MCPA

A few weeks ago I profiled AFCEA, a military cyber organization that has been around for 70 years.  Today, I will discuss an organization more recently formed and already having a significant impact, the Military Cyber Professionals Association (MCPA).  The non-profit MCPA was founded by U.S. Army Major Joe Billingsley in 2013 while a graduate student in Cyber Systems and Operations at the Naval Postgraduate School (related thesis here).   With cyberspace as a national asset, his idea for an organization dedicated to developing the American military cyber profession quickly garnered the attention of senior Department of Defense officials and military leaders.   You can hear Joe discuss the MCPA in this short video.

In addition to developing the American military cyber profession, MCPA’s mission  includes investing in our nation’s future through science, technology, engineering, and mathematics (STEM) education.  MCPA accomplishes its mission in several ways and already has several chapters across the U.S. including in Alaska and Hawaii and is continuing to expand.

MCPA has established multiple publications already.  In 2015, they started Military Cyber Affairs, a peer-reviewed scholarly journal published biannually.   Volume 1, Issue 1 includes an article by Admiral Michael Rogers, Commander, U.S. Cyber Command; Director, National Security Agency; Chief, Central Security Service.   MCPA also published its first issue of its magazine, the simply titled Cyber, in the fall of 2015.

Beyond its publications, MCPA hosts or sponsors a number of cyber-related events. It recently hosted the 2016 Joint Cyber Challenge (JCC), an annual Department of Defense 32-hour capture-the-flag (CTF) event.  Other MCPA resources include the Key Cyber Issue List (KCIL), which supports cyber research topics; a mentoring program; recognition programs for its members, including the Order of Thor (yes, named after that Thor, which is kinda cool); and many more resources.   The number of resources already firmly established or being grown is impressive considering MCPA’s young age.

While many of their resources are public, I encourage you to further check out the website and considering joining MCPA, if for no other reason than for the great networking available.  Membership is free for most U.S. government employees and honorably discharged veterans.   Not only join, but take advantage of opportunities to contribute, whether it is volunteering for a leadership role, submitting articles to the publications, or something else.

“The MCPA will bond cyber warriors worldwide and increase the strength of our profession.”

– LTG Rhett Hernandez, U.S. Army (retired), First Commander of Army Cyber Command

 

 

AFCEA

Military cyber organizations provide excellent opportunities for networking among cyber professionals along with myriad resources of which to take advantage.  First, let me define how I’m using the phrase “military cyber organization”.  These organizations are not sponsored by the military, but they do have active participation by and are geared towards military members.   Additionally, they either have cyber as their sole focus or at least a significant part of their focus.   This is NMC’s first post on military cyber organizations.  Today, I’ll cover one that has been around for a while.  We will cover others in future posts.

Formed in 1946, the Armed Forces Communications and Electronics Association (AFCEA) is celebrating its 70th anniversary.  AFCEA is a non-profit organization dedicated to fostering collaboration among military, government, industry, and academia.   As its name implies, AFCEA’s original focus was in communications and electronics, but as technology has evolved so has AFCEA, adding “information technology” (i.e. cyber) to its mission statement.

AFCEA is also an international organization with over 150 chapters across the globe.  They may be best known for the number of events they sponsor.   You can often find well-known active-duty Admirals and Generals or government Senior Executives as the keynote speakers at AFCEA conferences.   Cyber-specific events include ones such as Defensive Cyber Operations Symposium and International Cyber Symposium.

One of the AFCEA resources I use most is its SIGNAL Magazine.  As an AFCEA member, I get the hard copy magazine mailed to my home.  However, all the magazine’s articles are online.   There will often be issues devoted primarily to cyber, as seen by the cover of the July 2015 issue to the right.   Additionally, SIGNAL Magazine has recently started its “The Cyber Edge” series of article.  SIGNAL also has frequent cyber news articles on its website that are not part of the magazine.

An arm of AFCEA that is worth mentioning is its Educational Foundation, which provides education opportunities for people involved in science, technology, engineering, and mathmematics (STEM) disciplines, including cybersecurity.   They provide scholarships, grants, professional development courses, and continuing education credits.

