What DISA needs for secure networks

What DISA needs for secure networks

“If I had to talk about my top priorities, it would be software-defined ‘X,’ and you can insert your term in there,” Defense Information Security Agency CTO David Mihelcic said Jan. 12.  He was speaking at an AFCEA DC chapter breakfast, where DISA leaders outlined areas where they’re looking to industry for innovation.

DISA and the Defense Department at large must avoid static configurations and have software-defined infrastructure, he said, beginning at the network layer within the data center reaching up the stack. DOD also must have the ability to automatically configure software applications on top of the software-defined infrastructure and be able to automate testing and the certification process to speed up the deployment process. 

In addition to the infrastructure, cutting-edge cyber tools can assist in network security and situational awareness.  John Hickey, a cyber security authorizing official at DISA, said that what he needs from industry is two-factor authentication -- particularly for system administrators. 

“How do I enable strong authentication on the backside for system administrators is something that we’re looking at -- an enterprise capability for privileged management that we can deploy across multiple products,” he said.  There’s a new vulnerability uncovered almost every day that administrators must address across  multiple devices on the backend. “How do they get away from user name and password?” he asked.

Another aspect of security is the people who make up the cyber workforce.  “Really what I want is experience…or well educated entry-level technical professionals who understand the particular technologies that they’re managing,” Mihelcic said.  “So, instead of someone who has just a focus on cybersecurity certifications, I want a computer scientist or I want a system administrator who has a deep experience in successfully managing and building IT and … securing that IT.” 

“The best investment we can make in terms of cyber and cybersecurity is upfront insuring that our systems are built in a reliable and a robust and secure way as opposed to trying to bolt on security,” Mihelcic said. 

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected