Pentagon Solutions: NDU iCollege team on getting beyond checklist approach to cyber

Wednesday - 1/4/2012, 5:40pm EST

Pentagon Solutions

Download mp3

By Jack Moore
Federal News Radio
@jmooreWFED

A team from the National Defense University's iCollege, which was recently honored by the the Defense Department's office of the chief information officer for a special cybersecurity workshop, joined Pentagon Solutions.

The event hosted more than 200 people from the Pentagon, international defense organizations, industry and academia. The workshop focused on identifying cyber threats, such as the Stuxnet worm, and responding to them. It also highlighted risks to the power grid and other critical infrastructure.

The team consists of Prof. Gilliam Duvall, Dr. John Saunders and Dr. John Hurley.

NDU's mission

"I think the issue is understanding what's going on in this area a little better, Saunders said. "It happens to very technical in nature. We have a lot of complex equipment and relationships. And our purpose really at NDU is to help people understand — especially in our military and government leaders — what the threats and vulnerabilities are in this area."

On 'protecting the data'

Hurley said, following NDU's moniker, the emphasis is on defense — "how do we protect information, which is the biggest asset of the federal government," he said.

He added that there has been a shift over the past couple of years from thinking of security as only protecting actual networks from physical intrusions to a more holistic view of protecting the data, itself.

"There has tended to be much more of a focus now on looking at how do you protect the information. The systems, of course, we assume to be typically tools that utilized to either exchange and transfer information. But the biggest asset is really the information."

On cyber compliance

"As you begin to share information in a more complex environment, you need to have more controls in terms of who can access what," Duvall said, noting that the size and scope of the federal government adds to its immense complexity.

"Policies and procedures are certainly something that we need to follow," he added, "and we get a little bit of help from technologies that sort of enforce those policies."

Beyond a 'checklist approach' to cyber

Saunders said the increased awareness of cybersecurity means more people have more of a role to play.

"I think we need to get down to people on all levels — and up to people on all levels," Saunders said. "It's not just the CISO's jobs, but it's the job of every individual to be cognizant of security ... And the CEO — is he or she aware of what's going on in this arena and are they doing their best to support it?"