Pentagon adds 'living inspection' to its cyber defenses
New assessment process adds automation, flexibility to threat detection, leaders say.
U.S. Cyber Command is launching a new way to help cyber defenders assess and tackle the most pertinent risks on their networks—with a little help from automated tools.
“This is a living inspection,” Chuck Wille, the deputy director of DODIN readiness and security inspections, told reporters Tuesday. “It's going to constantly flex…so when you look at things like SolarWinds, Log4j, or the Jira Confluence vulnerabilities in the past year…we’re able to kind of adapt to those emerging needs.”
Protecting the Defense Department’s information networks, or DODIN, was a key tenet of the Pentagon’s cyber strategy released last year. U.S. Cyber Command’s IT arm—Joint Force Headquarters-DODIN—is responsible for protecting those networks and runs all defense mission-related networks worldwide.
DOD has a process to inspect networks, but developed a new assessment program, due to be released March 1, that will give network operators a clearer picture of the most significant risks now and in the future.
The assessment process, dubbed the Cyber Operational Readiness Assessment, is an upgrade of a previous program and integrates bits of automation to synthesize technical standards and changing network conditions.
“We're both leveraging automation to the greatest extent possible to conduct a database assessment and at the same time, we're using data from every tool available. And then the department is investing in tools to get at this more continuously, holistically,” Wille said.
Finding and addressing threats is “still a team-driven event” where “they'll leverage any of the tools that are available to them. And that tool list will flex and grow over time with this,” Wille said.
When it comes to the potential threats, like those that could arise during an election year, the program is designed to adapt to changing operational needs.
“As the emerging threat changes, our key indicators of risk,” which are noted targets for adversaries, “feed into the inspection progress, and then that dovetails into what matters most and that's what we focus on,” said John Porter, director of DODIN readiness and security inspections. “One of the key points that we're trying to make with this assessment is: how does it adapt and adjust to the emerging threats.”