Data is a strategic asset, and the U.S. military needs seamless access to it across all networks, devices, and infrastructure, all the way to the tactical edge. Mission-critical defense operations rely on secure and readily available data.
As the Department of Defense and military agencies digitize their operations, data becomes a prime target for adversaries. Threats are becoming increasingly sophisticated. Ransomware, destructive malware, and supply chain attacks can evade perimeter defenses. Additionally, DoD environments are mobile, dynamic, and distributed, making it difficult to protect data in such environments. A federated environment presents additional challenges as the Department of Defense must assume data security risks for its partners.
According to the World Economic Forum's Global Cybersecurity Outlook 2024, released in January, the world is facing the following challenges: [in 2023] A polarized geopolitical order, multiple armed conflicts, skepticism and enthusiasm about the impact of future technologies, and global economic uncertainty. It also shows that cyber inequities are increasing between cyber-resilient and non-cyber-resilient organizations.
Protecting the confidentiality, integrity, and availability of DoD data from nation states and other adversaries is critical. The latest Department of Defense Cybersecurity Strategy states that U.S. adversaries seek to leverage malicious cyberattacks to achieve asymmetric advantages, target U.S. critical infrastructure, and threaten U.S. military superiority. It is pointed out that it is decreasing.
Leverage backup and automation
How can the Department of Defense operationalize and protect data quickly and at scale?
A robust data-centric approach that overlays capabilities such as data discovery, classification, and observability with artificial intelligence and machine learning (AI/ML) to provide continuous visibility into risks in distributed data. Consolidating backup data provides additional context for identifying anomalous access attempts and insider threats. Many IT teams think of backup primarily for disaster recovery rather than cyber resiliency.
According to a recent State of Data Security report, 90% of ransomware attacks initially target backup stores. Air-gapped, immutable backups with isolated recovery allow government agencies to continue operating even if their primary system is compromised. Cyber ​​recovery goes beyond basic backup requirements, but is necessary to achieve the principles of cyber resiliency outlined by the National Institute of Standards and Technology (NIST).
Robert Joyce, director of the National Security Agency's cyber division, said at last year's Silverado Policy Accelerator Summit that the Pentagon needs to get serious about backup, just as Ukraine did long before the Russian invasion. He pointed out that there is. Having an organization's processes in place before a catastrophe occurs is critical to quickly recovering and returning to a known, reliable state.
AI and machine learning are powerful technologies, but they are not ends in themselves. These provide insights that help you achieve your mission outcomes. However, an attacker could try to degrade or manipulate the training data to degrade the performance of her AI system. Maintaining high quality, representative data and cybersecurity is critical.
Robust data pipelines and observability are essential to trusting AI/ML-driven decisions. AI/ML can enhance decision-making, but the integrity of the underlying data is critical. When poisoning occurs, the system produces inaccurate output. Tracking where each piece of data comes from and whether it's up-to-date is as important as strong access controls and redundancy to ensure the safety of your AI/ML data pipeline.
Implementing Zero Trust
Defense Department officials say they need stronger, more sophisticated tools to achieve cyber resiliency and protect information in enterprises that span geographic borders, collaborate with external partners, and support millions of authorized users around the world. recognized that it is no longer sufficient to protect a network with perimeter defenses alone. .
To address these challenges, the Department of Defense is moving to an enhanced cybersecurity framework built on Zero Trust principles that must be adopted across the department. A core tenet of the Zero Trust model is that no people, data, systems, networks, or services are trusted when operating outside or inside a security perimeter. Instead, this new normal for breaches requires that anything attempting to establish access be verified.
Attackers are primarily after two things: access and data. The foundation of Zero Trust is implementing robust identity and access controls, such as multi-factor authentication. Secure identity management across the enterprise is essential. Otherwise, an attacker could compromise your account, gain access to your network, steal data, and launch attacks. Data is becoming increasingly valuable, but also increasingly vulnerable.
Weaponization and tampering with data are threats that need to be considered when implementing Zero Trust, especially when migrating existing IT environments. This requires evolving Zero Trust to better protect data and incorporate cyber resiliency.
Data plays a big role in the Department of Defense's goal of leveraging AI and ML. Without robust, secure, immutable, and trusted data, the ability to build, evolve, and use AI for national security applications is severely limited.
Defense organizations need to gain visibility and control of data across all environments, from on-premises to network and multi-cloud to the tactical edge, across all domains of land, air, sea, cyber, and space. To reach that end state, defense agencies must leverage automation, AI/ML, data observability, and other capabilities to detect threats faster and reduce response times.
Identify unknown risks
Holistic data observability, including classification, access patterns, and accountability tracking, enables agencies to discover unknown risks and act more proactively. This visibility, combined with multi-layered analytics and behavioral detection, enables predictive and automated security responses.
Automation and orchestration are key to scaling security. Policy-driven data protection and integrated threat flows deliver greater speed and consistency than manual processes.
By focusing on data-centric visibility, protection and verification capabilities, zero-trust architecture, and automated response, the Department of Defense can implement cyber resilience at enterprise scale. Staying ahead of rapidly evolving threats is essential to maintaining your information advantage.
As new attack vectors emerge, defense agencies must implement security strategies tailored to today's hybrid, hyperconnected environments. Cyber ​​resiliency ultimately depends on protecting critical data wherever it resides. Defense leaders must make robust data security an integral part of the sector's cyber response and mission success.
Travis Rosiek is Rubrik's Public Sector CTO