How Federal Agencies Might Improve their Poor Cybersecurity Posture

July 13, 2016 | Mackenzie Weinger
Photo: LagartoFilm

Hillary Clinton may have dodged an indictment when the FBI announced it would not recommend criminal charges against her for using a private email server while Secretary of State, but the State Department itself took a hit on account of its overall security culture.

During the FBI announcement last week on the Clinton email probe, FBI Director James Comey faulted the State Department for “generally lacking in the kind of care for classified information that is found elsewhere in the U.S. government.”

The State Department’s inspector general in May heavily criticized Clinton’s email practices and critiqued the organization at large, writing in its report that the department, and the office of the Secretary in particular, have been “slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership.”

The department has been plagued by “longstanding, systemic weaknesses related to electronic records and communications,” the report concluded.

While the State Department is particularly notable for its cybersecurity problems, the federal government overall is doing poorly. Just think back a year ago, when the Office of Personnel Management (OPM) announced it had been the target of a massive data breach resulting in the theft of millions of people’s personal information.

The private sector has been watching how the government is faring in the security arena — and two of the top cybersecurity companies have advice ready for departments looking to improve their cybersecurity posture.

“Most government agencies experience fundamental issues with their security postures, but there is a maturity curve, per se, in the severity of these issues,” Ken Durbin, federal programs strategist at Symantec, said. “Agency hierarchies can make it difficult for leadership to get an accurate view of the hardware and software assets residing in their environments. If agencies don’t know what’s on their network, they don’t know how to – and can’t – protect it.”

An analysis released in April from SecurityScorecard, a startup monitoring cybersecurity strength of companies, found that U.S. federal, state, and local government agencies ranked in last place in cybersecurity compared to 17 private industries, such as transportation, retail, and healthcare.

The federal organization with the strongest security posture was the United States Bureau of Reclamation, followed by the Architect of the Capitol, the CIA, the Federal Trade Commission, and the National Science Foundation.

The State Department finds itself near the bottom of the cybersecurity barrel. The government agency with the weakest security posture was NASA, according to SecurityScorecard, followed by the State Department, the National Oceanic Atmosphere Administration, the Treasury Department, and the Fish and Wildlife Service. And SecurityScorecard’s most recent rating of the State Department gives it a grade of ‘D,’ according to Alexander Heid, chief research officer at SecurityScorecard.

“ has hits on most categories of externally visible issues of concern, such as observed malware infections, insecure network communication protocols, outdated encryption protocols and leaked credentials observed circulating within the hacker underground,” he wrote in an email. “An active defacement was also observed indexed on public search engines, whereby a hacking crew has 'tagged' their handles on a subdomain.”

How can government agencies boost their cyber security posture? The Cipher Brief reached out to top firms Intel Security and Symantec to see what advice they could offer to the public sector to potentially strengthen cybersecurity.

Make data the centerpiece of cybersecurity

Intel Security’s chief technical strategist Scott Montgomery said the Clinton email server issue in particular points to the importance of having a data-centric security strategy. The key questions each agency should be asking are: What is really the most important data to protect? And how can it be ensured that if there is a breach, hackers will find information that is worthless to them?

“If you think about organizations that have sensitive or classified data, and you think about the way we transmit and receive data and how that’s changed over the last couple of years, people need to become a lot more data centric in their thinking and planning,” he said. “The value of the data doesn’t change just because you’re using a different kind of server or a different kind of transport mechanism or a different kind of client — the data’s the data.”

Government agencies need to rethink data, he said, and that includes identifying what data is key and thinking about the longevity of its importance.

For example, Montgomery said, consider the activities of a brigade overnight — “that might be extremely important today, tonight, but a month from now, it probably doesn’t have the same value as what it’s doing” at that very moment. But organizations, government or otherwise, “keep everything forever and try to protect it that way, and that’s not natural,” he said.

