[ad_1]
The Department of Defense describes the tools and capabilities it will need to set up its zero trust program office later this fall and improve its overall cybersecurity posture.
Kelly Fletcher, a senior DoD career official serving as DoD’s chief information officer, told the Billington CyberSecurity Summit on Thursday that the department is in the process of setting up this program office.
The Defense Information Systems Agency, she added, provides enterprise services to DoD to enable zero trust capabilities. The military services are also setting up their own zero trust capabilities.
As part of the move to zero trust, Fletcher said the DoD is focused on streamlining its networks and removing tools it no longer needs in order to reduce its attack surface.
“What we’re really trying to do is save money by switching from our old architecture to our new architecture, and I think that’s going to generate some confidence throughout the department. We’re not just spending more, ”Fletcher said.
Fletcher said part of the culture shift around zero trust will focus on getting cyber analysts to think beyond traditional perimeter security.
“If you assume the thief is in the house, it changes the way you protect your valuables. And the other thing is it changes the culture around what defenders should be doing, ”Fletcher said. “I want the Defenders to find opponents in my network, and the success for them is to quickly find them fighting thanks to their presence in my network, and then quickly eliminate them.”
Civilian federal agencies are also making fundamental investments in zero trust. The Bureau of Management and Budget has published its draft strategy for shifting the federal government to a zero trust architecture last month, meeting the goals of the Biden administration’s cybersecurity executive order.
In order to implement the goals of the strategy, Federal Information Security Officer Chris DeRusha said the move to zero trust will require buy-in from agency management and user trust. final.
To achieve both of these goals, he urged CIOs to work with C suite partners, including CIOs.
“When considering zero trust, one of the things you need to do is really understand where your sensitive data is, not where you think it is. You have to use tools to verify, validate and then go from there. And it can be a painful cultural journey, ”DeRusha said.
But zero trust alone will not give DoD the cyber defense capabilities it needs to deal with emerging threats. Kelly said the DoD must also take advantage of artificial intelligence as a force multiplier to secure its networks.
“Cyber defenders, I think, are having a hard time figuring out what is most important, and we have to leverage AI to help them, to tell them, ‘You have a lot of tools, but we’re going to get the data. the most important. , and we’re going to make that available to you to pursue the places where we’re most concerned about what’s going on, ”she said.
Fletcher said the DoD has rallied around artificial intelligence as a critical component of preparing for emerging threats. But enterprise-wide adoption of AI, she added, will require more fundamental work.
“We need to use data and AI to our advantage. We need the right people to have the right data at the right time to make the right decision, ”she said. “But I think we don’t understand all of the necessary investments in the duller things. AI is super cool, [but] do you know what i need I need bandwidth? I just need some fiber on the ground, and it’s a bit boring, but that’s how it works.
DeRusha said civilian federal agencies also need to embrace automation solutions to stay ahead of threats.
“We can only really start beating our opponents and having defense when we can do it at their speed. And that really means automation and then training people to understand how to use these tools, ”he said.
Fletcher said the DoD is also looking for ways to improve the diversity of its IT workforce, both in terms of demographics and location.
DoD as part of its Cyber workforce framework (DCWF’s efforts earlier this year cataloged its cybersecurity workforce into 54 work roles. From there, Fletcher said the department runs data analytics to better understand where it needs – and needs – additional expertise.
“I’ll give an example that may be incorrect, but in Kansas City it’s really hard to recruit sysadmins, so we can target, we can provide recruiting and retention funds to make it happen, and I think that it’s really valuable, ”said Fletcher.
[ad_2]
Source link