Building a Better Defensive Federal IT Infrastructure
Anyone who believes the adage, “The best offense is a good defense” is clearly not a student of SEC football or cybersecurity. The SEC’s Coach Saban at the University of Alabama won season after season based largely on his defensive strategy and talent. But a few years back, Saban’s strength of defense hit a wall; no longer accomplishing his record-breaking national championship goals and forcing him to refocus on his offensive strategy and talent, employing a "spread offense." Did it work? His record since says it did.
Recently, DefenseOne covered a story about a US wargaming exercise where, in a virtual battle against Taiwan, the US lost—hard—forcing military leaders to give serious thought to how they go about the business of protecting the US and its interests abroad. Will it work? Time will tell.
At issue in the virtual wargame was a failure by US planners to successfully deploy a network of defensible communications to facilitate what USAF Major YuLin Whitehead calls, “The Ultimate Precision-Guided Weapon”—information! With reliable, up-to-date information, defenses can be shored up where needed and offensive maneuvering can be coordinated more quickly and efficiently.
Based on the outcome of the learnings from the wargames are three new directives called “functional battles” that Joint Chiefs Gen. John Hyten wants to focus on:
- Contested Logistics: New delivery methods and processes for resupplying the front line.
- Joint Fires: Implementing a smarter battlefront that includes not just physical warfare, but also virtual.
- JADC2: A fully connected combat cloud.
According to Gen. Hyten, if we can successfully accomplish these three things, the US and its allies will have what he calls the “Information Advantage.”
The common thread through these three functional battles is technology, more precisely, internet-based technology. The problems for the US, as made evident through our failed simulation, come down to three big issues: information sharing, security, and a realization that we are not as defensively protected as we thought.
By now, everyone has heard that the DoD’s Joint Enterprise Defense Infrastructure (JEDI) contract was canceled in early July. This effectively put an end to the dream of a single-vendor-developed enterprise cloud, which many believed would provide the exact kind of information advantage General Hyten wants. Such a solution, many hoped, would secure the US’ systems and help it out-maneuver foreign bad actors who are on the cutting edge of cyber espionage and backed by some very deep pockets.
If you follow the directives and statements coming from various US agencies in the past couple of months, a pattern emerges; one which appears to bolster JEDI critics’ feelings that, any defensive solution implemented by a single vendor, is one destined to fail.
Innovation at the Cutting Edge of Defense
The silver lining of the JEDI cancellation might be a great deal of self-introspection and an openness to entering a dialogue that includes not just the biggest names in government contracting, but smaller organizations; those who are, arguably, more often on the bleeding edge of innovation. It also doesn’t hurt that many smaller organizations’ secrets are so closely guarded that only a select few have access to them (hence: secrets).
All of which contribute to an offensive and defensive strategy combining leading enterprises that have the resources and funding to pull off a JEDI-like project, with innovative startups doing new and interesting things using tomorrow’s technology.
Consider just a couple of news items of late:
- A new bill co-sponsored by Sens. Jacky Rosen and Marsha Blackburn, and House Reps. Jimmy Panetta and Ken Calbert, would create an all-volunteer Civilian Cybersecurity Reserve, comprising private-sector security experts who would serve 6-month duties in various government agencies, with a focus on stemming the negative impacts of growing cybersecurity vulnerabilities and breaches. In short, bringing the private sector’s expertise into the public sector—information sharing.
- At the June Defense One Tech Summit, Deputy Assistant Secretary of Defense for Cyber Policy at the DOD, Mieke Eoyang, drew a line in the sand when she told the assembled crowd that even smaller organizations need to shore up their security so as not be in a position where, “…people are turning to the Department of Defense to try and stop every single criminal gang out there…”
She went on to admit “…we do not have the clarity of offerings that the private sector could provide under security cooperation funds to our partners and allies, so I would encourage industry to work with us so that we have a better understanding of what might be available…to help shore up the cybersecurity of our partners and allies.”
"The opportunity to secure ourselves against defeat lies in our own hands..".Sun Tzu
Taking the First Step Towards a Proactive (read: Offensive) Defensive Strategy
The first step to healing is admitting you have a problem and if the wargames exercise was not a “Houston, we have a problem” moment, then nothing is.
There’s an old saying in the security community—well, there are quite a few really—but this one says, “There is no such thing as a silver bullet.” Meaning, no single solution is going to protect your assets. Rather, any effective solution must rely on a combination of tools, technologies, and quite frankly, experienced viewpoints, to succeed.
But even enterprise-sized organizations have an easier time securing their assets and secrets than any government, based on the size of its electronic borders alone. Smaller organizations, by comparison, have it made.
Deputy Asst. Secretary Eoyang correctly pointed out one very big challenge the US faces, which the private sector is perfectly poised to help with, and that is helping leaders understand the breadth of solutions available on the market to meet whatever challenge comes up.
Though Epoch Concepts is an organization with a deep interest in the continued health of government contracts, we believe in a future where organizations of all types, sizes, and backgrounds can contribute collectively, sharing knowledge and building a better and more secure national infrastructure. And sometimes that means the best solution is more than one solution.
And we believe that is at the heart of why the silent clapping for the death of JEDI is so deafening.
Like the spread offense, an effective federal IT infrastructure, designed, built, and managed by a global network of both public and private entities--not just one key player--can mean the difference between success and failure in the real world.
About Epoch Concepts
Epoch Concepts is a partner and value-added reseller to the US federal government and commercial organizations around the country. The Epoch Concepts' difference is our deep experience working in, and with, organizations like yours. Unlike typical VARs, we offer an end-to-end, design-to-implementation experience tailored to your unique organizational needs.
Anchored in decades of hands-on experience and an unwavering client-first commitment, our seven-step process for designing and implementing mission-critical technologies puts your goals and challenges at the center of everything we do.
With a partner network of more than 100 of the world's most advanced technology vendors, we can design, source, and implement a fully customized, turnkey system that meets your organization's needs now and for years to come.