Department of Defense components are expanding international partnerships, enhancing their cyber workforces and moving to utilize more innovative technologies as they seek to meet new security provisions and priorities included in the department’s zero trust strategy and the White House’s soon-to-be-released national cybersecurity strategy, three of the Pentagon’s top information technology officials said during an event held by Billington Cybersecurity on Tuesday.
DOD previously released its zero trust strategy and roadmap on Nov. 22, which it said “will reduce the attack surface, enable risk management and effective data-sharing in partnership environments and quickly contain and remediate adversary activities.” The White House is also planning to imminently roll out a long overdue cybersecurity strategy that will reportedly focus, in part, on improving public-private collaborations and information-sharing initiatives.
Candice Frost, commander of the U.S. Cyber Command’s Joint Intelligence Operations Center—or JIOC—said that the White House’s coming cybersecurity strategy will help outline “a multiplicity of threats that are out there in cyberspace, and how we’re leaning truly forward toward China.”
She said that this includes forming stronger partnerships with other nations outside of the Five Eyes alliance—particularly countries that develop software and manufacture products imported by the U.S.—“so we can get on their networks” and ensure that “they are as safe as possible.”
“We’re leaning forward in looking at partner nations that just simply haven’t been as close with us in the past, and it’s really exciting to see that form,” Frost added.
Whether it’s working to implement DOD’s framework, or building stronger partnerships and information sharing capabilities with international allies and across U.S. intelligence agencies, Frost said that Cyber Command’s JIOC has also been working to build out its workforce to more effectively carry out its mission.
When Frost took over as JIOC’s commander in March 2021, she said the command had “about a 76% fill rate;” and that number is “up to 96%” today. But she warned that “our bench is not deep enough” when it comes to having an adequate number of trained cyber professionals in critical roles—not just at Cyber Command and the DOD, but across the entire federal government.
“We’ve got to build a bench with a diverse array,” she added. “Our future AI systems can’t just be created monolithically. They’ve got to come in different flavors and understandings, and that is done by having a workforce that sees things from different perspectives.”
Jane Rathbun—who took over as the Navy’s principal deputy chief information officer in January—also underscored the need to better recruit and train the next generation of cyber professionals to advance the Pentagon’s zero trust strategy and overall digital operations.
“I want our IT workforce to be more fluid, I want them to be able to come in and out of government, and I want to see folks in industry want to come and serve,” Rathbun said, adding that the Navy is “looking at training platforms that will allow folks to continuously learn,” while also working to offer a cyber education “that is more appropriate for the age and the level of the workforce that’s coming in.”
Rathbun said the Navy has also “made great progress in improving our infrastructure”—including pushing up its launch of Microsoft 365 during the pandemic when the military branch had “to quickly pivot to making our workforce workable outside of the office.” As it continues to undertake these modernization efforts, Rathbun said the service is also working “to grow zero trust into that environment.”
“We are really pivoting towards innovation and looking at things like 5G and commercial SATCOM low-Earth orbit capabilities that help augment and meet Department of Navy mission needs,” she added. “And then always [being] cyber ready, working with our [defense industrial base] partners to help make them more protected.”
Lauren Knausenberger, the Air Force’s chief information officer, also said that modernizing existing systems is important—especially in the context of implementing the DOD’s zero trust strategy—but added that “we also have to really respect those legacy technologies, for right now.”
“Those legacy systems—we’ll call them legacy systems—they have incredible capabilities,” she added. “So we do need to modernize, but there’s going to be a period of time where we do have to continue to live in both worlds. But more and more of those worlds will be software-based.”
And when it comes to deploying zero trust architecture across all of the Pentagon’s components, Knausenberger said that the effort is “not just about security,” but also about providing better access to data within a more secure and centralized environment.
“Really what we’re trying to do is get to one warfighting environment with our joint partners,” Knausenberger said, adding that “in order to do that, we can’t have 22 different networks.”