Protected U.S. government networks have fallen prey to an alarming array of attacks in recent months.
- In early 2009, four websites belonging to the Department of the Army's Military District of Washington (MDW) were hacked and defaced, likely by pro-Palestinian supporters
- In April of this year, the public discovered that the Pentagon's Joint Strike Fighter (JSF) knowledge infrastructure was repeatedly infiltrated by hostile elements, which copied a wealth of sensitive information related to the structural and electronic systems design of the aircraft
- And U.S. Navy satellites transponders have been increasingly hacked into by Brazilian nationals, who utilize the UHF frequencies on the satellite communications system for their own transmission purposes.
Add to these incidents the fact that attacks upon government systems have increased 40% in 2008, and we have on our hands a genuine cyber-crisis.
Despite advances in network security technology, our sensitive systems seem to be as vulnerable as ever to cyber-attack, a vulnerability which is widened not only by risky human behaviors, but also by the structure of the networks themselves. "Logic Bombs," viruses, botnets, and other forms of malware all prey upon structural facets of our networks, and the Department of Defense (DoD) has yet to develop a comprehensive approach or body of policy to combat these systematic threats. The liabilities within our cyber-defense system, thrown into high relief in recent months, is surely a factor in DoD's plans to stand up a Cyber Command dedicated to electronic warfare and defense of our military's information infrastructure. On April 28th, the Senate heard testimony on U.S. cyber-security, partly to determine whether standing up such an independent organization should be part of our national strategy.
Gaining control of the cyber-crisis in a top-down manner is important, inasmuch as creating a new organization serves to streamline processes and effectively marshal resources. But on a tactical level, the threat must be met headfirst on a daily basis. The military branches do not have the luxury of waiting for a Cyber Command, and are already addressing the issue by focusing on developing their human capital. The Army, for example, released Field Manual 3-36, Electronic Warfare (EW) in Operations, its first major EW doctrine in over 10 years, advocating, among other strategies, an increase in specialized personnel. The Department of the Navy and Department of the Air Force's immediate EW roadmaps also rely heavily on personnel development.
For contractors, this not only means taking part in the education, training, and development of such personnel, but also providing their specialists with securely-configured software, cutting-edge network security tools, and savvy architectures (all of which will ideally exhibit awareness of social and complex network theory to combat inherent weaknesses within our information systems). Additionally, until the military turns out an adequate number of technically-trained personnel, it will also need help in the management of its Information Warfare (IW) programs. GovWin is tracking the following opportunities related to cyber-defense:
|AGENCY||PROGRAM||EST. RFP DATE|
|AIR FORCE||Space Threat Awareness Characterization Service (STACS)|
|ARMY||Engineering Support Services Required to Support Electronic Security and Utility Monitoring Services at Locations Worldwide (ESS)|
|AIR FORCE||Vulnerability Lifecycle Management System Spiral 2 (VLMS)|
|DEFENSE||Wireless Intrusion Detection System (WDS)|
|DEFENSE||Host-Based Security Support (HBSS)|
|DEFENSE||Operation of Information Assurance Technical Analysis Center (IATAC)|