“I think not just government, but all organizations should be focusing on what data is valuable, how long is it valuable, and if it falls into the wrong hands, what are my protections about detecting that and protecting against that,” Montgomery, who used to serve as the company’s federal chief technology officer, added.

Focus on talent & increasing efficiency

By 2019, there will likely be a major workplace shortfall in the cybersecurity workforce, according to a study last year —Frost & Sullivan projects  the shortage will reach 1.5 million worldwide by that year. And the U.S. government will certainly feel the pain.

“What this creates in both government and nongovernment organizations is this specific demand for both automation and preserving talent,” Montgomery said. “There’s a lot of transition in the labor force and in order for orgs to survive, they have to retain talent and have to automate more tasks. Because even if they can retain, practitioners are saying we don’t have enough people, and it’s going to get worse before it gets better.”

That means a dual focus on both retaining cybersecurity talent — always a struggle for the public sector — and increasing the emphasis on automating more tasks, Montgomery said. “Any organization that is not focusing on increasing their efficiency in security operations is making bad decisions,” he said.

Government agencies, in the face of hackers and state sponsored adversaries, must focus on the efficiency challenge. There’s no question that’s a difficult task, given the number of things that must be protected, from mobile to the cloud to the internet of things, and Montgomery said that “organizations need to double down in becoming as efficient as they can.”

Durbin also emphasized the importance of recruiting and maintaining top talent, noting it is a “struggle” for the government.

“Federal agencies require the best of the best and often find that top talent jumps ship within a couple of years to the private sector, so it’s important for them to find ways to compete with the private sector and keep employees on board,” he said.

The White House on Tuesday announced measures to tackle that very issue, releasing its first-ever Federal Cybersecurity Workforce Strategy to help recruit, retain, and develop talent. In a blog post touting the new strategy, the White House also said it is “committed to a plan by which agencies would hire 3,500 more individuals to fill critical cybersecurity and IT positions by January 2017.”

Learn to share

Agencies often fail to consistently share security information with each other — something the private sector is much more adept at doing, Durbin said.

“Companies in the manufacturing and healthcare industries, for example, share threat information and learn from each other when it comes to cybersecurity incidents,” he pointed out.

The lack of sharing information is a major problem for federal agencies looking to boost their cybersecurity posture.

“Many departments don’t consistently share security information, and agencies still struggle to merge and correlate that data,” Durbin said. “It isn’t a matter of if, but when an incident occurs — so it’s imperative for agencies to have an accurate picture of their networks and data so they can put a detailed plan in place and know how to react once the worst happens.”

Don’t get lost in the cloud

“The use of the word cloud has become sort of a panacea that covers everything,” Montgomery said. “And cloud is a wonderful technology — if you’re using it to solve a problem the cloud can solve.”

So what is the cloud, other than a tech buzzword? It’s a network of computers that store and process data remotely, sharing resources to allow more efficiency.

Some departments may well benefit from the cloud, Montgomery pointed out, particularly if they do a lot of number crunching. Then the cloud is the “perfect application,” able to help with that task without needing to purchase more computers, he said. The question for many in government, however, is whether the cloud would allow the same level of regulatory compliance as would occur in their own data center.

“The answer is I don’t know,” Montgomery said. “But until you know as an organization you can meet your compliance with a lower cost, don’t go. Find out first you can reduce your overall cost and can get the same level of service agreements from a third party as from your own internal team.”

Some good news for government?

“I hesitate to say an agency is doing poorly with cybersecurity, because it often is not in their control,” Durbin said. “Funding issues plague everyone and greatly affect an agency’s ability to handle cybersecurity the right way.”

But there are things the federal government is already doing right, according to the private sector. Take the Department of Homeland Security’s Continuous Diagnostics and Mitigation program, which Durbin noted “raises the baseline of cybersecurity protections across agencies and facilitates the move to ongoing authorization” and Montgomery said has helped promote the idea that “we need to be vigilant all of the time.”

