Around Town

DOD Deputy CIO: 'Cybersecurity should vary by mission'

Shutterstock image.

No "one size fits all" at the Pentagon.

The different levels of mission risk at the Defense Department have posed a major challenge to building out DOD's cybersecurity posture. Now, according to Deputy CIO Richard Hale, the department is working to make distinctions on the varying levels of risk by mission in order to make better decisions.

"Cybersecurity should vary by mission," Hale said in his keynote at the MeriTalk Cloud Computing Brainstorm event in Washington, D.C., on Sept. 10. "I shouldn’t spend as much money on morale and welfare website as I do on nuclear command control, it doesn’t make any sense."

Everyone playing by one set of rules inhibits all kinds of things — especially movement to a cloud and mobile environment, Hale said.

This became evident in DOD's work following the 2010 earthquake in Haiti, Hale said. DOD had to team up very quickly with Cuba and China, and the joint effort turned out to be very difficult because of the inflexibility of DOD network.

"Right now we are trying to step back from this one-size-fits-all model and recognize the reality that different missions have different risk tolerances, and that we can’t imagine them all," Hale said.

Hale said DOD is trying to rework its computing and wide area network infrastructure in order to have a "more sophisticated notion of zoning by mission risk."

That involves cleaning up the server computing side of things and distinguishing it from the user computing side. Without achieving that, Hale said, DOD will never be able to go fully mobile.

Moving to a Joint Information Environment would also position DOD to take more advantage of mobile and cloud, according to Hale. Aside from the cybersecurity and cost savings benefits that JIE offers, it would also position DOD to better embrace innovations being offered in the commercial technology world.

One of the complexities DOD is trying to work out through a few pilot projects is how it is going to work with classification restrictions to make it easier to share information between external centers.

"One of the reasons we’ll be a little cautious in putting more and more sensitive information and more important missions into cloud is this business of puzzling out how we're going to do shared cyber defense and figuring out how we’re going to trust certain cloud providers to do that," Hale said.

The next step for DOD will be to assess the results of the pilots and reexamine much of what it did in the early stages of moving to the cloud, which includes evaluating its value to the mission. After all is said and done, Hale said, people can expect "DOD will have much more use of cloud."

About the Author

Colby Hochmuth is a former staff writer for FCW.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.