When your personal applications are slow, there’s no doubt it’s frustrating. The news clip buffers, the song won’t download, a game takes ages to start up, etc. But when apps perform slowly for military, intelligence or other critical government entities, national security might, in fact, be at risk.
“There's an app for that” is truer than ever these days. As bring-your-own-device (BYOD) and bring-your-own-app (BYOA) concepts are increasingly infiltrating government agencies, public sector information technology departments must consider the impact these apps and devices have on their own environments. In this blog post, we’ll look at two security strategies in use at agencies today and how to balance security and flexibility in today’s mobile environment.
Security Strategy 1: Pure Separation
Innovation comes in many forms. From gradual evolution or through disruptive processes; as a result of revolutionary thinking or from a confluence of ideas from different entities that share a common goal. Today, we’re seeing more and more innovation blossoming from partnerships among seemingly disparate groups all looking for similar outcomes, whether they concern peace, productivity or profit.
Thousands of military information technology security personnel probably sat down at their computers this morning and opened a spreadsheet listing hundreds of rules for Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) compliance. They then might have spent hours logging onto information technology devices, looking at configurations and laboriously going through them line by line to ensure each setting matched the rules in that spreadsheet.
In six months, they’ll do it all over again.
It is impossible to protect a network you don’t even know exists. Identifying and protecting networks are a few of the many challenges the U.S. military faces today. Thousands of small networks exist across the Army alone—just one of the organizations attempting to consolidate, eliminate and standardize its service while following the evolving Joint Information Environment (JIE) standards. Ongoing changes in the tactical networks—the mobile battlefield—should provide the U.S. Cyber Command (USCYBERCOM) with an increased ability to discover and address vulnerabilities in these networks.
Ongoing budget cuts place the Defense Department in a challenging situation, tasked with continually supporting warfighters on an increasingly tight budget. The most direct route for the department to accomplish mission goals and support warfighters is through information technology innovation. And so to quote Gen. William L. Shelton, USAF: “If there was ever a time for innovation, this is it.”
When it comes to large federal organizations, tension always exists between local and central personnel who have different priorities, available resources and levels of control. In the case of complex computer networks such as those of the U.S. Defense Department, that tension is especially apparent between the information technology (IT) professionals who keep the systems running at the local level and the folks at headquarters who oversee all of an agency’s operations.
Whether a well-established company or one just getting started with cybersecurity risk management programs, those in the industry often can use a little help navigating the cumbersome and technical systems. This snapshot features pointers to clarify existing guidance and help organizations manage cybersecurity risk.
Recently at the AFCEA International Cyber Security Summit in Bethesda, MD, Army Maj. Gen. John A. Davis, Senior Military Advisor for Cyber to the Under Secretary of Defense, said “Cyber partnerships such as those with the National Security Agency and the Defense Intelligence Agency and external partnerships such as those with industry, international allies and academia represent a transformation in the way DOD approaches cybersecurity.”
For years, the U.S. Defense Department, not surprisingly, took a “do it alone” posture when it came to sharing information and protecting its networks and communication infrastructures from security attacks.
The latest Incoming column from Lt. Ben Kohlmann, USN, titled “Link Warfighters to Technologists at the Lowest Possible Level” (SIGNAL Magazine, April 2013), resonated with observations I’ve made and conclusions I’ve reached over the years. I’ve been involved with the research and development and acquisition communities for a long time, including serving as the Air Force chief scientist from 1999 to 2001. Perhaps my adding to Lt. Kohlmann’s advice will help it gain additional traction, and stimulate further discussion and activity.
The current driving force in the military and defense environment is to keep legacy systems operating longer, or the replacement of legacy systems with new systems that emulate one or more legacy systems with commercial-off-the-shelf (COTS) technology. However, there is insufficient budget to fund development of these COTS systems, and the burden of development falls upon private industry. The current sequestration environment adds another burden on industry to perform to the needs of the military, but without the benefit of nonrecurring engineering (NRE) costs being reimbursed.
