Retour aux nouvelles

30 septembre 2020 | International, C4ISR, Sécurité

The DoD needs data-centric security, and here’s why

Drew Schnabel

The U.S. Department of Defense is set to adopt an initial zero-trust architecture by the end of the calendar year, transitioning from a network-centric to a data-centric modern security model.

Zero trust means an organization does not inherently trust any user. Trust must be continually assessed and granted in a granular fashion. This allows defense agencies to create policies that provide secure access for users connecting from any device, in any location.

“This paradigm shift from a network-centric to a data-centric security model will affect every arena of our cyber domain, focusing first on how to protect our data and critical resources and then secondarily on our networks,” Vice Adm. Nancy Norton, director of the Defense Information Systems Agency and commander of the Joint Force Headquarters-Department of Defense Information Network, said at a virtual conference in July.

How does the Pentagon's AI center plan to give the military a battlefield advantage?

The Pentagon's artificial intelligence hub is working on tools to help in joint, all-domain operations as department leaders seek to use data to gain an advantage on the battlefield.

Andrew Eversden

To understand how the DoD will benefit from this new zero-trust security model, it's important to understand the department's current Joint Information Environment, or JIE, architecture; the initial intent of this model; and why the JIE can't fully protect modern networks, mobile users and advanced threats.

Evolving DoD information security

The JIE framework was developed to address inefficiencies of siloed architectures. The goal of developing a single security architecture, or SSA, with JIE was to collapse network security boundaries, reduce the department's external attack surface and standardize management operations. This framework helped ensure that defense agencies and mission partners could share information securely while reducing required maintenance and continued infrastructure expenditures.

Previously, there were more than 190 agency security stacks located at the base/post/camp/station around the globe. Now, with the JIE architecture, there are just 22 security stacks centrally managed by the Defense Information Systems Agency to provide consistent security for users, regardless of location.

“This paradigm shift from a network-centric to a data-centric security model will affect every arena of our cyber domain, focusing first on how to protect our data and critical resources and then secondarily on our networks,” Vice Adm. Nancy Norton, director of the Defense Information Systems Agency and commander of the Joint Force Headquarters-Department of Defense Information Network, said at a virtual conference in July.

To understand how the DoD will benefit from this new zero-trust security model, it's important to understand the department's current Joint Information Environment, or JIE, architecture; the initial intent of this model; and why the JIE can't fully protect modern networks, mobile users and advanced threats.

Evolving DoD information security

The JIE framework was developed to address inefficiencies of siloed architectures. The goal of developing a single security architecture, or SSA, with JIE was to collapse network security boundaries, reduce the department's external attack surface and standardize management operations. This framework helped ensure that defense agencies and mission partners could share information securely while reducing required maintenance and continued infrastructure expenditures.

Previously, there were more than 190 agency security stacks located at the base/post/camp/station around the globe. Now, with the JIE architecture, there are just 22 security stacks centrally managed by the Defense Information Systems Agency to provide consistent security for users, regardless of location.

Initially, the JIE was an innovative concept that took the DoD from a highly fragmented architecture, in which each agency managed its own cybersecurity strategy, to an architecture in which there is a unified SSA.

However, one of the early challenges identified for the JIE was managing cloud cybersecurity as part of the SSA. The components in the JIE — the Joint Regional Security Stacks family's internet access points and cloud access points — have traditionally focused on securing the network, rather than the data or user.

As more DoD employees and contractors work remotely and data volumes increase, hardware cannot scale to support them. This has created ongoing concerns with performance, reliability, latency and cost.

A cloud-first approach

In response, the DoD leverages authorized solutions from the Federal Risk and Authorization Management Program, and it references the Secure Cloud Computing Architecture guidance for a standard approach for boundary and application-level security for impact Level 4 and 5 data hosted in commercial cloud environments.

The purpose of the SCCA is to provide a barrier of protection between the DoD Information Services Network and the commercial cloud services that the DoD uses while optimizing the cost-performance trade in cybersecurity.

Defense agencies are now exploring enterprise-IT-as-a-service options to move to cloud, and reduce the need for constant updates and management of hardware. Through enterprise-IT-as-a-service models, defense agencies will be able to scale easily, reduce management costs and achieve a more competitive edge over their adversaries.

Before the pandemic hit, defense agencies were already moving to support a more mobile workforce, where employees can access data from anywhere on any device. However, a cyber-centric military requires security to be more deeply ingrained into employee culture rather than physical protection of the perimeter.

The next evolution to secure DISA and DoD networks is to embrace a secure access edge model with zero-trust capabilities. The SASE model moves essential security functions — such as web gateway firewalls, zero-trust capabilities, data loss prevention and secure network connectivity — all to the cloud. Then, federal employees have direct access to the cloud, while security is pushed as close to the user/data/device as possible.

