Guest Blogs

Ask someone in federal IT what zero trust means and you’re likely to hear that it’s about access control: never granting access to any system, app or network without first authenticating the user or device, even if the user is an insider. The term “Never trust; always verify” has become a common way to express the concept of zero trust, and the phrase is first on the list of the Defense Information Systems Agency’s (DISA’s) explanation.

I take no joy in writing this article, but it is a desperate plea for improvement.

From 1995-2001, I worked for the Department of the Army as a contract specialist procuring advanced communications and electronics systems, equipment and services.

Recently, I had the privilege of attending a ceremony and presenting an award to a local high school Junior Reserve Office Training Corps (JROTC) cadet on behalf of another organization for this cadet’s superior performance and leadership. Looking around the stage, I noticed representatives from multiple organizations all eager to recognize the efforts of these amazing young leaders with their respective groups’ awards.

As people around the world practice self-isolation in an effort to reduce exposure and spreading of the COVID-19 virus, the need to maintain a strong cybersecurity posture arguably has never been higher. Millions of people have shifted their daily lives to an environment relying on telework, distance learning, Internet-enabled social engagement, streaming news and entertainment and other activities.

This “new normal” is facilitated by the robust capabilities of the Internet. Yet it presents a significant cyber risk. During the COVID-19 crisis, we’ve seen bad actors stepping up their game with increased incidents of phishing, disinformation, watering hole attacks and other criminal activity.

A mushroom cloud explosion in the New Mexico desert on July 16, 1945 forever changed the nature of warfare. Science had given birth to weapons so powerful they could end humanity. To survive, the United States had to develop new strategies and policies that responsibly limited nuclear weapon proliferation and use. Warfare is again changing as modern militaries integrate autonomous and semiautonomous weapon systems into their arsenals. The United States must act swiftly to maximize the potential of these new technologies or risk losing its dominance.

It’s easy to forget that in the midst of a catastrophe, physical safety isn’t the only thing that’s important. As technology’s role in disaster response and relief becomes more and more prevalent, cybersecurity becomes an essential part of the process. Here’s why.

Few people are more vulnerable than those impacted by a crisis. Whether a man-made attack or a natural disaster, the widespread destruction created by a large-scale emergency can leave countless individuals both destitute and in need of medical attention. Protecting these men, women and children requires more than a coordinated emergency response.

There are certainly similarities between network resilience and cyber resilience. The foundation for both is the ability to maintain business or mission capabilities during an event, such as a backhoe cutting your fiber cables or a nation-state actively exploiting your network. But there are also significant differences.

Government agencies face similar challenges when it comes to understanding—and gaining intelligence from— foreign language content. They need to process, manage and gain insight from large volumes of content locked away in different formats, often across multiple languages. And they need to do all of this as quickly as possible. It’s no mean feat when you consider the mindboggling amounts of content being generated: 90% of the world’s content was created over the past two years alone.

Anyone who has worked in the Pentagon or on almost any military installation can attest to wireless connectivity problems. Whether dealing with a dearth of cellular service, inadequate Wi-Fi or security blockers, service members and civilians have felt the frustration of not being able to access information or communicate effectively.

The U.S. Army is leading the charge on the military’s multidomain battle concept—but will federal IT networks enable this initiative, or inhibit it?

The network is critical to the Army’s vision of combining the defense domains of land, air, sea, space and cyberspace to protect and defend against adversaries on all fronts. As Gen. Stephen Townsend, USA, remarked to AFCEA conference attendees earlier this year, the Army is readying for a future reliant on telemedicine, 3D printing and other technologies that will prove integral to multidomain operations. “The network needs to enable all that,” said Townsend. 

When the Department of Defense (DOD) launched its Everything Over IP initiative nearly 10 years ago the focus was to bring traditional telecommunications technology—phone calls, streaming video and even faxes—to the digital world.

At that time, unified communications (UC), especially in the government workplace, was a relatively new concept. Remember, this was a time when voice over Internet Protocol (VoIP) phones were still seen as cutting edge. Now, though, UC has become not just a business tool, but a strategic offering that can connect employees in disparate locations, including the frontlines.

The military continues to focus its efforts on developing the most sophisticated technologies and capabilities needed to sustain tactical advantage and achieve mission objectives. But the most critical component to success on the battlefield continues to lie with the warfighter.

