The persistent threat of cyber attacks has been a top concern for the Department of Defense in recent years. Now, as the Pentagon moves forward with a zero trust approach to cybersecurity, DOD leaders are paying close attention to implementing security not just at the enterprise level, but also at the tactical edge, where threats are notably increasing.
Security at the tactical edge — or in what the DOD’s Randy Resnick calls “the last mile” — looks different for each service branch, and the DOD is working to better understand these environments to protect edge devices in denied, degraded, disconnected, intermittent and limited scenarios.
“There really is no single DDIL scenario,” said Resnick, director of the Zero Trust Portfolio Management Office, during a panel discussion moderated by Kip Gering of Xage Security during the Potomac Officers Club’s 2023 Cyber Summit. “So we’ve asked the services through the Joint Staff to give us two examples in your service on what you mean by ‘DDIL.’”
To illustrate his point, Resnick noted that protective measures like phishing-resistant multi-factor authentication, or MFA, may not always be top of mind for warfighters when they’re operating in harsh environmental conditions and exposed to the elements. Knowing what exactly these scenarios are for each service is the first step in moving forward with pragmatic solutions, said Resnick, and the next step is making zero trust achievable in these scenarios.
“We have 91 activities in an enterprise environment for zero trust to stop the adversary. We need to start thinking through what can we mitigate to the 91 and make it simpler at the edge, while still maintaining the ability to slow down or stop the adversary. It’s a little complex, but we’re working it through on the Joint Staff,” Resnick shared.
The Zero Trust Portfolio Management Office has already had three sessions with the Joint Staff on this effort, and the next meeting will be held in September.
While cyber threats are increasing at the tactical edge, attacks on the nation’s critical infrastructure are also on the rise. For the Department of Energy, strengthening cybersecurity and achieving zero trust are made more complex because of the agency’s broad mission sets.
“We do everything from open science research to deploying clean energy to securing the nation’s nuclear stockpile,” explained Jodi Kouts, senior advisor for policy for the chief information officer at the DOE. “We have numerous programmatic offices, 17 national labs and a number of side offices across the country. Implementing some of these zero trust policies is a little bit difficult because as you can imagine, some of our mission sets have a lot of legacy mission critical systems that aren’t easy to update.”
Historically, the DOE has relied on the Purdue model for cybersecurity, in which critical assets and systems are completely air-gapped. But as systems are becoming more interconnected, the DOE is working to adapt.
Kouts said the DOE is looking at “using AI and machine learning to our advantage to apply data analytics” that will help to immediately detect anomalous activity so that solutions can be implemented much more quickly.
Beyond that, Kouts urged leaders to pay closer attention to their supply chains to bolster cybersecurity.
“Another thing that I think we don’t talk about enough really is supply chain and really ensuring through software bills of materials that our supply chain is secure when we deploy these critical infrastructure assets so that we have less patching to do on the back end, and we feel a little bit better about how these systems are set up and configured to properly function,” said Kouts.
Linus Barloon II, chief information security officer for the U.S. Senate, highlighted asset management and “knowing your devices” as critical components of cybersecurity. Ultimately, this comes down to properly training and educating the user, Barloon said.
He urged that federal leaders should be “working to train [their] users to help them better understand and to know what a breach looks like and know what the adversary could do.” Spreading this awareness will help users to more effectively defend an organization’s endpoints and protect against threats.
Offering his industry perspective on the conversation, Laks Prabhala, chief information security officer at Alpha Omega Integration, agreed with Barloon that asset management is a vital component of cybersecurity, alongside identity management, real-time threat intelligence, and perhaps most importantly, having more unity of effort across multiple levels of an organization.
“We all need to be engaging the stakeholders — that’s number one — internal and external. Especially getting those OT guys working with the CISA folks, attending the cyber staff folks, that is so important. Technology collaborations and programmatic process collaboration and engagement is what we’re seeing,” said Prabhala.
Don’t miss the Potomac Officers Club’s next in-person event, the 2023 Annual Navy Summit, on June 21! Key leaders, experts and decision makers from the U.S. Navy and industry will convene to discuss critical issues and timely topics. Register here to save your seat.