September 4, 2018 |
International,
C4ISR
By: Adam Stone
As Navy Cyber Security Division director, Rear Adm. Danelle Barrett casts a wary eye over the rising importance of data as a weapon of war. Data is an ever-more-critical battlefield asset, given the rising internet of things, including a rapidly growing inventory of unmanned intelligence, surveillance and reconnaissance assets across the Navy. Protecting all that data from enemy exploitation represents a potentially massive cyber challenge.
This spring, the Navy announced “Compile to Combat in 24 Hours,” a pilot project to leverage web services and a new cloud architecture in the service of data security. C4ISRNET's Adam Stone spoke to Barrett about the potential there, and about the emerging IT security landscape in a data-centric military.
C4ISRNET: Data has become increasingly valuable, especially in terms of intelligence, surveillance and reconnaissance. How valuable is it? How do you describe the significance of data these days?
REAR ADM. DANELLE BARRETT: If you look at what goes on in industry and how they use big data for decision making, to be predictive and proactive: that's exactly the kind of environment that we want to get to. Being able to trust those data, to access the data, expose the data, reuse the data — that becomes actually the hardest part.
C4ISRNET: Let's talk about that. Sharing data involves risk. Talk about that risk landscape.
BARRETT: The more data that you have out there and the more places you have it, obviously you have an increased attack surface. Adversaries will go after your data to try to get an advantage. So, you want to protect data down to the lowest layer and you want to make sure that you have defense in depth built in, and resiliency to be able to work through any kind of attack or interruption in your data flow.
We build our architectures around being resilient using the NIST [National Institute of Standards and Technology] model of “detect, react and restore.” You build in as much resiliency as you can.
C4ISRNET: Can you say, specifically, how that's done?
BARRETT: I'll give you an example of something that we're testing in our architecture to try to improve the data down to the data element layer. We have an effort called “Compile to Combat in 24 Hours.” We're looking at modernizing our afloat architecture and, as we do that, we're decomposing big monolithic applications, if you will, into web services similar to what you'd get on an iPhone: smaller capabilities, smaller web services as opposed to these big monolithic applications.
As you do that, you can ensure that you're using standard ports and protocols, so you don't have applications on the ship that are reaching back over nonstandard ports, which would present an increased attack surface. If you can standardize on your ports, you can sense those better and monitor those better.
Then you then go down to the data element layer. Say you standardize on extensible markup language, XML, you can then apply the SAML protocol that is inherent to that to protect your data at that lowest layer. We're testing that concept in an architecture now.
Full article: https://www.c4isrnet.com/it-networks/2018/08/31/the-rising-importance-of-data-as-a-weapon-of-war/
