What DISA needs for secure networks

What DISA needs for secure networks

“If I had to talk about my top priorities, it would be software-defined ‘X,’ and you can insert your term in there,” Defense Information Security Agency CTO David Mihelcic said Jan. 12.  He was speaking at an AFCEA DC chapter breakfast, where DISA leaders outlined areas where they’re looking to industry for innovation.

DISA and the Defense Department at large must avoid static configurations and have software-defined infrastructure, he said, beginning at the network layer within the data center reaching up the stack. DOD also must have the ability to automatically configure software applications on top of the software-defined infrastructure and be able to automate testing and the certification process to speed up the deployment process. 

In addition to the infrastructure, cutting-edge cyber tools can assist in network security and situational awareness.  John Hickey, a cyber security authorizing official at DISA, said that what he needs from industry is two-factor authentication -- particularly for system administrators. 

“How do I enable strong authentication on the backside for system administrators is something that we’re looking at -- an enterprise capability for privileged management that we can deploy across multiple products,” he said.  There’s a new vulnerability uncovered almost every day that administrators must address across  multiple devices on the backend. “How do they get away from user name and password?” he asked.

Another aspect of security is the people who make up the cyber workforce.  “Really what I want is experience…or well educated entry-level technical professionals who understand the particular technologies that they’re managing,” Mihelcic said.  “So, instead of someone who has just a focus on cybersecurity certifications, I want a computer scientist or I want a system administrator who has a deep experience in successfully managing and building IT and … securing that IT.” 

“The best investment we can make in terms of cyber and cybersecurity is upfront insuring that our systems are built in a reliable and a robust and secure way as opposed to trying to bolt on security,” Mihelcic said. 

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected