DISA Develops Closer Ties with Intelligence Agencies
The Defense Information Systems Agency (DISA) is working more closely with the intelligence community and is partnering with the National Security Agency (NSA) on a number of cybersecurity-related efforts, officials say.
Officials speaking at a recent AFCEA Cyber Committee meeting described a close partnership with the intelligence community, especially the NSA. “I think you’ll see a lot of positive energy from DISA in the coming year or years, and in conjunction with JFHQ-DODIN, I think it’s very promising,” said Jason Martin, vice director of DISA’s Development and Business Center, using shorthand for the Joint Forces Headquarters-Department of Defense Information Network. “I think we’ve set ourselves up really well to engage differently in the Department of Defense and to engage differently with the intelligence community.”
Without going into details, Martin said DISA, the Defense Department and the NSA in the coming years will be rolling out a number of cyber-related capabilities. The capabilities, he indicated, include sensors on the network. “We spent a lot of time on planning for bandwidth consumption, increased capability and intelligence sharing, working with the NSA and Cyber Command, and then within the DOD to build out those capabilities.
The new technical applications will be introduced over a five-year period. “This is really a road map from fiscal year 2020 to fiscal year 2024. Not all of those capabilities are intended to take that long to roll out, but obviously, based on what we learn with the network and what we see with efficiencies over time, things could change. But this is really a five-year look,” Martin said.
Martin also noted that funding has been approved for the Cross Domain Raise the Bar initiative, an NSA attempt to combat escalating threats while improving the status quo in the cross-domain community.
An NSA official explains that the Raise the Bar Strategy for improving cross-domain solutions security modernizes Defense Department and intelligence community cross-domain solutions from a design, development, assessment, implementation, and use perspective to address new operational requirements and emerging threats. The effort is a partnership between the Defense Department chief information officer, NSA, DISA, the intelligence community and the military departments.
“We have the money in place. We have the relationship. We have the plan. We’ve been working with all the components across the DOD to build out the plan for increasing the capabilities within the cross domain and to get the Raise the Bar guidelines that have been pushed out by the intelligence community. But then also we’re in the process of eliminating a lot of the point-to-point solutions from cross-domain and to bring them to the enterprise level,” Martin explained.
Additionally, Martin reported that DISA and the NSA have done a high-level assessment of cyber threats using the Department of Defense Cybersecurity Analysis and Review (DODCAR), a data-driven framework that enables decisions to be made based on specific priorities. “The DODCAR performs threat-based cybersecurity architectural assessments and situational awareness. We know the threats and vulnerabilities and how to mitigate them based on the data provided.”
DISA officials tout the benefits of the Defense Department’s move toward a “zero trust” cybersecurity strategy. While there is no common definition of zero trust, it generally means that all users and devices must be authenticated before connecting to a network.
DISA, Cyber Command and the NSA began piloting a zero trust framework in January 2019. “Very quickly in that effort we started to realize there were questions about how to scale to the enterprise,” reported Col. Darcy Saint-Amant, USA, military deputy, DISA Operations Center.
While DISA already practices many of the zero trust best practices, she added, “The key is really how these capabilities are integrated. The integration and configuration of these to work together is what’s important.”
You may also enjoy:
DISA Begins Implementing Fourth Estate Initiative
