Vincent Mihalik, Wyle

Vincent Mihalik has more than 25 years of Department of Defense experience specializing in cybersecurity, business and IT strategic planning, IT transformation, program management, and emerging technology assessments. Throughout his career, he worked closely with the heads of the Defense Intelligence Agency and the U.S. Army G-2, as well as led congressional briefings in the U.S. House of Representatives. Mihalik has provided advisory services to the senior leadership of DIA, NGA, NRO, FBI, IRS, and U.S. Army PEO-EIS and has considerable experience in the business application of analytical solutions for the federal government. Currently serving as vice president of cybersecurity solutions at Wyle Information Systems, Mihalik has previously held leadership positions at Gartner Inc., Booz Allen Hamilton and Anteon.

TheNewNewInternet: What are some key offerings of Wyle?

Vincent Mihalik: Wyle is a leading provider of high-tech science, aerospace engineering, and information technology services to the federal government. We provide a robust set of cybersecurity capabilities in information assurance and computer network defense to both DoD and civilian government customers. Our engineers and scientists are working on solutions to increase cyber-situational awareness, deploy innovative forensic analysis techniques, and enable organizations to achieve inspection compliance while securing their enterprise. In fact, Wyle is the principle provider of IT security for one of our defense customers, and DISA recently rated this program as providing ‘outstanding computer network defense.’

TNNI:  What are some of your biggest current contracts/projects? Which agency(ies) do you primarily provide support to? How much of your work is in other critical infrastructure sectors?

Mihalik: Wyle has a broad federal market contract base, although historically it is fair to say that the U.S. Navy, Army, and Air Force make up the majority of our base. Much of our work is sensitive, and Wyle is recognized as one of the nation’s leading providers of trusted services and solutions. Wyle will have pro forma revenues of approximately $1 billion with the addition of recent strategic acquisitions.

TNNI:  What is the greatest threat currently facing the nation in cyberspace and why?

Mihalik: A complete understanding of the makeup of the threats facing the United States in cyberspace is difficult to characterize in a short response. Some suggest the cyber threat is overhyped and others suggest that we are actively engaged in a cyber war.  It is often stated that if end-users and systems administrators would follow generally accepted best practices for computing, our cybersecurity risk could be reduced by as much as 80 percent. At Wyle, our philosophy is based on solutions that encompass active defense today and investment in research and development to prepare for next-generation threats. At Wyle, we design, operate, and manage networks that allow our customers to operate securely in cyberspace in compliance with federal requirements for a secure  federal enterprise… an end state through a set of means. Our relationships with DARPA, NSA and USCYBERCOM provide us insight in to leading-edge security technologies and processes, and form a basis for collaboration and information sharing in facing this evolving threat.

TNNI:  How important is the government contracting community to the efforts to secure the U.S. critical infrastructure and intellectual property?

Mihalik: Government contracting has been and will continue to remain an important resource for federal managers, even amid the current in-sourcing trend. We have seen the pendulum swing back and forth over the past several decades with regard to the numbers of staff provided by contract compared to government workers. One aspect will not change… inherently governmental roles will remain the domain of federal staff. In an industry segment like cybersecurity, there will be increasing demand for cybersecurity skill sets for both the government and industry, and Wyle has been leading the way with our Information Assurance Training Academy for more than five years. The Wyle IA training curriculum boasts one of the highest pass rates in the industry for critical cybersecurity certifications.

TNNI:  Why are you involved in cyber? What motivates you every day?

Mihalik: Defending America has been one of my passions for over 25 years. I enlisted in the Navy during the Cold War, and I continue to serve our country today. Cybersecurity is an evolving domain that requires a public/private partnership to ensure that the United States maintains its technological advantage over those who would do it harm. The national security of our nation depends on freedom of action in cyberspace, whether we are talking about financial transactions, weapons systems, or personal privacy information. Wyle has been defending America since 1949, and I am proud to have joined the Wyle team.

Prediction 1: Anti-virus software would not be enough to stem the tide of cyber attacks.

Assessment: “Traditional anti-virus software that relies on the creation of signatures, or digital fingerprints, to identify threats simply cannot keep up with the current rate of malware creation, but this does not mean cyber criminals have won,” Weafer writes.

Prediction 2: URL shortening services, such as that used for Twitter, will be exploited by phishers.

Assessment: “Spammers and phishers alike certainly are catching on to this trend,” Weafer writes. “In July 2009 just more than 9 percent of spam emails used shortened URLs to disguise the true destinations of included links. In April 2010, however, this number nearly doubled to 18 percent of spam. Users should be wary of following shortened URLs sent to them from unfamiliar sources.”

Prediction 3: Specialized malware.

Assessment: “So far, we have not seen an explosion of specialized malware, but a few incidents have occurred that lead us to believe this trend might still come into its own in the second half of the year,” Weafer writes.

Prediction 4: Captcha technology will get better.

Assessment: “Unfortunately this trend is progressing just as predicted,” Weafer writes. “Earlier this year The New York Times reported spammers are indeed recruiting workers in developing countries to physically bypass Captcha codes and generate new accounts for spamming. Spammers are paying just 80 cents to $1.20 per 1,000 deciphered Captchas.”

Prediction 5: IM spam.

Assessment: “Cyber criminals not only proved our prediction right, they went beyond the mark,” Weafer writes. “Just as with links in emails and social-networking messages, users should be very wary of clicking on links in IMs.”

“The Obama administration made a strong start at rationalizing U.S. cybersecurity policies, including an initial 100-day review of existing protocol and the creation of a ‘cyber coordinator’ position,” he writes. “Unfortunately, the momentum with which the administration started seems to have waned.”

While the United States is in a better position than it was previously in, there is still work to be done to ensure better security in cyberspace, according to Rosenzweig.

“Today, as it pertains to cybersecurity, America still needs clearer lines of authority within the federal government and a more coherent structure of public–private interaction to allow for effective action,” he writes. “That structure should provide for greater and more effective control and coordination of the federal effort. Though current cyber coordinator Howard Schmidt has begun well, he should become a cyber leader with more directive authority.”

As the cyber capabilities expand, the United States increasingly needs to stay ahead of the curve in cyber.

“Duplicative effort and the waste it entails are not the only risks posed by uncoordinated federal activity,” Rosenzweig said. “More significantly, the lack of coordination reflects an inability to bridge a cultural gap between the openness of the Silicon Valley and the secrecy of a national security environment.”

The homepage of the organization was hacked and defaced with a pro-Palestinian message related to the recent events involving the so-called Gaza Flotilla. The web graffiti read:

“Virtual Protests will continue..! Everything for PALESTINE! JaCKal Ownz Your System. I came challengeing to the world THE END.”

The site administrators are working to remove the defacement Presently, it is unclear how the hacker, calling himself the JaCKal, managed to break into the system.

A metropolitan court magistrate in Mumbai denied a motion to to release Hari Prasad on bail prior to Aug. 28. Prasad was arrested when he refused to divulge the source who gave him an electronic voting machine to use in his research. The government had refused to supply him with a machine for security testing.

“This is a very sensitive case with repercussions at the national level and police should be given time,” Magistrate V B Srikhande said in court on Thursday, according to The Times of India.

Prasad claims to have obtained the machine legally and returned it within two days.

“We are conducting a thorough probe to find out who was actually behind it, why it has been done and whether there is a conspiracy to discredit India’s election process,” an unnamed official told the publication.

Tom Reilly, ArcSight

Cybersecurity firm ArcSight has put itself up for sale, with potential buyers including Oracle Corp, IBM and HP, according to The Wall Street Journal.

The possibility of an acquisition has increased the firm’s stock price 29.7 percent to $36.63. According to WSJ, any acquisition deal could be for around $40 per share or around $1.4 billion.

The announcement of the deal comes on the heals of Intel’s recent acquisition of McAfee and HP and Dell’s efforts to buy 3PAR Inc.

Cyber Intelligence General Requirements
Certification: CISSP, CISM, CISA, or similar widely recognized IT Security certification is preferred
Clearance Requirements: Active Top Secret with previous SCI clearance held
Years Experience: 6 minimum of strong relevant experience
Bachelor’s degree in information management or information systems management, business administration, technology management, or related disciplines, or equivalent experience.

Click to learn more

William Lynn

The Pentagon has a new cyber strategy, outlined by Deputy Defense Secretary William J. Lynn III in the September/October edition of Foreign Affairs.

“Although cyberspace is a man-made domain, it has become just as critical to military operations as land, sea, air and space,” Lynn writes. “As such, the military must be able to defense and operate within it.”

To facilitate DoD’s operations in cyberspace, the department has set up a new organizational structure in U.S. Cyber Command, headed by NSA director Gen. Keith Alexander. The command will provide security for military operations in cyberspace, provide a way to marshal attack capabilities, and provide aid to civilian agencies and the Intelligence Community.

“Given the dominance of offense in cyberspace, U.S. defenses need to be dynamic,” Lynn writes. “Milliseconds can make a difference, so the U.S. military must respond to attacks as they happen or even before they arrive. To grapple with this, the Pentagon has deployed a system that includes three overlapping lines of defense.”

The United States must also be able to respond to intruders who have managed to breach the network as well.

“This requires being able to hunt within the military’s own networks,” Lynn writes, “a task that is also part of the Pentagon’s active defense capability.”

Click here to read the full article

Sen. Tom Carper

The Senate is considering adding cybersecurity legislation to the defense authorization bill to ensure that some semblance of cyber legislation is passed this year, Sen. Thomas Carper told GovInfoSecurity.

“It’s hard to get a measure like cybersecurity legislation passed on its own,” Carper said.

Cyber backers are considering adding cyber legislation to a bill that is likely to pass, for example, the National Defense Authorization Act. The act is likely to pass prior to mid-term elections. Also, since cybersecurity is a piece of national security, “that is a place that makes a lot of sense,” Carper said.

Currently, two major cyber bills are undergoing a negotiation process between two committees to develop comprehensive legislation.

“We’re very close to where we need to be in developing a joint proposal,” Carper said. “It’s more of a national security issues that we ought to do sooner rather than later and I hope we will.”

Paul Cofoni

As part of its “Top Secret America” investigative piece, The Washington Post spoke with Zal Azmi and Paul Cofoni of CACI, who serve as the cyber lead and president and CEO respectively.

Recently, CACI hosted a symposium titled “Cyber Threats to National Security,” which looked at cyber threats and produced several recommendations for policymakers.

The symposium discussed the overlap present in the government regarding cyber efforts and the lack of coordination currently present. During the interview, Cofoni and Azmi discussed some of the company’s technologies, including one detecting incoming and outgoing signals to a building and one that captures biometric data. The company is also developing signal-detection devices to be mounted on vehicles.

Despite the overlap, Cofoni is not convinced centralization into one organization is the best approach.

“[It is] impossible for any central agency to contemplate every possible permutation of what’s needed,” he said. “If we tried to centralize every need for cyber, we would fail utterly. That’s trying to centralize around millions and millions of problems. We’d never solve them all.”