Industry Must Step Up to Help Secure DoD Technology
More than any other agency in the federal government, the Department of Defense (DoD) faces incredible challenges when it comes to cyber security. The problem: our warfighters should be able to use the most cutting-edge technology, but they need to make sure systems and devices are protected against bad actors and nation states.
In February, DoD Chief Information Officer Dana Deasy told the House Armed Services Committee’s panel on intelligence, emerging threats, and capabilities that the department’s cyber workforce is critical to mission success. But they can’t do it alone.
For decades, the DoD led the pack in innovation, from the creation of the internet to development of high-performance computing. Now, industry must step up and play a big role in the security of defense technology.
Private sector partners should be trusted advisors to the DoD and its affiliated agencies, shepherding them through their ongoing digital transformation. With cloud based services, this means keeping them updated FedRAMP status of cloud services. This is a difficult process but highly valuable for DoD organizations trying to migrate to cloud based services. In most cases vendors first enter FedRAMP at Impact Level 2. This is a great first step towards the Impact Levels (IL) 4 and 5 that many DoD organizations require. Private sector partners can help DoD organizations plan for the future of FedRAMP cloud adoptions with their unique relationship with vendors and DoD customers.
But even before that happens, industry can help prepare defense agencies. Most of the latest apps are developed as cloud-based so they can be tested without being put into a production environment. This allows the DoD to try out these apps in a secure environment and see how they could integrate into current systems. So when time comes, and they’re authorized for use at IL4 and IL5, defense IT teams will have some level of understanding and familiarity about operationalizing the apps.
The private sector should also be priming DoD for the newest cyber security innovations. These technologies may not be battlefield ready just yet, but it won’t be long, and communicating to them their roadmap and listening to future requirements is a must.
For example, when completing an incident response, secure chat with strict Role Based Access Control (RBAC) will be a game changer for DoD cyber security. Analysts across the world will be able to investigate incidents together with the confidence that only authorized incident responders will be able to view their correspondence. All of the info from the chats can be placed in a controlled casebook to provide a historical record of the breach viewable only by parties with a need to know. This allows authorized analysts in the future, to look back on those chat logs and spot similarities or figure out how the attacks were mitigated. This level of security protects the organization from insider threats, attackers looking for how the organization is responding to incidents, and any inadvertent public leaking of information.
Another emerging technology for DoD is breach and attack simulation software. Using this software, defense agencies will be able to test out the effectiveness of security controls in their own environment on a continuous basis rather than relying only on periodic penetration testing engagements. In many cases vendors are using the MITRE ATT&CK framework as a basis for the attack simulations. This provides a common language and standardized set of attacks that can reference back to a deep repository of information maintained by MITRE. When an attack simulation is successful, the robust documentation eases the remediation process to fix problems with the rich set of information about how the attack occurred, the severity of the attack, and the possible remediation actions.
If you’re interested in finding out more or discussing future cyber techniques and emerging solutions contact us today and visit our website or say hello at AFCEA’s TechNet Cyber 2019 show in Baltimore, Maryland.
TechSource in your Inbox
Sign-up here to receive our latest posts by email.