Thursday, November 5, 2015

ICMC15: Department of Defense Cybersecurity

Marianne Bailey, Principal Director, Deputy CIO for Cybersecurity, Department of Defense

Their main goal: dependable execution in the face of  adversity.  Now everyone is focused on cyber security - at the highest level of security. Bailey is in the white house several times a week to non technical 4 star generals.

Cryptography is critical to the DoD.

Attacks by state and non-state actors are increasing each year, putting all of our assets at risk.  This results in loss of personal data and network outages. Anything with a computer can be attacked. This is not just an IT problem - many things are connected to each other.

We need to establish a culture of cyber discipline - breaches are often human error. Everyone has to understand the risk and must be accountable. Cyber hygiene: configure all computers to DoD standards, make sure every computer is protected, and eliminating the use of passwords by all users and administrators and instead using credentials issued by DoD.

Things haven't been going as fast as they want.  So, really putting alot of effort behind PKI infrastructure to get rid of passwords and role based access control. you can't do two things requiring different levels of privilege at the same time.

We see impersonations, privilege escalation. We have to watch, be aware and be able take action quickly.

Right now, too much of the nation is on the wrong side of these initiatives, which  means the attackers don't have to spend as much money or effort to attack us - but we still have to pay the price afterwards.

Commercial products should be implementing standards based cryptography, and follow other security standards.

Post by Valerie Fenwick, syndicated from Security, Beer, Theater and Biking!