Proceed with Caution: Little-known Cybersecurity Risks in IT Consolidation

Lloyd McCoy_65x85by Lloyd McCoy Jr., Consultant

As budgets Warning Sign Cybersecurityconstrict, agencies across the federal government are looking to IT consolidation as a means of driving cost savings. The Department of Defense is no stranger to these pressures. One key aspect of the Department of Defense’s drive to consolidate all of their networks under a common security architecture is the Joint Regional Security Stacks (JRSS) initiative. Currently, bases and forts have their own cybersecurity architectures — at the local level. These architectures will now get handed off to regional facilities or nodes, making networks more unified, secure, and ultimately ensuring capabilities are universal at every fort and base. The benefits of the JRSS are it gives DOD a birds-eye view of their network activity, improves their network security posture by reducing attack surfaces, and reduces costs.

Unfortunately, there are some drawbacks that come with reducing attack surfaces through IT consolidation. Common belief tells us by reducing the attack surface of a system, there are less opportunities for network security to become compromised. However, in reducing the attack surface of a system, it doesn’t reduce the actual extent of damage that can occur once the system is traversed. Additionally, despite moving toward a smaller attack surface, DOD agencies can face increased vulnerability as increased amounts of data are concentrated into more target-rich attack vectors.

The key take away for COTS vendors is: as government infrastructure is consolidated and interoperability improves across DOD agencies, industry partners can play a pivotal role in helping keep systems and data secure. IT consolidation projects like JRSS will be the norm and will come with requirements for products like intrusion prevention, APT defense and other perimeter security tools.

IT consolidation is just one of many drivers we’ll talk about at the FY15 DOD Market Intelligence Briefing.  Join us November 20th at the McLean Hilton to learn more about the priorities and programs, DOD cares most about.  Come away armed with the knowledge and, well, market intelligence you need to have a successful FY15 and beyond.

About Lloyd McCoy Jr.
Lloyd McCoy is the Department of Defense Consultant on the Market Intelligence team. Prior to working for immixGroup, he worked in the public sector as a senior analyst with the Defense Department. Lloyd primarily monitors and analyzes issues relating to the Navy/Marine Corps, Defense Health Agency, and the Defense Information Systems Agency

One Response to Proceed with Caution: Little-known Cybersecurity Risks in IT Consolidation

  1. David Timothy says:

    Great article Lloyd. What is the scope of the JRSS initiative? I assume commands are consolidating their network architecture within their own military branch. Without taking into account the internal rivalry that would keep this from happening- would it ever be possible/reasonable to bring network administration up another level to where resources are shared among the Navy, Marines, Army, Air Force …etc?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: