When Lt. Gen. Alan Lynn retires as director of the Defense Information Systems Agency next month, he’ll leave behind a tangle of threats to the agency’s networks and a host of cutting-edge commercial technologies to offset them.
Naturally, those networks are a target for attackers and DISA leaders such as Lynn are anticipating a worst case scenario.
“We call it the terabyte of death,” he said. “We’re preparing for it, we know it’s coming and it’s just a matter of time before it hits us.”
This approach is indicative of the evolution of threats.
“When I first took over as director, we’d get a 1-gig to 2-gig [dDoS] attack at the internet access point, and we thought, ‘Ooh that’s a big deal.’ And we did all the things we were supposed to do. Fast forward a couple years, now we get 600-gig [dDoS] attacks on the internet access points. Unique, different ways of attacking that we haven’t thought of before,” Lynn said.
DISA’s role as the military’s de facto IT authority, combined with the increasing requirements for IT and high technology on the battlefield, means the agency plays a key role on operations, and in what Lynn describes as today’s bottom line: lethality.
“We do a lot of cool IT stuff, we do cloud, we do the commodity IT,” Lynn said Jan. 11 at an AFCEA DC event in Arlington, Virginia. “But at the end of the day, it’s about lethality. And you’ve heard the Secretary talk about lethality. We’re that piece for the department.”
Being “that piece” spans everything from missile defense to classified communications on commercial smart phones to ensuring video feeds from unmanned aerial vehicles get fed worldwide to decision-makers in real-time, Lynn said.
“The drones that are flying, the pilots are [in the U.S.] and the drones are over there. All of that in between is us, making sure that happens,” he said. “The big pipes that connect everybody to missile defense, that’s our pipes and our networks enabling that. And when the services leave their networks and move, it all comes across our networks to enable them to communicate back to their headquarters.”
Those networks are subject to threats that only continue to grow in size and volume, Lynn and other DoD officials speaking at the event emphasized.
“The reality is we’ve got to get it right all the time – they only have to get it right once,” said Dave Bennett, DISA’s director of operations. “Emails are the No. 1 delivery mechanism globally.”
It could come in any of the 36 million malicious emails Pentagon networks are targeted by every day, Bennett said
To continue to boost security, DISA leaders said they’re looking at an array of technologies that offer promise for current and future applications. Commercial smart phones that can be modified for secret and top-secret use, even used to monitor and make decisions on the aforementioned drone feeds, already are being used. Continuous multi-factor authentication that uses gait, and as many as half a dozen other factors, are in development. Big data analytics that provide better network visibility remains a top priority.
All of those technological developments on Feb. 1 will become the responsibility of Rear Adm. Nancy Norton, who will be promoted that morning to vice admiral before officially assuming command. Norton will be promoted to director after roughly six months as deputy director.