What's DOD doing to protect its networks?

In light the White House hack, we take a look at some of the department’s recent efforts to defend networks with a "whole of government approach."

CTIIC has both implications to assist in overall security to the homeland and greater cyber knowledge for military commands because, as Rogers explained during his keynote address, CTIIC will be a central analytic hub for cyber intelligence that comes through the federal government and the IC. CTIIC will act as a one-stop-shop for cyber similar to how the National Counterterrorism Center has overall responsibility to coalesce counterterrorism efforts. “As U.S. Cyber Commander, I’m going to be one of the primary beneficiaries…of CTIIC’s output, which is a positive,” Rogers said.

The recently reported hack last year of the State Department and White House—believed to have been perpetrated by hackers working for the Russian government—has again raised concerns about the security of government systems, the threat from breaches of even unclassified information and the dangers of insider slip-ups.

As CNN reported, the hack did not gain access to any classified material, but the hackers were able to access sensitive information on an unclassified system, including information from the president’s daily schedule that’s not made public. 

And a security brief issued by the Soufan Group, an intelligence security firm headquartered in New York, the term hack as applied to the White House breach is a bit misleading. The breach occurred because the hackers sent an email to personnel at the State Department employing a tactic called spear-phishing, which appears to be from someone the recipient knows are trusts and attaches malware in a link or tries to lure the user to a malicious site. Since someone at State opened the malicious email, “the bad actors didn’t have to hack anything; rather they just got an employee to open the front door to the system and let them in,” the Soufan brief said. 

Phishing and the more individually targeted spear-phishing are the most common tactics used against government employees, and the best prevention includes educating users so they don’t fall for phishing’s social engineering tricks. The military services have a number of programs and policies on handling email and social media.

User education aside, what else is the Defense Department and other government agencies doing to protect their networks? Here’s a look at some current steps agencies are taking in the ongoing—and never-ending—realms of cyber defense. 

Chain of command

First, it is important to define jurisdictions in defending government infrastructure for national security purposes. As Adam Segal, director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations said in a recent podcast, the U.S. Cyber Command defends the military’s networks – those with the .mil domain – while the Department of Homeland Security is tasked with defending the government’s websites – those with .gov domains – as well as certain critical infrastructure. Segal also said that U.S. Cyber Command is responsible for offensive operations in the cyber realm as to “deny our adversaries freedom of maneuver in cyberspace,” quoting Adm. Michael Rogers, Cyber Command’s Commander.

Security in the cloud?

DOD has set its sights for years on cloud computing for reasons of cost, flexibility and interoperability, but concerns over security have slowed progress. Eventually, however, could a cloud computing model actually improve security? The Army’s just-released Cloud Computing Strategy, for one, outlines a vision for improving overall cybersecurity by “transferring security vulnerability and patching management of applications and systems to a secure cloud architecture.” 

And the Joint Regional Security Stacks that will underpin the DOD-wide and cloud-based Joint Information Environment is expected to shrink DOD’s attack surface by reducing the security enclaves required for existing network access points from more the than 1,000 to 50.

Going on offense

While Rogers has said in the past that previous cyber deterrent methods were not very successful and that the notion of cyber deterrence is still “relatively immature,” http://www.defense.gov/news/newsarticle.aspx?id=128278 recent actions signify that the U.S. could be ready to go on the offensive. A new executive order issued by the president allows for sanctions to be placed on individuals who commit cyberattacks and/or those who benefit from information gained from cyberattacks. It is still unclear how the new executive order will relate to the Russian hack, which occurred last year. 

Helping at home

More on the domestic front, the military sometimes offers its services to assist in operations that have national importance, such as national security, under the Defense Support of Civil Authorities (DSCA).  This partnership was most prevalent during the aftermath of Hurricane Katrina, when the military lent a hand in rescue operations. Cyber can also be an area for DSCA as U.S. Northern Command and North American Aerospace Defense Command Commander Adm. Bill Gortney explained during a press briefing Tuesday. “In the cyber realm, my assigned tasks are to defend my own networks at NORAD and Northern Command and to assist the lead federal agency, most likely Homeland Security, in the aftermath in a DSCA-type event,” Gortney said.

This can be described as the “whole of government approach,” which was employed following the Sony hack. In a recent podcast Robert Knake, senior fellow for cyber policy at the Council on Foreign Relations, said the Defense Department remained mostly on the sidelines after the Sony hack, but was involved in contingency planning — meaning that if things became worse or another hack was executed, DOD would step in. Knake also said that DHS was not the prime domestic agency investigating – the FBI handled the detective work approaching the incident as a criminal investigation and foreign intelligence operation on the homeland. DHS’ role was disseminating information about the attack to other companies to ensure greater protection.

Information sharing

Perhaps the most sought-after, and trickiest, element is information sharing on cyberattacks. A reluctance to give up information has hindered past efforts to share information between the public and private sectors. Even the Intelligence Community’s Information Technology Enterprise, designed to link the 17 IC agencies on one cloud-based platform, is running into “cultural resistance.”

Rogers told an audience last week in a keynote address at the AFCEA Cybersecurity Technology Summit that what he wants most from Congress is legislation to spur greater information sharing between the private and public sectors. A current bill in front of Congress that would do just that is getting fresh attention in wake of the White House news, although cybersecurity legislation has a long history of getting stuck in congressional gears.

But all hope is not lost. The newly established Cyber Threat Intelligence Integration Center, or CTIIC, is intended to fill the cybersecurity gaps that exist in the Intelligence Community by collecting all the available information on cyber activity, analyzing it and sharing the results with IC agencies. The president’s homeland security advisor Lisa Monaco, outlined four elements for CTIIC’s strategy in an address at the Woodrow Wilson Center earlier this year: 1) improve defenses by managing cyber risk better under the cyber security framework announced last year; 2) improve the government’s ability to respond and prevent incidents; 3) enhance international responses with greater cooperation while holding those responsible for cyber malice accountable; and 4) make the cyber domain more secure, by, for one example, eliminating standard text passwords. 

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.