Hosted Collaboration Solutions for Government (HCS-G).

Iron Bow’s HCS-G, powered by Cisco, is a FedRAMP Authorized cloud-based collaboration service built to help you improve communication capabilities, empower your mobile workforce, meet cloud-first mandates and maintain stringent security standards. Check out this video and see how we can help your agency overcome key IT and business challenges.

See what VDI can do for your agency.

The case for Virtual Desktop Infrastructure (VDI) has never been stronger. Agencies are looking for better approaches to securing and managing end-user devices. Check out this infographic and see what’s driving the interest in VDI solutions—and what concerns are slowing agencies down.

@Iron_Bow
About TechSource

Welcome to Iron Bow's TechSource, a blog about the issues facing the government and industry today and the technologies being adopted to help overcome them.

Industry Must Step Up to Help Secure DoD Technology

Rob Chee, Technical Director, Cyber Security, Iron Bow Technologies

May 7, 2019  |  Cyber Security


More than any other agency in the federal government, the Department of Defense (DoD) faces incredible challenges when it comes to cyber security. The problem: our warfighters should be able to use the most cutting-edge technology, but they need to make sure systems and devices are protected against bad actors and nation states.

In February, DoD Chief Information Officer Dana Deasy told the House Armed Services Committee’s panel on intelligence, emerging threats, and capabilities that the department’s cyber workforce is critical to mission success. But they can’t do it alone.

For decades, the DoD led the pack in innovation, from the creation of the internet to development of high-performance computing. Now, industry must step up and play a big role in the security of defense technology.

Private sector partners should be trusted advisors to the DoD and its affiliated agencies, shepherding them through their ongoing digital transformation. With cloud based services, this means keeping them updated FedRAMP status of cloud services. This is a difficult process but highly valuable for DoD organizations trying to migrate to cloud based services.  In most cases vendors first enter FedRAMP at Impact Level 2. This is a great first step towards the Impact Levels (IL) 4 and 5 that many DoD organizations require.  Private sector partners can help DoD organizations plan for the future of FedRAMP cloud adoptions with their unique relationship with vendors and DoD customers.

But even before that happens, industry can help prepare defense agencies. Most of the latest apps are developed as cloud-based so they can be tested without being put into a production environment. This allows the DoD to try out these apps in a secure environment and see how they could integrate into current systems. So when time comes, and they’re authorized for use at IL4 and IL5, defense IT teams will have some level of understanding and familiarity about operationalizing the apps.

The private sector should also be priming DoD for the newest cyber security innovations. These technologies may not be battlefield ready just yet, but it won’t be long, and communicating to them their roadmap and listening to future requirements is a must.

For example, when completing an incident response, secure chat with strict Role Based Access Control (RBAC) will be a game changer for DoD cyber security. Analysts across the world will be able to investigate incidents together with the confidence that only authorized incident responders will be able to view their correspondence. All of the info from the chats can be placed in a controlled casebook to provide a historical record of the breach viewable only by parties with a need to know. This allows authorized analysts in the future, to look back on those chat logs and spot similarities or figure out how the attacks were mitigated. This level of security protects the organization from insider threats, attackers looking for how the organization is responding to incidents, and any inadvertent public leaking of information.

Another emerging technology for DoD is breach and attack simulation software. Using this software, defense agencies will be able to test out the effectiveness of security controls in their own environment on a continuous basis rather than relying only on periodic penetration testing engagements. In many cases vendors are using the MITRE ATT&CK framework as a basis for the attack simulations. This provides a common language and standardized set of attacks that can reference back to a deep repository of information maintained by MITRE.  When an attack simulation is successful, the robust documentation eases the remediation process to fix problems with the rich set of information about how the attack occurred, the severity of the attack, and the possible remediation actions.

If you’re interested in finding out more or discussing future cyber techniques and emerging solutions contact us today and visit our website or say hello at AFCEA’s TechNet Cyber 2019 show in Baltimore, Maryland.


TechSource in your Inbox

Sign-up here to receive our latest posts by email.

  • This field is for validation purposes and should be left unchanged.