamut from “tactical devices to defeat terrorists to advanced cyber/electromagnetic spectrum attacks for use against nation-states.”) Commanders need to know attacks will unfold as planned, but the time-sensitive nature of cyber tools and the risks of real network tests constrain this knowledge. DOT&E recommends the following fixes: better target intelligence, stronger red teams, enhanced collaboration with experts, and new arenas for trialing over-the-air transmission attacks.
NSA’s new signals intelligence guidelines.
Lawfare unpacks the National Security Agency’s January 13 revision of the SIGINT Annex, last updated in the 1980’s. The Annex supplements a manual covering Defense Department signals intelligence work not already regulated by the 1978 Foreign Intelligence Surveillance Act (or its amendments). Lawfare claims there is no simple answer to the question of whether the revised Annex “gives the government more or less authority than it previously enjoyed,” but assures readers it doesn’t contain any “radical departure[s]” or “politicization of intelligence.”
Rob Joyce to succeed Anne Neuberger as NSA Cybersecurity Directorate head.
CyberScoop says NSA Special Liaison Officer Rob Joyce will take over the NSA’s Cybersecurity Directorate directorship. Joyce’s previous titles include Acting Homeland Security Advisor, NSA Information Assurance Directorate Deputy Director, NSA Chief of Tailored Access Operations, Senior Advisor for Cybersecurity Strategy to the NSA Director, Special Assistant to the President, and NSC Cybersecurity Coordinator.