There’s no disputing technology’s role in the rapidly changing face of modern warfare. The convergence of commercial services with military applications, such as delivery of real-time data from anywhere using various devices, has changed the physical nature and understanding of what constitutes a combat environment. The U.S. military seeks to define a strategic approach to these converged operations.
With U.S. military troops stationed in nearly 150 countries, the force is the primary safeguard for ensuring national security—domestically and abroad. Each day, military personnel sacrifice time from family and risk their lives to protect the interests of the country—which is why, in 1903, Congress authorized the Defense Department to build, operate and maintain libraries, schools, recreation centers and gyms for the warfighters.
While it’s clear the cloud is the future of government IT, concerns surrounding cloud security continue to abound. Some agency IT personnel remain skittish about handing over data to cloud service providers and skeptical that the data will remain out of the hands of bad actors. As a result, they’re more comfortable housing information in legacy IT systems, even if those systems are, in some cases, decades old and prone to security vulnerabilities.
In truth, deploying a cloud IT infrastructure is ideal for managing today’s ever-changing threat landscape, for several reasons. Here are three reasons why.
When we think about critical infrastructure, specifically the sectors the Department of Homeland Security has deemed essential to the wellbeing of the country, rarely does the idea center on public networking assets to support critical infrastructure. But a rapid transformation of network technology and security improved processes so that agencies now can take advantage of combined public and private networking to accomplish information technology goals.
It seems like a simple choice. You need to upgrade a platform’s computing capabilities—whether on a ground vehicle, a fast-delivery ship, a signal’s intelligence airplane or in a server room—but some of the existing hardware still is salvageable. Rather than do a complete upgrade from scratch, it is possible to leverage much of the existing technology and retain existing racks, power supplies and mass storage in the retrofit. It makes perfect sense: Why throw away parts that seem to be working? But a closer inspection might reveal a different answer. Let’s peel back a few layers and see why—and when—it might make sense to throw away existing equipment and start over.
The Department of Homeland Security’s Critical Infrastructure Security and Resilience (CISR) month serves as a reminder to not only understand, but appreciate, the various critical infrastructure sectors that play vital roles in the national and economic security of the United States. As a veteran of the telecom industry, my focus is to support those network infrastructure centers underlying these sectors. How do we improve networking capabilities within these sectors, not only addressing today’s complicated requirements, but allowing for continued innovation?
An impression exists among senior government officials that moving command, control, communication, computers and intelligence, surveillance and reconnaissance (C4ISR) systems into the cloud is overhyped. They question whether this will improve operational effectiveness. I admit I once shared these reservations, but recently evolved on the subject and now see a compelling rationale for moving C4ISR into the cloud.
More than a decade ago—2003 to be precise—the Defense Department announced plans to convert its network to the Internet Protocol version 6 (IPv6) standard. Today, the wait continues.
Discussions about the nation’s critical infrastructure usually focus on aging networks, some more than 50 years old. A most stunning fact was highlighted in a recent a Government Accountability Office report, which revealed some Defense Department control systems still use 8-inch floppy disks to store data related to nuclear operations.
Ensuring that deployed U.S. troops can communicate and exchange information is critical to the military’s missions. That said, there are numerous challenges in deploying the high-speed tactical networks that make this communication possible. How, for example, do you make sure these networks are available when needed? What is the best way to maintain data integrity? The accuracy of the data—such as troop location—is just as important as network availability.
Network security of course also is critical. Specifically with tactical Wi-Fi networks, it is crucial to ensure our military personnel are the only ones accessing the network and there is no exfiltration going on undetected.
Last year, the Defense Department issued the Cybersecurity Culture and Compliance Initiative (DC3I), a memorandum containing alarming statistics on the actual number of successful network compromises and their causes, and principles for guiding daily operations for network users. The good news is that out of 30 million known malicious intrusions occurring over 10 months, 99.9 percent were prevented.
When it comes to cybersecurity, I have heard many people express consternation and wonderment as to why the government cannot protect the Internet. It boils down to two things: No authorization, and officials only have visibility into a scant number of networks under their control.
The world of intelligence sharing has gone from on a need-to-know basis between federal agencies to one in which those key players must, by necessity, combine disparate pieces of intel to ascertain a complete picture of potential threats.
There is no escaping the barrage of technology and devices ever-present in our modern lives. Consider that many middle school kids today are iPhone-wielding and Fitbit-wearing youngsters.
The public sector workplace is no different. Federal IT professionals must consider the sheer volume and variety of devices connecting to their networks—from fitness wearables to laptops, tablets and smartphones. The Internet of Things and the cloud also significantly impact bandwidth and present security concerns, spurred by incidents such as the Office of Personnel Management breach of 2014.
We are little more than halfway through 2016, and it is safe to say that “regulatory compliance” are the cybersecurity buzzwords of the year. Regulatory compliance is not just a government or specialty market issue. Today, it applies to private contractors offering cloud, Internet of Things and other solutions within the federal marketplace.
When we think of cyber attacks, we generally picture a lone wolf hacker or Anonymous-type organization. But foreign governments are also formidable threats. Take a moment to scan the headlines and you’ll see that articles about cyber hacks on Sony Pictures Entertainment and the Democratic National Committee—among many others—have been attributed to North Korea and Russia.
Air gapping is a security measure that isolates a computer or a network so it cannot be accessed or hacked by an external entity. It's a useful technique that adds a security layer for companies and government agencies, especially those handling classified, confidential information often susceptible to hacking attempts. Although air-gapping systems offer extra security, recent malware-based attacks and other threats have created a new set of risks that organizations must manage in unique ways.
The number of ways a federal bidder can lose a contract award on an otherwise winning proposal is mind boggling. The Government Accountability Office (GAO) has sustained hundreds of protests on issues such as late proposals, proposals sent to the wrong location, proposals missing required attachments, proposals failing to acknowledge amendments, unsigned proposals, proposals containing typographical errors and others.
In World War I, the U.S. Army used lumbering GMC trucks for the first time in combat—revolutionary for its time. Today, these vehicles would be considered slow, cumbersome and archaic in comparison to today's fast, powerful and, most of all, constantly connected warfighting machines.
In fact, thanks to the Internet of Things (IoT), just about everything that can be connected—from tanks to smartwatches—is connected. The Defense Department’s whole work force depends on thousands of devices that work off of disparate operating systems. The net result is a security risk nightmare for those who must secure government IT networks.
OK, I admit it—on any scale—I am an analytic dinosaur. When I started as an intelligence analyst in the (yes) 1980s—it was truly a lifetime of technology ago. Pong was cool. Wang was cutting edge. All the analysts I worked with had amazing colored charts on the wall, big “scrapbooks,” stacks and file cabinets of message traffic a foot high that came from the communications room. When I established one of the first computer databases that my analytic team had ever seen they thought I had gone rogue.