Dr. Kelly Fletcher, who has been performing the duties of the U.S. Department of Defense (DoD) Chief Information Officer, met with Mary Legere, Managing Director and Special Advisor, National Security portfolio at Accenture Federal Services, at the 12th Annual Billington Cybersecurity Summit to discuss DoD priorities in the coming year.
DoD goals over the next year represent a strategic reset responding to a shifting cybersecurity landscape. The DoD priorities Fletcher outlined include:
Preparing for new adversaries: In the past, cyber defense at the DoD involved making risk decisions about vulnerabilities in cybersecurity and technology to stay ahead of cybercriminals. Now, adversaries can identify vulnerabilities and launch kinetic attacks more easily, necessitating new strategies to defend against evolving threats.
Adapting to the cyber environment: The spectrum environment in the U.S. has become congested with the use of cell phones and 5G technology, making the cyber landscape more complex. The DoD prioritizes adapting their radio use to fit the current spectrum environment.
Investing in cyber strategy: The next stage of cybersecurity necessitates information sharing and smart artificial intelligence (AI) usage, but investments in bandwidth are also paramount to maintaining strong cyber defense systems. The DoD's JADC2 strategy aims to link defenders across all arenas — cyber, land, sea, air and space — to shared data in a secure manner.
Shifting to zero trust: As data moves from being stored in the same building as a user to the cloud, the previous cybersecurity focus on network perimeter security becomes irrelevant. The DoD is in the interim steps of opening a Zero Trust Program Office, and various sectors of the department have started work on zero trust initiatives, like the Defense Information Systems Agency's Thunderdome effort.
Assuming an adversary is already in the network is critical to building a proactive, responsive cyber defense system.
"Success for [cyber defenders] is finding [adversaries] quickly, fighting through their presence in my network, and then removing them rapidly," according to Fletcher. Using a zero trust model ensures preemptive defense of data, not just networks.