Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Defense cybersecurity leaders say partnership, consistency needed to uphold executive order

Friday, November 5, 2021

Categories: ASCF News Cyber Security

Comments: 0

Source: https://federalnewsnetwork.com/defense-main/2021/11/defense-cybersecurity-leaders-say-partnership-consistency-needed-to-uphold-executive-order/

Photo: policyoptions.irpp.org

The Defense Department is not lacking when it comes to vocabulary around cybersecurity. But cyber leaders, especially from the Army, would like to see more shared use of that vocabulary and cross-domain implementation.

Maj. Gen. Matthew Easley, director, cybersecurity and chief information security officer, and the Army’s chief information officer, said it is key for cybersecurity professionals use the five functions of “identify, protect, detect, respond and recover,” as they communicate with each other, stakeholders, executives and industry.

“One of my personal opinions is we have enough frameworks: We have the risk management framework, we have the cybersecurity framework, we have the zero trust framework that I will get into later in the talk,” he said during a hybrid event hosted by FCW last week.

He said in his building, at least, they don’t talk about the cybersecurity framework enough and it takes executive-level decision-making to prepare an organization’s enterprise for it.

The president’s May executive order on cybersecurity was a turning point in the way agencies evaluate their posture, and Easley said that as far as DoD is concerned, the EO’s primary tasks were to continue cloud migration and implement a zero trust architecture. The Army’s cloud plan in particular, what is being called cArmy. Easley said that consistency and repeatable deployments to the cloud is critical for cybersecurity because without cArmy, mission owners would have to provide services on their own. That would mean each cloud instance could be built and secured differently, thus making prevention and detection more difficult.

He said the majority of the Army’s workforce being in non-traditional places, the office’s local area network isn’t as it was before — hence the need for zero trust. On a home network, all connected peripherals and Internet of Things devices sit next to a machine processing propriety business information in an environment with different physical security controls from what are in the office.

“Even your data center [is] probably now a hybrid mix with some processes executing on-prem and some off the security solutions that prevent incidents from my identity credential access management to the data analytics monitoring both the processes and security of the process, or mix of your legacy systems and cloud based solutions,” he said.

Both Easley, and Sudha Vyas, chief cybersecurity architect in the DoD’s Office of the Chief Information Officer, said that enforcing zero trust would require a partnership across domains. As Vyas put it, “the beauty about DoD is the scope and complexity. And the reason why I say the beauty is because that just provides a slew of different use cases and opportunities, where we can find where we can actually pull in evolved.”

Within the portfolio management office, it is important to find key metrics that depict how the department is moving or implementing those key zero trust capabilities, for example, minimizing the use of virtual private networks, she said.

The authorities within DoD to get after zero trust already exist, but the issue is putting them in the right place at the right time, according to Terry Mitchell, principal cyber advisor (PCA), Office of the Under Secretary of the Army.

In position as a PCA, he has to assess areas of training, talent management, acquisition, cyber management operations and the adequacy of the cyber budget for the service. He said that after talking with the congressional staffers who created the legislation which enshrined the PCA role into law.

“When I met with the staffers and you kind of asked… why they created the PCA, it’s really an ability to kind of push the services to look toward the future and show how much cybersecurity DoD is getting for their money.” Mitchell said.

He said the partnership description came up when talking to Sens. Mike Rounds (R-S.D.) and Joe Manchin (D-W.Va.) on the Senate Armed Services Committee.

“Their point is – they believe the PCA is a partnership. [It] isn’t just within our services, but it is within DoD, within the other federal players and industry. And so they expect us to go out and sit with vendors and say, ‘what are the best practices?’” Mitchell said. “So we can bring those requirements to the table, work with [the Office of the Secretary of Defense] to make sure that that dollar is actually getting us to where we need to go. But it is a true partnership, and I think I’ve heard this word like five or 10 times this morning, but we can’t do this by ourselves – the threat’s too big and is too persistent.”

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.