Defense

Software factories are new 'crown jewels,' Air Force official says

 

The Defense Department has been pushing hard for digital modernization, but the massive hacking campaign that breached multiple federal government agencies via Solarwinds software has put some of its more nascent efforts at risk -- namely software factories.

"Yes, this creates a new kind of target for our adversaries. These digital factories that we are using to design things may become crown jewels and they'll have to be protected as such," Will Roper, the Assistant Secretary of the Air Force for Acquisition, Technology and Logistics, told reporters Dec. 18 during a virtual Defense Writers Group event.

That becomes an acute challenge for newer programs such as the Air Force's Cloud One and Platform One, which respectively centralize data sharing and tool development capabilities.

"So as I look at programs like Cloud One and Platform One that are being used broadly across our development enterprise, that becomes a single thing to attack whose effects would ripple into other programs," Roper said.

The 2021 defense policy bill, which is under veto threat and awaiting a presidential signature, has a number of cyber provisions aimed at improving the federal government's preparedness for security breaches like Solarwinds.

"This attack is a stark warning that our nation must bolster its cybersecurity posture and capabilities, and it must do so without delay," wrote House Armed Services Committee Republicans Ranking Member Mac Thornberry (Texas), incoming Ranking Member Mike Rogers (Ala.), and four other members said in a statement Dec. 18.

"There is no doubt our adversaries will take advantage of any opportunity to attack vulnerabilities in our cyber infrastructure. The measures in this year's bill will provide critical safeguards to protect the information and capabilities most foundational to our nation's security."

During his talk, Roper stressed DOD's need for zero trust principles on a large scale.

"The other thing that we have to bring into our software environment, into our digital infrastructure which the department is behind on is new technologies that allow you to deal with adversaries that have gotten in -- so zero trust technologies and doing continuous monitoring," Roper said.

"We don't do that in the Defense Department. We certify things are impregnable and commercial industry assumes everything is pregnant and has to deal with that after the fact."

Roper said the goal is to both keep adversaries out while having a plan once they get in and building on those technologies, particularly with initiatives like Cloud and Platform One. The Air Force has been using red teaming to test those systems' security in the wake of Solarwinds Orion software breach, he said, but that new approaches can often mean new targets.

If you create a game changing approach to change the [defense procurement] system, that game changing approach is likely the new thing your adversary targets," Roper said. "Welcome to the digital age."

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected