INDUSTRIES

Defense Department’s Multi-Cloud Cloud Strategy: A Role for SIEM

It’s difficult to recall a time over the last ten years when cloud requirements were not at the forefront of the Defense Department’s modernization efforts. Cloud capability reviews and requirements, in some form, extend from the Pentagon’s net-centricy efforts — to the Joint Information Environment, Digital Modernization, and up through to today.

Naturally, Congress has noted the value of the approaches to cloud in virtually every annual National Defense Authorization Act over this timeframe. While we wait for a Senate-passed version of the Fiscal Year 2023 bill and a conferenced version later this year, we can look to the Senate and House Armed Services Committee reports for what is coming.     

The Senate Armed Services Committee referenced DoD’s multi-cloud strategy in writing:

"The Department of Defense's decision to implement a cloud smart strategy and use a multi-cloud architecture that allows for portability and interoperability across multiple vendors is a positive development. The Department should use the latest cloud management software technology and enterprise-wide multi-cloud management principles that allow for applications, data, and programs to be portable and interoperable between public, private, and edge cloud environments while minimizing the cost and complexity of any unavoidable refactoring.

Without such enabling multi-cloud management technology, the Department will not realize the benefits and operational efficiencies and security of a resilient multi-cloud architecture, which will lead to unnecessary stove-piping with potential national security concerns."

Similarly, the House Armed Services Committee noted:

"The Committee supports the Department’s decision to deploy a multi-cloud architecture. A multi-cloud approach aligns better with the Department’s mission and offers many benefits including allowing for more comprehensive future innovations, easier data portability, increased resilience and security, and decreased stove-piping.

The Committee directs the Chief Information Officer of the Department of Defense to provide a briefing to the House Committee on Armed Services not later than March 31, 2023 on the strategy for future multi-cloud projects."

While DoD undertakes the effort to meet these requirements regarding multi-cloud approaches, the time is right to also consider the advantages of Security Information Event Management (SIEM) capabilities as applied to cloud. Among other benefits, a SIEM capability aims to centralize and aggregate all security-relevant events as they’re generated from their source, can add context and threat intelligence to security events, and ingest all data (users, applications) from cloud and on-premises sources and make them available for monitoring, alerting, investigation and adhoc searching, while reducing risk by enabling faster detection and incident response to newly discovered and ongoing threats with ready to use relevant content. By utilizing SIEM for cloud, DoD can quickly deploy, scale and consolidate all relevant security information in a single repository, ensuring that it’s protected, indexed and analyzed.

It is clear that commercial-off-the-shelf SIEM has tremendous benefits that lead to effective network security. This capability provides a single security management system that offers full visibility into activity within Department of Defense networks, thus allowing Security Operations Centers to respond to threats in real time. As the Department continues to increasingly transition to a software-as-a-service model, security must remain a key consideration in moving to the cloud.

The Department should explore expanding SIEM for higher sensitivity controlled unclassified information (CUI). Perhaps JFHQ-DODIN and the Military Services might conduct a pilot program for a commercial-off-the-shelf SIEM capability for impact level 5 (IL5), with JFHQ-DODIN aligning that effort with the security orchestration and automated response pilot activity that was directed in the National Defense Authorization Act for fiscal year 2022?

For more information, check out our "Take Your SIEM to the Cloud" whitepaper.

Tim Frank
Posted by

Tim Frank

Tim Frank is the Director, Defense Federal Government Affairs, bringing over a decade of experience at the intersection of the Defense Department, Congress, and Industry. Prior to joining Splunk, Tim worked in the Office of the Secretary of Defense as the Deputy Chief of Staff to the Pentagon’s Chief Information Officer, focused on information management, legislative, public, and international affairs. During the Obama Administration, he served as a Special Assistant to the Assistant Secretary of Defense for Legislative Affairs, focusing on information technology and cybersecurity issues. Tim holds a JD from Michigan State University College of Law and a BA in Political Science from Grand Valley State University.