“I think Homeland really got it right, and I see organizations all across the board utilizing it,” Montgomery added.

The Office of Management and Budget (OMB), for instance, has made strides with its move to ongoing authorization. The process, which requires agencies to re-authorize their networks every 72 hours instead of every one to three years, “takes a big step away from the traditional culture of compliance and toward more effective continuous monitoring,” Durbin noted.

Government agencies are beset by problems with budgets, procurement, a slow moving bureaucracy, and the existence of antiquated legacy systems — things the private sector often does not have to deal with. However, those on the other side say government still has much it could learn from the private sector.

According to Heid, the scores of SecurityScorecard “are ever changing, however the government vertical as a whole still has a long way to go to match the information security postures of private sector enterprises.”

To improve cybersecurity, agencies need to focus on the fundamentals when it comes to knowing what is happening on their networks — and zero in on what is most crucial to protect, Durbin said.

“Private sector organizations are typically more agile, and can react more quickly to the changing threat landscape,” Durbin said. “They are more likely to take a chance on newer, cutting-edge technology and deploy that technology to reap the benefits.”

Next Steps in U.S.-Cuba Relations
Strengthening U.S. Cyber Defenses
Russia Sanctions: The New Normal
Corruption in China: The Party’s Over
Change in the Kingdom: Three Big Shifts
Managing Information & Risk in the Digital Age
Endgame in Afghanistan
The Convergence of Crime and Terror
Strengthening the Public-Private Partnership
The Billion Dollar Spy: An Interview with Author David Hoffman
The New Battlefield
North Africa: Instability Increasing
The Kidnapping Capital of the World
Homegrown Terror in the Age of ISIS
The Refugee Crisis: Europe on the Brink
The Future of Mexican Oil
Cracks in the System
Embassy Security Three Years After Benghazi
Fourteen Years Later
Can Congress Solve the Cybersecurity Problem?
Arctic Game Changer?
Where They Stand on National Security
The First 100 Days
Worthy of Fleming: Anthony Horowitz's "Trigger Mortis"
At the Crossroads
Eye in the Sky
Rough Road Ahead for Rousseff
Leveling the Playing Field: Tech Access in China
The Dead Drop
Top of Mind for Chief Security Officers
Protecting Your Business
The Future of Oil
Chinese Expansion in Latin America
American Involvement in Syria
The Future of Geospatial Intelligence
The Umbrella Movement: One Year Later
Ebola: An End in Sight?
The Pakistan Problem
The Dead Drop
The Encryption Debate
Going Dark
The US-Mexico Relationship
The Rise of Mobile Technology in Africa
The Dead Drop
Construction Boom in the Gulf
Cybersecurity: The Human Factor
Beijing and the South China Sea
Will Peace Talks Succeed in Colombia?
Social Media and Terrorism
The Rise of Israel’s Tech Sector
Securing the Border
Red Sun Rising
The Dead Drop
Adopting the Iran Deal
Stability on the Peninsula
Crime in South Africa
Combatting Terrorist Financing
The Dead Drop
Recovering from a Cyber Attack
Stability in South Asia
Veterans Day
Israel’s Wave of Violence
The Dead Drop
Protecting Critical Infrastructure
ISIS on the March
The Paris Attacks
Rethinking U.S. Security Assistance
The War on Terror 2.0
Putting Mali in Context
Will Russia Ever Change?
Will Canada Pull Back?
Understanding Putin’s Popularity
Chinese Expansion in Africa
