DoD’s Greatest Challenge: Protecting The Defense Enterprise From Cyber Attack

The Department of Defense is not merely dependent on networks; networks provide critical military advantage across virtually all warfighting domains. These networks are constantly changing, growing, reconfiguring. There are now more than 7 million devices connected on the DoD networks. There are multiple networks at different levels of classification, supporting individual Services, operating in different parts of the world.

Just as the business, healthcare, entertainment and education environments are being reshaped by the power of information technology (IT), so too is national defense. In effect, the tool is changing its user. The Pentagon must stop thinking in terms of networks as the space between endpoint devices. In fact it is a mistake to speak just of devices, data or networks. Virtually everything is now connected. The Services, Intelligence Community and supporting private industry are being reshaped by the power of IT. Their relationships are evolving due to their involvement in a wide array of networks. Really this is about the DoD enterprise, the totality of entities, processes and people involved in organizing, training, equipping, deploying and employing military forces.

The centrality of networking to everything DoD does is reflected in the current effort to create a Joint Information Environment (JIE). The JIE is described as a single, consolidated  IT platform based on standardized protocols and procedures, consisting of a shared IT infrastructure, enterprise services, and a single security architecture. By pulling together the disparate networks, systems, services, activities and facilities, DoD hopes to achieve full spectrum superiority, improved mission effectiveness, increased security and greater cost-effectiveness.

Reconceptualizing the nature of DoD’s networks leads naturally to a revisioning of the path towards securing the enterprise in the 21st Century. The JIE speaks of a single security architecture across the entire “network.” This is in line with a key recommendation of a recent Defense Science Board report on network resilience, that DoD “Establish an enterprise security architecture, including appropriate ‘Building Codes and Standards’, that ensure the availability of enabling enterprise missions.”

The JIE’s single security architecture will help protect the defense enterprise by reducing access points to the network, providing centralized configuration management and establishing common security protocols and tactics, techniques and procedures (TTPs). But this approach is insufficient by itself to provide the kind of security needed against a threat growing in scale, scope and sophistication every day.

Providing security for a massive enterprise that is continually growing and changing, but with many legacy platforms and applications and in constant danger of attack from without and within, requires a layered defense that includes end-to-end visibility, extremely rapid threat detection and response, information sharing at network speed and a single coherent approach or methodology.  The cyber security industry has accepted the need to move from a reactive to a pro-active posture, one that goes well beyond perimeter security and signature identification as the key to threat detection and response. A pro-active security system must see, interpret, decide and react at speed anywhere in the enterprise.

The only way to achieve the desired state of enterprise security with continuous visibility across all systems, real time scanning, models that help identify anomalies, rapid threat detection and mitigation of effects locally is to base the security architecture on a unified security framework that employs a single, core security management platform. This platform also must support enterprise expansion involving new devices/endpoints (from chip to Cloud), as well as rapid addition of new security capabilities with no loss of functionality. Without a core security management platform configuration control cannot be achieved, the drive for standardized protocols and TTPs would break down and the risk would rise that adding new, cutting-edge capabilities would introduce additional vulnerabilities.

The time has long passed when the Pentagon could design and build its own stand-alone security architecture and management platform. The skills and experience necessary to design, build, maintain and upgrade such a security system in a timely manner exists almost exclusively in the private sector. While DoD can define requirements, contract for services and oversee activities, it must rely on the private sector to manage security, integrate legacy and new capabilities, and provide threat assessment and response at network speed.