News   Reform

IT Experts Discuss DOD's Use of Digital Communications

June 19, 2020 | BY David Vergun , DOD News

It's essential to modernize the Defense Department's perimeter-based security models and compliance requirements that prevent DOD from transforming the way it achieves its objectives, information technology experts said in response to evolving cyber risks.

Peter T. Ranks, deputy chief information officer for Information Enterprise, discussed a range of IT issues yesterday at the Defense One Tech Summit via remote video. He was joined by Jeanette Manfra, the director of government security and compliance for Google Cloud. Manfra served in the Army as a communications specialist and a military intelligence officer and in high-level IT positions in DOD and the Department of Homeland Security.

Ranks said DOD has served as a model for other agencies during the COVID-19 pandemic as the department has increasingly realized the value of having infrastructure in place for workers to work remotely, particularly in cloud computing.

Man types on keyboard.
Computer Program
Air Force Staff Sgt. Caleb uses a computer program to identify network issues during his unit's training period at Berry Field Air National Guard Base, Nashville, Tenn., May 5, 2019. For security reasons, the airman’s last name is withheld and the photo has been altered to blur out identification badges.
Photo By: Air Force Tech. Sgt. Mark Thompson
VIRIN: 190505-Z-IA427-1011M

Working remotely involves an architecture that meets the need of users wherever they are so they have access to data, he said. But Ranks noted that it's important to have a zero-trust mentality when it comes to cloud computing, which means being aware of the possibility of getting hacked.

Manfra noted that two forces are tugging in different directions in digital communications: security compliance and mission outcomes, which involve speed, productivity and agility.

"Security compliance acts as blocker sometimes," she said, adding that security compliance often doesn't measure and detect what it's supposed to. 

"You have to have a zero-trust mindset and move beyond the idea that a perimeter is going to keep you safe," she said, noting that insider threats exist.

A solution to the two competing forces, she advised, is to bring in security experts early in software development so there's a dialogue and an understanding about each other's expectations and what is possible.

A service member types at a laptop keyboard.
A service member types at a laptop keyboard.
Photo By: Marine Corps
VIRIN: 081123-M-ZZ999-010

A particular area where transparency is necessary, she said, is having a good dialogue with cloud providers to aid in managing risk and reducing uncertainty.

Manfra also suggested that the "digital fortress" mentality that aims to keep intruders out can also hamper the innovations offered by commercial clouds, such as data analytics, artificial intelligence and edge computing. 

Ranks and Manfra both emphasized the importance of having a well-trained workforce. They said not everyone needs to know how to code, but everyone should understand the fundamentals.