While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Battening down the network hatches and focusing on end-point security is all well and good, but it won’t do a thing to help the IT security team after a breach occurs — only expertise, good tools, trusted staff and fast action can help then — that, and some guts.
Those were the hard-earned lessons that Dennis Clem, CIO for the Pentagon and Office of the Secretary of Defense, says helped him keep his job after an intruder broke into an OSD network and stole sensitive Pentagon data files.
“You can’t just be a policy CIO,” he contends. In today’s net-centric environment, “you need to know and understand the technology of your network.”
A 25-year veteran of Defense IT, Clem had been Pentagon CIO only a short time and had begun work on a consolidation strategy for the 14 silo networks serving the Defense Department’s headquarters when the now-infamous breach occurred last June.
Cyber-attackers have their government targets set and are busy gathering intelligence long before a system goes live. “Within 10 minutes of a new service going up, there’s an attempt to hit the system and find out if it’s vulnerable,” Clem notes.
He and other government CIOs and security chiefs talked at the recent Information Processing Interagency Conference 2008 in Orlando, Fla., about how agencies can prepare to stave off disaster in a climate where wrongdoers, including foreign adversaries and high-profile criminals, will break through government network security to capture information.
“You’ve got to know your network — where your general support systems are and your major applications,” says Patrick Howard, chief information security officer for the Housing and Urban Development Department. Because Clem had begun the consolidation project to create a single network for the Pentagon — a project that’s midway to completion — he says IT knew to the last server where and what was running in OSD.
“You have to put in a complete top-to-bottom solution,” Clem says. “Security is a constant moving target.”
And those guts mentioned earlier? Clem had his gut-check moment when he made the decision to shutter only one of the 14 networks after the breach and to isolate it while he brought in additional help to use scanning applications to systematically check every single device and application running on the other 13.
Some Pentagon brass wanted him to close down the entire web of systems, but he listened to his staff and tech support team and ultimately took the extreme chance of segregating just the single network. It worked, but it still cost $4 million and took three weeks to close up the holes the intruders had burrowed and to remove the malware they had planted.
Would he do it the same way again? There’s no telling; every incident is unique, Clem says. “But if you don’t trust the information you have at the time or the people providing it or know your network, then shut it all down.”