Enable breadcrumbs token at /includes/pageheader.html.twig

Diverse Communications, Networks Vital for Pacific Information Security

Putting all data eggs in one basket is a major hacker aid.

Speakers at a TechNet Asia-Pacific 2018 panel on achieving cyber resilience in the Indo-Pacific region are (l-r) Jodi Ito, ISO, University of Hawaii; Vice Adm. Nancy Norton, USN, director, DISA and commander, JFHQ DODIN; Jeff Watkins, Commercial Solutions for Classified, NSA; and John Zangardi, CIO, DHS. Credit: Bob Goodwin Photography

Technologies need to be less centralized and people need to be more informed if the Indo-Pacific region is to improve its cybersecurity, according to a panel of military and civilian experts. Speaking on the third and final day of AFCEA’s TechNet Asia-Pacific 2018, held November 14-16 in Honolulu, the experts explored security measures that begin with network architecture and end with individual practices.

Vice Adm. Nancy Norton, USN, director Defense Information Systems Agency (DISA), and commander of the Joint Force Headquarters Department of Defense Information Network (JFHQ-DODIN), pointed out, “In the Pacific theater, we rely on a lot of subsea cables. The alternative is satellite systems. These are absolutely critical to this theater.” She added that additional means would provide greater resiliency for communications across the vast region.

Adm. Norton also argued against concentrated networks. “We don’t have a single compartmented ship because one hole in it will sink the ship. But we have single compartmented networks where one hole opens up the entire network,” she stated.

“We shouldn’t be giving information about our large systems to our contractors, their subcontractors and their suppliers,” the admiral continued. “We should give each only enough data to do their specific job.” She also suggested that government needs to grade contract performance on cost schedule performance and cybersecurity.

We need to grade contract performance on cost schedule performance and cybersecurity.—Vice Adm. Nancy Norton, USN, director, @USDISA and commander, JFHQ DODIN #AFCEATechnet
— Bob Ackerman (@rkackerman) November 15, 2018

Phishing attacks are opening doors to greater data exfiltration, experts offered. “Phishing is a big deal. It’s about teaching people,” said John Zangardi, chief information officer, Department of Homeland Security.

Adm. Norton elaborated that, “A phishing attack is successful because phishers can get a lot of information about an organization and its people. We have to protect that data about ourselves and our organizations.”

A phishing attack is successful because phishers can get a lot of information about an organization and its people. We have to protect that data about ourselves and our organizations.—Vice Adm. Nancy Norton, USN, director, @USDISA and commander, JFHQ DODIN #AFCEATechnet
— Bob Ackerman (@rkackerman) November 15, 2018

Jodi Ito, information security officer, University of Hawaii System, pointed out that hackers also are becoming better about sharing information gleaned from massive data break-ins such as with LinkedIn years ago.

Adm. Norton decried the willingness of people to unwittingly share their personal information. “When we download new apps, why do we agree to give the app access to all information on our phones? Why do they need to access our phone’s camera? We need to think security before convenience,” she declared.

If someone is able to get into the supply chain for a homogenous network, they own that entire network.—Jeff Watkins, Commercial Solutions for Classified, @NSAGov #AFCEATechnet
— Bob Ackerman (@rkackerman) November 15, 2018

The supply chain increasingly is becoming an issue in cybersecurity. “If someone is able to get into the supply chain for a homogenous network, they own that entire network,” said Jeff Watkins, communications director, Commercial Solutions for Classified, National Security Agency. Zangardi also addressed it. “We are starting to stand up to address the supply chain management issue. It’s critical,” he stated.

Red teaming, faster and more effectively, will point out where the gaps are in your process and your people. Encourage that friendly fire on your network.—Jeff Watkins, Commercial Solutions for Classified, @NSAGov #AFCEATechnet
— Bob Ackerman (@rkackerman) November 15, 2018

But no matter what measures are taken, the threat will continue. The best way to defend may be to play the role of the hacker, possibly with real hackers that can be trusted. “Red teaming, faster and more effectively, will point out where the gaps are in your process and your people,” said Watkins. “Encourage that friendly fire on your network.”

Mark your calendars for AFCEA next Hawaii TechNet conference and exposition, to be held November 19-21, 2019, in Honolulu.