The U.S. defense industrial supply chain is vast, complex and vulnerable. Organic components, large-scale integrators, myriad commercial service providers, and tens of thousands of private companies sustain the Defense Department. According to the SANS Institute, the percentage of cyber breaches that originate in the supply chain could be as high as 80 percent.

It comes as no surprise that U.S. adversaries continue to target and successfully exploit the security weaknesses of small-business contractors. A successful intrusion campaign can drastically reduce or even eliminate research, development, test and evaluation (RDT&E) costs for a foreign adversary. Digital espionage also levels the playing field for nation-states that do not have the resources of their more sophisticated competitors. To bypass the robust security controls that the government and large contractors have in place, malicious actors have put significant manpower into compromising small- and medium-sized businesses (SMBs).

Every time federal information technology professionals think they’ve gotten in front of the cybersecurity risks posed by the Internet of Things (IoT), a new and unexpected challenge rears its head. Take, for instance, the heat maps used by GPS-enabled fitness tracking applications, which the U.S. Department of Defense (DOD) warned showed the location of military bases, or the infamous Mirai Botnet attack of 2016.

The need for next-generation networking solutions is intensifying, and for good reason. Modern software-defined networking (SDN) solutions offer better automation and remediation and stronger response mechanisms than others in the event of a breach.

But federal administrators should balance their desire for SDN solutions with the realities of government. While there are calls for ingenuity, agility, flexibility, simplicity and better security, implementation of these new technologies must take place within constraints posed by methodical procurement practices, meticulous security documentation, sometimes archaic network policies and more.

Today’s battlefield is highly technical and dynamic. We are not only fighting people and weapons but also defending and attacking information at light speed. For mission success, the American warrior in the field and commanders up the chain need the support of highly adaptive systems that can quickly and securely establish reliable communications and deliver real-time intelligence anytime and anywhere.

The U.S. Office of Management and Budget released a report this spring showing the abysmal state of cybersecurity in the federal government. Three-quarters of the agencies assessed were found to be “at risk” or “at high risk,” highlighting the need for a cyber overhaul. The report also noted that many agencies lacked “standardized cybersecurity processes and IT capabilities,” which affected their ability to “gain visibility and effectively combat threats.” 

Fraud, waste, and abuse (FWA) remains a major challenge to the federal government. From 2012 to 2016, the 73 federal inspectors general (IGs), who are on the frontline of fighting FWA, identified $173 billion in potential savings and reported $88 billion in investigative recoveries and 36,000 successful prosecutions and civil actions.

It has become increasingly evident that artificial intelligence (AI) and machine learning (ML) are poised to impact government technology. Just last year, the General Services Administration launched programs to enable federal adoption of AI, and the White House encouraged federal agencies to explore all of the possibilities AI could offer. The benefits are substantial, but before the federal government can fully take advantage of advancements like AI, federal agencies must prepare their IT infrastructure to securely handle the additional bandwidth.

Traffic on optical transport networks is growing exponentially, leaving cyber intelligence agencies in charge of monitoring these networks with the unenviable task of trying to sift through ever-increasing amounts of data to search for cyber threats. However, new technologies capable of filtering exploding volumes of real-time traffic are being embedded within emerging network monitoring applications supporting big data and analytics capabilities.

As a result of recent federal legislative and administrative activity, government agencies are expected to launch significant modernizations of their cybersecurity systems, get offensive with hackers and take a more strategic approach to risk. Combined, these policy directives promise to transform our government into a robust digital society, gaining greater resiliency to cyber threats by leveraging opportunities while reinforcing standards and procedures.

Here’s a breakdown of the key components of the four policies:

The Department of Defense (DOD) has long been at the tip of the spear when it comes to successfully melding IT security and operations (SecOps). Over the past few decades, the DOD has shown consistent leadership through a commitment to bringing security awareness into just about every facet of its operations. The growing popularity of hybrid IT poses a challenge to the DOD’s well-honed approach to SecOps.

The Defense Information System Agency’s Joint Regional Security Stack (JRSS) initiative is driving and delivering solutions to network defenders and operators across the department, answering a call placed three years ago when the Department of Defense (DOD) cyber strategy established as one of its goals the need to “defend the DOD Information Network, secure DOD data and mitigate risks to DOD missions.”