DISA Head: DoD Working To Modernize ICAM, C2, Data Use

WASHINGTON: A top defense official in charge of implementing the military’s information systems said today that a priority right now is modernizing the Defense Department’s identity, credential, and access management, known as ICAM, for controlling networks.

“ICAM is foundational for everything we want to do in the department,” Air Force Lt. Gen. Robert Skinner said at the annual Billington Cybersecurity Summit. This broader effort entails moving the department from being “network-centric” to “data-centric.”

“I’m less concerned about infrastructure, per se, and more concerned about whether the data is secured,” said Skinner, head of the Defense Information Systems Agency (DISA) and commander of the Joint Force Headquarters-Department of Defense Information Networks (JFH-DODIN).

For some solutions, Skinner suggested the military could look to the private sector.

“I have a mantra of ‘I want to kill to the [Common Access Card] as the primary authentication mechanism for the department.’ Industry has better authentication, and it’s not just two-factor, it’s truly multi-factor authentication,” he said. CAC is the primary way by which active duty military, some reserves, civilian personnel, and contractors currently access DoD buildings, networks, and systems.

Skinner’s comments came two days after a top National Security Agency official said that agency was refocusing on protecting military weapons systems against the likes of Russia and China.

RELATED: NSA Renews Focus On Securing Military Weapons Systems Against ‘Capable’ Rivals

The Importance Of ICAM To Zero-Trust Security

ICAM is a basic building block on which zero-trust security rests, and protecting the data on networks is central to zero-trust models. That’s because to microsegment networks and then manage least privilege, it’s necessary to know who and what is on the network and to control access to data through often granular privileges granted to users and devices.

Network and security engineers know this, as do sophisticated threat actors. That’s why the first step advanced persistent threat actors often take after an initial network breach, such as in the SolarWinds and the Microsoft Exchange hacks, is to go after an organization’s ICAM, which is often Microsoft’s Active Directory.

If engineers lose control of ICAM, they effectively lose control of the network from a cybersecurity perspective, and zero-trust architectures mean nothing. Threat actors who control an organization’s ICAM can create new identities and credentials, remove access controls, and escalate account privileges, allowing them to move freely through a network to access whatever unencrypted data they want.

Speaking about the general cybersecurity landscape, Skinner said he’s “not certain” the number of cyberattacks has grown over the past five years, just that some incidents, like ransomware attacks, “get more visibility now because of impacts.”

But, he added, “The threat is real. We see it every day. Cybersecurity is very important. The ability of the department to really get after it, to ensure the timing and tempo of mission, is very important.”

‘Harmonizing’ User Experience And Cybersecurity For A Mobile Force

Skinner said another goal is enabling a more mobile force, noting this began last year at the outset of the pandemic, and he is now looking to build upon earlier efforts.

“Two years ago, we weren’t a mobile force. If you wanted to do your job from any location, we just weren’t there. That’s been a big push,” he said. But that doesn’t come without its risks.

“As you become more mobile, you increase your attack surface,” he noted. “How do you harmonize the user experience and cybersecurity? How do you balance those? That’s what we’re looking at.”

A broader initiative entails, Skinner said, building a “no-fail mission,” which rests on a modernized command and control. “How do we make sure that, at any point in time, the president of the United States can talk to and provide orders to combatant commands?” he asked. “And it goes back upstream, too. Our forces have to be able to connect and communicate, whether logging into a system or making sure a weapon system is ready to go.”

Skinner was previously deputy commander of JFH-DODIN from 2015 to 2017. He returned to JFH and DISA earlier this year and said both organizations have “skyrocketed” in maturity over the past several years. Since taking charge, he said, “one of our mantras is velocity of action to win.”

The driver of this urgency, like just about everywhere else in the military, is China.

“We see each and every day the Chinese, what they’re doing, and if we don’t keep up, things won’t be good from a perspective of international rules of order because [the Chinese] want to change those,” he said.

He also discussed the value of minimizing bureaucracy and maintaining strong partnerships, describing the latter as the “best” he’s ever seen.

He specifically mentioned the NSA, US Cyber Command, the DoD chief information officer, and the combatant commands as key partners. “Everyone wants to get after this to improve the capabilities of the department, looking at problem sets and solving them,” he said.

One specific problem set is how to “leverage data as the center of gravity. At NSA, data is already the center of gravity. We’re still working on this within DoD.”

“There’s so much data out there. How do we bring it all together?” he said. “There are a lot of challenges, but through challenges come opportunities.”