Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

Real-Time, ‘Always-On’ Cyber Assessment Solutions Are Crucial

Streamlining cybersecurity through next-generation capabilities is key to our future security.
By Joe Wingo, Armis
The military can improve the performance of assured compliance assessment solutions. Credit: TechAnimationStock/stock.adobe.com
The military can improve the performance of assured compliance assessment solutions. Credit: TechAnimationStock/stock.adobe.com

 

The Defense Information Systems Agency (DISA) has an opportunity in the next fiscal year to help users of both classified and unclassified systems ensure their assets remain in compliance with the Department of Defense’s (DOD's) high standards for protecting sensitive information from cyber threats. DISA is looking to update its Assured Compliance Assessment Solution (ACAS), the DOD’s primary cyber vulnerability management tool set. This update presents DISA with an opportunity to improve the way ACAS performs by deploying a real-time, always-on solution, as opposed to an agent-heavy, scan-based solution.

To understand why this approach will better protect DOD systems and assets, one must understand how many of the most targeted Defense personnel perform their work.

As a former Air Force communications officer and cyber operations officer, I faced the daily challenge of trying to ensure that all my area of responsibility's security patches were up to date per DOD requirements and were secure against adversary intrusions. Like everyone else, I was failing miserably.

My most challenging problem was SIPRNet (Secure Internet Protocol Router Network). Most users accessed SIPRNet in unclassified spaces using point-to-point encryption and a dedicated computer with a removable hard drive. The standard operating procedure is to store the removable hard drive and encryption key in a certified safe anytime your SIPRNet computer is not in use or left unattended. This meant that a large percentage of SIPRNet computers were completely shut down for long lengths of time, leaving them unavailable to be scanned or patched.

 

 

 

 

 

 

 

 

 

 

The remedy for this was to attempt to enforce mandatory “up times,” when all SIPRNet computers must be turned on and logged into the network. Unfortunately, this isn’t practical for day-to-day operations, so users rarely comply unless given intense pressure from the chain of command. As a result, some of our most important computers for managing operational command, control and intelligence turn out to be our most vulnerable.

Unclassified assets face a similar problem. As portable devices like laptops and tablets are becoming standard, these devices often remain off and disconnected when outside of the office and not in use. This is compounded by the fact that the most targeted senior leaders are the ones who travel most often, relying on portable devices that are infrequently scanned and patched.

Finally, the most fundamental flaw of a legacy scan and client-based solution is that it only shows the network’s vulnerability picture as a “snapshot in time” and only for those devices with a successfully installed client. These massive scans are intrusive to the network and devices, generating latency that impacts daily operations. Additionally, these snapshots are spaced too far apart to provide a cybersecurity operator with an operationally relevant understanding of where risk exists on the network.

How can DISA address these ongoing issues? As noted above, the agency should consider a real-time, always-on solution that continually assesses users’ devices for the entire time they are connected to the network. Such a solution could identify vulnerabilities and mandate patches at the moment a device comes online, as opposed to trying to manage mandatory “uptime” windows. A passive, always-on solution can deliver vulnerability management in real time, thwarting adversaries that prey upon devices lacking the latest protections. 

 

 

 

 

 

Joe Wingo, Armis
A passive, always-on solution can deliver vulnerability management in real time, thwarting adversaries that prey upon devices lacking the latest protections. 
Joe Wingo
Director of Department of Defense Business Strategy, Armis

 

Even though a real-time capability may generate too much data for a human workforce to process, today’s more powerful artificial intelligence and machine learning tools—deployed within a software-as-a-service solution—can easily analyze the data and generate decision-quality information, formatted and presented to cybersecurity operators when and where they need it.

Although a passive, real-time solution would represent a much-needed fundamental change to how the DOD approaches cybersecurity operations, it would actually be possible to integrate these new capabilities with legacy ACAS tools to ensure a smooth transition and guard against downtime during the upgrade.

As DISA seeks to take ACAS to the next generation, the agency has a unique opportunity to think outside the box and pursue truly cutting-edge capabilities, revolutionizing and streamlining DOD cybersecurity. By adopting a real-time, always-on approach, DISA can ensure compliance and dramatically strengthen the DOD’s ability to thwart our nation’s adversaries, all without increasing the workload of our already taxed cyber workforce.

Joe Wingo is director of DOD Business Strategy at Armis. Previously, he was the director of operations for Sixteenth Air Force, Air Forces Cyber and Joint Force Headquarters-Cyber, Joint Base San Antonio-Lackland, Texas.

 

Comments

The content of this field is kept private and will not be shown publicly.
About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Enjoying The Cyber Edge?
The Cyber Edge is part of SIGNAL Magazine. Subscribe or join AFCEA to receive SIGNAL and its award winning news.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA

Related Cyber Content