Here are some additional quick links to AFCEA cyber resources:

• Online Directory of Cybersecurity Companies
• AFCEA Cyber Committee
• Upcoming events related to Cyber
• SIGNAL Magazine articles related to Cyber
• Chapter News entries related to Cyber

If you are looking to connect with other cyber professionals or even just looking for various cyber resources, checking out AFCEA could be beneficial.

 

 

CSIAC Cybersecurity Digest: Neuromorphic Computing and More

So I had no clue what Neuromorphic Computing was when I received the latest Cyber Security and Information Systems Information Analysis Center (CSIAC) Cybersecurity Digest via email, but it was one of the headlines sections among more well-known topics such as data security, mobile security, software security, and Internet of Things (IOT).  With Wikipedia to the rescue, it turns out Neuromorphic Computing is rather cool.  You can learn more here, but the focus of this post is CSIAC resources and the CSIAC Cybersecurity Digest.

CSIAC is one of the DoD Information Analysis Centers, sponsored by the Defense Technical Information Center (DTIC).  CSIAC’s core technology areas are Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management/Information Sharing.   More specifically:

The CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology. The CSIAC’s mission is to provide the DoD with a central point of access for Information Assurance and Cybersecurity to include emerging technologies in system vulnerabilities, R&D, models, and analysis to support the development and implementation of effective defense against information warfare attacks.

The CSIAC website provides a ton of resources, grouped into the following:

• Reports – I’m not sure why, but except for one 2014 report, the rest were published in 2011 or earlier
• Best Practices & Reference Documents – These are more current with several posted from 2016 already
• Webinars and Podcasts – These are done at least monthly
• Standards and Policies – DoD Directives/Instructions, IEEE, ISO, IEC, MIL-STD, etc.
• Certifications – Captures a lot of the major ones, but seems to not be comprehensive
• Journals – CSIAC publishes its own journal quarterly
• Tools – Various tools and databases related to CSIAC’s core technology areas to include a very comprehensive Acronym Database with acronyms pertinent to cyber for the DoD community

One resource that CSIAC maintains is the infamous DoD Cybersecurity Policy Chart, which helps you navigate the complex world of DoD policy.  The chart actually links to each of the policies.

While I will occasionally check out the CSIAC website, I like having information pushed to me.   As such, I subscribe to the CSIAC Cybersecurity Digest, a biweekly cybersecurity newsletter delivered via email.  It contains recent news on a variety of cybersecurity topics as well as links to technical and policy resources.

The more recent digest (as of this posting) can also be found here on the CSIAC website.

In addition to the Cybersecurity Digest, you can subscribe to these CSIAC offerings as well:

• Journal of Cyber Security and Information Systems – Quarterly
• Cyber Security and Information Systems Webinar Annoncements – Monthly
• DoD Cybersecurity Policy Chart Update List – Every two weeks (approx)

I encourage you to check out the CSIAC website and its resources, particularly those that can be delivered to you.

 

 

CNAP: Show Me the Money

I give President Obama credit for the attention he has paid to cybersecurity over his two-term tenure.  Only a few months into his first term, on 29 May 2009, Obama gave his first major speech solely focused on securing America’s digital infrastructure, during which he proclaimed, “cyber threat is one of the most serious economic and national security challenges we face as a Nation,” and makes reference to the 60-day Cyberspace Policy Review going forward.  There have been several cybersecurity-related Executive Orders, Presidential Policy Directives, Acts, Frameworks, Blueprints, Strategies, and other policies and plans launched out of the White House since that speech.  You can see all the Administration’s 2015 cybersecurity accomplishments here and here.   This past week, we may have seen one of Obama’s last major cybersecurity efforts in office with the unveiling of the Cybersecurity National Action Plan (CNAP).   The White House itself calls it the “capstone of our national cybersecurity efforts.”

The President is directing his Administration to implement a Cybersecurity National Action Plan (CNAP) that takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.

Too often we see great ideas and plans throughout all levels of our government and military that aren’t executable due to lack of money and resources.   It appears that CNAP intends to avoid this situation committing 19 billion dollars to CNAP for the Fiscal Year 2017 budget.   That’s with a B not an M.  I imagine every government organization with the word “cyber” anywhere in its mission statement or list of functions will be trying to get a piece of the very large CNAP pie.

The CNAP fact sheet is linked above, but what the White House says you need to know about CNAP is here.

