10 November 2018

Here’s one way DISA wants to improve cybersecurity

By: Mark Pomerleau 

The Defense Information Systems Agency is looking to improve the cybersecurity posture of the Department of Defense by reducing attack vectors to the network. Adversaries are becoming more sophisticated, with threats becoming more complex and the number of cyberattacks increasing, Vice Adm. Nancy Norton, director of DISA, said Nov. 5 during DISA’s annual Forecast to Industry day in Linthicum, Maryland. She said DISA executes roughly 1 billion defensive cyber operations events in a given month, automatically blocking most attempts while intervening in nearly 1,000 incidents and conducting over 2,000 countermeasures.

One way DISA is seeking to reduce these attack vectors to the network is implementing a cloud-based internet isolation solution to protect from browser-born threats.


The Defense Information Systems Agency is looking for internet browsing to take place on a commercial cloud and away from Department of Defense servers.

“By taking the internet browser off the work station and placing it in a remote cloud-based server outside of the DoD [Information Network], we can review traffic from afar and protect the network while preventing malware and cyberattacks,” she said, noting DISA is interested in hearing about industry’s solutions in this space.

Reducing the attack vector and the architecture itself reduces the amount of cybersecurity attacks that DISA has to manually respond to and ultimately ensures resiliency to support mission accomplishment, Norton said.

“Cybersecurity needs to be at the forefront of our operations. Cyber is our battlespace and resiliency in that battlespace is key for our networks, applications and systems,” she said.

Each person is responsible for cyber hygiene and cyber defense today, according to Vice Adm. Nancy Norton, director of DISA and commander of Joint Force Headquarters-DoD Information Networks.

Norton also described efforts to automate and orchestrate key defensive processes that will help the team expedite actions that historically were performed manually.

This includes exploring the use of enterprise tools, machine learning, robotics and artificial intelligence to expand the effectiveness of analysis with existing staff, Norton said. These capabilities will use sensor data to help the agency readily identify long-term cybersecurity trends, uncover changes in adversary behavior and develop algorithms to identify suspicious activity.

“We must do this across cybersecurity in order to pace the threat inside cyberspace,” she said.

No comments: