By Geoff Fein
The Department of Defense (DoD) has made great strides in protecting its networks from prowling eyes and has done a good job of stressing that the approach to cyber security cannot be a service specific approach, according to an official with Symantec [SYMC].
“DoD has come an enormous distance…great strides from where they were in ’96, ’97. In fact, you’ll hear many general officers across the board and senior executives say this is a domain just like air, land, and space,” William Cole, senior director cyber threat analysis program at Symantec, told Defense Daily in a recent interview.
“It really carries a lot of weight because as soon as the military adopts that type of thinking then it allows them to start building a doctrine around–how do we protect, defend this domain? [That’s] something they had not thought about in the past,” he added. “So they are readily admitting now when you connect any IP addressable device to the Internet, you just connected to a battlefield.”
Along with putting more attention, more resources toward cyber security, DoD is also aware that the effort cannot be service specific.
The Joint Task Force Global Network Operations (JTF GNO) brought in liaisons from every service, Cole noted.
“The way they are doing a lot of their infrastructure around IT (information technology) security is really blazing new trails. The way they have done IT stuff in the past they have not had these conversations,” he said. “Bringing in people from every service every agency, COCOMs and such, they do more information sharing around IT security than we have ever seen around IT in the past. In the last 10 years, they have come miles and miles and miles.”
Cole said it’s amazing to see at DoD-sponsored information assurance (IA) events the level attendance and all of the side meetings that take place. “All the COCOMs at the senior level in charge of IA across Army, Navy, Air Force, and Marines, DIA, NSA, NRO–they are doing a fantastic job there. They still have miles and miles to go, but the effort is certainly underway and they have made great strides so far.”
While Cole sees a recognition that funding will be required to defend against cyber threats, he also noted there is a recognition that the government is facing challenges because of the traditional procurement process.
“The problem you have on the IA side is that you have the same procurement system and related to that you have a mutating threat–not weekly, not monthly, not daily, but hourly. So how do you defend against something when it takes you almost two years to do an acquisition? That’s a challenge the DoD and the entire federal government has,” he said. “They are all aware of that and many of them at the senior levels are trying to look at that and actually take some action to mitigate that challenge.”
The challenge comes in knowing that while systems have to be defended 24/7, 365 days a year, an attacker only has to find one gap, Cole said.
“An attacker has everything on his side…he has all the time in the world to break into your system,” he said. “So when you look at that across the board, how do you stay ahead of that? The only thing to do is to continue to look at leapfrog technologies to see if you can’t get ahead of the threat. There are a lot of challenges in that area.”
One government effort Cole praised is the Trusted Internet Connection, or TIC.
In 2007, the White House issued a memo to all department heads and agencies about the implementation of TIC.
“This common solution facilitates the reduction of our external connections, including our Internet points of presence, to a target of 50,” said Clay Johnson, deputy director for Management at the Office of Management and Budget, under the pervious administration.
But while Cole said the system has a lot of merit to it, he acknowledged cyber security is a war that can’t be completely won.
“[When] you look at the millennial, as they bring in more and more devices, how many ways do you have to connect to the Internet? As you take networks and try to pare them down so that you have specific portals that data has to come through…you can do the monitoring on that, but it will still be a continuous monitoring mission and a leap ahead to stay ahead of ways people can take other devices internally and connect them to the internet and go around that access point,” Cole added.
“The access point is an excellent idea, but you are still going to have to use other technology to look for data leakage out of the systems…where those other connectivity [points are] that could still give you a new attack route,” he said.
Symantec supports the DoD and federal government in a number of different areas, Cole said. “We do a lot with technology, with services…the implementation…that is one area the DoD can use even more assistance…with the implementation of the tools and technology that they have.”
DoD has a very non-trivial problem, Cole noted. “With the millions of IPs they have on the unclassified side, scattered around the globe, and then young military folks sitting in remote locations that are maintaining devices that are old, expensive to upgrade, may be operating old operating systems. How do you reach out there and ensure they are running the latest technologies? Those are a lot of challenges.”