A Plan to Tamp Down Defense Network Cyberthreats

Through its significant investment in networked systems and smart devices, the U.S. Defense Department has created an enormously effective—yet highly vulnerable—approach to national security. The department has begun investing more in the Internet of Things (IoT), which has gone a long way toward making ships, planes, tanks and other weapon systems far more lethal and effective. Unfortunately, the IoT's pervasive connectivity also has increased the vulnerability of defense networks and the potential for cyber attacks.

That attack surface only continues to grow and evolve, with new cyberthreats against the government coming in a regular cadence. The nation has witnessed the well-publicized hack of the Democratic National Committee network, harmful intrusions into the Office of Personnel Management and more. The Defense Department must adapt to this rapidly changing threat landscape by embracing a two-phase plan to make network security more agile and automated.

Phase One: Speeding Up Tech Procurement

The government first must accelerate its technology procurement process, even if the evolving nature of today’s threats, along with determined hackers, make this approach seem untenable. Agencies must quickly deploy easily customizable and highly adaptable tools that effectively address changing threat vectors. These tools must be simple to install and maintain, with frequent updates to ensure that networks remain well fortified against the latest viruses or hacker strategies. In the words of Curtis Dukes, the former top cyber defender at the National Security Agency, “Poorly secured, poorly patched systems” no longer are an option.

There is hope. In recent years, the government has made it easier for agencies to buy software through a handful of measures, such as the General Services Administration Schedule and the Department of Defense Enterprise Software Initiative. Many of the solutions available through these contract vehicles are interoperable with other newer and legacy systems, allowing them to fit well within numerous environments. All have been carefully vetted to work within government regulations and certifications.

Phase Two: Automating Network Security

While an accelerated procurement cycle is important for strengthening security, so are quick, automated network security solutions to alert agency administrators to possible threats. The government should implement these types of solutions to monitor activity from the myriad devices using Defense Department networks. Administrators can be alerted to potential security breaches and software vulnerabilities to provide real-time threat response capabilities.

The SolarWinds Log & Event Manager (LEM) lets administrators gain real-time intelligence about the activity happening on their networks, alerting them to suspicious behavior. Administrators can trace questionable activity back to its source and set up automated responses—including blocking IPs, disabling users and more— to prevent potentially hazardous intrusions. The LEM tracks unauthorized use of USB devices, for one, which continue to pose concerns because they are extraordinarily easy gateways for introducing malware to the network.

The number of connected devices operating on government networks makes a comprehensive user device tracker (UDT) a necessary counterpart to the LEM. UDTs have gained a significant amount of traction over the past couple of years, particularly since the work force began using personal mobile devices over government networks. The Defense Department’s commitment to the IoT means the need for vigilance has never been greater. There are now simply too many devices with too many applications built on too many separate operating systems for administrators to adequately secure networks through manual device tracking.

Today, federal administrators must deploy solutions that automatically detect who and what are using the network at all times. Alerts must be triggered when unauthorized devices access networks. Managers can then track those devices directly to their users. Solutions should easily locate the devices through various means, including via MAC or IP addresses, so administrators quickly can prevent major breaches that have become all too common.

Prevention is more about implementing security quickly and automatically than it is about who has the better firewall. For the Defense Department, which has become so dependent on connected devices and the information they provide, there’s simply no time for that type of old-school thinking. Federal administrators must act now and invest in automated, agile and efficient solutions to keep their networks safe from attacks.

Joe Kim is senior vice president and global chief technology officer at SolarWinds.