The Evolving Nature of Protecting the DODIN
The Department of Defense (DOD) must reduce its own human error or so-called "blue-on-blue" incidents that affect DoD networks. The challenge of protecting the military’s crucial information networks is hard enough given the formidable, persistent and evolving adversaries who seek to harm or leverage digital environments and information, said Lt. Gen. Robert Skinner, USAF. Figuring out why U.S. military personnel or technology contributes to cyber vulnerabilities will help fortify crucial, digital operating environments.
Gen. Skinner, who is dual hatted as the director, Defense Information Systems Agency, and commander, Joint Force Headquarters-Department of Defense Information networks (JFHQ-DODIN), spoke yesterday at the AFCEA Alamo Chapter’s annual ACE event, which runs from November 14-17 in San Antonio.
“What we don't talk a lot about is human error, [which] I really talk about as ‘blue-on-blue’ incidents,” the general emphasized. “It's bad enough that we are focused on an adversary who is continually scanning, continually trying to exploit vulnerabilities, which by the way we’ve seen from a threat standpoint, the vulnerability identified ... to active exploitation, either in the wild or against the DODIN, continues to shrink at an astronomical rate. Our defenses have to be that much faster. With that backdrop, we cannot afford to have ‘blue-on- blue’ events and or incidents across the department.”
Contributing issues could include nuisance factors, such as the recent "PIN-prompt" problem, incorrect procedures or technology shortfalls, he continued. Either way, leaders need to get to the bottom of what is happening and why they are contributing to any "blue-in-blue" events.
“Whether it's something else that's going on [like] we haven't followed the right procedures, or we don't have the right procedures or the technology didn't work as advertised, we have to continually look at each one of those events and go, ‘Why did it happen? and get after the understanding, so that doesn't happen again.”
Already, protecting the DODIN 24/7 against adversarial incursions is no small feat. On average, there are 798 million cybersecurity incidents per day on the Defense Information System network (DISN), the backbone of the DODIN, Lt. Gen. Skinner said.
“It is really about the JFHQ-DODIN and how we align efforts operationally with the service side components and DODIN operations to really help ensure that we are postured for anything that could occur.”
Moreover, the Defense Department has the largest number of IP addresses in the world, 3 million users globally, 4 million computers and 145,000 mobile devices. The DODIN includes more than 15,000 unclassified and classified networks and cloud environments.
“The DODIN is the third largest conglomeration of networks in the world, when you look at just the IP [Internet Protocol] space,” the commander noted. “The United States is number one, and I would offer, the U.S. can't take credit [for that] without the Department of Defense, as we actually are the ones that are propping that up. Number two is China. And JFHQ-DODIN is number three. So that is a significant number of potential vulnerabilities that these individuals are working day in and day out to address.”
And while there are 500 personnel at JFHQ who directly work to protect the networks, there are really many more folks who are securing it in some way. “As a force, there's almost 250,000 individuals, who at some point in time during the day, during the week, or a month who are securing, operating and defending this thing we call the DODIN,” Gen. Skinner noted.
The Joint Warfighting Cloud Capability initial three-year contract/task orders will be awarded in December, says Lt. Gen. Robert Skinner, director @USDISA. "No 'ifs, ands, or buts' about it," he said. DISA's HaCC will lead the effort @AlamoAFCEA #ACE2022. pic.twitter.com/lFSPebr1bx— Kimberly Underwood (@Kunderwood_SGNL) November 15, 2022
As it leads the response to attacks against the domain, JFHQ is working to help commanders and officials to take more “proactive, threat-informed, priority actions” that strengthen their cyber posture and reduce risks to both the DODIN and their missions/operations, he stated.
“It is really about the JFHQ DODIN and how we align efforts operationally with the service side components and DODIN operations to really help ensure that we are postured for anything that could occur,” Gen. Skinner said.
Notably, the commander sees need for industry contribution regarding DODIN cyber defensive automation and other automation applications. “I am not certain whether we have limited automation, or we just don't have the right automation in the right places,” he said. “That's where I need your help from an industry standpoint, to [say] where can we better automate, whether it's robotic process automation from a mission standpoint, versus just a contracting or financial application?”
In addition, Gen. Skinner cautioned companies that are bringing innovative technologies to pay close attention to their ability to deploy a solution across the DoD. The scope and scale of DISA’s and JFHQ-DODIN’s fielded technologies are considerable. “I love startups, but startups have to scale in a very complex environment,” he stated. “How do we drive that scalability within the complexity of that environment?”