Between insider threats and an array of attacks from bad actors and nation-states, the government is being assaulted on multiple fronts simultaneously. This requires approaches that can adapt, anticipate, and respond in ways that may not even have been developed yet.
AFCEA TechNet Cyber brought together leading minds from the military, industry, and academia to find ways to achieve a persistent state of cyberdefense. TechNet Cyber sessions, many hosted by senior military and DISA leadership, covered numerous issues and approaches, including AI, insider threats, endpoint security, zero trust models, and contractor training and awareness. Technology vendors were there to learn what’s needed and add their expertise to the discussion.
The situation has changed drastically since last year’s event, which was renamed TechNet Cyber for 2019 to zero in on the ongoing challenges and to define solutions. Cyberattacks aren’t just occurring against high value, high visibility targets. Smaller, more insidious attacks are constantly occurring, with no specific front lines of engagement.
Call for Industry Innovation
To address these evolving challenges, Department of Defense (DoD) organizations are looking for new technologies from vendors, such as AI/ML, according to Omar Rafik, senior manager, federal sales engineering for SolarWinds. At the same time, he cautioned, cost-effectiveness is essential.
Agencies dependent on Active Directory can benefit most from automation, he explained, especially on the systems side. “Access rights management is essential to security,” Rafik said. “Agencies need to ensure that as people move around within departments, change jobs, or leave altogether, their access rights are updated, disabled, or confirmed. Automation can help prevent problems from occurring and help IT personnel spot potential trouble spots early.”
Rafik added that continuous monitoring and auditing of networks is high on DISA’s list of requirements. “If everything gets logged, audits can be easier to do. And regular audits can point out issues that can turn into security leaks,” he explained. “But, while there are a lot of ways to run an audit, if it isn’t easy, it won’t get done as often or as thoroughly as needed.” When selecting automation tools, Rafik says that thoroughness and ease of use need to go hand-in-hand.
Another key challenge for DoD, one tied directly to security, is consolidation. According to Kyle Brosh, federal accounts manager for SolarWinds, management tools are currently specialized and often from a variety of vendors. Standardization across the board would provide a common view of the systems being managed.
“By providing the ‘same pane of glass’ for systems monitoring and management, system owners can reduce the training burden while providing continuous monitoring and auditing,” he explained. “This can reduce costs while also reducing the time to identify and resolve security issues.” However, both Brosh and Rafik pointed out that until there is a top down decision to choose one consistent set of tools for all corners of DoD, there will continue to be pockets where users stick with their preferred applications.
Digital Transformation – More or Less Security?
IT modernization, while mandated, could bring with it numerous security risks. However, Rafik said modern software tools offer more security controls, which in turn can enhance an agency’s security position. However, he sees a number of issues brought about by bring your own device (BYOD) policies. “Everyone needs to conform to the security policy. But if the devices are government owned or managed, there will be more control. For contractors who connect to multiple systems, it can be more of an issue.” As a result, Rafik suspects BYOD will be more limited going forward.
While some experts are concerned that compliance with security standards isn’t enough, it’s an area many agencies still struggle with. As network topology and IT environments undergo modernization, Brosh noted, automation can help IT leaders ensure their systems are in compliance. “We know the situation is constantly evolving,” he said. “But that just points out the need to spot out-of-compliance areas quickly and easily.” The right automation tools, properly applied, can help speed this process along, he said.
While much of the event focused on expected directions for security and technology, Rafik said attendees also showed a good deal of interest in cloud and hybrid cloud environments. He noted it shows DoD is looking everywhere for cost-effective, flexible IT management solutions for government networks, as long as security remains a top priority. Brosh added that the cloud seems to be where NIPRnet is headed, so for unclassified networks, at least, this direction may provide the flexibility, speed, and cost-effectiveness DoD demands.