How the NSA’s CSfC Program Is Changing
While the CSfC program has long focused on enhancing agencies’ cybersecurity and providing strong protections for data at rest, it has recently expanded its capabilities. The program is now also helping DOD and intelligence agencies start to move away from on-premises solutions to support more mobile and wireless use cases, data at rest for remote locations, hybrid cloud and cloud-based operations.
The NSA has begun to allow a wider range of mobile device makers and a larger range of multidomain operations. This includes vendors that are making the technology and agencies such as the Defense Advanced Research Projects Agency and the Defense Intelligence Agency, as well as the military branches.
A key component of this is increased support for multidomain operations with cross-tenant utilization. What that means is that the program is starting to federate capabilities so that different departments within DOD, for example, can securely communicate with each other on Microsoft Teams. This is important from a cybersecurity perspective because the more siloed these applications are, the longer it takes to resolve potential threats or attacks.
The military branches are moving to adopt the DOD’s Joint All-Domain Command and Control (JADC2) initiative. The initiative seeks to integrate data from sensors, electronic weapons, cyberspace and more across every domain — land, air, sea, space and cyber — so that commanders and civilian leaders can make more informed decisions.
The Air Force recently awarded 92 companies spots for a potential 10-year, $900 million contract on multidomain operations research and development. The Army and Navy are working on similar efforts. The goal, which CSfC is supporting, is to use commercial technologies to provide secure telework, as was the case earlier in the COVID-19 pandemic. It also seeks to securely transport data from location to location, from the ground to assets in the air, or from the air down to a submarine.
Security Policy Is Catching Up to Technology Shifts
In all of these shifts, technology is no longer the limiting factor, but policy remains a barrier. Agencies within the DOD and intelligence community are starting to focus on how to evolve their policies to facilitate easier adoption of these technologies.
The policy changes are driven collaboratively by the NSA and its Trusted Integrators, of which CDW•G is one, as well as the DOD. The goal is to streamline technology adoption and guide how vendors develop new technologies.
That will allow agencies to come to the commercial market and better explain how their software or hardware encryption technologies need to be modified to meet their needs. It also allows industry to push agencies to be more transparent, collaborative and speedy in the approval process; there is now more of a partnership between agencies and industry.
The result is that CSfC products can be more easily deployed to personnel on bases in the form of laptops and smartphones, as well as in fighter jets and on submarines.
The CSfC program’s value is growing as the DOD looks to modernize its legacy technology, enable multidomain operations, and untether users from their desktops, data centers and on-premises solutions, all while maintaining zero-trust compliance. The end result is that agencies can now collaborate faster and more closely with industry to develop and deploy secure solutions for a highly skilled and highly distributed workforce.