Terrorism Finance and Wildlife Poaching
Illicit Trafficking in Latin America
Climate Change and Security
Preventing Another San Bernardino
Supply Chain Security
Negotiating a New Safe Harbor Agreement
The Battle for Yemen
Foreign Tech Access in China
The Dead Drop
Offensive Cyber Operations
Travel Security in the Age of ISIS
Iran: A Rising Cyber Power?
The Future of Cybersecurity
The Arab Spring Five Years Later
Preparing Today’s Military for Tomorrow’s Wars
Cybersecurity for Small and Medium-Sized Enterprises
Maritime Security in the Gulf of Guinea
Improving Aviation Security
The Dead Drop
Terrorism in 2016
Cybersecurity in 2016
The World in 2016: Opportunities and Risks
China in 2016
Russia in 2016
Moscow’s Cyber Buildup
The China-India Relationship
Russian Influence in Latin America
The Future of Homegrown Terrorism
Stability in Sub-Saharan Africa
Protecting Your Digital Identity
Elections in Taiwan: A Turning Point?
The Caliphate of Crime
Biotechnology’s Dark Side
Rethinking U.S. Strategy Toward China
The Evolution of Weapons of Mass Destruction
A New Era in US-Iranian Relations?
Will Information Sharing Improve Cybersecurity?
Evaluating China's New Silk Road
Tech in Latin America: Opportunities and Challenges
The Destruction of Libyan Oil
Ransomware: Protecting Yourself from Cyber Extortion
The US and India: Strengthening Security Cooperation
Security and Stability in Afghanistan
Combatting the Al Shabaab Threat
Sports Security: Protecting Your Venue
Israel’s Arab Alliance: A Counter to ISIS and Iran?
The End of U.S. Space Supremacy
The Caucasus: Instability Increasing
Stabilizing Iraq
The Trans-Pacific Partnership: Deepening U.S. Commitment to Asia
Securing Industrial Control Systems
The Battle for Ukraine
Defeating Boko Haram
Jordan: The Indispensable Ally
China’s Military Modernization
The Cybersecurity Skills Shortage
Solving Mexico’s Violence Problem
The Northern Triangle: The Most Violent Region in the World
The Future of the Middle East
Terrorism in the World’s Largest Muslim Country
The Rise of Quantum Computing
Europe’s Terrorism Problem
Stability in the East China Sea
The Rise of Counter-Drone Technology
The ISIS WMD Threat
Healthcare and the Cyber Threat
Security in the Indo-Pacific: Australia’s New Role
Countering ISIS' Message
Containing the ISIS Cancer
Security, Privacy, and the Fight Over Encryption
Taking Aim at Smart Guns
Losing Patience with North Korea
The Difficult Road Ahead for Colombia
The Taliban Resurgence
ISIS: The New Face of Global Jihad?
Connecting with Latin America
Russia and China: Mutually Assured Detachment
The Scourge of Terrorism
The Security Challenge of Terror
European Unity in the Face of Crises
Developing Enhanced Cybersecurity Systems
Pakistan: Friend and Foe?
Egypt’s Economy on the Brink
Tehran’s Balancing Act
Russia Makes Moves in the Middle East
Kenya’s Battle with al-Shabaab
Missile Defense in the Korean Peninsula
Are America's Ports Secure?
The Human Factor Behind the Panama Papers Leak
Russian Military Modernization
APTs: The Boogeymen of Cybersecurity
Vietnam: Guns and Butter
Syria: Power-sharing, Partitioning, and the Fight Against ISIS
Turbulence in Turkey
The U.S. and the Philippines: Shoulder to Shoulder in the South China Sea
The Darker Side of the Internet of Things
Cybersecurity Challenges in Asia
Taliban on the Offensive
Quagmire in Yemen
Cocaine and Conflict in Colombia
The Cloud: Nebulous, but Nimble
Censorship in China
An Emerging Crime-Terror Nexus in Europe
IRGC: Iran's Power Player
Latin America: The New Frontier for Cyber Attacks
