DOD to automate deployment of security patches
- By Dawn S. Onley
- Nov 17, 2005
The Defense Department recently made it mandatory for computer users to deploy automated security tools across the department to better protect networks from viruses.
The Communication Tasking Order, a policy directive released Nov. 3 by the commander of the Strategic Command, orders Defense agencies to 'immediately initiate' the machine-to-machine patches to automatically repair vulnerabilities as soon as software patches become available.
The order sets a phased timeline for compliance and allows for operational necessities, according to Timothy Madden, spokesman for the Joint Task Force for Global Network Operations. JTF-GNO is charged with operating and defending the Global Information Grid'the Defense Department's classified and unclassified network.
The new directive requires that all patches be installed immediately using commercial and government tools currently available, with an eye toward standardization in the future.
'There are various tools available now, both in the commercial sector and in the government, that are capable of providing such remediation,' Madden said. 'The JTF-GNO is directing the use of such tools across the GIG, and that such tools must be standardized by a certain time.'
Air Force Lt. Gen. Charles Croom, director of the Defense Information Systems Agency, said automated patch rollout would boost the network security posture across DOD. Croom called the current process manual-intensive.
'When there's a vulnerability identified in a particular piece of software, they [software companies] push those patches to us and we push those patches to the services and require implementation,' Croom said. 'Obviously, the trick is how fast can you get them and how fast can you implement them? And so, I think you see us focusing on the techniques, tactics and procedures to do that better.'
Croom, who also serves as commander of JTF-GNO, said the new policy would make the implementation of patches an instant process.
'We don't do the patches instantly. But we get viruses instantly, so even days are too long to implement patches, and for us it takes days and weeks,' Croom said. 'The vision for the future is you get the person out of the loop and you get machine-to-machine ability so you have the patches automatically distributed and loaded on whatever piece of equipment needs to be patched.'