Department of Defense strengthens its shield with cybersecurity at the forefront
By Microsoft on March 14, 2017
Filed under Microsoft in Government
Government agencies face challenges that range from shifting threats to managing multiple platforms and devices in the enterprise environment. And threats have never been more challenging—driving tremendous costs and risk to the security of critical information.
Security breaches can take more than 200 days to detect, and industry experts predict more than 2 million new malware apps by the end of the year. Clearly, these are driving factors in President Obama’s Cybersecurity National Action Plan (CNAP) announced last month to improve cybersecurity across government systems and devices.
The CNAP is accompanied by a federal budget hike of $19 billion for FY17, a 35 percent increase for the year, which demonstrates the importance of cybersecurity in the next generation of IT systems and the need to invest in an aging federal IT legacy infrastructure.
Terry Halvorsen, CIO for the Department of Defense (DoD), said more tools were needed for automated cyber defense, highlighting significant security challenges to defense networks. Halvorsen singled out software integration as a challenge to his mission.
“If you have an impending need to survive, you will innovate,” he said, adding that networks are “getting shot at” virtually every day. With Defense spending about $38 billion annually on cybersecurity and IT, Halvorsen said his department needed to deploy innovation faster to ensure systems are more secure, more efficient and cost-effective, and standardized on one platform.
Because DoD is a prime target of cyber criminals and one of the largest and most complex organizations in the world, its leaders know the importance of securing its baseline systems.
Constantly evolving security threats, managing continuous updates on multiple platforms and devices, and slow upgrade cycles are some of the challenges facing government CIOs looking to standardize and secure agency baseline systems.
Department of Defense bets on Windows 10
Defense Secretary Ashton B. Carter has directed all Department of Defense agencies currently on legacy operating systems to standardize to Windows 10. With deployments starting right away, Carter set a goal that all DoD agencies upgrade their 4 million devices and systems in the next year. This is an unprecedented move for the DoD and the largest enterprise deployment of Windows 10 to date.
Department of Defense will see some revolutionary benefits in the government sector:
- DoD will partner with the private sector to employ some of the world’s most effective cybersecurity tools.
- Securing credentials with virtualization-based security significantly reduces credential theft techniques and attack vectors.
- The new cloud-based standardization will bring consistency to the DoD’s cybersecurity configuration and management.
- Faster and more regular cloud-based software updates will aid employee productivity, keep costs low and help protect from security threats.
The DoD’s intention to move to Windows 10 began in earnest in November when Halvorsen issued a memo directing all combatant commands, services agencies and field activities to rapidly deploy Windows 10 to improve the department’s cybersecurity, lower the cost of IT and streamline the IT operating environment.
Further demonstrating a strong vote of confidence for the platform, Windows 10 has been certified as meeting specific government criteria and standards. The National Information Assurance Program, responsible for evaluating commercial IT products for use in national security systems, has certified Windows 10 against the Mobile Device Fundamentals Common Criteria protection profile. Additionally, Microsoft’s Surface devices have been certified and available through the Defense Information Systems Agency Unified Capabilities Approved Products List.
As the department upgrades, it may incorporate some of the following Windows 10 security features:
- Windows Hello: One of the greatest weaknesses in any security environment is the use of passwords, which can be hacked and used to gain access to secure resources and data. With Windows 10, agencies can identify individuals and restrict access through integrated multi-factor authentication using biometric mechanisms like facial recognition or fingerprints using the Windows Hello and Windows Passport features.
- Enhanced threat resistance and device security. Working from a crypto-processor, Trusted Platform Module-approved chip, tools include features such as Secure Boot, which helps prevent malware from embedding itself within hardware or starting before the OS, and Trusted Boot, which helps maintain the integrity of the rest of the operating system. Device Guard ensures that only signed applications and code can run on these devices. And Credential Guard safeguards credentials inside a hardware-based virtualized environment and breaks the popular “pass the hash” used in many major breaches.
- Windows Defender provides anti-malware service, which currently protects almost 300 million Windows devices every day.
- Enterprise Data Protection, currently in testing with enterprise customers and available soon, provides separation between both corporate and personal data and prevents corporate data from being copied out of corporate files to non-corporate files and locations, such as public website or social channels. Additionally, when EDP is used with Rights Management Services, it can protect data locally, adding another layer of protection even when data roams or is shared.
To learn more, join Microsoft at one of the following events
Now available On-Demand: Virtual Security Summit.