The Hydra and the Snake: The Death of Osama Bin Laden
Nuclear Deterrence and Assurance in East Asia
Vehicle Cybersecurity: Running in Place
What Drives ISIS
Tensions Simmer in the South China Sea
Managing the Mobile Phone Malware Threat
Leaving the Oil Spigot Open
Burundi: A Path Toward Civil War?
The Value of Special Operations Forces
ISIS in the Balkans
The Tech Must Flow
North Korea’s Party Congress: What was all the fuss about?
Argentina: A Smoother Ride
Libya: Obama’s “Worst Mistake”
Tsai Ing-Wen’s Balancing Act
The North Korea Workers’ Party Congress and Kim Jong-un’s Legitimacy
Flying the Unfriendly Skies: Airline Security
Nuclear Standoff in South Asia
How to Read Riyadh
Even in Defeat, Austria’s Far-right Emulates Populist Growth in Europe
More Effective, Less Secure: The Cyber-Threat to Medical Devices
A New Era in the U.S.-Japan Security Partnership
Passing the Torch to the Next Generation of Saudi Leaders
U.S. Military Aid to Egypt Continues Despite Democratic Struggle
How Secure are Radiological Materials?
Roadblocks on the Path to Normality in Iran
Caracas in Crisis
Algeria: Exporting Stability
The Push for Kurdish Independence
U.S. and China: Strategic Cooperation at Arm’s Length
City Life: Living Smarter, Not Harder
Homegrown Terror in Orlando
A Rough Patch in U.S.-Saudi Relations
Japan’s “Abenomics”
A Tale of Two Bears: The DNC Hack
The Origins of Brexit
The Chinese Communist Party Under Xi Jinping
The Arctic: Technology and Infrastructure on Earth and in Space
Jordan: Stability Amidst Chaos
Exporting Jihad: Bosnia and Kosovo
Changing World Order: The Effects of Brexit
Navigating Uncharted Waters
Iraq after ISIS: Divide it or Fix it?
Terrorism in Istanbul: Severe Implications
North Korea as a Cyber Threat
One If By Air, Two If By Sea: Unmanned Surface Vehicles
The FBI’s Intelligence Mission
Does NATO Need a New Ideology?
Philippines v. China: Laying Down the Law of the Sea
Is Turkey Returning to a Policy of “Zero Problems?”
Federal Cybersecurity One Year After the OPM Breach
NATO: Weathering the Storms
The Rise of the Fringe: A Threat to Democracy?
Hezbollah's Many Faces
Trans-Pacific Trade Deal Remains in Limbo
The Aftermath of the Nice Attack: Is ISIS’ “Prestige” on the Rise?
Crossing the Line: A Failed Coup in Turkey
France’s Vulnerabilities in a Changing Terror Landscape
The Problem with Proxies
Water Security in South Asia: Running Dry and Running Out of Options
The Clash over Social Media Data
Extremist Groups Target Diversity in Bangladesh
Kenya: Private Sector and Government Coordinate on National Security
The ISIS-Al Qaeda Rivalry
Will Syria’s Most Productive Citizens Ever Return Home?
Trust but Verify: The United States, China & Economic Espionage
The World is Watching: The American Election and China
The Status Quo Will Not Work in South Sudan
Kurdistan as a Geopolitical Playground
Rio Olympic Games: A Missed Opportunity
Spinning Silk: Asia and the GCC
China-Japan Relations: Trading Goods While Exchanging Words
Climate Change in Ethiopia: Managing the Risks
Mounting Security Challenges in Afghanistan
Is There a Future for the Muslim Brotherhood in Egypt?
Niger Delta Militants Compound Nigeria’s Security Crises
Thailand Under the Junta
Brazil: Getting its House Back in Order Post Olympics
Indicators of Political Instability
Finding Water in the Desert: Water Security in the Middle East
The Blurring Line Between Cyber and Physical Threats
The World is Watching: The American Election and Russia
NATO’s Ambiguity on the Red Line for Russia
Boko Haram: The Plague Affecting Nigeria and Beyond