SP 800-27, zero-trust guidance from the National Institute of Standards and Technology, provides a road map to migrate and deploy zero trust across the enterprise environment. This guidance outlines the necessary tenants of zero trust, including securing all communication regardless of network location, and granting access on a per-session basis. This creates a least-privilege-access model to ensure the right person, device and service have access to the data they need while protecting high-value assets.

As the DoD transforms the JIE architecture to an as-a-service model with zero-trust capabilities, defense agencies will experience cost savings, greater scalability, better performance for the end user and war fighter, improved visibility, and control across DoD networks — and ultimately a stronger and more holistic cybersecurity capability moving forward.

https://www.c4isrnet.com/opinion/2020/09/29/the-dod-needs-data-centric-security-and-heres-why/

Sur le même sujet

  • SAIC awarded a $325 million Department of Homeland Security SETA III multiple award IDIQ contract

    29 janvier 2020 | International, C4ISR, Sécurité

    SAIC awarded a $325 million Department of Homeland Security SETA III multiple award IDIQ contract

    Reston, Va., January 27, 2020 – Science Applications International Corp. (NYSE: SAIC) has been awarded a multiple award indefinite-delivery, indefinite- quantity contract worth a ceiling value of $325 million with the Department of Homeland Security for Systems Engineering and Technical Assistance (SETA) support to the Science and Technology Directorate. “SAIC understands the importance of our homeland security mission, and the leading-edge services and solutions we bring to it,” said Bob Genter, SAIC senior vice president and general manager of the Federal Civilian Customer Group. “We look forward to collaborating with the Science and Technology Directorate of DHS to engineer systems that keep our Nation secure and safe.” SETA III provides professional, scientific and technical services to DHS's Science and Technology Directorate. SAIC will provide technical assistance for mission-critical engineering and technology tasks including: Technology scouting Program planning Project justification and defense Vulnerability and risk assessment and mitigation Budgets and performance Project execution Transition and commercialization Program evaluation and analysis SAIC is one of five awardees of the DHS SETA III contract and will compete for task orders to support the Science and Technology Directorate's mission to meet the research and development needs of the DHS components. The contract has a five-year period of performance and SAIC will help DHS with researching and organizing scientific, engineering, and technological resources and leveraging these existing resources into technological tools to help protect the homeland. About SAIC SAIC® is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of approximately $6.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. Forward-Looking Statements Certain statements in this release contain or are based on “forward-looking” information within the meaning of the Private Securities Litigation Reform Act of 1995. In some cases, you can identify forward-looking statements by words such as “expects,” “intends,” “plans,” “anticipates,” “believes,” “estimates,” “guidance,” and similar words or phrases. Forward-looking statements in this release may include, among others, estimates of future revenues, operating income, earnings, earnings per share, charges, total contract value, backlog, outstanding shares and cash flows, as well as statements about future dividends, share repurchases and other capital deployment plans. Such statements are not guarantees of future performance and involve risk, uncertainties and assumptions, and actual results may differ materially from the guidance and other forward-looking statements made in this release as a result of various factors. Risks, uncertainties and assumptions that could cause or contribute to these material differences include those discussed in the “Risk Factors,” “Management's Discussion and Analysis of Financial Condition and Results of Operations” and “Legal Proceedings” sections of our Annual Report on Form 10-K, as updated in any subsequent Quarterly Reports on Form 10-Q and other filings with the SEC, which may be viewed or obtained through the Investor Relations section of our website at saic.com or on the SEC's website at sec.gov. Due to such risks, uncertainties and assumptions you are cautioned not to place undue reliance on such forward-looking statements, which speak only as of the date hereof. SAIC expressly disclaims any duty to update any forward-looking statement provided in this release to reflect subsequent events, actual results or changes in SAIC's expectations. SAIC also disclaims any duty to comment upon or correct information that may be contained in reports published by investment analysts or others. SAIC Media Contact: Lauren Presti 703-676-8982 lauren.a.presti@saic.com View source version on SAIC: https://investors.saic.com/press-releases/press-release-details/2020/SAIC-Awarded-a-325-Million-Department-of-Homeland-Security-SETA-III-multiple-award-IDIQ-Contract/default.aspx

