NEWS FROM THE 2009 BLACK HAT BRIEFINGS

Better ID assurance is essential for the new online world, DOD deputy secretary says

LAS VEGAS—Just as the Defense Department is getting used to working in a network-centric world, it has begun moving into a newer content-centric environment, said Robert F. Lentz, DOD's chief information assurance officer.

Leveraging interactive Web 2.0 applications and cloud services in a secure way, “that’s the biggest challenge,” Lentz said Thursday at the Black Hat Briefings security conference. “That race is daunting.”

Doing this requires moving from the current whack-a-mole process of static defenses to a more agile, strategy-based take on risk management.

“We are in a paradigm shift right now,” Lentz said. A necessary element in that shift is reducing online anonymity and improving the assurance of identity online. “In my opinion, there needs to be a cyber czar just for identity, because without it, we’re going to be done.”

Lentz outlined recent changes in the world of cybersecurity, saying that the Internet has become essential not only to our economy, but to our national security and well-being. Protecting the online environment is a joint responsibility of government and the private sector, he said.

“We have to think of cyberspace as a global common that touches everything we do,” he said. “Securing the global common is the joint responsibility of everyone.”

Currently, however, the Internet is a “very fragile ecosystem,” he said.

Among the major challenges facing DOD in securing its online presence is deployment of Domain Name System Security Extensions and transitioning from IPv4 to IPv6. The department must also leverage virtualization to minimize its attacks surface, Lentz said. But the management of identity, which is essential to control access and understanding activity online, is the foundation for a reliable networking environment.

DOD operates one of the world’s largest public key infrastructures, based on its Common Access Card, but that technology is not adequate, Lentz said.

“It’s still not easy to use,” he said. Directory services remains an Achilles' heel for DOD, and the department must provide a better system for federated identity management and embrace better multifactor authentication to take advantage of a new environment.


About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected