The Defense Information Systems Agency's job securing and defending the Department of Defense's networks arguably has gotten more complex, so officials there are looking for increasingly high-tech tools to carry out the mission.
The integration of cloud, mobility and a huge number of sensors producing volumes of data all make for an intricate and complicated operational picture for DISA and the rest of DoD.
But on the flip side, those newer, force-multiplying technologies also can enhance cyber defenses.
RELATED: DISA Vision & Contract Guide 2016
"We can't keep bolting on solutions" after the fact, said Jack Wilmer, DISA deputy CTO. "What we're doing right now is a pretty significant effort. Partners across the Defense Department are basically working together to find the new cybersecurity reference architecture."
At least part of the new approach to cybersecurity involves automating certain network functions and defenses.
"We have to look at how to do this more efficiently, how to posture ourselves for a more automated cyber defense, to get to fewer manually intensive tools, fewer manually intensive workflows, fewer screens for network operators," Wilmer said. "We need to get to where we can have these cyber capabilities integrated with each other and automatically defending against things."
That means taking a defense-in-depth strategy to network security, layering methods from the network perimeter to the access points where the network touches the public Internet or the commercial cloud to the devices used to connect.
Traditional cybersecurity is skewed toward device protection and perimeter defenses relying on threat signatures, but that's no longer sufficient against adversaries that can evade signature-based detection.
"One of the things we're looking at is how to take the data from the perimeter defenses all the way down to the host defenses and then make some actual decisions. There is a tremendous amount of data that comes in from all the various sensors," Wilmer said. "We're looking at two processes here. One is to drive more automation into that process so that instead of an operator having to do something for every single [attack], we can actually have some of them automatically taken care of. The other process is providing tools for the operators so that they can make the most informed decisions possible."
DoD's installation of joint regional security stacks around the world is designed to enable the defense-in-depth approach to cybersecurity, and to provide more visibility into the multitude of networks operating across the military.
"When you talk DISA [cybersecurity], this is the [DoD Information Network] as well, and our No. 1 cybersecurity piece that we're working today is JRSS. It's our No. 1 priority to field; it's the regional security capability that allows us to defend from within the DODIN what we call the east-west traffic," said John Hickey, DISA's risk management executive and CIO. "The ability to change signatures, the enemy's ability to change how they're coming at us — that's high on our list from a priority standpoint. We look at everything all the way down to the endpoint."
Those endpoints — the computers or devices being used to access the network, to conduct network missions and operations and to connect to virtually anything — number somewhere around 4 million in DoD. Earlier this year DISA released a request for information seeking industry's input on ways to better secure those endpoints amid the shift to mobile devices, cloud services and virtualization — all of which add to the number of endpoints.
The goal: lightweight, agile security tools that work on different operating systems and a mix of endpoint types and, preferably, are built on open standards.
"Where we're going in the future, you can't leave any of those pieces out. We have to look at all those pieces ... what are the technologies and capabilities that provide the biggest bang for our buck at a time for the department when we have to show efficiencies?" Hickey said. "The dollars aren't growing, so we have to make tough decisions. What are those security mechanisms that will provide us the most capability? We're in the middle of the process of laying out that plan."