Data is a strategic asset, and the U.S. military needs seamless access to it across all networks, devices and infrastructure — all the way to the tactical edge. Mission-critical defense operations depend on secure, readily available data.
As the Department of Defense and the military services digitize operations, data becomes a prime target for adversaries. Threats are growing more advanced. Ransomware, destructive malware and supply chain attacks can evade perimeter defenses. Moreover, DoD environments are mobile, dynamic and distributed, which makes it challenging to protect data in such environments. Coalition environments create additional challenges, as the DoD must assume the data security risks of partners.
And, according to the World Economic Forum’s Global Cybersecurity Outlook 2024 – published in January – the world “faced [in 2023] a polarized geopolitical order, multiple armed conflicts, both scepticism and fervour about the implications of future technologies, and global economic uncertainty.” Additionally indicating that there is growing cyber inequity between organizations that are cyber resilient and those that are not.
Protecting the confidentiality, integrity and availability of DoD data against nation states and other adversaries is vital. The latest DoD Cyber Security Strategy notes that U.S adversaries seek to use malicious cyber-attacks to achieve asymmetric advantages, targeting U.S. critical infrastructure and degrading U.S. military superiority.
Leveraging backup and automation
How can the DoD operationalize and protect data at speed and scale?
A robust data-centric approach that incorporates capabilities such as data discovery, classification and observability, layered with artificial intelligence and machine learning (AI/ML) can provide continuous visibility into distributed data risks. Integrating backup data adds context to identify abnormal access attempts and insider threats. Many IT teams view backup mainly for disaster recovery rather than cyber resilience.
According to a recent State of Data Security report, 90% of ransomware attacks target backup stores first. Air-gapped, immutable backups with isolated recovery allow agencies to keep operations running even when primary systems are compromised. Cyber recovery goes above and beyond basic backup requirements but is necessary to achieve the cyber resiliency principles outlined by The National Institute of Standards and Technology (NIST).
The DoD has to get religious about backups the same way Ukraine did long before the Russian invasion, Robert Joyce, director of the National Security Agency’s cyber arm, noted at the Silverado Policy Accelerator summit, last year. Getting an organization’s processes in place before a catastrophe is crucial to quick recovery and returning to a known trusted state.
AI and machine learning are powerful technologies but are not ends unto themselves. They provide insights to help achieve mission outcomes. However, adversaries could try to poison or manipulate the training data to degrade the performance of AI systems. Maintaining high quality, representative data and cybersecurity are important.
Robust data pipelines and observability are imperative to trust AI/ML driven decisions. AI/ML can enhance decision-making, but the integrity of underlying data is critical. If poisoning occurs, systems produce inaccurate outputs. Keeping track of where each piece of data comes from and whether it is still up to date is important as are strong access controls and redundancy to help secure AI/ML data pipelines.
Implementing zero trust
DoD officials have acknowledged that defending networks solely with high-powered and ever-more sophisticated perimeter defenses is no longer sufficient for achieving cyber resiliency and securing information in an enterprise that spans geographic borders, interfaces with external partners, and supports millions of authorized users globally.
To meet these challenges, the DoD is moving to an enhanced cybersecurity framework built upon zero trust principles that must be adopted across the department. The core tenet of the zero-trust model is that no person, data, system, network, or service operating outside or within the security perimeter is trusted. Instead, in this new normal of an assumed breach mentality, anything and everything attempting to establish access must be verified.
Adversaries are primarily after two things, access and data. A cornerstone of zero trust is implementing robust identity and access controls, such as multifactor authentication. Secure, enterprise-wide identity management is essential, otherwise adversaries can compromise user accounts to infiltrate networks, exfiltrate data, and initiate attacks. Data is increasingly valuable and vulnerable.
Weaponizing data or tampering with it are threats that should also be considered when implementing zero trust, especially when migrating pre-existing IT environments. To that end, zero trust must evolve to better protect data and incorporate cyber resiliency.
Data plays a huge role in the DoD goals to leverage AI and ML. Without robust, secure, immutable and trustworthy data, building, evolving and using AI for national security applications will be greatly limited.
Defense agencies need to gain data visibility and control across all environments, from on-prem, across networks and multi-clouds, to the tactical edge, and across all domains—land, air, sea, cyber and space. To reach that end state, defense agencies need to harness the power of automation, AI/ML, data observability and other capabilities to detect threats faster and reduce the time to respond.
Identify Unknown Risks
Holistic data observability, including classification, access patterns, and responsibility tracing, allows agencies to uncover unknown risks and be more proactive. Combined with multi-layered analytics and behavioral detection, this visibility enables predictive and automated security responses.
To scale security, automation and orchestration are key. Policy-driven data protection and integrated threat flows allow much greater speed and consistency than manual processes.
By focusing on data-centric visibility, protection and validation capabilities, zero trust architecture, and automated response, the DoD can implement cyber resilience at enterprise scale. Staying steps ahead of rapidly evolving threats is imperative to maintain information advantage.
As new attack vectors emerge, defense agencies must implement a security strategy aligned to today’s hybrid, hyperconnected environments. Cyber resilience ultimately depends on the ability to protect critical data wherever it resides. Defense leaders must make robust data security a vital component of the sector’s cyber readiness and mission success.
Travis Rosiek is Public Sector CTO at Rubrik