28 October 2015

DISA’s evolving fight to defend DoD networks

Amber Corrin
October 15, 2015 


As can be inferred by the organization’s name, the Defense Information Systems Agency is in the business of defending IT security. But that job has taken on new meaning, especially in the recent months after a reorganization and a major push to regionalize cybersecurity.

DISA’s biggest cybersecurity push at the moment is the Defense Department’s Joint Regional Security Stacks, a security and network visibility program being rolled out from the first site at Joint Base San Antonio to military bases worldwide. DISA’s work, however, goes far beyond the broad reaches of JRSS — and much of it centers on the DoD Information Network, or DODIN.

Earlier this year the Pentagon stood up Joint Force Headquarters-DODIN, which is commanded by DISA’s dual-hatted director, LTG Alan Lynn. JFHQ-DODIN’s leadership and location — at Fort Meade, Maryland, alongside the headquarters of DISA, the National Security Agency and U.S. Cyber Command — is no accident.

“When you talk DISA [cybersecurity], this is DODIN as well, and our Number 1 cybersecurity piece that we’re working today is JRSS. It’s our Number 1 priority to field; it’s the regional security capability that allows us to defend from within the DODIN what we call the east-west traffic,” said John Hickey, DISA’s risk management executive and CIO. “The ability to change signatures, the enemy’s ability to change how they’re coming at us — that’s high on our list from a priority standpoint. We look at everything all the way down to the endpoint.”

Those endpoints — the computers or devices being used to access the network, to conduct network missions and operations and to connect to virtually anything — number somewhere around 4 million in DoD. Earlier this year DISA released a request for information seeking industry’s input on ways to better secure those endpoints amid the shift to mobile devices, cloud services and virtualization — all of which add to the number of endpoints.

The goal: lightweight, agile security tools that work on different operating systems and a mix of endpoint types and, preferably, are built on open standards.

“Where we’re going in the future, you can’t leave any of those pieces out. We have to look at all those pieces ... what are the technologies and capabilities that provide the biggest bang for our buck at a time for the department when we have to show efficiencies?” Hickey said. “The dollars aren’t growing, so we have to make tough decisions. What are those security mechanisms that will provide us the most capability? We’re in the middle of the process of laying out that plan.”

Protecting Internet access points — a growing area of security emphasis, where DISA’s networks connect to the broader web — also is a key priority in current DISA cybersecurity efforts.

The Internet access points are evolving in their use, and in the way they are being protected, Hickey noted.

“We need the capacity to stay up with those signatures, and we use big data analytics to analyze changes in the environment that we can recognize from the signatures, and maybe deviations or derivatives of that signature, to stay up on what could come next,” Hickey said. “And I think that’s the biggest challenge at the Internet access point standpoint, and in general everywhere. How quickly can we identify new signatures and deploy [countermeasures] to all your devices?”

JRSS, endpoint protection and the ongoing securing of Internet access points are just parts of a much larger, more comprehensive cybersecurity mission at DISA, where leaders are looking to get ahead of the curve.

“The key point here is we continue to evolve our defensive capabilities to support the operations and war fighter requirements, and that’s ultimately what this is about: not protecting for protection’s sake, but protecting for global missions,” Hickey said. “We run a global network and we defend that network with many tactics, techniques and procedures that are evolving as the threat evolves. But in this environment we have to change in minutes, not weeks or months or years.”

No comments: