Posted by: Michael Morisy
Department of Defense, IT Security, RSA, RSA 2011
William J. Lynn, III, U.S. Deputy Secretary of Defense, helped kick off RSA 2011 with a keynote, as Security Bytes nicely covered. Listening to his talk, I was struck by how similar the fundamental issues the Department of Defense is grappling with are to the day-to-day problems the good folks in our IT community forums are tackling. In fact, the five pillars of Department of Defense’s Cyber Strategy 3.0 that Lynn laid out might make bullet points for your next pitch on why, yes, IT actually does matter to a company’s strategic success.
I. Cyberspace is a new domain of warfare, just like air, land, sea and space. For many businesses, and maybe even most, the Internet is the most important channel for sales, marketing, customer service and almost every other aspect of what makes the business work. Making it a strategic battlefield only makes sense to ensure that campaigns are coordinated and grassroots initiatives don’t end up self-destructing because nobody allocated bandwidth.
II. We must apply active defenses. It’s no longer enough to apply the automatic patches and call it a day: Just like the DoD, IT departments need to proactively root out threats before they bring down the network and, from an operational standpoint, always assume security is compromised and work to minimize vulnerability.
III. Critical infrastructure on which the military relies must also be secure. Losing Internet connectivity, power or even a functioning financial system would cripple the United States’ military readiness, and IT departments are the same way: Are your VAR’s on steady ground? Will your vendor be around in 2 years, and just as importantly, will their technology do what you need it to do? IT is an ecosystem that extends well beyond your farther firewall.
IV. We are building collective defenses with our allies. Too much is at stake to lock down your network and your knowledge, even if the business side would let you. Today’s IT departments need to support gracefully adding temporary workers on loan from other businesses, giving them simple access to what they need while securely cordoning off what they don’t, and then closing those rights when the work is done. There’s a lot of work to be done here, as 10% of IT professionals report they can still access sensitive administrative rights … at their previous jobs.
V. Drawing on outside resources. The military has taken a more proactive approach, alerting private sector companies of security risks it discovers while also partnering to look for solutions to tomorrow’s problems. We have a simple way to build your own public-private partnerships: The ITKnowledgeExchange forums and community, but there are numerous other great opportunities from local meetups (which often have free chow!) to conferences and IRC chats. Connecting with your peers can not only answer your current problem, but help ensure you avoid future pitfalls.
And while it wasn’t a solid pillar, Lynn did close by highlighting the importance of making technology careers “cool” to kids, stating that the United States desperately needed more technical individuals to help prepare for the future. Mentoring and encouraging others in the field is not only the right thing to do, but it helps make the workplace a more team-minded, positive environment.