Cyber Tech roundtable allows for exchange of ideas, info

  • Published
  • By By Patty Welsh
  • 66th Air Base Group Public Affairs
HANSCOM AIR FORCE BASE, Mass. --  Cyber threats, along with cybersecurity costs and myths, were the main topics during a Cyber Tech roundtable at the Hanscom Conference Center Jan. 26.

Hanscom's Engineering Directorate has been hosting these Cyber Tech roundtables during the past few Life Cycle Management Center Focus Weeks, and this event saw the highest turnout yet with approximately 30 people in attendance and others participating via phone.

"There are a lot of really smart people across this center - who know a lot - and we don't always tap into that," said Jeffrey Mayer, Cyber Systems Engineering Division chief. "We thought it would be a good idea to bring those people together and have a discussion about various topics."

According to organizers, cybersecurity received a great deal of emphasis during the recent State of the Union address, and the Department of Defense invested approximately $5 billion in military cyber defense spending in the past year, so they thought this would be an appropriate topic.

During the roundtable, participants spent a lot of time discussing "Common Threats," and a lively conversation ensued on threat priorities. Everyone agreed that developers need to be held accountable for what they're delivering but that there also needs to be a way to figure out what the threat vectors are for a program, to determine what's important by using threat assessments and appropriate fixes.

"People designing systems are so focused on functionality that they try to do security at the end," said Eric Chamberlin, Cyber Security command and control lead, Cyber Systems Engineering Division. "If you try to do at the end, you're already behind the eight-ball."

Battle Management's Engineering Director, Garry Gagnon, mentioned how his directorate has put a policy in place to address software quality issues early on.

"That was our initial stage of trying to implement more secure capabilities from our systems," he said.

Participants also mentioned how a number of Hanscom systems connect to other systems and how program managers need to be aware of who owns data versus who owns the system.

"With program protection, you need to define boundaries," said Steve Falcone, Theater Battle Control Division engineering director. He added that now under the LCMC construct as systems are dealt with "end-to-end," the problems need to be dealt with in chunks, otherwise it's "too big an elephant."

Many people in the roundtable also noted that lack of resources, whether personnel or budgetary, increases the potential for risk.

Mayer addressed insider threats, as they are currently considered the number one threat to systems; however mitigation for that type of threat has to be balanced carefully with system functionality. The user often considers protections put in place to be disruptive to system operation, he added, leading to conversations about trust.

"Security needs to be considered in initial requirements," he said. "The threat is real. We need to do a better job defining requirements."

During the discussion on myths, it was determined that all security breaches cannot be prevented.

"[Cyber] is an ever-changing landscape with new threats and new breaches every day," said Chamberlin. "The key is to reduce risk to an acceptable level."

The organizers said the venue allows personnel to share expertise on methods, techniques and lessons learned.

"The exchange during this session seemed to unveil a common set of challenges from resources and program lifecycle to software quality and risk vectors," said Chamberlin. "When it comes to cyber threats, opportunities like this to collaborate aid in the defense of the ongoing cyber battle."

The Engineering Directorate will be holding more roundtables during upcoming focus weeks and would like input on topics. For additional information on this session or to propose an upcoming topic, email Chamberlin at eric.chamberlin.1@us.af.mil.