AI and Analytics: Must Haves for Our Naval Force

Lloyd McCoy Jr.

By Lloyd McCoy, Marketing Intelligence Manager

There’s a real sense of urgency in the Navy.

Increasingly, at conferences (most recently at AFCEA West) and in sidebar conversations, I hear maritime leaders talk about “Great Power Competition” and how we’ve reached an inflection point in terms of how dispersed our fleet can reasonably be while maintaining effectiveness with current capabilities.

The mantra “do more with less” has been around since time immemorial but there’s a widespread belief that while the U.S. military will always have the advantage in air, land and sea, artificial intelligence (AI) looks to be an equalizer. There’s also the belief that we are only at the beginning of the adoption and development cycle for AI.

How do you fight a war against an adversary that can predict what you are going to do before you even know? Ladies and gentlemen, we are in an AI arms race. Read more of this post

An Introduction to Security Frameworks

Lloyd McCoy Jr.By Lloyd McCoy, Market Intelligence Manager

A key takeaway from RSA Conference 2019 was the importance of security frameworks. They encompass security best practices and help government agencies keep their heads above water amid all the cyber threats that are out there. When breaches do occur at the federal level, the post-mortem usually reveals some deficiencies in compliance.

For the federal government, the National Institute of Standards and Technology (NIST) is the primary source for security standards. The Office of Management and Budget (OMB) requires that agencies comply with NIST guidance. If you sell technology to the government, it’s important that you be familiar with security frameworks, because they play a big factor in why agencies buy what they buy in terms of security tools and services.

Security frameworks can largely be split into three categories: Control, Program and Risk.

The purpose of control frameworks is to identify a baseline set of controls, assess the state of technical capabilities, prioritize the implementation of controls and develop an initial roadmap for the security team. It’s important to become familiar with NIST SP 800-53, an important publication that catalogs security and privacy controls, because it helps agencies measure their impact. Government departments and agencies use NIST SP 800-53 to inform their purchasing decisions, specifically around incident response, configuration management, risk assessment and access control solutions.

Read more of this post

Government Needs to Shore Up Security Readiness – Before the Next Shutdown

Lloyd McCoy Jr.

By Lloyd McCoy, Market Intelligence Manager

Whether it’s through government shutdowns or cyber threats, the possibility of government having to unexpectedly operate at reduced capacity is greater than ever. While it appears that the recent partial shutdown had minimal impact on security readiness, we should count ourselves lucky instead of expecting such an outcome to be the norm.

With the resumption of full government operations, all agencies, not just those affected, should take stock and partner with industry to shore up their posture in two areas, risk management and AI.

Risk Management

Government agency risk management strategies have traditionally emphasized the threat landscape and vulnerability of attack surfaces. Expect agencies to take a hard look at their risk posture to determine whether they’ve adequately factored in the impact of government shutdowns. This is an area where industry can play a role – helping agencies adjust their security readiness in an environment where reduced operations may become more of a norm.

Work with your government customer or prospect to ensure that proper backup and recovery capabilities are in place, that their systems and networks have the right kind of resiliency and segmentation solutions in place, and that the security personnel are equipped with the right tools to “put out fires” when workforce and capacity levels are compromised.

Read more of this post

Changes to DHA Will Impact Cybersecurity Needs

Lloyd McCoy Jr.By Lloyd McCoy, Market Intelligence Manager

The mandates in the National Defense Authorization Acts of 2017 and 2019 called for greater centralization of the military health system. We are now seeing these initiatives being set in motion. One prime example is the migration of the Army, Navy and Air Force’s more than 400 military hospitals and clinics under the umbrella of the Defense Health Agency. I recently attended an AFCEA luncheon where Dr. Barclay Butler, the Component Acquisition Executive for DHA, and Pat Flanders, DHA CIO, spoke extensively on the ongoing consolidation, as well as other initiatives which promise to impact how those selling IT should approach defense health IT leaders.

