DIUx Already Is a Successful Technology Initiative
Look no further than microvirtualization for an example of positive results.
In 2016, the chief technical officer (CTO) of a Defense Department agency stated that cybersecurity tends to be reactive, and what the world really needed was a proactive cyber defense—maybe something that can be put in front of the networks and systems to stay ahead of cyber adversaries.
Recalling the CTO’s comment the other day made me think of then-Secretary of Defense Ash Carter’s innovation initiative established in April 2015—the Defense Innovation Unit Experimental, or DIUx. At this early stage we do not know where the future will take DIUx. But for 2017, the technology priorities include cyber protection.
DIUx was meant to encourage rapid introduction of new technology beneficial to the Defense Department. In March 2016, Carter received briefings from five DIUx companies. They were great briefings, but one that captured my attention was a featured technology that had to do with something called “endpoint protection through microvirtualization.”
Microvirtualization works on the technological principle of conducting end-user work in an isolated virtual environment. This technology runs on proprietary software identified as Microvisor developed by the DIUx small business Bromium.
The defense-in-depth concept for protecting networks and providing cybersecurity has been around for more than two decades of cyber challenges. But it is not dead. It still is one of the foundations for cybersecurity today. The U.S. Navy a year ago identified defense in depth as one of its eight cybersecurity standards. The concept is that the best defense is one so layered as to ensure network resiliency against every form of cyber attack. For the Joint Staff in 2000, the defense-in-depth concept was represented by a castle surrounded by a moat with a drawbridge.
But just looking at recent hacking incidents and known malware attacks, it seems that even when the drawbridge is up, an end user still has access.
DIUx and microvirtualization bring a fresh approach that complements the defense-in-depth concept. And, this small business is one I would call a success of DIUx because it provides a new factor into the defense-in-depth cybersecurity concept that is driven by a unique technology.
Plus, this small DIUx supported business has already done some extraordinary pilot programs within the Defense Department. Working with the U.S. Pacific Command and the Pacific Warfighting Center, it deployed its microvirtualization technology on more than 50 endpoints within the command center in support of RIMPAC 2016. The pilot was very successful, stopping every cyber event thrown at it, and it has attained a lot of attention in the Pacific theater.
This microvirtualization technology also has been undergoing certification and accreditation (C&S) testing, the results of which may move this technology to a large-scale pilot supporting the Defense Department. Word is that this company also is working with the Defense Department chief information officer to expand this defense-in-depth technology across other areas, commands and organizations.
Microvirtualization is an example of how successful DIUx has been. Technologies are percolating out there that seem capable of proactively protecting the cyber network while also identifying cyber vulnerabilities. Microvirtualization seems to be one that can also trap a cyber attack before it occurs. When added to the cyber defense-in-depth concepts, it makes the network castle a lot more impenetrable.
Thank you, Ash Carter.
David E. Meadows is a retired U.S. Navy captain and the author of the Sixth Fleet series, along with Seawolf, Joint Task Force Liberia, Tomcat, Final Run and other action-adventure novels.