  • Le commandement de l'Espace sera installé à Toulouse

    21 octobre 2019 | International, Aérospatial

    Le commandement de l'Espace sera installé à Toulouse

    La ministre de la Défense a indiqué dimanche que le commandement militaire de l'Espace, dont la création a été annoncée la veille par le président de la République, sera située à Toulouse. Elle a également précisé les premiers moyens qui seront alloués à cette nouvelle branche militaire. Le commandement militaire de l'espace dont le président Emmanuel Macron vient d'annoncer la création sera implanté à Toulouse, a affirmé dimanche la ministre des Armées Florence Parly sur France Inter. Ce grand commandement "va se localiser à Toulouse, qui est le grand lieu de l'espace francais", a-t-elle détaillé au lendemain de l'annonce du chef de l'Etat. "Nous allons rassembler tous les moyens qui sont dispersés dans nos armées et qui contribuent à la bonne utilisation des moyens spatiaux, et créer un commandement de l'espace", qui "va commencer par environ 200 personnes puis va monter en puissance au fil du temps", a souligné la ministre. Espionnage, brouillage, cyberattaques, armes antisatellites... L'espace, indispensable aux opérations militaires, est devenu un champ de confrontation entre nations, mettant la France au défi de muscler ses capacités dans ce thé'tre hautement stratégique et de plus en plus militarisé. Les plus grandes puissances spatiales mondiales -- Etats-Unis, Chine et Russie -- sont engagées depuis plusieurs années dans une course pour la domination de l'espace. Un budget de 3,6 milliards d'euros La Loi de programmation militaire française (LPM) 2019-2025 prévoit un budget de 3,6 milliards d'euros pour le spatial de défense. Il doit notamment permettre de financer le renouvellement des satellites français d'observation CSO et de communication (Syracuse), de lancer en orbite trois satellites d'écoute électromagnétique (CERES) et de moderniser le radar de surveillance spatiale GRAVES. Ce que nous avons constaté, c'est que l'espace est devenu un espace de conflictualité", a expliqué Mme Parly. "Il y a 1.500 satellites autour de la Terre, il y en aura 7.000 dans dix ans, et ces satellites sont de plus en plus considérés comme des objets qui peuvent être espionnés ou modifiés." "Il ne faut pas être naïf, il faut pouvoir protéger ce qui est vital pour le fonctionnement de nos systèmes de transport, nos systèmes aériens, nos hôpitaux (...) et ce qui est essentiel au bon fonctionnement de nos forces (armées, ndr)", a-t-elle conclu, en promettant de donner plus de détails "dans une dizaine de jours" sur la stratégie française dans le spatial militaire. https://www.latribune.fr/entreprises-finance/industrie/aeronautique-defense/le-commandement-de-l-espace-sera-installe-a-toulouse-823519.html

  • Pencils down: Bids are in to replace the US Army’s Bradley fighting vehicle

    2 octobre 2019 | International, Terrestre

    Pencils down: Bids are in to replace the US Army’s Bradley fighting vehicle

    By: Jen Judson WASHINGTON — The bids are in for a chance to build prototypes for the Army's Optionally Manned Fighting Vehicle that will replace its Bradley Infantry Fighting Vehicle. Among them is a Raytheon and Rheinmetall team putting forward Rheinmetall's Lynx 41 Infantry Fighting Vehicle, and General Dynamics Land Systems, which showcased its Griffin III technology demonstrator equipped with a 50mm cannon a year ago at the Association of the U.S. Army's annual exposition. It is currently unknown if any other teams submitted bids by the service's set deadline of Oct. 1. None have come forward publicly despite rumors of a dark horse or two. Absent from the usual brood of combat vehicle manufacturers is BAE Systems. Defense News broke the news earlier this year that the company wouldn't compete in the OMFV competition. Textron has joined the Raytheon and Rheinmetall team with plans to, if chosen to build the new vehicle, build Lynx here in the United States at its Slidell, Louisiana, manufacturing facility. Raytheon and Rheinmetall announced a joint venture Oct. 1 — calling it Raytheon Rheinmetall Land Systems LLC — to pursue the OMFV competition. “General Dynamics Land Systems submitted our OMFV proposal and bid sample to the US Army on 27 September. GD's bid sample was purpose built to address the desired system lethality, survivability and mobility as substantiation of our response to the Army's request for proposal,” the company said in a statement sent to Defense News. The company did not provide details on the submission. GDLS did note, however, that it is proposing a “purpose built vehicle” using technologies from other platforms and “years of investment in advanced capabilities to include a 50mm cannon,” according to the statement. The Army released its request for proposals in March opening a competition to build prototypes. The service plans to choose from the pool of bidders up to two teams to build 14 prototypes each. The service will choose a winner that will start replacing Bradleys in 2026 that is designed to better operate in future environments that would allow soldiers to maneuver to a position of advantage and “to engage in close combat and deliver decisive lethality during the execution of the combined arms maneuver,” according to an Army statement issued along with the RFP release. Some of the threshold requirements for OMFV are a 30mm cannon and a second-generation, forward-looking infrared system, or FLIR. Objective requirements are a 50mm cannon and a third-generation FLIR. Brig. Gen. Ross Coffman, who is in charge of Next-Generation Combat Vehicle (NGCV) modernization efforts, said at the Defense News Conference in September that he is confident the requirements set for OMFV are right and had no plans to change them. The selected prototypes will go through “rigorous” operational testing and soldier assessments. The Army plans to downselect to one vehicle for low-rate initial production following the assessments and testing. https://www.defensenews.com/land/2019/10/01/pencils-down-bids-are-in-for-armys-bradley-fighting-vehicle-replacement

Toutes les nouvelles