By Chuck Brooks, President of Brooks Consulting International
With its broad national security role, the DOD has been a pioneer in the development of numerous innovative cybersecurity solutions. This makes sense given its lengthy history and the quantity and caliber of resources devoted to both research and development and the acquisition of technology for the warfighter. Additionally, the Department of Defense’s research divisions, such as the Defense Advanced Research Project Agency and the several innovation centers within the uniformed services, have established future pipelines.
The complexity of cybersecurity vulnerabilities and their ramifications for U.S. national security have significantly expanded in the last few years due to a difficult geopolitical environment and changing technologies. Following Russia’s invasion of Ukraine in February 2022, more aggressive state actors using hybrid warfare are now a prominent feature of the global cyber threat landscape. Critical infrastructure and the crisis in Ukraine are not the only areas where cyber operations are expanding. Adversarial state actors and the hacking groups they sponsor have even targeted U.S. corporations.
Put simply, the paradigm has shifted, and the DOD and its vendor community have much to offer the federal civilian side in terms of bolstering cybersecurity within agencies and for the assets they defend, particularly under the new policy objectives of zero trust and Security-by-Design.
A shift from a reactive or wait-and-react approach to a proactive, collaborative and comprehensive one is necessary in cybersecurity due to the new challenges and sophistication of emerging threats, particularly those made possible by artificial intelligence. Agency collaboration is needed for this, primarily between the DOD and the Department of Homeland Security.
Thankfully, the Joint Cyber Defense Collaborative was established last year to address the urgent need for cross-pollination between homeland security and national security activities. The JCDC established a renewed threat information sharing program, addressed technological gaps, designed scalable architectures and improved cybersecurity measures processes between government and industry. It was a much-needed effort to improve cybersecurity capabilities in the public and private sectors.
Both legislation submitted in Congress and recommendations made by the Cyberspace Solarium Commission emphasize the importance of giving the public-private partnership top priority. The 2021 National Defense Authorization Act had a direct impact on the creation of the JCDC. Strategic cooperation between government and industry stakeholders is a tried-and-true approach that makes sense. Since its formation, public-private cooperation has been a key goal of homeland security. Using public-private partnerships (often abbreviated as PPP) based on shared R&D, prototyping and risk management frameworks is a cornerstone of cybersecurity.
For the New Joint Cyber Defense Collaborative to reach its full potential, business and government cooperation will be essential. The quantity and complexity of cybersecurity threats may now appear overwhelming, but improved readiness, hope and novel possible solutions are brought about by the synergy of public-private sector engagement and combined expertise.
I got the chance to discuss the advantages of moving cybersecurity tools, methods and technologies from the DOD to DHS’ Cybersecurity and Infrastructure Security Agency with Don Styer, the chief technology officer at Serco. The company is a notable example of a DOD-affiliated business with a lengthy history that has only lately introduced products and services to the federal civilian market.
Styer mentioned that Serco has been working on cutting-edge security concepts for a long time in DARPA, the Air Force, Army and Navy labs, among other institutions. By following the lifecycles of cutting-edge technologies and weaponry, he believes we can improve best practices from that experience and directly apply those ideas, given the correct circumstances, to a federal civilian setting that is more socially and economically advanced.
This is significant because the DOD has the procedures and experience deploying technologies in the security domain that call for greater scrutiny. And such discipline in terms of risk management under expanding digital risks is particularly important for the cybersecurity issues that lie ahead.
With the rapid advancement of technology, a risk management framework is becoming increasingly crucial. AI, machine learning and new automation and analytical tools can assist in finding holes and offer improved resilience and mitigation. A strong risk management framework can continuously assess people, processes and technological instruments that are used with any kind of data.
Serco believes that automation and AI together represent a future cybersecurity roadmap for the government. A special automated risk management solution from Serco has been used by the DOD. It is called ASSURE and it is a powerful cyber risk assessment tool that greatly streamlines the process of determining risks and assessing security controls. Organizations can quickly compile, standardize and evaluate large amounts of cyber security data using Serco ASSURE, all from a single, intuitive interface.
By assisting in the identification of patterns, trends and possible problem areas, this data analysis capacity enables proactive risk mitigation techniques. Styer claims that because of the resource savings, this satisfies both DOD and CISA standards. ASSURE removes the need for labor-intensive, manual operations by automating the assessment and reporting processes and offering a centralized platform for data analysis. This is critical as the government is still facing significant difficulties due to the lack of skilled cybersecurity workers.
In keeping with automation, he added that the DOD’s Serco Tech Trakr Machine Learning Analytics platform makes use of over 10 years of ML research to facilitate the quick and precise analysis of large amounts of data from many sources. Searching, gathering, organizing and interpreting complicated textual material at machine speed is made possible by the advanced natural language processing pipeline, which mimics the skills of a skilled human analyst. Tech Trakr’s algorithms “read” about 20,000 words per minute, retaining all pertinent material and having the capacity to find linkages and co-references across an infinite number of documents, compared to the 200-300 words per minute that the average human can read.
In the realm of cybersecurity, people, procedures and technology are crucial. Styer made the point that the DOD’s capabilities extend effectively to civilian agencies and that the Federal ecosystem is so large, so fast-moving and so wide that having trusted advisors to manage the culture and be a member of the workforce is genuinely useful throughout government systems.
The New Joint Cyber Defense Collaborative will require close collaboration between government and industry to fully realize its potential, as demonstrated by the Serco case study.
As hackers become more sophisticated and the attack surface expands, cyber threats will also continue to change. Thankfully, the federal government can help address and mitigate those emerging threats by bringing the DOD technologies and processes that have been tested in national security to the civilian side of government.