As the Defense Department continues to fortify its networks and data, officials say they are automating some cyber defenses that can be triggered and respond to threats without manual maneuvers.
The key to automated cyber defense is striking a balance between what's handled by machines and easily deployed and what requires a bigger, coordinated effort that has wider systemic impact, according to one Defense Information Systems Agency official.
"The automated cyber defense effort is a lot more of the systems and technology side, so looking at the various sensors that we have in place, firewalls and things like that," Jack Wilmer, DISA deputy chief technology officer, said Nov. 2 at the agency's annual Forecast to Industry in Washington. "For example, if we detect a phishing email that comes through, we can potentially automatically deploy a countermeasure…some of those things are very logical, obvious things. But some other cases are where you get into what's technically possible but could cause a lot of problems in terms of shutting down capability or closing off ports."
Collecting and analyzing data from sensors deployed across DoD networks is a central piece of automated cyber defense, and it's an area DoD officials are actively working on as part of broader efforts in both cybersecurity and big data analytics.
"One of the things that we are looking at is how do we take data from the perimeter defenses all the way to the host defenses, and then make some actual decisions and get some actionable information out of that?" Wilmer said. He noted that continuing to build on analytics capabilities is critical "to keep up with the daily [data] ingest requirements that we have."
Automation is also at the heart of other cyber efforts at DoD, including a cyber scorecard program, in which military components are measured on their cyber performance and adherence to IT security standards. At an event held by the Christian Science Monitor on Oct. 29 in Washington, DoD CIO Terry Halvorsen said he's trying to instill a cybersecurity culture at the Pentagon, and he's also accelerating the timeline for automated defenses to 18 to 24 months.
The scorecards are "an interesting drill because it's an area where we were used to measuring readiness in other areas but we frankly weren't doing that for cyber," Halvorsen said. "Cyber is a relatively new warfare. If you look at the history of aviation, look at the history of how we developed nuclear, it took us awhile to get to this point. The biggest difference with cyber that we are having to react to is it moves faster than any other warfare. That is a challenge. The things we do today in cyber probably will not be the same things we do tomorrow."
Wilmer said he thought the 18-24 month time frame is "completely reasonable" and something he'll be supporting at DISA as part of an ongoing process – and part of that broader shift to a DoD-wide cyber culture.
"It's not like we'll just deploy automated cyber defense and just be done with it. I think what you will see is....the integration the various piece parts of the enterprise and how we take data and feed that back in," Wilmer said. "It's a journey we've already started on – we already have some of the automation and integration built in, and I expect that we'll see significantly more in the two-year time frame."