Enable breadcrumbs token at /includes/pageheader.html.twig

DISA Delivers Cyber Data During Pandemic

COVID-related attacks drive demand for more cyber data.

Network data gains value for the Defense Department amidst an increase in attacks during the COVID-19 pandemic. Credit: solarseven/Shutterstock

The COVID-19 pandemic presents a unique challenge for the Defense Department. More people are working remotely, networks are busier than ever and hackers from around the world seek to take advantage, driving up demand for more situational awareness data to keep those networks safe. And the Defense Information Systems Agency (DISA) continues to deliver that data under the most unusual of circumstances.

Essye Miller, the Defense Department’s principal deputy chief information officer, revealed in virtual town hall meeting on March 16 that the department had seen a surge in cyber attacks as more employees started to work remotely. With that surge in attacks comes a surge in demand for network data.

“This is such a unique time in our cyber community in which data reliability, availability and visualization that our team provides is critical to defend our network,” says Tinisha McMillan, DISA’s division chief for the Cyber Situational Awareness and NetOps Division. “You can imagine that there is even more data that has been flowing to just ensure our networks are being secured. Our teams have been working very closely with the operators to ensure the availability of visualization of those analytics supporting COVID-19 responses.”

McMillan’s team includes uniformed service members, civil servants and defense contractors who build and field the cyber analytics and tools needed to enhance cyber information sharing across the department. She manages a budget in excess of $400 million, and her team provides an enterprise sensing strategy and cyber data orchestration, the Big Data Platform, real-time analytics, rapid cyber incident response and reporting for Defense Department mission partners.

Her division’s support of analysts ultimately assists the cyber operators keeping the networks safe. “Analytics are, to me, the enabler in ensuring that the data that’s flowing through all these various pipelines helps operators to have a more intuitive look on all the information that they need to see,” McMillan says. “We’ve been really focused on being able to support the things that are needed for our defense cyber operators to support anything they need from data or visualization from information so that they can support the responses they need for our network.”

In addition to keeping the data flowing smoothly, her team ensures that all of the data pouring in is presented in ways that are easy to understand so operators and leaders can make timely decisions. An analyst in need of a particular bit of information should be able to find that information with a simple query, she notes, so they are not “having to search through the weeds of all those individual data sets” to get it.

“The defensive cyber operators take information that comes from the platform that my division provides, and they can query, say end-point data, or they can query sensor data that’s coming off of our Internet access point to monitor the network,” McMillan explains.

The team’s mission is not new but is increasingly critical during the COVID-19 crisis. “This is something that our analysts have always done. Because of the activities that have been going on, it’s been critical to ensure the reliability of that data is flowing through our tools so that they can be monitoring activities.”

McMillan said she is trying to prevent attacks from happening to the Department of Defense Information Network (DODIN). “There has been a heightened influence on ensuring that our networks have been protected and are continuing to be protected,” she says.