Defense and Homeland Discuss Priorities for Cybersecurity

February 5, 2021 by Kate Michael
Defense and Homeland Discuss Priorities for Cybersecurity

WASHINGTON — Dramatic changes in the workforce and service delivery have posed unique security challenges over the last year. Evolving technologies are accommodating training and remote work, but new cybersecurity threats continue to emerge. 

In the last few years, directives have required federal agencies to take a variety of actions, including better managing their cybersecurity risks and coordinating to meet reporting requirements related to the cybersecurity of federal networks and critical infrastructure. Yet despite this progress, many agencies still face challenges in safeguarding their information systems and information.

Top defense and homeland IT security officials recently joined the Federal News Network to discuss their lessons learned and continued priorities for implementing strategies and initiatives around cybersecurity.

“Not that long ago, cyber was considered a tech issue to be addressed by just the IT team,” said Martin Kessler, chief information security officer for the Verizon Business Group. “Now we are keenly aware that there’s a business risk… that could affect our ability to deliver on missions.” 

Cybersecurity is, at its core, about data loss prevention, detection, and response. In the government’s case, cybersecurity strategies often have national security implications.

“We’ve learned this year about [the Army’s] ability to do remote distributed operations,” offered Ron Pontius, deputy to the commander in the U.S. Army Cyber Command. The Army, like so many agencies and businesses, worked to pivot to remote telework, establish virtual private networks, and made drastic changes to its network as a result of moving its cyber command to Fort Gordon, Ga. last year. 

“We rolled out a commercial vertical mode, and the Army has embraced it,” Pontius said. “We’ve created an environment where those that were base-oriented can now have more remote capability… It’s fundamentally changing how we’re doing business in the Army.” 

Colleagues at the Defense Intelligence Agency and Department of Homeland Security agree that a cybersecurity focus is embedded into the culture of their agencies. 

DHS has established the National Cybersecurity and Communications Integration Center, which functions as the 24/7 cyber monitoring, incident response, and management center for the federal civilian government. 

“[Cybersecurity is] helping us … with real-time and security situational awareness, preventing outages and defending from hostile threats,” said Hemant Baidwan, acting deputy chief information security officer at DHS.

Baidwan admitted that moving to hybrid cloud computing helped to emphasize DHS employees’ cyber hygiene — meaning those practices that help keep data safe and well-protected — and created a structure capable of handling increased telework with uniform protections against cyber adversaries.

DIA, which operates across multiple networks from unclassified all the way up to top-secret, is also working to make cybersecurity part of its normal business rhythm and mindset. 

“We’re [working to be] in a more secure state instead of just being compliant,” said Freddy Mercado, deputy chief information security officer at the DIA. This means revamping and revitalizing DIA’s asset management program, and requires a plan for comprehensive tracking, because as Mercado reminds, “If you don’t know what you own, it’s hard to defend it.” 

Private enterprise partners like Fortinet are assisting federal agencies with security solutions to protect the network, users, and data from continually evolving threats.

“Cybersecurity is hard because of growing attacks,” said Fortinet’s Field Chief Information Security Officer Jim Richberg. “No one can solve this alone – it’s a public/private issue. We’ve worked with partners from health care to criminal investigators…. deploying technology to help be nimble and get away from the old approach to networks.” 

Richberg offered that Fortinet was at the intersection of IT and operational technology, hardware and software that detects or causes a change through the direct monitoring and control of physical devices — a growing need. 

“We’re in the year of the hybrid, and I don’t mean cars,” he added, alluding to a new mix of work patterns and hybrid workers, particularly since the start of the pandemic. “The environment is changing for everyone.” 

Illumio, a cloud computing security company, is a federal agency partner that specifically prevents breaches from spreading within a network. 

“Architectures are still…. based on detection technology,” said Matthew Glenn, Illumoio’s senior vice president of product management. “But detection will often fail, so the mindset [needs to be] changed about where defense needs to reside, and defenses need to be modified to prevent breach.”

Agencies were not previously equipped to determine how malicious actors were seeking to gain access to their information systems and data.

“Adversaries are looking at what our focus is and going for our weak spots,” Glenn added. He said that when the security focus is on the user, attackers learn to go behind the user and take advantage of the fact that previous cybersecurity efforts really only focused on the perimeter.

“[Now], the core mindset of zero trust is to assume breach and default deny,” meaning to only allow that which you should allow. So Illumio is helping federal partners to alleviate their cybersecurity concerns by compartmentalizing, “stopping abnormal communication patterns, focus[ing] on the end-user, and focus[ing] on the data center and cloud environments.” 

Despite this improvement in federal agencies’ monitoring of their information security programs, however, there remain specific areas “to improve our ability to protect against malicious cybersecurity, including speed and how you protect and professionally train a civilian workforce to stay on mission,” according to Pontius. “Because you don’t do it for cybersecurity, you do it for the mission.”

Baidwan agrees that attracting and training top cyber workforce talent is increasingly difficult as the federal government has to compete with private industry. Proposals for a Cyber Workforce Talent Initiative prioritize and accelerate ongoing efforts to reform the way that the federal government recruits, evaluates, selects, pays, and places cyber talent. 

“We need to improve the quality and quantity of professionals in the pipeline that can join this incredible mission,” he said. 

A+
a-
  • cybersecurity
  • Defense Department
  • Homeland Security
  • In The News

    Health

    Voting

    Cybersecurity

    Americans Reporting Nationwide Cellular Outages From AT&T, Cricket Wireless and Others

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according... Read More

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according to data from Downdetector. AT&T had more than 73,000 outages around 9:30 a.m. ET, in locations including Houston, Atlanta and Chicago. The outages began at approximately... Read More

    States and Congress Wrestle With Cybersecurity at Water Utilities Amid Renewed Federal Warnings

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international... Read More

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the... Read More

    December 6, 2023
    by Dan McCue
    HHS Unveils Next Steps to Enhance Cybersecurity of Health Care Records

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93%... Read More

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93% increase in large breaches in the health care sector, with a 278% increase in large breaches involving ransomware, according to the Department of Health and Human... Read More

    Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems... Read More

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems like ChatGPT to deceive and sow disinformation. His talk on the technology at the DefCon hacker convention in August was a huge hit. But he's anything... Read More

    October 31, 2023
    by Tom Ramstack
    US Workforce Unprepared for AI, Technology Experts Tell Senate

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing... Read More

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing Tuesday to say it is only a first step in a process likely to transform American workplaces. “Artificial intelligence will not only disrupt lives, it will... Read More

    July 18, 2023
    by Tom Ramstack
    Congress Told AI Holds Great Risks and Benefits for US Military

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it... Read More

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it falls behind in developing the technology but a bright future by taking the lead. One of the greatest risks would be defending against a foreign enemy... Read More

    News From The Well
    scroll top