20 June 2015

DISA: Cost to do cyber battle with US must rise


Amber Corrin
June 17, 2015 

Treating the cyber domain like the battle zone it is will help fight growing cyber threats, said DISA Director Lt Gen Ronnie Hawkins.

"It's culture, conduct and capability," Hawkins said. "The cyber domain is both an administrative and a warfighting capability…we have to change our conduct."

In a newly released five-year strategic plan for DISA, Hawkins described the cyber domain as "a contested battlespace, where the barrier to entry is low and oftentimes unchallenged."

That low barrier to entry is an often-cited problem. It doesn't take a lot of resources for hackers to make attempts to penetrate networks. And in areas where there may be security gaps, those attempts can escalate into massive breaches like those recently seen at the Office of Personnel Management.

At DISA, leaders are taking a multi-fold approach to making it more difficult for would-be attackers, including by improving security and authentication measures, training and awareness, and evolving technology and programs across the lifecycle.

As is frequently stated, it starts with good security hygiene.

"We're bringing security and authentication to today's cyber threat standards so we're not an easy target," said Dave Bennett, director of DISA's implantation and sustainment center. "It starts with the housekeeping and the maintenance of applications."

Bennett spoke as part of a media roundtable with reporters at the AFCEA Defensive Cyber Operations Symposium in Baltimore.

In an era when the Defense Department's head of IT calls for the end of passwords, DISA officials said they are examining ways to do authentication and security in stronger ways.

John Hickey, DISA risk management executive and CIO, said his office is looking at ways of doing authentication on DoD's unclassified NIPRNet and classified SIPRNet.

"We've had [security] tokens for systems administrators…how do we push that out?" Hickey said.

Hickey also noted that with the omnipresence of social media, "bad habits" have crept into the daily operations, requiring new ways of training including phishing exercises that help train in real time. He also highlighted the need for network agility.

"How do we move around on the network like we would on the battlefield?" he said.

No comments: