Carahsoft is a unique, trusted firm that helps government find and rapidly acquire the right technologies and helps high tech firms successfully interact with government (which has famously onerous processes for businesses that want to serve the federal mission).  Carahsoft is a client of my firm and one of the things I’m particularly proud about is their sponsorship of venues where government and industry tech leaders can interact together.  One venue of note is a series they coordinate called the Intelligence Community Executive Forum.

This periodic event focuses on executives from the IC and the industry companies around the IC.  Today’s session of the ICEF focused on industry and commercial technologies addressing the Comprehensive National Cybersecurity Initiative.

It is hard to capture the content of a venue like this.  Its true value comes from the dynamic interactions and high data rate conversations that take place throughout.  But I thought I should try to provide some gist of what happened so you can determine whether or not you should participate in future venues like this. Give the agenda below a quick glance then I’ll add some additional context:

Agenda:

During breaks several sponsors were providing demos and additional information on their technology including:

A quick gist:

Throughout the event, cyber thought leaders in and out of government discussed the state of current technologies and current mission needs in cyber-focused organizations.  Some of these mission needs are truly enduring.  For example, the need for defense in depth as a strategy and approach vice just point solutions.  But today, defense in depth is not enough.  Adversaries always find a way in and defenders must continuously monitor and prepare for remedial action.  With the incredibly high volumes of data and information around those intrusions new means must be found to gain insights into what is occurring and then determine the appropriate action to take.  This must be done so fast new operational constructs around “dynamic defense” are required.  Defenders require capabilities that can increase the speed of good guy decision-making.  There must be speed in vulnerability detection, speed in intrusion detection, speed in decision-making and speed in execution.  Cyber Command defenders use the phrase “operate at network speeds.”

Another common theme throughout the event was a call for enhanced situational awareness in the cyber domain. The bad news is that call has been made for decades now.  There has been movement in enhancing situational awareness, but nothing yet fills the need.  More work is required.

Another theme was the need to enable humans to interact with data in far better, far faster ways.  Cyber data needs to be rapidly run through automated tools that can enable not just search but discovery using tools like Endeca.

Collaboration for cyber related commands and organization is another area where many enhancements have been made lately.  In a very good trend, it seems most organizations working cyber defense/cyber operations now know of each other and have frequent interactions.  There is more need for enhanced human to human collaboration and even enterprise grade social networking/social media around cyber defense as an aide to bringing the right understanding to situations.  A capability to watch here is Jive.

It is not only network defenders that need collaborative capabilities.  Developers of software and those that lead/manage/interact with them, including users, need ways to collaborate.  The ICEF was treated to an overview of a very positive capability to do that, the DISA led Forge.mil .  In my opinion, the positive disruptions from this activity have just begun, far more goodness will come from this project as more and more developers make use of it.  It is speeding development of new capabilities and is also laying the foundation of what may be the biggest positive improvement in the security and testing environment in years.

The security aspects of Cloud Computing were discussed in detail.  A general statement: If security is engineered into cloud computing capabilities, cloud concepts can significantly enhance the security of enterprises.  However, the reverse is also true.  If security is neglected in cloud constructs it can doom us all!

The ICEF was treated to an interaction with Tony Sager, one of the nation’s greatest thinkers in cyber security. Tony’s ability to express technological concepts in ways we can all understand is always appreciated.  A key conclusion from Tony: we are entering a phase in cyber defense that will require enhanced information management.   Note:  Tony provided us all with context on some very important concepts that all network defenders should be tracking, SCAP, NDV and FDCC.   My personal sense from the interaction was that most in the venue who work closely with security technology new of these constructs, however, it is getting to the point where all IT professionals and all leaders in an out of government need to know these capabilities, even if you are not a security professional.  So, a recommendation:  accept it as your civic duty to study up on SCAP, NVD and FDCC.

Other speakers, including Dr. Ted Kirscher, Chief Architect of the NSA Threat Operations Center, underscored again the need for new means to conduct highspeed assessment of the right data from defensive devices.  Ted, like everyone else who spoke, also ensured we all knew the collaborative nature of the work in front of us all.

For the many people I heard from this was a day well spent, a time to reflect on progress and to think through the next priorities to address.  There are some huge challenges that confront cyber defenders, but with new organizational constructs and new focus being placed on the mission these challenges are certainly achievable.  Some might still look impossible, but hey, like Walt Disney said, “It’s kind of fun to do the impossible.”

Related posts:

1. Intelligence Community Executive Forum and Carahsoft
2. Melissa Hathaway speaks at Intelligence and National Security Alliance
3. Cloud Computing and Net Centric Operations

Read the original blog entry...