Reimagining Networks and Security at AFCEA Defensive Cyber Operations Symposium (DCOS)

Lt. Gen. Alan Lynn, director of the Defense Information Systems Agency (DISA) and commander of the Joint Force Headquarters–Department of Defense Information Network (JFHQ-DODIN), kicked off ACFEA Defensive Cyber Operations Symposium (DCOS) reminding attendees that the ongoing cyberwar doesn’t have a pause button.

“The battle in cyberspace is constant; it’s not episodic for us. Because we’re defending the network and it’s a constant pounding all the time,” Lynn said during his opening keynote.

Lynn cited the recent WannaCry ransomware as one example of the types of attacks the DISA frequently deals with.

With that in mind, Lynn and his teams are working to reimagine networks and security. Here are some ways DISA is looking toward the future:

Internet of Things

“I think the future is going to be IoT,” Lynn said. “You hear a lot of people talking about IoT.”

To accommodate that, a lot of research is being done into real-time computing that leverages parallel processing rather than serial processing. Lynn used driverless cars as an example of the need for real-time computing: “Do you want to wait a few seconds to get to the braking part, or do you want it real time?” he asked.

Assured Identity

Assured identity will also be critical to network security and access.

“The way we built the Internet, you can ride on it and nobody will know who you are,” he said. “With identity as part of that mix, that helps solve a lot of our problems in people attacking our network.”

Lynn said assured identity goes beyond traditional common access cards for authentication and access and leverages biometric authentication such as facial and voice recognition, fingerprint, eye scanning and gait; and behavioral authentication, including travel patterns, location by time, device handling, speech patterns and keystroke cadence.

“When you start getting all of that data…your identity score goes up and it will determine how much access you have to different portions of the network,” Lynn said. “So the future I see will be not only a network that’s mobile that you’re bringing devices into your building, but it will determine what’s your level of access based on the amount of identity that’s been provided to your device. That’s a future we’re currently working on.”

Modernizing Applications

Lynn said DISA is working to update old, legacy applications and breathe new life into them on new platforms. He said they’re moving old applications to HTML5, which makes them platform independent and accessible across all different devices.

Software-Defined Networking

Software-defined networking (SDN) is another major initiative for DISA. Not only does it present cost savings by eliminating hardware spend in favor of virtualization, but it adds a new layer of security. SDN delivers the ability to replicate a virtual network and move users to that replica in the event of an attack.

“If you attack one network, you can have it, because we just left,” he said.

Grey Net

Lynn added that DISA is also moving to the Grey Net, a software-defined network that encrypts and decrypts data at the endpoint, meaning classified data can ride on untrusted networks. The Grey Net replaces legacy systems that are device dependent and hardware heavy and in which classified data must have its own networks.

“In the future, what we see is a software-defined network that encrypts and decrypts at the endpoint so it can ride essentially any network that’s available – any untrusted network. That will be a game-changer because we don’t care what the transport is, we’ll use whatever’s available.”

A10 at AFCEA DCOS

A10 Networks was part of the conversation at AFCEA DCOS, where we showcased how a defense in depth cyber security strategy can fortify networks and applications against today’s modern threats, and how federal agencies can protect themselves from threats concealed in encrypted traffic.

For example, A10 Thunder SSLi empowers government agencies to break and inspect encrypted traffic to eliminate the blind spot in their networks without sacrificing performance.

For more information on threats that can hide in encrypted traffic, download our free white paper, “The Ultimate Guide to SSL Inspection: Uncover Threats in SSL Traffic."

Add new comment