DOD deputy recommends a mission-specific approach to cybersecurity

Cybersecurity remains one of the most important IT issues that the federal government faces today. The more that agencies depend on digital assets, the greater the potential benefits. But there's no getting around the fact that hackers and other cybercriminals pose an increasingly significant risk to the government's IT integrity. Whether acting independently, as part of a criminal network or on behalf of hostile nation-states, these cyberattackers can cause real damage to the U.S. government and national infrastructure.

Such varied and evolving threats may require a more flexible approach to cybersecurity. As Richard Hale, deputy CIO of the Department of Defense, recently explained, the DOD is working to develop more mission-specific standards for federal cybersecurity initiatives, FCW reported.

Cybersecurity is the mission
Speaking at the recent MeriTalk Cloud Computing Brainstorm conference, Hale explained that a one-size-fits-all approach to cybersecurity is, among other problems, extremely inefficient, leading to unnecessary expenditures.

"I shouldn't spend as much money on morale and welfare website as I do on nuclear command control, it doesn't make any sense," said Hale, the source reported.

In addition to the inherent cost inefficiency, this cybersecurity strategy can also cause complications that damage missions. For example, Hale pointed to the DOD's efforts to work with China and Cuba to provide assistance following the 2010 earthquake in Haiti. The department's rigid cybersecurity standards made cooperation far more difficult than it should have been, undermining the humanitarian efforts. 

A new approach
Recognizing these problems, the DOD has now begun to reconsider its cybersecurity guidelines, Hale explained.

"Right now we are trying to step back from this one-size-fits-all model and recognize the reality that different missions have different risk tolerances, and that we can't imagine them all," he said, FCW reported.

In particular, the DOD is now striving to develop an improved wide area network infrastructure that can take into account mission risk by zoning. 

The cloud factor
This effort is both complicated and made more urgent by the DOD's increasing use of cloud services. In particular, the agency is considering moving to a Joint Information Environment. As Hale explained, this approach would allow the DOD to better leverage cloud and mobile technologies, improving cybersecurity and cost-savings.

However, this is a complicated and highly fraught process. 

"One of the reasons we'll be a little cautious in putting more and more sensitive information and more important missions into cloud is this business of puzzling out how we're going to do shared cyber defense and figuring out how we're going to trust certain cloud providers to do that," Hale explained, according to the news source.

As an early step in the cloud integration process, the DOD is currently experimenting with a number of pilot projects. Depending on how well these perform, the DOD will quite possibly increase its cloud efforts in the near future. If this happens, even greater reconsideration of the department's approach to cybersecurity will become essential

Cybersecurity assistance
Considering the complexity inherent to federal cybersecurity in general, and DOD efforts in particular, and the road bumps that have already emerged, a strong argument could be made that agency leaders should look to third parties for assistance.

As many reports have made clear, the government currently faces a severe IT talent shortage, with departments struggling to find enough qualified personnel to meet their needs. Considering the fact that a change to cybersecurity standards will affect virtually every part of an agency's IT, this shortage could prove devastating. By working with a qualified third-party consulting firm to guide the process, though, these risks become far less severe.