Tunisia: From Revolution to Governance
Russia, China, and Cyber Espionage
Best Of: The F-35 Joint Strike Fighter: Game-Changer or Procurement Nightmare?
Climate Change Jeopardizes National Security
Algeria: A Bulwark Against ISIS
Venezuela's Military: Both a Stabilizing and Destabilizing Force
Will Theresa May's Britain Stay Committed to European Defense?
America and the Asian Infrastructure Investment Bank
What’s at Stake in the South China Sea?
Fifteen Years After 9/11: Much Accomplished, Much to be Done
The Post-9/11 U.S. Military
The Post-9/11 U.S. Intelligence Community
South Africa: ANC Losing Its Grip on Power
The World is Watching: The American Election and Saudi Arabia
Turkish Leverage Over the United States and European Union
Nuclear North Korea: A No-Win Scenario?
Insider Cyber Threats: A Pressing Problem Facing Business
Al Shabaab: A Persistent Threat
Unease, Uncertainty, and Strife: Global Inequality and Instability
Europe Bears a Big Burden in the World's Migration Crisis
Malicious Cyber-Actors in the Financial Services Industry
China's Ongoing Struggle to Clamp Down on Terrorism
Growing Instability in Africa’s Top Two Oil Producers
The World is Watching: The American Election and Iran
Dollars and Sense: Military Spending During an Economic Downturn
Forewarned is Forearmed: Confronting Adversaries in Cyberspace
Is Peace Possible in Colombia?
The Rise of Hypersonic Weapons
Nuclear No First Use: Ambiguity vs. Clarity
Al Qaeda Growing Stronger By the Minute
Cyber and the Law
The DRC: Strong Grip on Power, Weak Handle on Governance
Combatting Haqqani Network is Key to Afghan Strategy
War and Peace: Syria and the Question of American Intervention
The F35: A 21st Century Coalition Asset
Objective: Mosul
Where is Duterte Leading the Philippines?
Great Power Politics in Latin America
In the Strait of Hormuz, Little has Changed with Iran
Corralling the Cartel: OPEC and Oil Prices
Russian Hacking: The Difficult Path Between Inaction and Escalation
Philippines' Duterte Leaves U.S. Policymakers "Baffled"
The World is Watching: The American Election and Germany
Can Hamas Elections Shift the Status Quo?
What is the Future of U.S. Policy in Latin America?
Conflict and Common Goals: the Government and Silicon Valley
Kashmir in Crisis—Again
Al Qaeda in Syria: The Split That Wasn't
EU and U.S. Interests in Hungary in Jeopardy
The Price of Turkish Posturing in Iraq
Is it Possible to Hack the Vote?
Decision Day in the U.S.: Daunting Security Challenges Ahead
The State of Play in Syria
Modi: Modernizing India
Trump's Win Creates Uncertainty in Europe
The Powers and Pitfalls of Drone Warfare
Insurgent Use of Unmanned Aerial Systems: A Cat-and-Mouse Game
The African Migrant Crisis: The EU Takes Action
The U.S. Military: Ready or Not?
Sisi, the IMF, and Egypt's Crumbling Economy
Can Robots Fight Wars? The Future of Lethal Autonomous Weapons Systems
The Global Debate Over the Legality of Drones Continues
Agility and Innovation in the Third Offset Strategy
China's Economy: Great Power, Great Responsibility
Identity in Cyberspace: The Advent of Biometrics Authentication
Obama's Legacy on Russia and China: Making the Grade
Sweden, Finland & Norway Deepen Defense Ties with the West
Developing and Sticking With a Clear Strategy in Afghanistan
Italy’s Choice: Damned If You Do, Damned If You Don’t
Predicting the Future: Anticipating Security Events with Data Analytics
Russia’s Energy Leverage Wanes in Parts of Europe
The U.S.-Japan Alliance: A Safe Harbor
President Obama's Counterterrorism Legacy
Dialing Up Controversy with China
