DOD must embrace cross-domain security and continuous monitoring
- By George Kamis
- Feb 15, 2019
As the Department of Defense begins to aggressively move forward with the Joint Enterprise Defense Infrastructure program, the need for cross-domain security solutions has never been more apparent. The JEDI enterprise-grade cloud solution will house large repositories of data at the Secret level and communicate with clouds and networks at other classification levels. DOD must ensure that data can be transferred between these levels and accessed by the individuals that need the information -- but that only the right people, with the right authorization and classification, are sharing and accessing the right data at the right times.
That’s no easy task, particularly with so many people accessing to so much information. Warfighters hunting terrorists must be able to know a terrorist's location, but they may not have the clearance for anything beyond a surface level of data pertaining to that operation. Meanwhile, classified information may need to be pushed further up the command chain to those who may not have immediate access to that data, so they can effectively plan their missions.
It’s a highly complicated process that’s fraught with all manner of security questions. What if the wrong information is accessed by the wrong people? What if data becomes compromised while in transit? How can DOD protect its information while giving employees a seamlessly way to access the data they need to complete their missions?
Crossing the security chasm
Cross-domain solutions permit communication between networks and classification levels that would otherwise be kept separate. From the perimeter, they closely monitor data transfers to ensure that only correct and authorized information crosses a boundary. For instance, a cross-domain solution will carefully assess data in transit to ensure that only properly declassified information is released from a classified network.
Cross-domain technologies can also be highly beneficial for managing data transfers between multiple classification levels. DOD’s three clearance levels -- Top Secret, Secret and Unclassified -- each have their own clearance sub-compartments housing different kinds of data. Individuals with “need to know” access must be able to get information from those different compartments, and data must be transmitted and shared between various levels. Cross-domain solutions can facilitate this transfer of information in a secure manner.
Critical in helping to support the mission, cross-domain technologies use the right level of rigor to protect critical networks and data without sacrificing the ability for employees and systems to obtain the information they need. Data can only be shared when necessary, and that sharing comes with specific credential and redaction requirements. This safeguards networks by putting in place strict validation rules and policies and automating manual transfer processes. The best cross-domain solutions undergo significant security testing and meet stringent guidelines set out by the National Security Agency's Raise-the-Bar initiative to ensure the highest levels of security.
No need for “all or nothing”
The key is balancing security policies with the ability to provide people with fast access to information. Data must be protected without handcuffing employees.
Indeed, security should not be an all-or-nothing affair. Just because a threat exists doesn’t mean access and information flows should be completely shut off. Doing so would blind DOD to its own threat landscape and cause employees to simply create workarounds, leaving the agency just as vulnerable as before, if not more.
Employees should be able to seamlessly do their jobs aided by secure systems -- not hampered by them. Meanwhile, security administrators should be able to focus on addressing real threats, as opposed to spending time rectifying false alarms or implementing unnecessary blanket security policies that adversely impact everyone.
Humans as the last line of defense
Securing data as it passes from one network to another is only the beginning. Once data is shared, it ends up in the hands of government employees. Those employees can be an ideal complement to cross-domain security by serving as DOD’s final line of defense.
Some employees may be more susceptible to a security breach than others simply because of their role and proximity to sensitive information. For example, a senior officer might be more of a target than someone who does not routinely access classified data. Therefore, DOD should take into account users’ proximity to sensitive data and daily behavioral patterns and passively monitor for any anomalies in these patterns. Establishing a baseline of a user’s regular patterns -- the type of files they access, where they log in from, etc. -- can help identify spikes and anomalies later on.
Continuous monitoring of these patterns allows DOD IT professionals to detect whether or not a user’s credentials may have been compromised and flag any other unusual activity. Leveraging CM data allows cybersecurity teams to effectively inform a reliable risk-adaptive security approach that automatically responds to abnormalities in a number of ways, including blocking irregular access or enforcing other security countermeasures without penalizing the entire workforce or rewriting security policies wholesale. That is a better and more effective approach than “all or nothing,” as it supports the information flow that cross-domain solutions provide while ensuring that the DOD’s proprietary data remains secure even after it crosses borders.
No network is impenetrable, and security breaches are not a matter of “if,” but “when.” But information can remain protected, even in transit. Employees can stay productive and have access to the data they need. And networks and clouds can be better fortified. Adopting cross-domain and risk-adaptive security can mitigate threats and keep missions on track.
George Kamis is CTO for global governments and critical infrastructure at Forcepoint.