The Department of Homeland Security’s Critical Infrastructure Security and Resilience (CISR) month serves as a reminder to not only understand, but appreciate, the various critical infrastructure sectors that play vital roles in the national and economic security of the United States. As a veteran of the telecom industry, my focus is to support those network infrastructure centers underlying these sectors. How do we improve networking capabilities within these sectors, not only addressing today’s complicated requirements, but allowing for continued innovation?
An impression exists among senior government officials that moving command, control, communication, computers and intelligence, surveillance and reconnaissance (C4ISR) systems into the cloud is overhyped. They question whether this will improve operational effectiveness. I admit I once shared these reservations, but recently evolved on the subject and now see a compelling rationale for moving C4ISR into the cloud.
More than a decade ago—2003 to be precise—the Defense Department announced plans to convert its network to the Internet Protocol version 6 (IPv6) standard. Today, the wait continues.
Discussions about the nation’s critical infrastructure usually focus on aging networks, some more than 50 years old. A most stunning fact was highlighted in a recent a Government Accountability Office report, which revealed some Defense Department control systems still use 8-inch floppy disks to store data related to nuclear operations.
Ensuring that deployed U.S. troops can communicate and exchange information is critical to the military’s missions. That said, there are numerous challenges in deploying the high-speed tactical networks that make this communication possible. How, for example, do you make sure these networks are available when needed? What is the best way to maintain data integrity? The accuracy of the data—such as troop location—is just as important as network availability.
Network security of course also is critical. Specifically with tactical Wi-Fi networks, it is crucial to ensure our military personnel are the only ones accessing the network and there is no exfiltration going on undetected.
Last year, the Defense Department issued the Cybersecurity Culture and Compliance Initiative (DC3I), a memorandum containing alarming statistics on the actual number of successful network compromises and their causes, and principles for guiding daily operations for network users. The good news is that out of 30 million known malicious intrusions occurring over 10 months, 99.9 percent were prevented.
When it comes to cybersecurity, I have heard many people express consternation and wonderment as to why the government cannot protect the Internet. It boils down to two things: No authorization, and officials only have visibility into a scant number of networks under their control.
The world of intelligence sharing has gone from on a need-to-know basis between federal agencies to one in which those key players must, by necessity, combine disparate pieces of intel to ascertain a complete picture of potential threats.
There is no escaping the barrage of technology and devices ever-present in our modern lives. Consider that many middle school kids today are iPhone-wielding and Fitbit-wearing youngsters.
The public sector workplace is no different. Federal IT professionals must consider the sheer volume and variety of devices connecting to their networks—from fitness wearables to laptops, tablets and smartphones. The Internet of Things and the cloud also significantly impact bandwidth and present security concerns, spurred by incidents such as the Office of Personnel Management breach of 2014.
We are little more than halfway through 2016, and it is safe to say that “regulatory compliance” are the cybersecurity buzzwords of the year. Regulatory compliance is not just a government or specialty market issue. Today, it applies to private contractors offering cloud, Internet of Things and other solutions within the federal marketplace.
When we think of cyber attacks, we generally picture a lone wolf hacker or Anonymous-type organization. But foreign governments are also formidable threats. Take a moment to scan the headlines and you’ll see that articles about cyber hacks on Sony Pictures Entertainment and the Democratic National Committee—among many others—have been attributed to North Korea and Russia.
Air gapping is a security measure that isolates a computer or a network so it cannot be accessed or hacked by an external entity. It's a useful technique that adds a security layer for companies and government agencies, especially those handling classified, confidential information often susceptible to hacking attempts. Although air-gapping systems offer extra security, recent malware-based attacks and other threats have created a new set of risks that organizations must manage in unique ways.
The number of ways a federal bidder can lose a contract award on an otherwise winning proposal is mind boggling. The Government Accountability Office (GAO) has sustained hundreds of protests on issues such as late proposals, proposals sent to the wrong location, proposals missing required attachments, proposals failing to acknowledge amendments, unsigned proposals, proposals containing typographical errors and others.
In World War I, the U.S. Army used lumbering GMC trucks for the first time in combat—revolutionary for its time. Today, these vehicles would be considered slow, cumbersome and archaic in comparison to today's fast, powerful and, most of all, constantly connected warfighting machines.
In fact, thanks to the Internet of Things (IoT), just about everything that can be connected—from tanks to smartwatches—is connected. The Defense Department’s whole work force depends on thousands of devices that work off of disparate operating systems. The net result is a security risk nightmare for those who must secure government IT networks.
OK, I admit it—on any scale—I am an analytic dinosaur. When I started as an intelligence analyst in the (yes) 1980s—it was truly a lifetime of technology ago. Pong was cool. Wang was cutting edge. All the analysts I worked with had amazing colored charts on the wall, big “scrapbooks,” stacks and file cabinets of message traffic a foot high that came from the communications room. When I established one of the first computer databases that my analytic team had ever seen they thought I had gone rogue.
Those of us with the privilege of providing social services to veterans and those with significant needs face a similar challenge: Addressing many requests for help that come at us from so many different directions. Sometimes we get it right and provide the exact services clients seek. But far more often, it’s not an exact fit, and the door they walked in isn’t the right one.
Current technology trends such as the Internet of Things (IoT), bring your own device (BYOD) initiatives and the deployment of cloud-based applications all demand more and more bandwidth. One aspect of modernization that could be overlooked as we rush to implement emerging technologies is also the most important—the network backbone that will support it all.
Federal agencies clamor for industry best practices to implement findings resulting from last year’s 30-day “Cybersecurity Sprint,” part of the administration’s broader effort to bolster federal cybersecurity. A new mandatory directive for all civilian government agencies, the Cybersecurity Strategy Implementation Plan (CSIP), provides a series of actions to further secure federal information systems.
The United States' dependence on valuable space assets and the nation's critical need to maintain superiority in command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) disciplines have also made these fields somewhat of an Achilles' heel. The country had long held technological and capabilities advantages over the rest of the world. Those days are gone.
The Defense Department stands at a technological and financial crossroads, needing to accelerate the proliferation of new networks and applications while heeding budgetary concerns.
As such, department officials are looking carefully at software-defined networking (SDN) and the potential the method provides as a key foundation of the Joint Information Environment (JIE). SDN lets agencies build more flexible, consolidated and efficient networks, while spinning up new applications and tools faster.
“We have to embrace the software-defined mission of where we have to go with the networks,” Defense Department Chief Information Officer Terry Halvorsen said at the 2014 Federal Forum when discussing the JIE.