Enterprise IT Watch Blog

Feb 17 2011   1:25PM GMT

5 takeaways from the Department of Defense’s Cyber Strategy 3.0

Michael Morisy Michael Morisy Profile: Michael Morisy

William J. Lynn, III, U.S. Deputy Secretary of Defense, helped kick off RSA 2011 with a keynote, as Security Bytes nicely covered. Listening to his talk, I was struck by how similar the fundamental issues the Department of Defense is grappling with are to the day-to-day problems the good folks in our IT community forums are tackling. In fact, the five pillars of Department of Defense’s Cyber Strategy 3.0 that Lynn laid out might make bullet points for your next pitch on why, yes, IT actually does matter to a company’s strategic success.

I. Cyberspace is a new domain of warfare, just like air, land, sea and space. For many businesses, and maybe even most, the Internet is the most important channel for sales, marketing, customer service and almost every other aspect of what makes the business work. Making it a strategic battlefield only makes sense to ensure that campaigns are coordinated and grassroots initiatives don’t end up self-destructing because nobody allocated bandwidth.

II. We must apply active defenses. It’s no longer enough to apply the automatic patches and call it a day: Just like the DoD, IT departments need to proactively root out threats before they bring down the network and, from an operational standpoint, always assume security is compromised and work to minimize vulnerability.

III. Critical infrastructure on which the military relies must also be secure. Losing Internet connectivity, power or even a functioning financial system would cripple the United States’ military readiness, and IT departments are the same way: Are your VAR’s on steady ground? Will your vendor be around in 2 years, and just as importantly, will their technology do what you need it to do? IT is an ecosystem that extends well beyond your farther firewall.

IV. We are building collective defenses with our allies. Too much is at stake to lock down your network and your knowledge, even if the business side would let you. Today’s IT departments need to support gracefully adding temporary workers on loan from other businesses, giving them simple access to what they need while securely cordoning off what they don’t, and then closing those rights when the work is done. There’s a lot of work to be done here, as 10% of IT professionals report they can still access sensitive administrative rights … at their previous jobs.

V. Drawing on outside resources. The military has taken a more proactive approach, alerting private sector companies of security risks it discovers while also partnering to look for solutions to tomorrow’s problems. We have a simple way to build your own public-private partnerships: The ITKnowledgeExchange forums and community, but there are numerous other great opportunities from local meetups (which often have free chow!) to conferences and IRC chats. Connecting with your peers can not only answer your current problem, but help ensure you avoid future pitfalls.

And while it wasn’t a solid pillar, Lynn did close by highlighting the importance of making technology careers “cool” to kids, stating that the United States desperately needed more technical individuals to help prepare for the future. Mentoring and encouraging others in the field is not only the right thing to do, but it helps make the workplace a more team-minded, positive environment.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Cloud Security Wrap-Up - Enterprise IT Watch Blog
    [...] 5 takeaways from the Department of Defense’s Cyber Strategy 3.0 [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: