Around Town

DOD Deputy CIO: 'Cybersecurity should vary by mission'

Shutterstock image.

No "one size fits all" at the Pentagon.

The different levels of mission risk at the Defense Department have posed a major challenge to building out DOD's cybersecurity posture. Now, according to Deputy CIO Richard Hale, the department is working to make distinctions on the varying levels of risk by mission in order to make better decisions.

"Cybersecurity should vary by mission," Hale said in his keynote at the MeriTalk Cloud Computing Brainstorm event in Washington, D.C., on Sept. 10. "I shouldn’t spend as much money on morale and welfare website as I do on nuclear command control, it doesn’t make any sense."

Everyone playing by one set of rules inhibits all kinds of things — especially movement to a cloud and mobile environment, Hale said.

This became evident in DOD's work following the 2010 earthquake in Haiti, Hale said. DOD had to team up very quickly with Cuba and China, and the joint effort turned out to be very difficult because of the inflexibility of DOD network.

"Right now we are trying to step back from this one-size-fits-all model and recognize the reality that different missions have different risk tolerances, and that we can’t imagine them all," Hale said.

Hale said DOD is trying to rework its computing and wide area network infrastructure in order to have a "more sophisticated notion of zoning by mission risk."

That involves cleaning up the server computing side of things and distinguishing it from the user computing side. Without achieving that, Hale said, DOD will never be able to go fully mobile.

Moving to a Joint Information Environment would also position DOD to take more advantage of mobile and cloud, according to Hale. Aside from the cybersecurity and cost savings benefits that JIE offers, it would also position DOD to better embrace innovations being offered in the commercial technology world.

One of the complexities DOD is trying to work out through a few pilot projects is how it is going to work with classification restrictions to make it easier to share information between external centers.

"One of the reasons we’ll be a little cautious in putting more and more sensitive information and more important missions into cloud is this business of puzzling out how we're going to do shared cyber defense and figuring out how we’re going to trust certain cloud providers to do that," Hale said.

The next step for DOD will be to assess the results of the pilots and reexamine much of what it did in the early stages of moving to the cloud, which includes evaluating its value to the mission. After all is said and done, Hale said, people can expect "DOD will have much more use of cloud."

About the Author

Colby Hochmuth is a former staff writer for FCW.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.