Can Military Data Be Secure, Trusted and Mobile?
Data stored “in silos” is not providing a fluid, agile stream of information that the DOD needs to perform everyday missions. While data may successfully be generated, getting the needed information “in the right hands at the right time” is a challenge the DOD is facing.
In today’s day and age, data is currency and is driving the economy. "It is the world’s platinum,” said MILCOM 2017 panel moderator Terry Halvorsen, chief information officer (CIO) and executive vice president, Samsung Electronics Company. Data needs to travel with users, certain bits of data are needed “when they’re needed,” and the key is to be able to access the right data to make informed decisions on a timely basis. “And we want convenience,” said the former Defense Department CIO. In addition, data is “like milk,” in that it goes bad or is no longer needed at times. The key is to be able to sort important data and know how to value data.
Terry Halvorsen: data today is the world’s platinum. It’s driving the economy, but you need to be able to pull important data out #MILCOM— Kimberly Underwood (@Kunderwood_SGNL) October 24, 2017
Barbara Hoffman, principal director, Deputy CIO for Information Enterprise (DCIO-IE), DOD, noted that the data at the department is in silos and in a legacy infrastructure. The DOD is making strides—slowly—in improving its data management and information technology. The secretary of defense issued a memorandum to accelerate the migration of systems to the cloud. In addition, in May 2015, the department began a move to a single service provider. “The move away from multiple service providers made sense, and it saved money,” Hoffman said. Last year, an Enterprise Solutions office was established to streamline IT requirements horizontally across the DOD. Another program is moving the agency to the Windows 10 platform. This will help standardize applications for desktop and mobile devices. The move did expose that data in legacy structures was hard to extract. Hoffman also said the new generation of soldiers coming into DOD has knowledge and expectations in using mobile devices that the DOD is not quite meeting.
Barb Hoffman: the generation joining DOD today comes with knowledge and expectations of using mobile devices that DOD isn’t meeting #MILCOM— Kimberly Underwood (@Kunderwood_SGNL) October 24, 2017
Meanwhile, the same tools and applications on mobile devices that soldiers find important are also the systems making the devices vulnerable, warned Kiersten Todt, president and managing partner, Liberty Group Ventures, LLC and resident scholar, University of Pittsburgh Institute for Cyber Law, Policy and Security. Mobile devices used to be a peripheral accessory; now they have become a primary device. But the microphone, the camera, the data going through the phone and the applications are all access points of attacks, she said.
The tools that make mobile devices productive also make them vulnerable, Kiersten Todt, president Liberty Group Ventures #MILCOM— Kimberly Underwood (@Kunderwood_SGNL) October 24, 2017
Todt observed that the interdependency of the Internet of Things is eliminating boundaries as far as data protecting. “You can no longer put a box around critical infrastructure, as the lines have gotten blurry,” she remarked.
For Essye Miller, DOD deputy CIO for cybersecurity, the bottom line in data management at DOD is that it needs to always tie back to the mission and the warfighter, especially in the face of credible and growing cyberthreats. Miller portended that DOD needs to shift the focus of data management from a compliance view to a risk assessment view. DOD needs to identify the value of data, what data applies to specific operations and missions, and which data should be most protected. “We need to look at it more holistically than we have,” she said. “We also need to rid ourselves of legacy systems and look at the applications that truly need to go away,” as far as data management. In addition, in meeting its acquisition needs from the industry, DOD “absolutely needs to hold the industry accountable for introducing risk."