Around Town

DOD Deputy CIO: 'Cybersecurity should vary by mission'

Shutterstock image.

No "one size fits all" at the Pentagon.

The different levels of mission risk at the Defense Department have posed a major challenge to building out DOD's cybersecurity posture. Now, according to Deputy CIO Richard Hale, the department is working to make distinctions on the varying levels of risk by mission in order to make better decisions.

"Cybersecurity should vary by mission," Hale said in his keynote at the MeriTalk Cloud Computing Brainstorm event in Washington, D.C., on Sept. 10. "I shouldn’t spend as much money on morale and welfare website as I do on nuclear command control, it doesn’t make any sense."

Everyone playing by one set of rules inhibits all kinds of things — especially movement to a cloud and mobile environment, Hale said.

This became evident in DOD's work following the 2010 earthquake in Haiti, Hale said. DOD had to team up very quickly with Cuba and China, and the joint effort turned out to be very difficult because of the inflexibility of DOD network.

"Right now we are trying to step back from this one-size-fits-all model and recognize the reality that different missions have different risk tolerances, and that we can’t imagine them all," Hale said.

Hale said DOD is trying to rework its computing and wide area network infrastructure in order to have a "more sophisticated notion of zoning by mission risk."

That involves cleaning up the server computing side of things and distinguishing it from the user computing side. Without achieving that, Hale said, DOD will never be able to go fully mobile.

Moving to a Joint Information Environment would also position DOD to take more advantage of mobile and cloud, according to Hale. Aside from the cybersecurity and cost savings benefits that JIE offers, it would also position DOD to better embrace innovations being offered in the commercial technology world.

One of the complexities DOD is trying to work out through a few pilot projects is how it is going to work with classification restrictions to make it easier to share information between external centers.

"One of the reasons we’ll be a little cautious in putting more and more sensitive information and more important missions into cloud is this business of puzzling out how we're going to do shared cyber defense and figuring out how we’re going to trust certain cloud providers to do that," Hale said.

The next step for DOD will be to assess the results of the pilots and reexamine much of what it did in the early stages of moving to the cloud, which includes evaluating its value to the mission. After all is said and done, Hale said, people can expect "DOD will have much more use of cloud."

About the Author

Colby Hochmuth is a former staff writer for FCW.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.