The importance of the security of the Department of Defense’s (DoD’s) networks is no secret (well, of course a lot of it is secret!). This is evidenced by the Department’s IT/cybersecurity budget request that annually tops $40 billion dollars. Last year’s IT and Cyberspace Activities Budget Overview perhaps said it best:
“Successful mission execution is contingent on a seamless, secure infrastructure that transforms data into actionable information and ensures dependable mission execution in the face of the persistent cyber threat.”
In addition to funding DoD’s annual cybersecurity budget request, Congress, acting in its oversight role, provides multiple recommendations and gives explicit direction in the National Defense Authorization Act (NDAA) on how it believes the Department can best achieve and maintain this security. The NDAA for Fiscal Year (FY) 2021 is no different. This year’s bill is full of the typical cybersecurity requirements, including an annual assessment of cyber vulnerabilities of major weapons systems, an assessment of cyber hunt forward missions, and Congressional direction to undertake a baseline review of the Joint Regional Security Stacks (JRSS).
However, tucked away in the Senate Armed Services Committee’s report (that accompanied their version of the FY21 NDAA) is an important, but little noted provision. That provision directs the Secretary of Defense to undertake a demonstration of interoperability and automated orchestration of cybersecurity systems. While the report language is not technically part of the NDAA itself, DoD takes both the Senate and House Armed Services Committee reports very seriously, most often treating them with the effect of law. Specifically, the Committee required the Department to “sponsor a demonstration of commercial technologies and techniques for enabling interoperability among cybersecurity systems and tools and for machine-to-machine communications and automated workflow orchestration.” The Committee goes on to note that DoD cybersecurity systems lack the capability to automatically connect, giving the Joint Cyber Command and Control System and the Unified Platform as examples.
Perhaps the Department could focus on automation of speed-based cybersecurity metrics as well, harnessing the benefits of real-time compliance monitoring along the lines of the requirements of the NDAA Section 1733 pilot program on cybersecurity capability metrics. No doubt the importance of automation – from security operations center (SOC) functions to incident response – cannot be overstated in the present environment and will continue to grow for the foreseeable future as both Congress and DoD have recognized.
For more information, check out Splunk's security orchestration and automation capabilities.