DISA evaluates DODIN defense through adversary’s eyes

DISA evaluates DODIN defense through adversary’s eyes

To address evolving cyber threats, Pentagon is drafting an implementation roadmap for securing the Department of Defense Information Network (DODIN).

NSCSAR -- which stands for the Non-secure Internet Protocol Router Network (NIPRNet) and Secret Internet Protocol Router Network (SIPRNet) Cybersecurity Architecture Review -- seeks to answer three questions, according to Pete Dinsmore, Defense Information Security Agency’s risk technology executive: “Which cybersecurity solution do we need, how much is enough and where can we take risk?”

The NSCSAR effort examines the DODIN from an adversary’s perspective to better prepare network defenders.  Current cybersecurity measures will scored based on their effectiveness against tactics and techniques used by adversaries.

This effort will inform planners and budgeting.  “At the end of the day, the budgets available for cybersecurity capabilities are either stagnant or decreasing,” Dinsmore said. “And we need to figure out how to best use our dollars. ”  To that end, NSCSAR routinely releases recommendation, affirmation and observation reports to stakeholders.

NSCSAR is being implemented as an agile process, in which NSCSAR regularly reassesses the environment to determine what needs to be changed.

“Every 90 days were taking a new look -- adding capabilities, adding questions, adding ability for analysis, and adding new threats,” Dinsmore said. The cycle allows us to make regular adjustments, he noted, rather than saying, ‘We’ll be back to you in a year with a new report.”

The first NSCSAR assessment was completed in April, and the second "spin" is scheduled to be completed in June. 

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group