For the third time in a row, I flew down to Texas at the end of the year.
The reason? To attend the important Alamo ACE event presented by the local San Antonio AFCEA chapter. With multiple sessions over three days covering primarily cybersecurity and ISR, the event draws 1500 military and industry leaders.
My takeaway? RedSeal’s cybersecurity analytics platform and approach to proactive digital resilience was validated by a series of senior leaders on the front lines of protecting our nation’s most high value assets. Each of them is shifting focus to solving the root causes of cyber insecurity, rather than deploying a patchwork of tools. They realize that:
- End users can’t manage their own security
- A global black market has resulted in low prices for hacking toolsets
- Commercial IT has a multitude of defects that create cyber risk
These military leaders equate mission assurance with security. This means:
- The network must be survivable against all attacks and available 24×7
- Users can have different authorizations for data access.
- The DoD’s cyber supply chain interdependencies must be equally protected or the entire mission is at risk.
The first session I attended featured Steve Brown, the Vice President of Operations and Cyber Intelligence Center in the Global Cyber Security organization at Hewlett Packard. A former Navy and Wells Fargo senior security leader, Steve saw three big similarities across military and commercial organizations:
- The same critical data targets across DoD and commercial
- The same end user issues
- The same need to balance reward with risk
What keeps Steve up at night? Globally, 30 billion cyber events per day and 1.4M on his networks! Steve works to make cyber investments about risk and reward. For example, to shorten time lag between attack and response he split up his Red Team and created a Cyber Hunting team. Gathering and sharing intel wherever he can to see risk earlier and proactively take action.
On the same panel was Lt. Gen. (retired) Michael J. Basla now Senior Vice President of Advanced Solutions for L-3 National Security Solutions (L-3 NSS) and former CIO of the US Air Force. According to him, the key challenges for US cybersecurity are:
- No matter how well secured we are, they will get to us. Plan for it.
- Focus on access rather than security
- We must find successful hacks faster
- We need to not only have a map of our digital infrastructure, but also know the terrain — including sections in the Cloud.
Later on, I sat in on a session featuring Maj. Gen. Burke E. “Ed” Wilson. He is the Commander, 24th Air Force and Commander, Air Forces Cyber, Joint Base San Antonio-Lackland, Texas.
Gen. Wilson gave a quick overview of the US Air Force’s cyber terrain, including an emphasis on securing their network, base infrastructure and weapons systems. This is a change from the past when the USAF was focused primarily on network defense. Now they also focus on base infrastructure and weapons systems. They struggle with how to provide mission assurance from cyber risk.
On the flight home, reflecting on this conference, I realized the DOD cyber security conversation has changed dramatically. The past focus on audit and inspections has given way to a realization that networks are critical to national security. They deliver the mission. Our military leaders understand the cyber threat to their missions and are now putting their focus behind creating the strongest possible defense.