The Regional Information Sharing Systems (RISS) Program recently implemented a simplified sign-on capability that enables federal, state and local law enforcement to collaborate. The flexible environment is based on the Federal Identity, Credential and Access Management guidance and facilitates the use of Common Access Cards and Personal Identity Verification cards for use across organizational boundaries. RISS is working with several state law enforcement agencies to provide them with federated identification for access to resources within their state that are hosted on the Regional Information Sharing Systems Law Enforcement Cloud (RISSNET).
In May, the White House issued the Digital Government Strategy to improve the way government uses new technologies and to speed up the adoption of technical tools that can significantly improve operational efficiencies and productivity. From a technology perspective, one thing is clear – data center consolidation is a critical milestone in the execution of the White House’s vision for technological innovation and improved citizen services. Now, agencies have a new perspective on how to benchmark their progress to achieving the goals of the 25 Point Implementation Plan.
The Air Force Chief of Staff had but three critical requirements for the Joint Direct Attack Munition (JDAM): "It should work; it should hit the target; and it should cost under $40,000 each." The former Undersecretary of Defense for Acquisition, Technology and Logistics, Jacques Gansler held on to this handwritten request, as reported in "Aligning Acquisition Strategies With the Times," written earlier this year by SIGNAL defense editor Max Cacas. Could such a simplified approach possibly lead to developing an effective new capability?
I always look forward to Memorial Day just for the fact that we get to celebrate those who have made the ultimate sacrifice for our country and not to mention, it always falls on my birthday or the day after. For those who have lost their lives and for the Wounded Warriors that now have long roads to recovery, we owe them the homage and the support they ultimately deserve. As we all get ready to bust out our grills, head to the pools and begin our shopping sprees, we should all take a moment and thank those who have given us the freedom to do these activities. Today I am greatly appreciative of the opportunity I have to help our Wounded Warriors and their families.
"Water, water everywhere and not a drop to drink."
-Rime of the Ancient Mariner by Samuel Coleridge
From securing the cloud to unwrapping new architecture compliance requirements, 2011 was a busy year for the tech public sector. In the New Year's spirit of renewal and rededication, here are five resolutions federal agencies should make. 1. Leverage IT to meet budget requirements The government fiscal landscape changed radically in the last year with budget cuts across the majority of federal agencies. The Obama's Administration fiscal 2012 budget proposal calls for a five-year discretionary spending freeze along with $33 billion in additional cuts. Yet, there is a reason why federal IT spending to commercial contractors is expected to grow five percent annually.
Earlier this year, detailed information about the bomb resistance of a new Department of Defense (DoD) building in Virginia was compromised. Reuters broadcast the information worldwide. The news organization did not obtain the document by hacking network systems, but rather accessed the "official use only" document on the Army Corps of Engineers website. This incident is just one example of the thousands of data breaches that occur as a result of internal information leakage rather than an outside attack. In their 2011 Information Security Report, the U.S. Government Accountability Office (GAO) shed light on why internal leaks are so prevalent.
"Let's do lunch?" is a phrase many mock; others use it as much as possible to gain invaluable insight from personal experiences and get feedback about present actions and future aspirations. As an intern, I have a limited perspective of the Department of Defense and rely heavily on the guidance of others when contemplating different career ideas, experience opportunities and developmental paths or programs to pursue. I sincerely appreciate the time, experience, and resources which are shared to develop my knowledge, skills, and abilities. The mentoring process is an ongoing give-and-take relationship where participants share much more than a meal; the primary knowledge that's available is calorie-free richness, at that!
We presently are experiencing intense pressure not to raise the debt ceiling, prophecies about the downfall of government IT, more legislators considering reducing the once-sacred defense budget, and prophecies of gloom and doom relating to government programs in general. Despite this, a number of leaders and real change agents both in government and outside government offer us some real hope and shining examples.