The Defense Department will deploy Windows 10 departmentwide by January to strengthen cybersecurity and streamline the information technology operating environment, according to a Feb. 26 memo by Deputy Defense Secretary Bob Work.
Work addressed the memo to secretaries of the military departments, the chairman of the Joint Chiefs of Staff, defense undersecretaries, defense agency directors, DoD field activity directors and other senior leaders.
“After consultation with department leadership and through discussions with the DoD chief information officer, I am directing the department to complete a rapid deployment and transition to Microsoft Windows 10 Secure Host Baseline,” Work wrote.
“This decision,” he added, “is based on the need to strengthen our cybersecurity posture while concurrently streamlining the IT operating environment.”
The secure host baseline approach to the transition was developed in partnership with the military departments and other DoD components, including the DoD Chief Information Office, National Security Agency and Defense Information Systems Agency.
The deputy secretary directed U.S. Cyber Command, through U.S. Strategic Command, and in consultation with the CJCS and DoD CIO Terry Halvorsen, to lead the directive’s implementation.
Halvorsen said the DoD-wide shift to a single operating system is unprecedented and offers several benefits.
“Transitioning to a single operating system across the department will improve our cybersecurity posture by establishing a common baseline,” the CIO said, adding that deploying Windows 10 also will help lower the cost of DoD IT.
Pass the Hash
DoD will transition more than 3 million Windows-based desktops, laptops and tablets to Windows 10, a cross-platform release that does not include mobile phones, David Cotton, deputy CIO for information enterprise said.
New security features in Windows 10 will help the department enable faster software patching, he said, and counter a major cyber-intrusion technique called “pass the hash.”
In this hack, an attacker accesses a remote server by using a stored hash, or a one-way transformation, of a user’s password rather than the standard plain-text password.
The operating system also will increase accountability and transparency across DoD networks, allowing cyber defenders to better detect malicious activity, Cotton said.
Work said in his memo that he expects the full cooperation of all critical implementation components, including DISA and NSA.
“DoD components are responsible for planning, resourcing and executing the Microsoft Windows 10 SHB deployment consistent with this memorandum,” he said, noting that the DoD CIO may update and refine the deputy secretary’s direction as needed during the implementation.
From his perspective as Stratcom commander, Navy Adm. Cecil D. Haney said that cyberspace underpins all his mission areas and has become a critical facet of national power.
“This transition is another step toward ensuring we strengthen our cybersecurity posture. It is also another example of a number of partners, including the DoD CIO, NSA, DISA, Cybercom and DoD components, successfully working together to ensure our networks are resilient and secure.”