| | August 201619CIOReviewhe Department of Defense (DoD) stands at cross-roads facing a future that is fast moving, connected, and highly contested. Technology is advancing rapidly. The Department's adversaries are relentless and use both traditional and non-traditional methods DoD is attacked every day in cyberspace. This connectivity impacts the computers and networks that the DoD military, civilian, and contractor workforce uses every day, but also those vital IT underpinnings of the military's planes, facilities, tanks, and more. This workforce deserves a seamless, transparent technology infrastructure that transforms data into actionable information and ensures dependable mission execution in the face of this persistent cyber threat. If the DoD was a corporation, it would be at the top of the Fortune 100 no organization has a broader mission or scope. Comprised of 1.3 million men and women on active duty, and 742,000 civilian personnelplus 826,000 who serve in the National Guard and Reserve forces DoD is the nation's largest employer. It operates globally at several hundred thousand individual structures, with work streams that vary from acquisitions; to command and control; to global logistics; to health and medical care; to intelligence; to facilities management each with a role in cybersecurity.From business to the battlefield, the Department is focused on foundational changes that will modernize and integrate the DoD IT infrastructure to enhance its cybersecurity posture in a more enterprise, coordinated, secure, and cost-effective environment. Exploiting proven, yet game-changing, technologies being developed by industry, government, and academia, progress will continue to optimize DoD's IT infrastructure and continue to protect our people, our networks, facilities, and our weapons systems through mission-appropriate cyber security.Attempts at cyber intrusions by state and non-state actors have increased dramatically in recent years. Mission-appropriate cybersecurity is critical to dependable mission execution. To achieve this, DoD must fully understand mission risk due to dependence on cyber capabilities, implement technical and operational mitigations where needed, and thoughtfully accept an appropriate level of risk. Industry partnership will be vital to this success, including close collaboration and active communications. The Department is raising the level of individual performance and awareness in cybersecuritythis is called "Cyber Basics." The DoD Cybersecurity Discipline Implementation Plan is the foundational document behind this drive to improve cyber basics. It focuses on four main lines of effort: 1) use strong authentication; 2) harden devices to securely configure all devices, and improve patching practices; 3) reduce the attack surface to ensure every Internet-accessible Website is protected and in a demilitarized zone, and separate Internet-facing sites from private sites; and 4) defend every computer to ensure that every DoD computer is monitored by what is called a Computer Network Defense Service Provider.The Cybersecurity Discipline Implementation Plan is supported by a Cyber Scorecard that measures the progress of DoD SUCCESSFULLY EXECUTING TODAY'S and Tomorrow's Missions for the Defense Department in the Face of a Persistent Cyber ThreatBy Terry Halvorsen, CIO, United States Department of DefenseCIO INSIGHTSTerry HalvorsenT
<
Page 9 |
Page 11 >