Pentagon’s Transition to Windows 10 Yields Increased Cyberdefenses, CIO Says
SAN FRANCISCO — It’s no surprise the Defense Department with its treasure trove of data is constantly blitzed by hackers and cybercriminals. But despite the sophistication and velocity of the threats, the Pentagon’s cyberdefenses can easily withstand “a terabyte of death” — or even more — as one senior official put it earlier this year.
So, how is DOD, the largest federal agency, able to pull that off?
The migration to Windows 10 was a key part of hardening cyberdefenses, said Essye Miller, DOD’s chief information officer. She spoke April 16 to a crowded room at the Marriott Marquis, as part of Carasoft’s Public Sector Day in San Francisco. The event runs in conjunction with the RSA Conference.
The Pentagon rapidly deployed Windows 10 departmentwide in January, and March 31 marked the first time nearly 95 percent of DOD was on a single operating system, Miller said. (The Pentagon planned in November 2015 to implement Windows 10, but was unsuccessful in doing so across the entire department.)
“If that doesn’t give us a foundation for security posture, I’m not sure what does,” Miller said.
The migration was no small task. DOD has 3.4 million users, data in over 1,000 data centers and more than 500 cloud initiatives across the department.
But one operating system was a nudge in the right direction.
“We had to start somewhere to get a common framework,” as Miller said.
Although DOD shares threat information with the departments of Justice and Homeland Security, Miller called on the private sector to reach out, because “the key is to make sure we can partner with all of government and all of industry — this is a team sport.”
That collaborative approach was evident in preventing the spread of WannaCry last May. The ransomware wreaked havoc across the globe, targeting machines running Windows operating system. The cryptoworm encrypted users’ data, and held it hostage until a ransom was paid in bitcoin.
Despite its destructive path worldwide — 150 nations were affected — U.S. federal systems were spared of WannaCry. The White House has fingered North Korea as the culprit behind the malicious code.
“That information (about the malware) that we got would not have been readily available to us had it not been for some of the key partnerships we have with industry today,” Miller said.
The recent appointment of Suzette Kent as federal CIO, a title previously held by former Disney executive Tony Scott, also lends itself to more opportunity for collaboration within government.
“You’ll see an alignment between her office, DHS and DOD — anyone see the trend there?” Miller said. “The largest government agencies partnering not only on IT modernization but how we get to the heart of the threat and the vulnerabilities we need to deal with.”
Because, as Miller so well knows, the recipe for multifaceted, hardened cyberdefenses comes down to working closely with others. No island — even one the size of the Pentagon — can go about it alone.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DOD Has a New Cyber Resiliency Assessment Program
Defense officials tout the continuous assessment feature and scalability of the new program amid increased cyber threats.
5m read -
Transitioning Systems for Modern Agency Missions
IT modernization is a constant process necessary for improving customer service, mission delivery and collaboration.
40m watch -
Cyber Resilience and Recovery Amid Evolving Cyber Threats
Data durability is a key aspect of NIST’s cybersecurity framework for public and private organizations.
21m listen -
How Tech Enables Environmental Justice at EPA
The agency wants to eliminate bias and establish new tech standards to reduce greenhouse gas emissions.
39m listen