Experts praise Pentagon's march to security standards
Consolidation of the Defense Department's 15,000 networks expected to cut costs, as well as improve security against Snowden-like leaks
CSO - The Pentagon's decision to move its thousands of networks under a single security architecture is the right strategy to bolster defenses against hackers and malicious insiders, experts say.
The massive consolidation of the Defense Department's 15,000 networks into a "joint information environment" is expected to cut costs, as well as improve security against Edward Snowden-like leaks, National Defense magazine reported.
The former contractor took thousands of documents from the National Security Agency and distributed them to the media, which is driving a national debate on NSA surveillance of Americans.
Thwarting hackers is also behind the Pentagon's move to have all four branches of the military, defense agencies and overseas commands use the same network and security systems. The expected benefits include killing redundancies and making it easier to detect hacker-induced anomalies.
The transition away from the Pentagon's current mishmash of technology unique to the various government entities is expected to take years. However, experts contacted by CSOonline said the outcome will likely justify the time and expense.
"The better security comes from the lack of complexity," Ron Gula, chief executive and technical officer of Tenable Network Security, said.
Consolidating networks and standardizing systems mean less technology to monitor while making it easier to see when something has been compromised, Gula said.
The Pentagon has already started the transition. The U.S. European Command based in Stuttgart, Germany, was recently brought under a single security architecture. "We are building increments," Air Force Lt. Gen. Ronnie D. Hawkins Jr., head of the Defense Information Systems Agency, told National Defense.
The consolidation effort is likely to include having one data center in a region where there were multiple centers, said Jody Brazil, president and chief technology officer for network security management company FireMon. Having just one means "you now invest more heavily in securing that one data center."
"That's at least what I've heard them talk about and I think it makes sense," Brazil said.
Removing silos of technology spread throughout the Defense Department will make it much easier to monitor events across computer systems, Brazil said. In addition, performance data gathered from the systems will be easier to analyze for unusual occurrences.
Sharing information across all entities will also be easier, because everyone will be able to understand the data, since it will come from the same systems. Brazil said.
For catching Snowden-like leakers, the Pentagon plans to standardize on identity access management technology used for fixed computers and mobile devices, Hawkins told National Defense. In addition, workers and contractors would be subject to "no notice inspections" to ensure they are complying with security standards.
No security architecture is bulletproof, particularly against the highly sophisticated, state-sponsored hackers the Defense Department is battling from countries like China. Experts acknowledged that breaching a standardized network could enable intruders to travel much deeper than they would if they had invaded a system unique to one agency.
However, having the same systems throughout means security pros will know the potential entry points. With different systems, those weaknesses are much more difficult to tract and monitor.
"I'd rather defend against a few knowns than defend against all the unknowns," Gula said.
The most difficult barrier the Pentagon is likely to face is the army of employees comfortable with the old computer systems, but who now have to march to something new.
"People as a species don't like change," Gula said. "They don't like to learn new things."
The Pentagon also will struggle to find enough experts to make the technical changes, administer the new systems and train employees to use them.
"That remains one of the bigger challenges," Brazil said.
Pentagon officials told National Defense that the transition will not require additional funding from Congress, but would come out of the Defense Department's cybersecurity budget.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts