Operationalizing cyber defense in active, online systems should be done in tandem with implementing a zero-trust architecture for holistic security, according to cybersecurity experts at the 2024 DoDIIS Worldwide Conference in Omaha, Neb.
The CIA has made it a priority to collect and evaluate telemetry from systems so analysts can respond quickly to anomalous behavior, said Deputy CIO for IT Enterprise Ryon Klotz.
Cybersecurity has long been a compliance activity for agencies out of necessity, but operationalizing it with the help of machine learning and artificial intelligence to model what constitutes normal and abnormal behavior enables faster decision-making and incident response.
“We cannot people our way out of this,” said Roger Greenwell, CIO for the Defense Information Systems Agency. “The volume of data that we are all faced with, we can’t just get people to look at it.”
Click the banner to read CDW’s white paper on enhancing zero trust for your agency.
How the IC Is Operationalizing Cyber Defense
The Defense Intelligence Agency and Office of the Director of National Intelligence jointly run the Intelligence Community Security Coordination Center, which is responsible for communicating cyberthreats and initiating patching and negation.
DIA also set up cyber inspections over the past several years as part of the Joint Worldwide Intelligence Communications System modernization effort, in partnership with the Joint Force Headquarters-Department of Defense Information Network and Intelligence Community (IC) agencies such as the National Security Agency.
“We look at the health of the cybersecurity environments that agencies are connecting to JWICS,” said DIA CIO Doug Cossa, referring to the Joint Worldwide Intelligence Communication System. “That goes to everything from red teaming to looking at the current state of infrastructure, of end of life, whether its patching or providing a risk assessment based on those findings.”
Such assessments allow agencies to identify needed cyber advancements, Cossa said.
Meanwhile, the National Geospatial-Intelligence Agency’s Cyber Security Operations Cell transmits daily cyberthreat alerts to the DOD and the IC for situational awareness and, if necessary, countermeasures.
Click the banner below to keep up with FedTech as an Insider.
Zero Trust Remains the IC’s Other Focus
Efforts to operationalize cyber defense are occurring while agencies like the NGA and the CIA also implement zero-trust capabilities within their networks.
“Developing a common understanding and baseline of a basic maturity model for zero trust allows us to commonly evaluate where we are on the various pillars of zero trust and then target investments to enhance the maturity,” Klotz said.
Implementing zero-trust security architectures across the DOD is a “very important initiative” for DISA, Greenwell said.
“We recognize that we’re moving from more network-centric defenses to data-centric defenses,” he said. “How do we actually train and ensure our cyber defenders have those skills that are necessary in order to protect all of our information systems?”
To learn more about DoDIIS Worldwide, visit our conference page. You can also follow us on the social platform X at @FedTechMagazine to see behind-the-scenes moments.