China Officially Ties Internet Restrictions to its own National Security
Trumping Trade: Alternatives to TPP
The International Criminal Court, Under Pressure, Turns Eyes on U.S.
Egyptian and Israeli Cold Peace Has Never Been Warmer
Trump, Russia, and the CIA: Allies and Adversaries Confused
Hacking Against Cybercrime: The FBI's New Approach
Trumping Trade: The Future of NAFTA
Violence in Mexico Surges
Directed-Energy Weapons: Time to Focus
At the Crossroads Between East and West: Turkey and the World in 2016
The Perils of Connectivity: Cyber Insecurity in 2016
The Party Endures: China and the World in 2016
Cracks in the Union: Europe and the World in 2016
Eyes on the Kremlin: Russia and the World in 2016
Terrorists Don't Have to Win - They Just Have to Survive: Counterterrorism in 2016
A Perennial Task with No Finish Line: U.S. Defense Planning and Procurement in 2016
A Changing of the Guard: U.S. Counterterrorism Policy
Poland: Strong Defense Partner But Taking Undemocratic Steps
Land, Sea, and Air: U.S. Military Readiness in the Navy and Marine Corps
Syria's Tangled Trilateral Road to Peace
The UK’s New Surveillance Law: Security Necessity or Snoopers’ Charter?
South Korea’s Foreign Policy: Leaderless, but Not Rudderless
Jammeh to Cede Power, Leave The Gambia
Mali’s Instability: Advantage, Al-Qaeda in the Islamic Maghreb
Railguns: The Fast, the Furious—and the Future?
Swarming the Battlefield: Combat Evolves Toward Lethal Autonomous Weapons
Mixed Signals to Moscow: The Trump Administration's Russia Policy Puzzle
NATO’s Changing Face Under the Trump Administration
South Korea’s Presidential Crisis: Is Democracy Stuck in Park?
Power and the U.S. Presidency
Trump's Hour of Action: Recommendations for Cyber Policy
Passing the ‘Football’: The Future of U.S. Nuclear Policy
The Baltics Up the Ante in Defense
Take It or Leave It: The Future of the Two-State Solution
Trump and Trudeau: Fire and Ice
Cybersecurity in the Gulf: The Middle East's Virtual Frontline
Little Margin for Error in South China Sea Policy
Eritrea: A Potential U.S. Counterterror Partner
Trump Administration Faces Daunting Challenges in Afghanistan
The New Space Race
Autonomous Hacking Bots: Menace or Savior?
Myanmar’s Rohingya Crisis – Fertile Ground for Jihadis in Southeast Asia?
Cuba Lingers in Limbo
Designating the Muslim Brotherhood As Terrorists Is Complicated
Trump and the New Map of the Middle East
The New Technology of Humanitarian Assistance
Missile Defense: Blocking Threats or Blocking Diplomacy?
Flynn Controversy Raises New Questions
Doubling Down Against the Jihadist Message
Civilians and the Military Under Trump
The Gulf Cooperation Council Operates in a Tumultuous Region
DIY Defense Tech: More Countries Seek Advanced Homegrown Weaponry
The Vice Closes on Mosul: What Next?
U.S. Marines Head to Norway and Australia
Cyber Proxies: A Central Tenet of Russia’s Hybrid Warfare
The Future of Transatlantic Defense: More Europe
Trump’s NSC: A Bureaucratic Balancing Act
Tallinn Manual 2.0: Stepping Out of the Fog in Cyberspace
Defining Objectives for the U.S.-Iran Relationship
The U.S.-Japan Alliance: Reform and Uncertainty
India’s Cyber Potential: A Bridge Between East and West
Missile Defense: Targeting a Technological Solution
NATO Zeros In on Black Sea Security
Vying for Power in Iran
The TPP Without America
Disentangling the NSA and Cyber Command
The United Nations at a Tipping Point
Developing Special Operations Forces in China and Russia
Hawala Networks: The Paperless Trail of Terrorist Transactions
Objective: Raqqa
The Baltics: Veterans of Russian Cyber Operations
Security Concerns Complicate Investment Opportunities in Mozambique
What Is the “Deep State”?
Al Qaeda Takes Advantage in Syria
The War of Words Between Europe and Turkey
Jumping the Air Gap: How to Breach Isolated Networks
Sizing Up the Trump Defense Budget
Brexit Begins: Hurdles to a UK-EU Deal
India-Israel Relations: An Opportunity That Can’t Be Missed
Why Syria’s Kurds Are America’s Key Ally
China Pivots its Hackers from Industrial Spies to Cyber Warriors
Putin vs. The Unknown
Germany, Japan Strengthen Defensive Capabilities
The Long-Goodbye to Afghanistan – Should It Get Longer?
Turkey’s Referendum: The Dangerous Road to “Yes”
Trump Draws the Line in Syria
EU Economic and Military Investments in Africa Increase
Trump-Xi Summit: No Real Progress Yet, but Stay Tuned
The Zero-Day Dilemma: Should Government Disclose Company Cyber Security Gaps?
Stepping into the Void of Trump’s Global Retreat
Al Qaeda Quietly Expands in South Asia
Chinese Firms Surge into Africa in Search of Customers, Contracts, Jobs
How Spy Agency Hackers Pose As – Anybody
Does Moderate Political Islam Exist?
The Call to Radicalism, Both at Home and Abroad
Instability Casts a Shadow Over French Presidential Election
The Problem of Siloed Cyber Warriors
Best Of: Sizing Up America’s Aircraft Carriers of the Future
Europe Intel Sharing Will Take Trust
Rebranding Countering Violent Extremism Programs: A Sharper Focus or Missing the Point?
Trump 100 Days: From the Travel Ban to TPP
The Power of Botnets: Amplifying Crime, Disinformation, and Espionage
The “China Solution”: Beijing Aims for Global Leadership
Venezuela Teetering on the Edge
A Tale of Three Libyas
Worlds Collide in the French Election
NSA Curtails Collection Under FISA Provision
U.S. Special Operations Forces’ Changing Mission in the Middle East
The Comey Fallout
Is Sudan Still a State Sponsor of Terror?
Will Moon Bring Back Sunshine Policy in South Korea?
WannaCry Attack: Microsoft Questions Role of Intelligence Community
Defending the U.S. from North Korean Long Range Missiles
Blue Helmets Under Fire - From Trump
The War Against ISIS Has Just Begun
The “Renaissance” in Private Space Launch for Defense
Chinese Industrial Spies Cast a Wider Net
Could Iran’s Elections Indicate a New Future?
Western Balkans in Russia’s Crosshairs
Japan, South Korea Shaken by Pyongyang, Beijing – And Now, Washington
How Can the U.S. Level the Digital Trade Playing Field?
Best Of: Sizing Up America’s Aircraft Carriers of the Future
U.S., China, Others Build Bases in Djibouti – What Could Go Wrong?
Asian Nations Arming for Underwater War
Would an Arab NATO Help Stabilize the Mideast — or Inflame Iran?
The Hardest Fight Comes After Mosul Falls
Terror in London: ISIS Threat to West Intensifying
UK Terror Attack: Looking for Links to the U.S.
Europe Is Boosting Defense Spending – And It’s Not All About Trump
Populism Spreads Across U.S., Europe But Could Halt as Economy Rallies
Pyongyang and Beijing No Longer “Close as Lips and Teeth”
Terror Finance in the Age of Bitcoin
Does Brexit Still Mean Brexit?
South Africa: On the Road to Turmoil?
Will China Play Peacemaker with Its Oil Suppliers Saudi Arabia and Iran?
Philippine City is a Battleground in Global Fight Against Extremism
Drugs and Violence on the United States’ Doorstep: No End in Sight
Can China Actually Restrain Kim Jong-Un?
Allying Public and Private Forces on the Front Lines of Cybersecurity
Close Calls or Worse Between U.S. and Russia in Syria
U.S. Running Out of Options in Afghanistan