Security has been a top priority for DOD in 2010. On November 3, 2010, the Department of Defense announced that U.S. Cyber Command had achieved Full Operational Capability (FOC). The mission of Cyber Command is to keep intruders out of government websites. This has been a primary focus of security personnel over the past several years with the alarming increase of attacks on government websites.
In November, the Defense Information Systems Agency (DISA) announced the development of an application that provides smart phone users with a secure way to access DOD networks. Designed by Good Technologies, Go Mobile is intended to allow DOD end-user employees to use their smart phones in a secure way. It uses a plug-in, called a dongle, to connect via Bluetooth to a Common Access Card (CAC). A personal identification number ensures the physical security of the phone. When Go Mobile is active, it disables other features on the phone to secure data storage and provide safe data transfer. The application supports DOD security policy management, enforcement and compliance while providing a secure web browser and a secure apps container. The application is still under testing and evaluation but should be available sometime in 2011.
While these efforts are extremely important and help safeguard external access to government networks and websites, a bigger threat may come from government personnel working within the highly-secure government network. WikiLeaks is a prime example of this internal threat where a single rogue U.S. Army Private was able to download thousands of secret cables and hand them over to Assange’s fledgling organization. No matter how secure a network is, there is always the possibility of a breach from the inside.
Just weeks after the Wikileaks initial release of information, the Department of Defense, Defense Advanced Research Projects Agency (DARPA), Strategic Technology Office (STO) announced the latest government effort to monitor internal networks to identity hostile insider activity. DARPA is seeking novel approaches to insider threat detection by monitoring specific user and network behaviors. As stated in the project description, “insiders are a dangerous threat to our network systems because insiders operate from within our networks; and easily evade existing security measures. Insiders do not attack—instead they use legitimate access points in support of their operations. Traditional defenses operate under the assumption that existing systems and networks are currently uncompromised.” DARPA is seeking ways to identify “tells” within the normal activity of users that would indicate malicious activity.
We certainly seem to be entering an age where you can literally “Trust no one.”