Around Town

DOD Deputy CIO: 'Cybersecurity should vary by mission'

Shutterstock image.

No "one size fits all" at the Pentagon.

The different levels of mission risk at the Defense Department have posed a major challenge to building out DOD's cybersecurity posture. Now, according to Deputy CIO Richard Hale, the department is working to make distinctions on the varying levels of risk by mission in order to make better decisions.

"Cybersecurity should vary by mission," Hale said in his keynote at the MeriTalk Cloud Computing Brainstorm event in Washington, D.C., on Sept. 10. "I shouldn’t spend as much money on morale and welfare website as I do on nuclear command control, it doesn’t make any sense."

Everyone playing by one set of rules inhibits all kinds of things — especially movement to a cloud and mobile environment, Hale said.

This became evident in DOD's work following the 2010 earthquake in Haiti, Hale said. DOD had to team up very quickly with Cuba and China, and the joint effort turned out to be very difficult because of the inflexibility of DOD network.

"Right now we are trying to step back from this one-size-fits-all model and recognize the reality that different missions have different risk tolerances, and that we can’t imagine them all," Hale said.

Hale said DOD is trying to rework its computing and wide area network infrastructure in order to have a "more sophisticated notion of zoning by mission risk."

That involves cleaning up the server computing side of things and distinguishing it from the user computing side. Without achieving that, Hale said, DOD will never be able to go fully mobile.

Moving to a Joint Information Environment would also position DOD to take more advantage of mobile and cloud, according to Hale. Aside from the cybersecurity and cost savings benefits that JIE offers, it would also position DOD to better embrace innovations being offered in the commercial technology world.

One of the complexities DOD is trying to work out through a few pilot projects is how it is going to work with classification restrictions to make it easier to share information between external centers.

"One of the reasons we’ll be a little cautious in putting more and more sensitive information and more important missions into cloud is this business of puzzling out how we're going to do shared cyber defense and figuring out how we’re going to trust certain cloud providers to do that," Hale said.

The next step for DOD will be to assess the results of the pilots and reexamine much of what it did in the early stages of moving to the cloud, which includes evaluating its value to the mission. After all is said and done, Hale said, people can expect "DOD will have much more use of cloud."

About the Author

Colby Hochmuth is a former staff writer for FCW.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.