5 Key Takeaways from AFCEA TechNet Cyber

By Dolan Sullivan, Vice President of Federal at Aruba, a Hewlett Packard Enterprise company

This guest blog is written by my colleague, Reggie Moore, Technical Account Manager, DoD with Aruba Federal, a Hewlett Packard Enterprise company.

AFCEA TechNet Cyber May 2019Aruba’s Federal team had the privilege of exhibiting at #AFCEA TechNet Cyber conference in Baltimore, MD last week. The conference was the staging area for military, industry and academia to discuss and plan how to achieve persistent engagement and presence and innovation.

Here are my five key takeaways:

1. Defense Information Systems Agency (DISA) is taking steps to be more innovative and agile and ultimately influence the industry. The agency is increasing its focus on innovation through the use of other transactional authorities (OTAs) to acquire an array of cutting-edge technologies, using rapid development processes and optimally will implement some of these within the next two years. The focus is on innovation and rapid acquisition and working with non-traditional companies that are more agile.

Stephen Wallace, DISA’s systems innovation scientist with Emerging Technology Directorate, stated these will influence the industry’s innovative solutions. “It’s a number of prototypes. The ones you’re seeing right now are fairly exploratory, but it’s to influence the commercial world so it will show up in products that we can then, down the line, acquire and integrate into our solutions going forward,” he said. “We’re not decades [away]. We’re also not a couple of months from now. We’re probably in the one- to two-year timeframe when we start to see some of those things show up regularly.”

2. DISA also is reviewing artificial intelligence (AI) and machine learning software to be instrumental in cybersecurity. AI and machine learning will eliminate the need to rifle through massive amounts of network data and looking for an anomaly that indicates a threat. According to Wallace, “We can’t human our way out of these kinds of problems, so we’re looking for creative solutions with respect to AI and machine learning for those repetitive tasks we can aim a computer at and let it go to town.”

3. Key to the Army getting the most out of 5G is the industry developing technologies to exploit its capabilities. Lt. Gen. Bruce Crawford, USA, chief information officer/G-6, U.S. Army indicated 5G is beyond “bigger, faster 4G.” Lt. General Crawford stated, “We’ve had some really good conversations inside the Army about what we think our needs are, 5G has the potential to become its own critical infrastructure.”

It is important that the industry keep pace with developing technology to use 5G’s power. Currently Lt. General Crawford has concerns: “If you think about the capability that 5G brings, our current infrastructure is not set to properly leverage 5G.”

4. Interoperability is crucial to a collaborative Combatant Command (COCOM). A global network is imperative to America’s four-star combatant commanders.  It is necessary to coordinate disparate services, agencies and allies against threats, including those found in cyberspace, that tentacle beyond a solitary location. Implementing the appropriate technology will require meeting challenges like new processes and training, and of course, the ever-challenging cultural change.

According to Vice Admiral Nancy A. Norton, the director of the Defense Information Systems Agency (DISA) and the commander of the Joint Force Headquarters Department of Defense Information Network (JFHQ-DODIN),“The most important thing for all of the COCOMs is interoperability— joint and coalition/allied interoperability, because we have to be able to fight across all of the COCOM’s, seamlessly, regardless of where we’re fighting.”

5. Being Command Cyber Readiness Inspection (CCRI) compliant does not necessarily mean being secure. Transitioning from the compliance-based CCRI to CCORIs (Command Cyber Readiness Operational Inspection) mission-based, threat-focused, operational risk approach will be greater understanding of the implications of a security breach. With the implementation of CCORIs, analysis is done on three levels of effort to review operational risk: mission, threat and vulnerabilities.

Another key to CCORI for a variety of groups to start talking the language of risk. Capt. Kris Kearton, director of U.S. Fleet Cyber Command's (FCC) Office of Compliance and Assessment, stated, “Under the old CCRI compliance-based inspection, it was difficult to understand the impact of vulnerabilities on the network much less prioritize their fix actions. By starting with a common operational risk lexicon, we allow leadership at all levels to talk about how to reduce the cyber risks that support mission.”