The Defense Information Systems Agency is looking to improve the cybersecurity posture of the Department of Defense by reducing attack vectors to the network.
Adversaries are becoming more sophisticated, with threats becoming more complex and the number of cyberattacks increasing, Vice Adm. Nancy Norton, director of DISA, said Nov. 5 during DISA’s annual Forecast to Industry day in Linthicum, Maryland.
She said DISA executes roughly 1 billion defensive cyber operations events in a given month, automatically blocking most attempts while intervening in nearly 1,000 incidents and conducting over 2,000 countermeasures.
One way DISA is seeking to reduce these attack vectors to the network is implementing a cloud-based internet isolation solution to protect from browser-born threats.
“By taking the internet browser off the work station and placing it in a remote cloud-based server outside of the DoD [Information Network], we can review traffic from afar and protect the network while preventing malware and cyberattacks,” she said, noting DISA is interested in hearing about industry’s solutions in this space.
Reducing the attack vector and the architecture itself reduces the amount of cybersecurity attacks that DISA has to manually respond to and ultimately ensures resiliency to support mission accomplishment, Norton said.
“Cybersecurity needs to be at the forefront of our operations. Cyber is our battlespace and resiliency in that battlespace is key for our networks, applications and systems,” she said.
Norton also described efforts to automate and orchestrate key defensive processes that will help the team expedite actions that historically were performed manually.
This includes exploring the use of enterprise tools, machine learning, robotics and artificial intelligence to expand the effectiveness of analysis with existing staff, Norton said. These capabilities will use sensor data to help the agency readily identify long-term cybersecurity trends, uncover changes in adversary behavior and develop algorithms to identify suspicious activity.
“We must do this across cybersecurity in order to pace the threat inside cyberspace,” she said.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.