Two new organizations to be formed as a result of CNAP are the Commission on Enhancing National Cybersecurity and the Federal Privacy Council.   The prior will be established in the Department of Commerce, have no more than 12 members appointed by the President, and will essentially make recommendations of actions achievable within the next decade to strengthen both public and private sector cybersecurity.  The latter is an interagency forum chaired out of the Office of Management and Budget whose membership consists of the Senior Agency Officials for Privacy at 24 named major departments and agencies (at a minimum).  Much like the Commission on Enhancing National Cybersecurity, the Federal Privacy Council will be a recommendations body, making recommendations related to Federal government privacy policies and requirements.

While many other areas of our government and military are taking budget cuts, cyber continues to see significant budget increases.   I recommend checking out the CNAP Fact Sheet as there are many other embedded initiatives not discussed in this post.  I expect we will see the impact of CNAP trickle down throughout government and military cyber organizations, and industry as well.

Lastly, if you are looking for a new job, perhaps being the first ever Federal Chief Information Security Officer (CISO), a position created by CNAP, is right for you.   You can find the job posting at the USAJobs site here.   But hurry, the application period ends 26 February.

 

National CyberWatch Center

About a decade ago, I was looking to expand my involvement in cybersecurity beyond the Navy and came across a teaching opportunity for University of Maryland University College (UMUC).  I tried my hand at it and quickly realized that I love teaching and have been an Adjunct Associate Professor for UMUC’s undergraduate school ever since.

Shortly after I began teaching, I learned of a small organization called CyberWATCH, which previously stood for Cyber Washington Area Technician and Consortium Headquarters.  It started with a National Science Foundation (NSF) grant to establish an academia, government, and industry consortium in the Maryland/Virginia/Washington DC area focused on building and maintaining a stronger cybersecurity (or back then “information assurance”) workforce.  It had great resources for both faculty and students.  Of most benefit to me personally was being reimbursed for classes I was taking at George Mason University towards a PhD (which sadly I never finished).

Over the years, CyberWATCH has grown significantly and is now the National CyberWatch Center.  As the name change implies, it now has a national scope focusing on cybersecurity education and the cybersecurity workforce.   Its members, partners, and supporters have grown as well.   I’m posting about the National CyberWatch Center because in every class I’ve taught at UMUC, the majority of students were military personnel from across all the Services or government civilians.   While the Center focuses on resources for students and faculty, many are available and beneficial for those not enrolled as students.

The Center provides model cybersecurity curricula, produces a Digital Press that collects relevant e-books and white papers, maintains a robust Library of cybersecurity resources, publishes the Communicator containing recent cybersecurity news, and conducts regular educational Webinars.  And these are just a few of their smaller offerings.

They may best be known for sponsoring the Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC).    Started in 2006 with five teams competing, it has grown to over 30 teams and 300 students competing in a fun and challenging environment where they must synthesize and integrate their cybersecurity knowledge in order to succeed.  MACCDC developers do a great job changing the scenarios each year, with more recent ones involving mass transportation, disaster management, and the first democratic election for the country of Hackistan.  There are a number of notable partners and supporters from government agencies (e.g. NSA, FBI, DHS), industry titans (e.g. Microsoft, Raytheon, Northrup Grumman), military (e.g. 780th MI BDE (Cyber)), and others.  Many of these partners recruit student competitors for employment during the job fair held at MACCDC.   One very cool aspect of the competition is the ability for Joe Public to attend and observe the Regional Finals, held at John Hopkins Applied Physics Lab.  This year the Regional Finals are March 31 through April 2, 2016.  If you are interested in competing, volunteering, or visiting, contact MACCDC.

Another competitive environment that the National CyberWatch Center supports that allows individuals to exercise and test their cybersecurity skills is the National Cyber League (NCL).  NCL provides a “virtual training ground” (run from a cloud platform) using Capture-the-Flag style games throughout a “season” that is organized into preseason, regular season, and postseason.

Formed very recently, the last resource I will mention is the National Cybersecurity Student Association (NCSA), which bills itself as the “nation’s largest association of cybersecurity students.”

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration. This group supports the cybersecurity educational programs of academic institutions, inspires career awareness and encourages creative efforts to increase the number of underrepresented populations in the field.

The bottom line is I encourage you to check out the wealth of cybersecurity resources provided by the National CyberWatch Center, particularly if you are a cybersecurity student.