For the 2017 fiscal year budget, President Barack Obama proposed $6.7 billion in Department of Defense funding to combat cyberterrorism. It’s designed to empower DOD to develop stronger security against cyberattacks as well as to conduct attacks against known enemies.
Defense Advanced Research Projects Agency (DARPA) spokesperson Jared Adams, in an email to Nextgov, said that DARPA was seeking an “automation revolution in computer security.” Automation can detect, diagnose, and remediate vulnerabilities and network configuration changes much more quickly than humans, and it may be the only way for the DOD to stay ahead of an ever-increasing horde of remote attackers.
Command Cyber Readiness Inspections (CCRI)
Starting in 2009, the DOD began a series of CCRIs to assess its current cyberdefense capabilities. Unlike programs that only assessed systems for readiness, CCRI was designed to hold commanders accountable for the state of their networks.
The first inspections reviewed vulnerability scans of different networks within the DOD, such as networks at bases and other facilities, and assessed them against the U.S. Cyber Command’s Computer Network Defense Directives. Two years later, in 2011, CCRI evolved to become less compliance-based and more focused on immediate operational readiness. This year, audits will focus on how well Pentagon agencies, like the Defense Information Systems Agency (DISA) and U.S. Cyber Command itself, are using CCRIs to evaluate their own networks.
How Automation Helps
Automated security solutions can help the DOD facilities pass their CCRIs by providing immediate insight into the state of the network. Even more importantly, automation solutions can use statistical analysis to prioritize potential threats and vulnerabilities for remediation. They can identify existing application vulnerabilities, prioritize those that put critical systems at risk, and automate some patches while alerting network administrators to other actions that need to be taken.
Automation can also restore networks to their last known safe configuration when the system detects unauthorized changes. This process defeats attacks-in-progress more quickly, protecting critical Defense data from being copied or removed from the network.
Finally, Defense networks generate 10 million daily alarms, a number no human administrator, however good, could possibly assess, prioritize, and remediate on a daily basis. Automation tools shorten response time and even perform needed remediation tasks without human help.
Automating Security and More
For the U.S. military, the automation revolution isn’t just confined to security functions. Using tools like software-defined networking (SDN), the military can set up network policies and procedures, such as policies related to traffic optimization or application access, and enforce those policies without human intervention.
SDN provides support for security automation applications by giving security analysts more flexibility for responding to attacks. For example, automated rules could direct all network traffic, both internal and perimeter, through a single virtual firewall instead of forcing administrators to guess where to place firewall devices on the network. With SDN, network administrators can more easily extend virtual local area networks (VLAN) beyond the network perimeter, helping to keep data more secure. During an attack, SDN could direct workloads to another part of the network, preserving continuous functioning while security teams isolate the attack.
Automation for the Internet of Things
In addition to optimizing traffic, limiting access, and hardening security, network automation can help the military manage a dizzying ray of new Internet-of-Things (IoT) devices. These devices, like sensors in helmets that can detect a traumatic brain injury in a soldier, have incredible potential for modernizing the military.
Unfortunately, IoT devices also add a large number of new endpoints to the network, increasing the attack surface. Network automation can speed up the processing of incoming data from these devices, and prevent them from becoming cyberattack tools.
Other Benefits of the Automation Revolution
The biggest benefit of automation when it comes to cybersecurity is how Pentagon agencies can do more with less money. Currently, DISA requires six months to hire, onboard, and train new engineers. Automation could keep networks safer while requiring less labor.
Today’s CCRIs are conducted on a “no notice” basis, meaning U.S. Cyber Command can order inspections with as little as two weeks advance notice. Security automation can keep the bad guys out of defense networks – and help commanders get good compliance reviews in the process.