BALTIMORE–Defense Information Systems Agency (DISA) officials are exploring partnerships with other governmental organizations to test big data platforms like the cloud and conducting audits to meet patching software needs in response to cyber threats associated with rapidly changing technology, according to agency representatives speaking at the Armed Forces Communications and Electronics Association’s Defense Cyber Operations Symposium this week.

Officials at the conference discussed plans to move to a risk management framework, integrating platforms such as MilCloud 2.0 to handle the Department of Defense’s data networks, and requiring automated patching for all software across DoD systems.

DISA representatives speaking at a June 14 panel on evolving cyber protection services at AFCEA's Defense Cyber Operations Symposium. Photo: Matthew Beinart.
DISA representatives speaking at a June 14 panel on evolving cyber protection services at AFCEA’s Defense Cyber Operations Symposium. Photo: Matthew Beinart.

“We’re implementing select controls, and then monitoring that threats affecting our environment are still being managed from a risk-management perspective,” DISA Cyber Services Line of Business Chief Patrice Wilmot said while moderating a panel on evolving cyber protection services for the computing ecosystem. “There’s a number of times when a customer calls me about an incident on their application before we’ve noticed it. We have to move away from that.”

Wilmot identified moving towards real-time risk assessment as a main goal for improving DoD’s computing ecosystem, and called on industry professionals and mission partners to bring solutions to the table.

Resolving lagging issues in shoring up the networks DISA supports has involved an ongoing three-year agency-wide audit of all operational units to identify a holistic view of software patching needs and cyber operations solutions, according to DISA Chief of Cyber NetOps Solutions Division Dr. James Travis III.

The process included looking at what gaps in software were present, followed by a separate audit to identify what tools would be necessary to manage these systems from possible cyber threats. Then, DISA had to develop the capabilities to best support the operation units and eventually phase out any redundant patches to settle on a unified set of solutions.

“We’re look at automation for rapid patching and how we can patch better, faster, cheaper,” DISA Vulnerability Assessment Branch Chief Michael Sandell said. “One of the big issues is the depth and breadth of operation systems we support.”

DISA is also taking steps to consolidate big data systems to find ways to streamline cyber security efforts, and have partnered with the National Security Agency to come up with a big data platform.

“Obviously, too much data is a bad thing. You have to figure out which data you actually need,” DISA Cyber Development Executive John Hickey said. “We already have Cyber Situational Awareness Analytical Capabilities where our customers can actually go in there and share information. Having the common tools where everyone looks at the same data, is a larger, harder issue that Cyber Command has to help us with because it’s really about solving problems with the services and agencies we work with.”

The forthcoming integration of MilCloud and a potential move to integrate other DoD networks into commercial cloud systems would be another way to consolidate data, according to Travis.

Further funding could be arriving for DISA with the upcoming Modernizing Government Technology Act being considered now in the Senate, Margaret Graves, acting Federal Chief Information Officer and Administrator for E-Government and Information Technology for the Office of Management and Budget  Margaret Graves, said during a panel on acquisition and innovation agility.

“I don’t think I’ve seen elements in the federal government needed for modernization like this before,” Graves said. “We’re moving towards government-wide contracting capabilities and increasing shared services which will all help cyber security modernization.”

Each DoD agency will turn in risk management plans in August on how they will improve cyber posture under pre-determining National Institute of Standards and Technology guidelines, and then eventually deliver modernization reports with a focus on improvements to networks and efforts made to combat cyber threats, according to Graves.