Software Development Protection Is Key
With cybersecurity in mind, the U.S. Army is diligently working to protect software development across the board.
Lt. Gen. Maria Barrett serves as the commanding general for the U.S. Army Cyber Command and was the morning keynote speaker on the closing day of TechNet Augusta 2023. Marking its 10th anniversary, the conference took place in Augusta, Georgia, August 15-17.
In her statements, Gen. Barrett echoed the guiding principles outlined by Young Bang, principal deputy assistant secretary of the Army (Acquisition, Logistics & Technology), and Army Chief Information Officer Leonel Garciga, who spoke earlier in the conference from the policy and acquisition side of the house.
“I swear we did not coordinate our comments,” she jokingly explained. “This is the great thing that is happening right now: we are all, for our respective roles in the Army, coming to the realization of why these things happen … and have the momentum to make the change.”
The lieutenant general was referring to a slide shown to the TechNet Augusta audience, which listed seven asks of those delivering capabilities to the cyber command.
Though some may appear basic, Gen. Barrett added, they remain important for the mission-critical system.
The list, titled Securing Army Software, read:
- Rapidly patch software;
- Assess all production code for security flaws;
- Improve security of development networks;
- Isolate dev environments from internet and from vendor business network;
- Implement dev net security monitoring;
- Implement 2FA on dev net and testing services;
- and implement role-based permissions on dev net.
“If you’re a mission owner or a PM, think about these questions and put these in your kit bag,” Gen. Barrett said.
Gen. Barrett also spoke on the implementation of further cybersecurity, an idea some warfighters may disagree with due to a fear that it will "asphyxiate” innovation and incubation of new ideas. “But I honestly believe if we don’t get after this one, this will be their Achilles' heel,” she stated.
However, the conversation is not solely focused on development environments, Gen. Barrett continued. “It’s also about knowing where your code came from.”
“We know that modern software development relies on third-party libraries, and that’s ok,” she said. “But we need to make sure that the logging, the access, the transparency can afford us getting back to the data piece, the proper visibility of that data as it’s operating.”
This is especially true in the containerization and virtualization environments the Army is seeking, Gen. Barrett said.