DISA outlines new cybersecurity model at Army Signal Conference

July 24, 2020

Navy Vice Adm. Nancy A. Norton, the director of Defense Information Systems Agency (DISA) and commander of Joint Force Headquarters-Department of Defense Information Network, outlined the way ahead for a cybersecurity paradigm shift that will help the U.S. military maintain information superiority on the digital battlefield.

Norton described the new “zero trust” cybersecurity model to U.S. Army Signal Corps soldiers, industry representatives, academics and students during the virtual AFCEA Army Signal Conference, July 15. “This new cybersecurity model will enable us to better support our warfighters, national leaders and mission partners,” said Norton, who also noted zero trust will help to safeguard DoD networks that span the globe and support every service, command combatant and defense agency. Together, DISA and Joint Force Headquarters-DODIN defend the cyber domain while providing the tools necessary for our forces to deter or defeat aggression across every warfighting domain - cyber, land, air, sea and space,” said Norton. “That’s why we are embracing zero trust to prevent data breaches.”

“Zero trust is designed to ensure the people and devices accessing our critical infrastructure, resources and information are the ones who are supposed to be accessing them," she added.

According to an article by Walter T. Ham IV, DISA Strategic Communication and Public Affairs, "in the traditional perimeter or castle and moat model for cybersecurity, if adversaries make it across the moat, they have free reign in the castle. Norton said the zero trust cybersecurity model seeks to end that with three guiding principles: Never trust, always verify; assume breach; and verify explicitly."

“This paradigm shift, from a network-centric to a data-centric security model will affect every arena of our cyber domain … focusing first on how to protect our data and critical resources and then secondarily on our networks,” said Norton. “Data is indeed the ammunition of the future fight, and that ammunition has to be at the ready.”

Norton said zero trust will incorporate functionality in a number of existing DISA portfolios, such as: Identity, credential and access management; comply-to-connect; assured identity; user access management; analytics, and security automation, orchestration and response, says the article. “It won’t replace many of our current systems, tools or technologies, but it will enable us to take a more holistic approach to integrating, augmenting and optimizing existing functionality to evolve our enterprise architecture,” the admiral added.

According to Norton, the new cybersecurity model will also enable greater collaboration with other federal, coalition and industry partners for a variety of missions, ranging from combat operations to humanitarian assistance. Norton emphasized the importance of maintaining trusted partnerships with industry to provide the tools needed for the nation’s cyber defenders.

“The future fight is already here,” said Norton. “Right now, we have adversaries who actively seek to harm our nation and its standing in the world by constantly attacking us in the cyber domain. They seek to sow discord in our society, to steal our critical information and to hack away at our technological edge. Our nation’s enemies are relentless, even during this pandemic.”

Norton also encouraged students participating in the conference to consider becoming cyber defenders at DISA and JFHQ-DODIN, notes Ham. “The most important, meaningful job you can have is one where you make a lasting difference in the world. That is what we are offering at DISA and Joint Force Headquarters-DODIN,” said Norton. “We are in a generational fight, and we need the next generation to pick up the torch and help shape the future.”

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 December

This month, Security magazine brings you the 2020 Guarding Report - a look at the ebbs and flows security officers and guarding companies have weathered in 2020, including protests, riots, the election, a pandemic and much more. Industry experts discuss access management and security challenges during COVID-19, GSOC complacency, the cybersecurity gap, end-of-year security career reflections and more!

View More Create Account

DISA outlines new cybersecurity model at Army Signal Conference

Related Articles

Related Events

Report Abusive Comment