Experts praise Pentagon's march to security standards
Consolidation of the Defense Department's 15,000 networks expected to cut costs, as well as improve security against Snowden-like leaks
CSO - The Pentagon's decision to move its thousands of networks under a single security architecture is the right strategy to bolster defenses against hackers and malicious insiders, experts say.
The massive consolidation of the Defense Department's 15,000 networks into a "joint information environment" is expected to cut costs, as well as improve security against Edward Snowden-like leaks, National Defense magazine reported.
The former contractor took thousands of documents from the National Security Agency and distributed them to the media, which is driving a national debate on NSA surveillance of Americans.
Thwarting hackers is also behind the Pentagon's move to have all four branches of the military, defense agencies and overseas commands use the same network and security systems. The expected benefits include killing redundancies and making it easier to detect hacker-induced anomalies.
The transition away from the Pentagon's current mishmash of technology unique to the various government entities is expected to take years. However, experts contacted by CSOonline said the outcome will likely justify the time and expense.
"The better security comes from the lack of complexity," Ron Gula, chief executive and technical officer of Tenable Network Security, said.
Consolidating networks and standardizing systems mean less technology to monitor while making it easier to see when something has been compromised, Gula said.
The Pentagon has already started the transition. The U.S. European Command based in Stuttgart, Germany, was recently brought under a single security architecture. "We are building increments," Air Force Lt. Gen. Ronnie D. Hawkins Jr., head of the Defense Information Systems Agency, told National Defense.
The consolidation effort is likely to include having one data center in a region where there were multiple centers, said Jody Brazil, president and chief technology officer for network security management company FireMon. Having just one means "you now invest more heavily in securing that one data center."
"That's at least what I've heard them talk about and I think it makes sense," Brazil said.
Removing silos of technology spread throughout the Defense Department will make it much easier to monitor events across computer systems, Brazil said. In addition, performance data gathered from the systems will be easier to analyze for unusual occurrences.
Sharing information across all entities will also be easier, because everyone will be able to understand the data, since it will come from the same systems. Brazil said.
For catching Snowden-like leakers, the Pentagon plans to standardize on identity access management technology used for fixed computers and mobile devices, Hawkins told National Defense. In addition, workers and contractors would be subject to "no notice inspections" to ensure they are complying with security standards.
No security architecture is bulletproof, particularly against the highly sophisticated, state-sponsored hackers the Defense Department is battling from countries like China. Experts acknowledged that breaching a standardized network could enable intruders to travel much deeper than they would if they had invaded a system unique to one agency.
However, having the same systems throughout means security pros will know the potential entry points. With different systems, those weaknesses are much more difficult to tract and monitor.
"I'd rather defend against a few knowns than defend against all the unknowns," Gula said.
The most difficult barrier the Pentagon is likely to face is the army of employees comfortable with the old computer systems, but who now have to march to something new.
"People as a species don't like change," Gula said. "They don't like to learn new things."
The Pentagon also will struggle to find enough experts to make the technical changes, administer the new systems and train employees to use them.
"That remains one of the bigger challenges," Brazil said.
Pentagon officials told National Defense that the transition will not require additional funding from Congress, but would come out of the Defense Department's cybersecurity budget.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts