Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Pentagon’s top IT official: More coordination needed on weapon systems and critical infrastructure cybersecurity

Friday, July 2, 2021

Categories: ASCF News Missile Defense

Comments: 0

Source: https://www.c4isrnet.com/battlefield-tech/it-networks/2021/06/30/pentagons-top-it-official-more-coordination-needed-on-weapon-systems-and-critical-infrastructure-cybersecurity/

John Sherman, acting Pentagon chief information officer, participates in a virtual panel with Billington Cybersecurity on April 15, 2021. (Chad J. McNeeley/U.S. Defense Department) (Office of the Secretary of Defen)

WASHINGTON — The Pentagon’s top IT official said Tuesday that he wants to make a concerted push to secure weapon systems and critical infrastructure from cybersecurity threats, adding that the effort requires higher coordination within the department.

“I really want to put our shoulder into weapons systems and critical infrastructure, recognizing that our adversaries are coming after those two,” John Sherman, the Defense Department’s acting chief information officer, said in congressional testimony. “Those are some risk areas ... because some of these programs were started in the ’90s, when cybersecurity was in a different place, [so now] we have a better way to come at this.”

Sherman’s testimony before the House Armed Services Committee’s Subcommittee on Cyber, Innovative Technologies, and Information Systems come after a series of high-profile hacks in the last six months, including a ransomware attack that affected the IT systems of a major oil pipeline and the SolarWinds breach that affected numerous government systems. In his testimony, he called the pipeline attack a “wakeup call.”

He told lawmakers that cybersecurity is his “top priority” but that the Office of the CIO must “do a better job” working with Cyber Command and the Defense Department’s undersecretary of defense for acquisition and sustainment, who is the chief weapons buyer. That coordination would involve a focus on the cybersecurity of weapons systems and industrial control systems, he said, adding that there are “seams” within the department that must be addressed. Industrial control systems are integrated software and hardware systems that control the networks of infrastructure such as power plants or pipelines.

“That’s the type of area ... where I think we’re carrying some risk, but I want to do a better job of working with our colleagues in the department,” said Sherman, who previously served as principal deputy CIO before taking over the acting duties.

The department’s recent fiscal 2022 budget request asked Congress for $5.6 billion for cybersecurity, a $200 million increase over last year’s request. According to Sherman’s written testimony, that money will be spent on “key” cybersecurity capabilities such as identity, credential and access management; endpoint security; the Navy’s “comply to connect” framework; and user-activity monitoring. Those capabilities would contribute to the department’s push toward a zero-trust cybersecurity model in which users have to continuously verify their identity.

The Defense Department’s work has accelerated on zero trust over the last 18 months, in part due to the COVID-19 pandemic and telework, but also because its acknowledgement that its current cybersecurity systems are vulnerable to advanced hackers. Earlier this year, the Defense Information Systems Agency released a zero-trust reference architecture to outline the department’s vision for zero-trust networks. Additionally, the Office of the CIO has a series of zero-trust pilots underway.

But the department still needs money to invest in new cybersecurity tools to secure its networks using zero trust, Sherman said. His written testimony stated the department needs “new investments” in software-defined environments, continuous multifactor authentication, micro-segmentation, artificial intelligence and machine learning, and user-behavior monitoring.

“What keeps me up at night are cyberthreats of the kind we’re seeing across the country — not only against the government, but against the private sector,” Sherman said. “This is the main reason I am so committed to moving out with a zero-trust implementation at the Department of Defense. I want DoD to be a leader in this space.”

Cloud computing

Sherman also highlighted several ongoing IT modernization initiatives within the CIO portfolio. In his opening statement, he told lawmakers that the department plans to release a software modernization strategy “later this summer” focused on using the DevSecOps process to quickly deliver resilient software.

In its FY22 budget request, the Defense Department requested $50.6 billion for IT and cyber activities, up from $47.7 billion FY21 request and up 4 percent from the amount enacted for FY21. The DoD also asked for $1.48 billion for cloud computing needs, a number Sherman told lawmakers will “require double-digit growth” in future years as cloud technology becomes more prevalent in the department.

Lawmakers didn’t press him hard about the future of the Joint Enterprise Defense Infrastructure cloud, a multibillion cloud contract won by Microsoft in October 2019. The deal has been embroiled in a court battle. Sherman reiterated Deputy Defense Secretary Kathleen Hicks’ comments earlier this month that the JEDI cloud’s future will be decided in the next month.

In his written testimony, Sherman stated that “optimizing the Department’s cloud acquisitions remains challenging” due to the JEDI delay. He added that centralized cloud contracts from the military services along with DISA’s milCloud 2.0 are helping to “fill the gaps and provide a more streamlined and cost-effective approach to DoD cloud adoption” in the meantime.

“We’re continuing to assess our next steps vis a vis ... what comes next or what should we be doing with that enterprise cloud, [an] urgent and unmet need,” Sherman said.

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.