8 steps to reducing unauthorized software

Software factories must be protected like 'crown jewels,' AF official says

The massive hacking campaign that breached multiple federal government agencies via Solarwinds software has Defense Department officials taking a closer look at protecting some of its more nascent efforts – namely, software factories.

"These digital factories that we are using to design things may become crown jewels, and they'll have to be protected as such," Will Roper, the Assistant Secretary of the Air Force for Acquisition, Technology and Logistics, told reporters Dec. 18 during a virtual Defense Writers Group event.

That becomes an acute challenge for newer programs such as the Air Force's Cloud One and Platform One, which respectively centralize data sharing and tool development capabilities. With a single attack on either, “effects would ripple into other programs," Roper said.

During his talk, Roper stressed DOD's need for zero-trust principles on a large scale.

"The other thing that we have to bring into our software environment, into our digital infrastructure --  which the department is behind on -- is new technologies that allow you to deal with adversaries that have gotten in -- so zero-trust technologies and doing continuous monitoring," Roper said.

"We don't do that in the Defense Department. We certify things are impregnable, and commercial industry assumes everything is pregnant and has to deal with that after the fact."

Roper said the goal is to both keep adversaries out while having a plan for once they get in and building on those technologies, particularly with initiatives like Cloud and Platform One. The Air Force has been using red teaming to test systems’ security in the wake of Solarwinds Orion software vulnerability, he said, but that new approaches can often mean new targets.

If you create a game-changing approach to change the [defense procurement] system, that game-changing approach is likely the new thing your adversary targets," Roper said. "Welcome to the digital age."

This article was first posted to FCW, a sibling site to GCN.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected