Execute the commander’s intent at machine speed for cyberspace


0


Join us this week for Tuesday – Thursday for Cipher Brief Cybersecurity Summit It includes leaders from the public and private sectors, including the President of Microsoft Brad Smith, FireEye CEO Kevin Mandia And 28 thought leaders in the field of cybersecurity, including today’s author, Andrew Stewart. Attendance is free and Registration required.


Leader intent execution at machine speed for cyber operations

Three integral technical fundamentals


Andrew de Stuart, National Security and Government Strategist Expert, Cisco Systems

Andrew de Stuart He is the Senior National Security and Government Strategist for Cybersecurity at Cisco Systems, Inc. It works across the practices of Cisco’s global government but focuses primarily on national defense and intelligence. He served nearly 30 years in the US Navy where he last served as Chief of Cyber ​​Operations for the US Cyber ​​Fleet / Tenth Fleet command. He also served as Commander and Program Director for the Naval Electronic Warfare Development Group (NCWDG).

the need. The decision-making feature of the federal government and in the combined cyber operations of the Department of Defense produces safe, smooth, and rapid maneuvering of data and information. Rapid adoption and integrated implementation of three technologies must be achieved across Federal and Department of Defense networks in order to execute cyber operations according to commander’s intent – at machine speed. These technologies, tightly combined together, provide the opportunity for the government to implement revolutionary cyber operations capabilities from the edge to the cloud and produce mission-optimized, data-backed results. The scalable and seamless integration of: (1) Advanced Identity Services, (2) Software Defined Networking, and (3) Hybrid Cloud capabilities constitute an electronic platform based on leader’s intentions that is realized in an architecture based on principles of Zero Trust and runs at machine speed. This ensures cybersecurity and provides a decision-making advantage for the nation.

Many artificial intelligence and data strategies Documents– the extended federal government agencies, especially the Department of Defense – all recognize that some basic building blocks and basic systems must be put in place to expand access to data and democratize AI capabilities – including the means to obtainCommon basis From shared data, reusable tools, frameworks, standards, cloud services and edge. “Combined, recognizing that getting more data and using it from the edge can make government agencies more efficient and provide the advantage of a nation’s decision. And the Consuming more data from the edge has never been greater and this demand is driving the need for more innovation to support secure, government-wide cyber operations. This is quickly evident from a quick review of current in situ programs relevant to the federal space that includes: mobility (5G and Wi-Fi 6), mobile workforce, IOT / ICS, digital transformation (warehouses, shipyards, manufacturing), agency-wide strategies. Data, JADC2, CMMC, DIB, DoD’s, TIC-3.0. This list alone enables the conclusion that Edge, Data Center, Private Cloud, and Public Cloud all converge into one hybrid cloud. This emerging environment – imposed by users who need to access data and applications from anywhere and on any device – imposes a security approach based on a programmatically defined environment built on these three technical fundamentals.

Hence, the core of the need for innovation is the increased demand for sharing data and applications – from anywhere – while at the same time, the size / size of government networks and networks and adoption of hybrid cloud is increasing. without Proportional growth in IT resources to support cyber operational demand. If the network continues to grow exponentially and must act as a maneuver for data and applications that provide the advantage of government decision, then government must deploy revolutionary innovations to reinvent the network as an integrated platform for cyber operations. Therefore, these three integrated technologies are absolutely essential to support a growing nation’s needs to simultaneously leverage and protect data.


Joins Cipher Brief March 23-25 ​​for three days Virtual Cybersecurity Summit It includes leaders from the public and private sectors, including the President of Microsoft Brad Smith, FireEye CEO Kevin Mandia And a group of experts from the public and private sectors. The summit is co-hosted by Cipher Brief CEO and publisher Susan Kelly And a former NSA Deputy Director Rick Lidgate. Attendance is free and Registration required.


Vision. A leader-based hybrid cloud that provides government with a secure way to maneuver data and applications – providing decision-making advantage. Intent-based networking is made possible through the tight integration of advanced user / device identity services, software-defined networking, and hybrid cloud technologies. These integrated capabilities allow for a revolution in electronic operations to achieve a government electronic platform that provides visionary, agile and secure integrated network operations – all based on a philosophy of distrust. With this approach, the least access privilege and intention-based policy is applied to every OT device, all users, all devices, and all application workloads. It’s the tight integration of advanced identity services, software-defined networking, and hybrid cloud capabilities that make this vision possible.

Taking a confidently philosophical approach and following NIST SP 800-207 guidelines, implementing a software-defined large-scale network provides means to control granular access and micro-logical segmentation by weaving the network’s layers into a policy-driven fabric that understands, implements, and automatically enforces the leader’s intent for cyber operations. In line with the NIST SP 800-207 Basic Control / Data Level Model, as illustrated, software-defined networks provide the means to form abstraction layers in the network to reduce the complexities of managing individual devices and enhance security by interweaving only those authorized connections according to the leader’s intent specified in Policy decision point (PDP) implemented by a policy implementation point (PEP) – via a government hybrid cloud platform.

Advanced identity services combined with software-defined networking provide a means to implement micro-segmentation at scale and speed and enable an automated network fabric that allows users and devices (in short: users / devices) or OT devices (or “non-user devices”) to communicate more easily and securely via a control plane. . In the physical world, a leader’s intent is implemented by controlling actions across the command process, according to each unit’s specific identities and specific capabilities. For cyber operations, the network must also be able to apply the policy to users and devices – based on their individual capabilities and assigned tasks – with full knowledge of how they connect to the network, and their permitted functions – automatically, at a scale and speed. The decision criteria for individuals to access data in the Department of Defense are usually based on: (1) Identification and authentication – Does the individual have appropriate identification credentials? And (2) delegation – does the individual have access to the data, or “do they have a need to know?”

Advanced identity services continuously Integrates and updates as much contextual information about the status of users / devices, their authorized roles and authenticated credentials, and their means of accessing the network. The intention-based electronic platform uses this approach to identify all OT devices and users / devices attempting to connect to the network. This suspicion / authentication process is not a one-off event; Instead, using dynamic context and identity authentication, the online platform applies the least principles of privileged access by continually challenging and authenticating every user / device every time a data access decision must be made – automatically, at device speed. Consequently, the leader’s intent for the network is implemented through network policy control actions, via the software-defined level of control, according to each user / device defined identities and specific capabilities. These policies apply Before Network Connectivity / Access is given with full knowledge of how they are connected to the network, their compliance, their capacity status, their permitted functionality, and as much contextual information as possible.

Equally important, but especially in a hybrid cloud environment, intent-based leader control measures should be applied and enforced to every cross-edge and data center application workload, especially for inter-container communications or monitoring software via a hybrid cloud. The flow of application data in today’s modern networks flows over an expanded hybrid cloud environment with millions of streams per second. Users and devices should be able to access data and workloads outside of their on-premises environments – including that delivered from hybrid cloud services offered over the Internet. The Software Defined Networking approach allows for the implementation of a Software Defined Environment (SDP) that aligns with the no-trust philosophy by maintaining the default reject position for every transaction. Combined with a deep understanding of the identity of the users / devices on the network, the intent-based electronic platform automatically maps device workloads and implements an application whitelist across all environments and over millions of streams per second. This SDP approach creates a protective barrier around high-value applications and enterprise data that protects the hybrid environment from emerging cyber threats by blocking it dynamically and only permitting access to devices registered with properly authenticated users.

As part of their digital transformation journey, organizations across the federal government are deploying their mission strategies to make appropriate use of technologies delivered over the cloud where the capabilities offered via the cloud make great sense. To meet digital transformation needs, it is not a matter of whether expanding the consumption of hybrid cloud solutions will be necessary, but rather of how to integrate the appropriate capabilities in the best possible way to support mission outcomes. Software-defined networks and advanced identity services provide the means for a government e-platform to seamlessly adopt these services in a hybrid cloud environment through a philosophy of distrust. Hybrid cloud e-platform combines infrastructure, security, management, open APIs, containers, and tools to create a consistent and secure environment across local data centers and across multiple clouds.

Transformation. Implementing a cyber platform based on the leader’s intent is a necessity for any organization’s digital transformation efforts. Such an electronic platform enables electronic processes at machine speed to enable decision-makers to obtain data-based insights across all federal government agencies and missions. The close integration of core technologies into (1) advanced identity services, (2) software-defined networking, and (3) hybrid cloud capabilities enable a government electronic platform to understand and implement a leader’s intent at machine speed. Implementing these capabilities across the edge, data center, and hybrid cloud environments will provide the government with a platform that provides the means to maneuver data and, accordingly, grantCommon basis Of shared data, reusable tools, frameworks and standards, cloud and advanced services ”and gain today the decision-making advantage of the nation.


Cipher Brief hosts private briefings with the world’s most experienced national and international security Experts. Become a member today.


Read more National Security Visions, perspectives and analyzes in the field of national security Cipher Brief


Like it? Share with your friends!

0

What's Your Reaction?

hate hate
0
hate
confused confused
0
confused
fail fail
0
fail
fun fun
0
fun
geeky geeky
0
geeky
love love
0
love
lol lol
0
lol
omg omg
0
omg
win win
0
win
Joseph

0 Comments

Your email address will not be published. Required fields are marked *