DISA outlines new cybersecurity model at Army Signal Conference

Revised NIST Cyber Security Framework - Security Magazine

Navy Vice Adm. Nancy A. Norton, the director of Defense Information Systems Agency (DISA) and commander of Joint Force Headquarters-Department of Defense Information Network, outlined the way ahead for a cybersecurity paradigm shift that will help the U.S. military maintain information superiority on the digital battlefield.

Norton described the new “zero trust” cybersecurity model to U.S. Army Signal Corps soldiers, industry representatives, academics and students during the virtual AFCEA Army Signal Conference, July 15. “This new cybersecurity model will enable us to better support our warfighters, national leaders and mission partners,” said Norton, who also noted zero trust will help to safeguard DoD networks that span the globe and support every service, command combatant and defense agency. Together, DISA and Joint Force Headquarters-DODIN defend the cyber domain while providing the tools necessary for our forces to deter or defeat aggression across every warfighting domain - cyber, land, air, sea and space,” said Norton. “That’s why we are embracing zero trust to prevent data breaches.”

“Zero trust is designed to ensure the people and devices accessing our critical infrastructure, resources and information are the ones who are supposed to be accessing them," she added.

According to an article by Walter T. Ham IV, DISA Strategic Communication and Public Affairs, "in the traditional perimeter or castle and moat model for cybersecurity, if adversaries make it across the moat, they have free reign in the castle. Norton said the zero trust cybersecurity model seeks to end that with three guiding principles: Never trust, always verify; assume breach; and verify explicitly."

“This paradigm shift, from a network-centric to a data-centric security model will affect every arena of our cyber domain … focusing first on how to protect our data and critical resources and then secondarily on our networks,” said Norton. “Data is indeed the ammunition of the future fight, and that ammunition has to be at the ready.”

Norton said zero trust will incorporate functionality in a number of existing DISA portfolios, such as: Identity, credential and access management; comply-to-connect; assured identity; user access management; analytics, and security automation, orchestration and response, says the article. “It won’t replace many of our current systems, tools or technologies, but it will enable us to take a more holistic approach to integrating, augmenting and optimizing existing functionality to evolve our enterprise architecture,” the admiral added.

According to Norton, the new cybersecurity model will also enable greater collaboration with other federal, coalition and industry partners for a variety of missions, ranging from combat operations to humanitarian assistance. Norton emphasized the importance of maintaining trusted partnerships with industry to provide the tools needed for the nation’s cyber defenders.

“The future fight is already here,” said Norton. “Right now, we have adversaries who actively seek to harm our nation and its standing in the world by constantly attacking us in the cyber domain. They seek to sow discord in our society, to steal our critical information and to hack away at our technological edge. Our nation’s enemies are relentless, even during this pandemic.”

Norton also encouraged students participating in the conference to consider becoming cyber defenders at DISA and JFHQ-DODIN, notes Ham. “The most important, meaningful job you can have is one where you make a lasting difference in the world. That is what we are offering at DISA and Joint Force Headquarters-DODIN,” said Norton. “We are in a generational fight, and we need the next generation to pick up the torch and help shape the future.”

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.