The AFCEA TechNet Air show is right around the corner and I'm looking forward to hearing more about the challenges that the Air Force faces in cyberspace. It's an uncontested domain in which the Air Force seeks to establish Information Dominance.
The Air Force is constantly working to evolve to meet the ever-changing landscape of the man-made cyber domain. What worked a few years ago won't quite cut it now – "We can't harden our way out of this, we're going to have to think different", as CIO Lt. General Bill Bender said at a recent AFCEA Cybersecurity Technology Summit.
Some of the changes being adopted involve the procurement of more modular, flexible security platforms with open standard interfaces that can quickly adapt to emerging needs – including those not yet thought of. With open standards these systems can further be integrate with one another with the right connectivity tissue so that the whole of the system is greater than the sum of the individual parts. This is the "system of systems" approach that's proven itself time and time again.
How To Build The Right Tool For Emerging Needs
By equipping cyber airmen with the basic building blocks to rapidly develop and deploy new capabilities you place into the experts hands the "workshop" they need to build the right tool for the need. It's no wonder that many government agencies decide to build things themselves, usually out of desperation, since vendor point tools address just niche needs. The problem with this approach though is that the government becomes the Original Equipment Manufacturer (OEM) of the system and tools. No wonder we hear time and time again the cries of "no more in-house development, we need to leverage the investments from industry".
Let's explore the promise that arises when this need is met by industry. Flexible, dynamic platforms allow for a comprehensive cyber capability that can adapt at will. Combine advanced analytics processing with automated dissemination or even command and control and imagine the possibilities. Why would such a powerful system be reserved for only those who understand it's intricacies? Why not open this system up for others to provide feedback into its capabilities? This approach is sometimes referred to as DevSecOps.
DevSecOps is the understanding that since security is everyone's responsibility, everyone should be supplied with tools and processes that help with security decision making along with security staff that enable use and tuning for these tools. Allowing stakeholders the ability to exploit, process, and visualize data from these systems will allow for the dissemination of meaningful insights that can be acted on at all levels and across the entire organization. Now everyone from the database and storage admin, to the application developer, data owners, and even executive leadership can discover, observe, and assess what's happening within the environment. Is that surge in database reads something to be concerned about or is it a factor of that new application rollout, database STIG, or a result of our recent consolidation project? How did it look yesterday or last week? Reasonable questions that I'm certain anyone would expect a simple answer to given the amount we spend on monitoring tools.
Call it DevSecOps, or even IT Security Operations Analytics. Whatever you call it - one thing is for certain – the fundamental building blocks of future security systems will involve platforms. At Extrahop our founders had the foresight to envision a world where platforms are king, and data is shared, all in an effort to initiate the changes needed to solve tomorrow's complex problems. I'm proud to be part of this exciting movement with some of the best platform builders in the industry.