It may take a village of computer experts to build the next generation of networks as access, identification, applications and security concerns weigh heavily on planners and managers alike. New networking trends such as the proliferation of social media are complicating efforts to find solutions to thorny problems such as cybermarauders, who are becoming increasingly sophisticated.
If the first day of TechNet Asia-Pacific 2011 in Honolulu focused on strategic elements, then the second day definitely took a tactical approach. Only, this tactical perspective focused on technologies and applications, not military operations.
Panel participants are (r-l) Randy Cieslak, U.S. PACOM CIO; Marv Langston, Langston Associates; Robert Stephenson, chief technology officer for C4ISR operations, technical director for fleet readiness directorate, SPAWAR; Mac Townsend, data architect, Defense Intelligence Agency; and Mark Loepker, acting director for the Defense Information Assurance Program viewed via video link from Herndon, Virginia.
The overriding concern for networking remains security, and it continues to increase in importance and menace. Tom Reilly, vice president and general manager, HP Enterprise Security, pulled no punches as he gave Wednesday’s opening breakfast address on security concerns and solutions.
“Things are going to be much uglier in the cybercrime world,” Reilly stated. He explained that cyber adversaries are evolving away from traditional marauders out for fun and profit. Many of them now are working at the behest of nation states, and their growing sophistication increasingly threatens more than just a single targeted small network.
That sophistication essentially has rendered firewalls obsolete as primary network defense mechanisms. The growth of mobile networking that has defined the transformation of information technology has opened the door to a broad range of attacks. Foremost are attacks against applications, he reported. Applications are being attacked through cross-file scripting, and registration forms are being used to get into an application.
The advent of mobile and cloud computing has led to devolving perimeters amid consumers who want more access to information. As a result, security measures must focus on all aspects of a network, not just its architecture and data. Instead of securing a network through its Internet protocol (IP) address, security managers must shift their focus to the user and his or her activities, Reilly offered. This may include proactive measures that block vulnerabilities and continue to monitor them, for example.
Ironically, while mobile computing has increased risk, the move to cloud computing may improve security. Reilly explained that the cloud provider would be responsible for security compliance, so individual users and groups would not be as much of a weak link in the security chain.
Ultimately, the user may be the ultimate weapon in countering cybercrime. Reilly emphasized the need to step up the education of end users. Just as citizens know not to walk down a dark alley in a dangerous urban setting, so should network users know not to open phishing emails. Education can give users cyber street smarts that help reduce cyberattacks on networks.
A different kind of security represents a major problem with the use of social media among warfighters. Operations security (OPSEC) concerns frequently run afoul of social media use, and a panel devoted to military elements of social networking explored that challenge. And, as with network security, the key to OPSEC in social media may be user education.
Master Sgt. Andrew Baker, USA, 516th Signal Brigade, said that forces need to be more OPSEC-oriented with new media. In the Army, soldiers often did not consider that the information they were posting on Facebook was giving away operational details that could be used by an enemy. “Right now, at the OPSEC environment, education is basic,” he said, calling for leaders to be more aggressive in OPSEC.
His concerns were highlighted by the firsthand experiences of SPC E4 Anthony Vandergrift, USA (Ret.), who used social media in Afghanistan as an infantryman. He related how some soldiers bought a 56k cell modem so that they could post information on social media sites. In doing so, they circumvented Army rules and could have put their unit at risk.
Nonetheless, social media offers considerable advantages to the military. Lt. Theresa Donnelly, USN, director, U.S. Pacific Command (PACOM)/J01 Public Affairs Social Media, observed that service members can be the military’s best journalists through blogging and other forms of social media reporting. “At the end of the day, we’re all communicators,” she pointed out.
And networking is only going to get bigger when the third version of the Global Information Grid (GIG 3.0) comes along. A panel of current and former Defense Department officials weighed in on the challenges and requirements facing development of GIG 3.0.
These panelists agreed that identity and access management will be the key items in its development. While the department wants innovative solutions, only those supported by current technologies will be eligible, said Mark Loepker, acting director for the Defense Information Assurance Program. Loepker, who participated in the panel via a videoconference link from Herndon, Virginia, said that industry should bring products “with security baked in.” Other key attributes of the future GIG include data center and server consolidation, network standardization and optimization, and enterprise email, messaging and collaboration services.
This new network will tap existing technology to provide better information sharing—particularly for interservice, interagency and international coalitions—along with improved cyber security and responsiveness, offered panel moderator Randy Cieslak, PACOM chief information officer (CIO). Defendable agile compartmented enclaves would help fight through cyberattacks, and these virtual enclaves would match use needs with authorized information moving safely among them.
The ultimate note on innovation may have been struck by former defense official Marv Langston, now with Langston Associates. He suggested that the tough budget times that lie ahead may be a boon to innovative solutions. Declining budgets are the best time to get new ideas into the system, he said, because when budgets are rising, people do not listen to innovative suggestions because they are too busy spending money, he offered.
On Day 3 of TechNet Asia-Pacific 2011: Addresses by Lt. Gen. William T. Lord, USAF, U.S. Air Force CIO, and Rear Adm. Charles W. Ray, USCG, commander of the 14th Coast Guard District, along with a panel covering PACOM.