EXPANDING JOINT VULNERABILITY ASSESSMENT BRANCH

Grandon Gill
Muma Case Review  •  Volume 1  •  2016  •  pp. 001-014
David Rohret, the founder of the Joint Vulnerability Assessment Branch (JVAB) pondered this difficult question. Since 2003, he had been involved in building a team that was uniquely positioned to identify a wide range of vulnerabilities in military and commercial communications and web-based systems. He could cite numerous examples of past situations where the early use of JVAB’s services led to, or could have led to, tens of millions of dollars in savings—or possibly more, had the issues they detected been left unattended. The value that JVAB offered was gradually being recognized and, as a result, demand for their services was building. The problem was that it was nearly impossible to hire people with the skills necessary to meet the growing need.

There were a number of aspects of JVAB’s approach that made it unique. First and foremost, it had been early to recognize that formerly distinct elements of communications systems were rapidly converging. Historically, communications using radio frequency (RF) signals had been the domain of electrical engineers, while network communications were handled by computer scientists. As network traffic was increasingly being handled using cellular and wifi signals, however, RF intrusions became a serious threat. By the same token, RF communications—such as those handled using high end hand-held devices and cell phones—often relied on the same IP protocols used by the Internet—making them a potential pathway to servers.

Another key aspect of JVAB was its adversarial mindset. It prided itself on using the same tools and techniques as the black hat hackers that threatened systems in real world settings. Not only was this an attitude that was generally not cultivated in educational institutions, it also ran counter to the experience of individuals that has spent all their professional life dealing with security in a defensive posture.

In the past, Rohret had hired high potential individuals, usually with military experience, and had helped them develop their skills over many years. The end result was the formation of a team with an extraordinary track record of success. But if JVAB were to meet the continuing demand for its services, it needed to figure out new ways to expand. That could be a real challenge in an organization where the most valuable assets all wore shoes.
cybersecurity, information systems
26 total downloads
Share this
 Back

Back to Top ↑