DOD to Reduce Defense Network Security Threats and Cyberattacks

By Joe Kim, SolarWinds EVP, Engineering and Global CTO

Through its significant investment in networked systems and smart devices, the DOD has created an enormously effective—yet highly vulnerable—approach to national network security threats. The department has begun investing more in the Internet of Things (IoT), which has gone a long way toward making ships, planes, tanks, and other weapon systems far more lethal and effective. Unfortunately, the IoT's pervasive connectivity also has increased the vulnerability of defense networks and the potential for cyberattacks.

That attack surface only continues to grow and evolve, with new cyberthreats against the government coming in a regular cadence. DOD must adapt to this rapidly changing threat landscape by embracing a two-phase plan to make network security more agile and automated.

Phase One: Speeding Up Tech Procurement

The government first must accelerate its technology procurement process. Agencies must quickly deploy easily customizable and highly adaptable tools that effectively address changing network security threat vectors. These tools must be simple to install and maintain, with frequent updates to ensure that networks remain well fortified against the latest viruses or hacker strategies.

There is hope. In recent years, the government has made it easier for agencies to buy software through a handful of measures, such as the General Services Administration Schedule and the Department of Defense Enterprise Software Initiative. All have been carefully vetted to work within government regulations and certifications.

Phase Two: Automating Network Security

Automated network security solutions to alert agency administrators to possible threats are also important. The government should implement these types of solutions to monitor activity from the myriad devices using Defense Department networks. Administrators can be alerted to potential security breaches and software vulnerabilities to provide real-time threat response capabilities.

The SolarWindsRegistered Log & Event Manager (LEM) lets administrators gain real-time intelligence about the activity happening on their networks, alerting them to suspicious behavior. Administrators can trace questionable activity back to its source and set up automated responses—including blocking IPs, disabling users, and more— to prevent potentially hazardous and malicious intrusions.

The number of connected devices operating on government networks makes a comprehensive User Device Tracker (UDT) a necessary counterpart to LEM. UDTs have gained a significant amount of traction over the past couple of years, particularly since the workforce began using personal mobile devices over government networks.

Today, federal administrators must deploy solutions that automatically detect who and what are using the network at all times. Solutions should easily locate the devices through various means, so administrators quickly can prevent major breaches that have become all too common.

Prevention is more about implementing network security measures quickly and automatically than it is about who has the better firewall. For the Defense Department, which has become so dependent on connected devices and the information they provide, there’s simply no time for that type of old-school thinking. Federal administrators must act now and invest in automated, agile, and efficient solutions to keep their networks safe from cyberattacks.

Find the full article on Signal.

  • What can we say???? We must do, but they don't know how to do it. It's up to us in the field to figure it out and share.

  • Not sure if you saw, but DISA issued an ACS RFI earlier this year (Assured Compliance Assessment Solution (ACAS) - Federal Business Opportunities: Opportunities). One thing that was interesting from a back and forth I had with them, was that they didn't know how to address a multi-vendor offering. Given the information in there, it'll be tough for one single solution to cover all bases (as written).

  • I for one would love to know how the Splunk thing has gone.  I have just started to get my feet wet with that and it's such a huge beast to try and wrangle, even for a small environment; I can't imagine what it would be like for a large environment.

  • I am not saying that it is not a rewarding job or position, just sometimes we are giving directives that we scratch our head and wonder who in the world thought this up. We ask, didn't they think of the ramifications of their reaction? What it comes down to is that it is directed, it is policy and we must comply and look for solutions. That is where the greatest reward comes from, when we are able to come up with solutions that meet the requirements no matter how difficult it looks without impacting how we do our jobs or creating major chaos and maybe in the process we can show how their directives need to be rolled back. As we all know if you apply too much security, no one can work, so there has to be a middle ground with all the security that is needed to protect the network and keep the data safe. This is when being a Federal Administrator is the most rewarding.

  • Nice Article.  Sure makes you not want to be a Federal Administrator.

Thwack - Symbolize TM, R, and C