Measurability and efficiency are driving the trend toward centralization and standardization across the Defense Health establishment. This is particularly applicable for security vendors since DHA wants to instill commonality in cybersecurity services and tools — from the largest military hospitals to the widely dispersed clinics. The two leaders urged industry that when engaging with Army, Navy and Air Force hospitals and clinics, think of the big picture. How can your solution work and be applicable across the entire military health enterprise?

Measurability

Butler and Flanders spoke at length about the need to measure outcomes. For security solutions, that means being able to better monitor threats and speed of remediation. Nothing new on the surface, but this requirement becomes more complicated as more and more military facilities get subsumed under DHA, with all the network architecture and migration challenges that come with the transition. Having a steady dialogue with DHA or one of the service medical commands is critical to ensure that safety and security aren’t negatively impacted by these changes – while ensuring that the hospitals and clinics have robust capabilities for measuring and auditing their security posture.

Read more of this post

Key Highlights From the FY19 Cybersecurity Budget

Lloyd McCoy Jr.

By Lloyd McCoy, Market Intelligence Manager

The newly minted FY19 budget stands out because the federal government passed it on time and for the first time in nine years, government agencies begin the new year equipped to fund new and ongoing IT investments. In what is welcome, albeit not surprising news for security providers, cybersecurity remains the highest priority in the IT budget.

When it comes to security-specific spending, all signs point to the recently passed budget largely aligning to the initial agency wish lists.

Below are some of the key takeaways to help you map out your targeting strategy. Note that these figures don’t wholly encompass security spending as a substantial (though unknown) level of security spending isn’t formally recognized as such.

Read more of this post

National Cyber Strategy – What Does It Mean for Those Selling Security Tools to the Government?

Lloyd McCoy Jr.

By Lloyd McCoy, Market Intelligence Manager

You’ve probably heard of the release last week of both the National Cyber Strategy and the Department of Defense (DOD) Cyber Strategy. Some of the priorities highlighted are robust information sharing, greater resilience, encryption, cyber scalability and hardening of IT systems. In fact, we’ve seen demand for these capabilities reflected in recent cyber budgets which have hovered between $13 and$15 billion over the last couple of years. While the documents bring together much of the cyber policies heard from the administration over the past year, there are some important key takeaways you should be aware of as we head into FY19.

Offensive Cyber
One of the most notable developments is a more overt embrace of offensive cyber operations. The DOD Cyber Strategy especially, hones in on this “defending forward” strategy, where the U.S. will confront threats before they reach U.S. networks.

By giving the government more latitude to conduct proactive and offensive cybersecurity, we could see more funding and resources allocated to these operations as early as next year. Expect more demand for network mapping and reconnaissance, data extraction, firewall tunneling and encryption/decryption tools, just to name a few. I expect most of the funding and demand for offensive cyber tools will be generally confined to U.S. Cyber Command and the intelligence agencies.

Read more of this post

5 Reasons Shutting Down DISA Would Be a Bad Idea

Lloyd McCoy Jr.

By Lloyd McCoy, Market Intelligence Manager

Not for the first or last time, Congress this year considered getting rid of some agencies as a cost-cutting move, and the Defense Information Systems Agency (DISA) may end up on that list. DISA provides networking and communications hardware and software for systems and services across all of the DOD. What might happen if the agency that handles military networking, computing and communications services gets the axe?

Senior leader communication support – DISA provides secure communication services to the White House and to other senior leaders. Keeping the infrastructure and its security under one roof creates operating efficiencies.

CYBERCOM could, theoretically, handle the role, but it would dilute that agency’s core mission of ensuring U.S. military cyber superiority – and force considerable reorganization to do so.

Spectrum management – Managing the electromagnetic spectrum is crucial to the security of communication, navigation and warfighting. That’s part of DISA’s job for the DOD, and it’s more important than ever with the networking of our ground, sea and aviation military assets. It would be a coordination nightmare to make service branches and military agencies share risk assessment and vulnerability information in their warfighting communications.

Read more of this post

%d bloggers like this: