Interested in learning more about cybersecurity? The GovDefenders Virtual Event is a free online cybersecurity conference on April 24. Join us from your desk as experts from NetApp, Symantec, ForeScout, Red Hat, Quest Software, SolarWinds, and DLT Solutions, discuss trends, best practices, and the future of public sector cybersecurity. Register today!
Last Friday, I had the privilege of hearing Henry Sienkiewicz, Vice Chief Information Assurance Executive for the Defensive Information Systems Agency (DISA), at a luncheon hosted by the Northern Virginia chapter of the Air Forces Communications and Electronics Association.
Mr. Sienkiewicz outlined the vision for cybersecurity at DISA. In his opening remarks, Mr. Sienkiewicz identified three vectors challenging their cybersecurity delivery: budget decreases, strong demand from the services, and how cybersecurity is being conducted to defend and protect the mission. He took a pointed position of needing to get as good at cybersecurity as they are at traditional services. And the first step in increasing Cyber Command and Control is the DoD Joint Information Environment and getting the architecture right.
My five key takeaways are:
- Cyber Situational Awareness (SA): Today’s stove piped net defense analysis provides minimal situational awareness (SA). The way ahead is one built on legally sharing data combined from the Defensive Cyber Operations, DoD GIG Operations and Mission Assurance to create a contextual cyber SA.
- Globalized Supply Chain: Computers and laptops aren’t made in one place which means less control over the supply chain. CPUs = US/Germany/Ireland/Israel. Batteries = Japan/Taiwan. Chipsets = China. We need to understand supply chains so risk can be managed throughout the process starting with architectural and design.
- Cloud Computing: DISA follows the National Institute Standards and Technology (NIST) and the Federal Risk and Authorization Management Program (FedRAMP) as a foundation for cloud services.
- End-to-End Mobility: Establishing a DoD mobile applications storefront of preapproved applications, wireless carriers, mobility gateway, and DoD enterprise capabilities enables DISA’s vision to standardize everything.
- Biggest Fear: In five years the workforce won’t understand situational context. It’s not just clicking a box, but about seeing the bigger picture. To this end, workforce development is experiencing a convergence of efforts to define roles, deliver training, standardize operationally but the practicum is an ongoing challenge.
You can find more information about cybersecurity in the Defense Information Systems Agency Strategic Plan 2013-2018.
A final note: Author Henry Sienkiewicz has an upcoming book on the subject of active contemplation. Look for Entangled in March 2013. You can also follow Henry on Twitter: @hjsienkiewicz.
Image courtesy of FedScoop. It was not taken at the event.