Tight defense budgets could yield better cybersecurity, information sharing

The Defense Department’s ongoing budget struggles could lead to streamlined cybersecurity efforts and better shared capabilities across the military services, defense officials said.

The hundreds of billions of dollars slated to be shaved from defense spending will push DOD toward creating a joint infrastructure for the military services, said Mark Orndorff, director of mission assurance and network operations at the Defense Information Systems Agency.

Speaking as part of a panel discussion sponsored by AFCEA-NOVA in Arlington, Va., on May 20, Orndorff said budget problems are a great motivator for forcing the services to work together on IT capabilities rather than having redundant programs in each military branch.

“On the positive side, the budget cuts force us to reassess how to spend [on cyber]…and it forces a dialogue at the joint level,” Orndorff said. “We can prioritize better and focus on key things and core competencies. On the negative side, we’re forced to make choices, and things like insider threats fall by the wayside when they ought not to.”

Budget shortages will also promote efficiencies and innovative planning that could improve cybersecurity and information sharing, Orndorff said today in follow-up comments.

Standardization — essential to implementing enterprisewide services — will be improved as organizations jointly coordinate security, and that will help clear the way for efforts such as enterprise e-mail, already under way in the Army and DISA. Orndorff said enterprise e-mail is an example of capabilities that face hurdles in broader implementation because of the disparity in individual security systems, such as firewalls policies.

“As we get to a standard perimeter security approach, it will be more efficient to field enterprise capabilities since we’ll have a security policy we can count on and predict,” Orndorff said. “Today, we have a minimum standard security requirement, but at the local level, organizations have the option to go above that. People do it in different ways, so we have to troubleshoot against a variety of firewall policies that vary site to site, and that doesn’t scale well.”

Financial struggles will also affect DOD’s approach to upgrading aging technologies and security systems, Orndorff said.

“A lot of security infrastructure throughout the services is at the point where it’s due for a tech refresh, and the bill for that is something that’s not supportable in all the budgets across the services,” he said. “It’s encouraging us to be diligent to come up with the most cost-effective way to do tech refreshes.”

Getting defense IT to the enterprise level won’t be easy, and many issues still need to be resolved, especially with regard to logistics, said Brig. Gen. John Ranck Jr., the Air Force’s director of warfighter systems integration.

“The movement of information, the movement of forces across a theater the size of Iraq or Afghanistan is an incredible information transport challenge,” said Ranck, who cautioned against overloading troops’ rucksacks with heavy computer systems.

Budget problems also create discrepancies about where to invest precious DOD dollars, said Maj. Gen. Ed Bolton Jr., the Air Force's director of cyber and space operations.

“We have to build the next generation of world-class cyber warriors,” he said. “Every airman must have a certain understanding of cyber,” just as all airmen have a certain understanding of air power, and that's something that's still being determined.

He added that DOD is pulling together a cyber integration group to coordinate and integrate cyber issues across the military services and DOD.