Government // Cybersecurity
News
6/5/2014
09:06 AM
Connect Directly
RSS
E-Mail
50%
50%

DOD Cyber Architecture Takes Shape

Military's cyber defense efforts remain a work in progress, officials say.

DARPA Next-Gen Aircraft: Sneak Peek
DARPA Next-Gen Aircraft: Sneak Peek
(Click image for larger view and slideshow.)

Despite years of development, the Defense Department's cyber warfare/defense systems are still a work in progress. The major concern for the department and the individual services is the ability to coordinate both physical and cyber operations securely, while protecting their own networks from attack, officials said.

One of the Defense Department's, and by extension the government's, key cyber security goals is creating truly defensible and resilient networks, explained Navy Admiral Michael Rogers, commander of US Cyber Command and director of the National Security Agency. Speaking at a recent government-industry symposium, he noted that current DOD networks and the civilian Internet were originally designed to move data across long distances between trusted, assured users. This fundamental piece of the architecture is one of the strengths and challenges of the Internet, he said.

But building a defensible architecture on this existing infrastructure presents a challenge, he explained, because it is "hard to defend something where defense is a secondary characteristic."

[Agencies face challenges in hiring top security talent. Read Government Hiring Practices Hamper Cybersecurity Efforts.]

The DOD's key effort to get around this issue and create a secure work space is the Joint Information Environment. When it is complete, the JIE will allow the individual military services to share information seamlessly and conduct operations in a way that cannot be done efficiently in the DOD's current IT architecture. The initial phases of the program are already underway, with US military commands in Europe and Asia shifting their computer networks to the JIE, he said.

Besides creating a new, secure environment, the DOD also needs to know what's going on in its networks in real time. The military is working on creating a situational awareness capability that will allow human and automated defenders to react immediately to intrusions and attacks on military systems.

Things that also need to be worked out are the military's mission roles and responsibilities for cyberspace operations and where they overlap with civilian organizations such as the Department of Homeland Security, he said. Such cross-jurisdictional operations would be necessary if an attack on US national infrastructure were carried out. In such an event, any military actions would be part of a broader response by the US government, he added.

Just as US Cyber Command is working on larger questions of operating authority, the individual military services are wrestling with how best to integrate cyber operations into their mission roles and fitting into the larger national cyber stance. Lieutenant General Edward Cardon, commander of US Army Cyber Command, explained his organization faces issues such as procurement and operational authorization, the disruptive pace of change, dealing with new embedded technologies, and retaining quality personnel. The Army's cyber branch is only about three years old, so it is still working out its role and organizing its capabilities, he said.

To protect its networks better, the Army is deploying a defensive system to detect anomalies in real time. Smart monitoring and mitigation software also goes a long way in providing the service with a degree of situational awareness on its networks. Reiterating some of the issues faced by US Cyber Command, the Army -- like the other services -- can't see all the way into its networks. Cardon noted that the JIE will help the Army more efficiently keep track of what's happening on its networks.

One step that will help the Army and the other services with more situational awareness in cyberspace is to give the Defense Information Systems Agency a more operational role, Rogers said. DISA is already responsible for running and managing the DOD's computer and communications networks, but with the imminent full deployment of the JIE, the agency needs to take a more active role in network operations. To meet this goal, DISA with working with US Cyber Command to create an operational component to run the JIE and its networks.

Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

Henry Kenyon is a contributing writer to InformationWeek Government. He has covered Government IT and Defense markets since 1999 for a variety of publications including Government Computer News, Federal Computer Week, AFCEA's Signal Magazine and AOL Government. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
asksqn
50%
50%
asksqn,
User Rank: Ninja
6/5/2014 | 3:09:18 PM
A delicious, juicy plumb waiting to be plucked
This piece should have included as its conclusion:  Attention CISSP pros, Uncle Sam needs you! But then that's where the civilian military defense contractor sector comes in, the utilization of which does not always equal quality as much as it is highly focused on the cha-ching! factor for the contractor's bank account.

 

 
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 17, 2014
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.