It’s time to take network defense to a new level
When I was a fellow at Sun Microsystems over a decade ago, a senior IT professional bluntly stated the military operates its networks in a completely archaic and ineffective way compared to corporate America. The difference, he said, was the Department of Defense focuses on securing our network boundaries, while corporate America pivoted long ago to protecting the data.
Unfortunately, 10 years later we remain focused on network defense as we chase the illusion of hardened security. Not only is the DoD’s continued approach toward network security outdated by industry standards, but our networks are not optimized to allow for the adoption of big data, machine learning strategies and artificial intelligence. It is time to pivot toward the data, as our current approach is limiting our readiness.
The banking industry offers a dose of reality and a potential strategy for the DoD to consider. The trillions of dollars floating across the internet every second of every day rides on the World Wide Web ― a common and public network. Strong encryption, enforced two-factor authentication tools, other identity management techniques, and security tools have focused on anomalous behavior that enables industry to focus on securing the data and not the network.
This data-centric approach balances confidentiality, accessibility and integrity of the information. The banking industry’s goal is simple: secure data regardless of the network. If we trust our money on such an architecture, surely we can do the same with our military, war-fighting networks.
We’re off to a good start. But the Pentagon must continue to envision, invest in, and build connected data architectures that are non-proprietary and provide world class encryption and security at the data level. To compete successfully, our business processes and procedures, from staff work to tip-of-the-spear operations, need greater access to departmentwide data sources.
Imagine a world in which war fighters could receive real-time trusted data globally via satellite, GSM networks, or even over WiFi. Successful industries have embraced commercially available cellphones, email accounts and other messaging media to broaden their capability and capacity.
And so should we.
With the knowledge that data will power next-generation combat, we must control and manipulate massive volumes of information to out-think and outmaneuver our opponents. To continue our journey into becoming a more digital Air Force, we are transforming how data, technology and infrastructure are employed. This includes leveraging the power of data as the foundation of machine learning and artificial intelligence, fielding a 21st century IT infrastructure and implementing agile business practices to improve effectiveness and save money. We can’t do this alone. Rather we must harness the power of industry.
The commercial sector will blaze the trail for connectivity with exponential growth in bandwidth and connectivity through initiatives, such as 5G and low-Earth orbit communication satellite constellations. To take advantage of this growth, we must continue to institute new approaches to design, funding, implementation, and operational agility. We must rid ourselves of antiquated policies that drives checklist driven risk management processes and inhibits adoption of industry cybersecurity best practices. We must continue to pivot toward the data, embrace zero trust networking, and leverage opportunities in emerging technologies like blockchain, commercial solutions for classified, identity and access management, machine learning and artificial intelligence.
If we can implement modern cybersecurity tools, we can field the networks we need with cybersecurity that actually works.
If this was a NASCAR race, we are providing our war-fighting forces a car that was designed and built in the 1990s. Our adversaries are entering the field with a car based on today’s industry best practices. We would not accept this asymmetry in any other competition … on the ground, on the sea, in the air, or in space. Across the DoD it’s time to do the same in cyberspace. The Air Force is well known for breaking barriers. Let’s harness our spirit of innovation and continue to prepare our airmen for the digital age.
Maj. Gen. Scott L. Pleus is the director of air and cyberspace operations for Headquarters Pacific Air Forces, at Joint Base Pearl Harbor-Hickam, Hawaii. He is responsible for ensuring PACAF provides ready air, space and cyber power to promote United States interests in the Indo-Pacific region during peacetime, through crisis and in war.
Source : Maj. Gen. Scott L. Pleus Link to Author