The Department of Defense (DoD) network is an intricate combination of systems, applications, and tools. Due to this complexity, emerging threats pose multiple points of vulnerability for which multiple communication methods must be deployed simultaneously.
The DoD Model is a four-layer structure used by computers to exchange data over wide area networks (WAN). It forms the cornerstone of modern networks and can be found in exams like CCNA and Network+ certification exams.
Network Security
Cyberspace’s digital revolution has led to an interconnected web of information and things connecting disparate nations, organizations, groups and individuals worldwide – creating a dangerous threat environment that has drastically increased. To combat this danger the Department of Defense (DoD) has amassed an extensive arsenal of tools and technologies designed to defend its networks, systems and information against these attacks; additionally it is also one of the leading advocates of international cybersecurity standards and initiatives.
The Department of Defense Information Network (DODIN) offers an innovative, resilient, secure communications and computing environment designed to enable warfighting operations. Comprised of more than 15,000 unclassified and classified networked environments worldwide, DODIN serves the military services, executive branch agencies, combatant commands and 14 DOD agencies and field activities; its portfolio also features DOD-owned or leased telecommunications networks, undersea/terrestrial transport networks, satellite gateways gateways as well as multinational coalition information networks/subsystems/ operations support capabilities.
DODIN is the heart of a federated environment encompassing 46 combatant commands, services and DoD agencies and field activities that operate within it. Each day they conduct operations that leverage and engage with one another as well as partners within DODIN for mission assurance and success – these missions depend on DODIN for mission assurance and success! DODIN remains a 24/7 vital resource that demands constant vigilance from DoD to maintain its security.
JFHQ-DODIN leads DOD efforts to detect, deter and respond to adversary activity against DODIN by sharing information to protect information systems and networks as well as mitigate attacks by malicious cyber criminals. Their efforts include creating and deploying defensive capabilities which make attacking DODIN unattractive by balancing cost with risk considerations.
The Department of Defense has developed a cybersecurity policy chart to assist its cybersecurity professionals with the vast amount of legislation that may impact them. Using color coding, this chart allows DoD cybersecurity specialists to navigate their way through legal authorities, federal and national level cybersecurity policies as well as DOD policy documents related to protecting DODIN (DOD Information Network). The chart can be viewed online for easy reference by DoD cybersecurity specialists.
Network Operations
Defense Information Systems Agency, or DISA, is responsible for planning, designing, fielding, operating and supporting command, control, communications and information systems that serve the President, Vice President, Secretary of Defense, Joint Chiefs of Staff, combatant commanders and their mission partners in all conditions of peace and war. DISA also offers network support services including worldwide IP routers as well as providing help desk services 24 hours per day, seven days a week.
DISA takes multiple measures to protect DOD networks, such as consolidating core information services and strengthening security controls, as well as developing resilient network architecture that meets military mission requirements while offering protection from threats.
DOD’s network architecture serves as the cornerstone of its security. Comprised of layers that communicate and share data over long distances, lower layers handle data transmission while higher ones control access to them.
DOD networks are complex and distributed, making it challenging to secure. Vulnerabilities may allow malicious actors to easily exploit them. DOD leaders must take an holistic view of their network’s workings in order to strengthen its resilience.
There’s more than meets the eye when it comes to choosing a suitable car! From full-service dealerships to independent, boutique service stations – let the adventure of buying, owning and running one begin! To enhance DOD’s ability to produce consistent and complete budget estimates for cyberspace operations, the Secretary of Defense should direct USDP, in coordination with Chairman of Joint Chiefs of Staff and U.S. Cyber Command, to develop a framework and timeline for defining cyberspace-related activities and programs. DOD needs to identify and document all activities and program elements required for cyberspace-related operations that need to be budgeted for, while simultaneously giving them an accurate estimation of total cost associated with their cyberspace-related activities and operations. Doing this will enable more accurate estimation of overall defense budget impacts as well as prioritize investments into cyberspace capabilities more effectively.
Network Monitoring
The Department of Defense (DoD) depends on a complex networked infrastructure to carry out its missions. While this global network provides superior information and communication systems, it also poses serious threats to both military and civilian communities alike. To mitigate such risks effectively, DoD must implement monitoring strategies.
DoD security relies heavily on detecting anomalous activity within its vast data repository. Unfortunately, due to the complexity of their network this task can be daunting and requires sophisticated technologies in order to be completed successfully.
To meet this challenge, the DoD has collaborated with industry to develop innovative network monitoring technologies. Their Scalable Network Monitoring program, for example, seeks to enhance gateway malicious activity detection devices through Secure Decisions’ management and includes several partners including Johns Hopkins Applied Physics Lab and National Institute of Standards and Technology among them.
Contrary to traditional firewalls that rely on static signatures to detect suspicious activity, new technologies utilize artificial intelligence for real-time threat analysis and alerts. This approach drastically shortens critical timelines while increasing accuracy of threat detection.
DoD networks are comprised of different hardware, software applications, and systems which communicate using protocols standardized for network devices to communicate. DoD professionals can use network monitoring tools to detect these protocols to ensure they are functioning as expected.
Numerous networks employ multiple layers of security, including access control and firewalls that filter incoming and outgoing information, preventing unauthorized users from entering, but they could still be vulnerable to attacks. To reduce vulnerabilities, DoD needs network monitoring solutions capable of detecting threats at speeds and scale that exceed human capabilities.
DoD should deploy network monitoring tools and train its personnel to recognize and respond to threats effectively in order to comply with Cybersecurity Model Maturity Certification, an Army-wide framework which establishes cybersecurity best practices. DoD personnel must understand that all DoD-approved network devices must display a warning banner prior to any authorized user logging on, failing which they could expose the DoD to both civil and criminal liability for unapproved access.
Network Management
Once again, this time from a distance. As soon as a momentary distraction presents itself, my focus returns back onto my original goal – making a living and enjoying life in general! DISN enables U.S. military and global partners to leverage distinct advantages over adversaries; provide command and control, intelligence, logistics support services across all spectrums of warfare; connect warfighters together. The Defense Information Systems Networks portfolio encompasses DOD-owned and leased telecommunications networks, undersea and terrestrial transport, satellites, gateways, multinational coalition information networks and subsystems as well as more – which makes its protection a paramount responsibility. The Pentagon’s global network is an intricate “system of systems”, composed of unique, varied technology components with specific accesses, interfaces and expectations. Technological improvements cannot address the complex organizational dynamics of military networks, which are vulnerable to emerging threats and susceptible to failures due to ineffective governance, management and operational mechanisms.
One common security threat involves devices which do not properly display an explicit logout message to administrators, enabling them to inadvertently leave an open management session exploitable by attackers. To combat this risk, network devices must ensure the Authentication layer of OSI model correctly identifies and authenticates users.
At the Network layer of OSI model, it is crucial that data is accurately packaged and transmitted between nodes by performing all required sequencing, acknowledgments, checksums, flow control and error correction on each packet moving between applications. In addition, this layer is accountable for Internetworking or communication over the network and ensures proper message delivery.
To defend against time-based attacks, network devices must be configured to synchronize internal information system clocks using multiple authoritative time sources rather than depending solely on one source. Should one of the sources become unavailable, internal information systems could no longer process audit logs in a timely fashion or provide incorrect dates and times to other members of the network.
DODIN needs to adapt more quickly in order to stay ahead of increasingly sophisticated adversaries, including taking an integrated and holistic approach to defense with zero trust as its ultimate goal. Achieved zero-trust environments prevent any unwanted actors from accessing networks and initiating attacks against it.