Even the Department of Defense is working hard to keep pace with the changing landscape of cybersecurity threats. The key, by most estimates, is Information sharing. But whether the DOD and other agencies are ready for the level of sharing required is another matter.
At the Defensive Cyber Operations Symposium held this past June, Justin Ball, technical director for the Department of Defense Information Network's Operations and Defensive Planning Division, spoke about some of the challenges faced by the agency in the face of new and increased security threats.
The Department of Defense Information Network (DoDIN) is a globally interconnected, end-to-end set of information capabilities for collecting, processing, storing, disseminating and managing information on-demand to warfighters, policy makers and support personnel.
Ball acknowledged that considerable attention has been given recently to the standing up of cyber mission teams in the DOD, and the importance of cyber workforces throughout all levels of government. For these teams and workforces to succeed, however, he noted that threat information must be shared broadly and systematically.
A successful cybersecurity program must not only be defensive but offensive, Ball explained. It’s important to know against whom you should initiate proactive countermeasures, rather than just reacting to the latest advanced threat.
And advanced threats themselves are on the increase, with network compromises more insidious and harder to detect than ever before. One of the lessons driven home after the colossal security breach of the Office of Personnel Management in 2015 was how long it can actually take for a threat to be detected. The average lag time is a shocking 205 days, and even 250 days is not unheard of.
Because of the interconnectedness of communications, new mobile vulnerabilities and new malware variants are being continually introduced. It’s becoming nearly impossible for any agency to keep up all by itself.
Ball used DoDIN as an example. While DoDIN’s priority is operations, it is also tasked with “freedom of action” in Cyberspace while denying that same freedom to adversaries. System operators must conduct full spectrum Cyberspace operations (computer network defense, computer network attack and computer network exploitation.) Cyberspace operations are informed by Intel and threat indicators from traditional and advanced sensors, sharing vulnerability information from both DOD and non-DOD sources.
How can you achieve this goal of cyber freedom of action, Ball asked, without knowing the threats that are out there?
DOD is using a variety of systems to gather threat information, Ball said. These include Host Based Security Systems, web content filters, an enterprise email security gateway and the Joint Regional Security Stack for the military’s Joint Information Environment.
