Some of the cybersecurity challenges the Defense Department faces and some of its key initiatives include the highlight of a fireside chat at the Billington CyberSecurity Summit.
David McKeown, DOD’s chief information security officer and deputy chief information officer, explained that seven “pillars” make up DOD’s cybersecurity architecture.
“The priority of all of the pillars working together, or in harmony, is that we’re able to detect advanced persistent threats trying to attack our network, advanced persistent threats that have successfully hacked our networks and their lateral movements inside of our networks,” he said.
While DOD has historically been very good at perimeter defenses, it has a lot of tools that it has deployed, McKeown said. “We’re successful with 99.9% of all attack vectors. But there is this advanced capability that nation-state actors have [in which] they can get a foothold through a variety of means — phishing, brute force attacks on vulnerabilities that are on servers, web attacks and hacking the code,” he said. “And once they get a foothold, what we’ve found over time is we have to struggle to find them and then finally, eradicate them from an app on the network and have confidence that they’re gone from the network.”
DOD cybersecurity, McKeown said, has always turned to industry for great solutions with new technologies. “We’re also looking to them when they build a new operational technology [to include] cybersecurity and the censoring that we’re going to need to protect devices,” he added.
DOD is also looking at cybersecurity solutions that it can purchase at scale from vendors, he noted.
“We’re actively looking at where we can partner with industry on those solutions to overlay on top of whatever our network infrastructure is,” McKeown said.
“We do need to partner with industry, so that they can help us provide better security solutions,” he emphasized. “In the area of cloud, we’ve spent a great deal of time [and] our journey to the cloud has been pretty strong of late. We’ve migrated a vast majority of our users there, we’ve partnered with Microsoft to work on the security concerns over time, and we continue to work on those.”
DOD will continue to adopt what industry is putting out, he noted, adding the department does need the help to “bake in” cybersecurity and not have it as an add-on feature for an additional price.
For DOD’s strategic cybersecurity program, adoption of all of the different technologies that industry has to offer is definitely on our radar, McKeown said. “We want to meet with industry, we want to know what they have, but we do want them to be cognizant of the fact that we really kind of demand a secure solution coming in the door.”