Norton: Secure, operate, and defend are the fundamentals
Navy RADM Nancy A. Norton, vice director of the Defense
Information Systems Agency, served as the keynote speaker at the Armed Forces
Communications and Electronics Association (AFCEA) Central Maryland Chapter
Monthly Member luncheon in Greenbelt, Maryland, on Sept. 28.
Her remarks focused on the significance of DISA’s efforts to
secure, operate, and defend cyber operations for users across the Department of
Defense (DOD) and how the organization relies upon partnerships with industry
to accomplish that mission.
“As DISA evolves, we will never lose sight of the
fundamentals to secure, operate, and defend the networks,” said Norton. “Our
goal is to reduce the attack vector in the architecture itself, reduce the
threat vectors, and reduce the amount of cybersecurity attacks that we have to
actually deal with and respond to, potentially.”
She described the scope of services DISA provides to users
around the world and the challenges that result from it.
“DISA executes defensive cyber operations for virtually all
of the DOD - for more than 3 million users,” said Norton.
The admiral spoke about one of the agency’s most effective
defensive tools – the Enterprise Email Security Gateway, which protects the
Unclassified-but-Sensitive Internet Protocol Router Network (NIPRNet) from
inbound email traffic with spam, phishing, and malware.
“We have 1.9 million DOD Enterprise Email users, and 38
million emails per day pass through the Defense Enterprise Email Security
Gateway. About 80 percent of those are blocked, that’s how much spam we get
across the DOD.”
Norton outlined how the evolving cybersecurity landscape is
leading to major changes in DISA’s operations and will determine how the agency
will stay ahead of the multifaceted problem.
“The current cyber environment transforms daily,” said
Norton. “It is very complex and is adding an ever-evolving array of threats and
threat actors, characterized by tremendous complexity and accelerating change.”
She highlighted the importance of DISA’s relationship with
industry partners to reduce cyberattacks and to better understand challenges
and complexities.
“The idea of sticking to a single constrict or a specific
set of operational practice or a specific set of skill sets over time just
doesn’t work anymore,” she said. “We can’t do that. We have to be willing and
able to evolve, and that’s something that we very much need industry to help us
with.”
According to Norton, the working relationship between DISA
and industry partners can lead to a more proactive approach and ensure the
proper tools are used to effectively monitor and secure the network.
“We’ve got to work with mission partners and our industry
partners for multiple perspectives on how to achieve cyber defense in the
future,” said Norton. “Sharing information on what we know to be current issues
and what we expect for indications of warning in the future. That information
sharing is absolutely key.”
She completed her remarks by outlining DISA’s long-term
goals and impact on warfighting operations.
“We at DISA need to enhance our cyber situational awareness
and ensure survivability against highly sophisticated cyberattacks,” said
Norton. “These are goals we share with the DOD chief information officer, to
ensure that warfighting government operations and intelligence missions are
conducted in a secure communications environment.”
Posted Oct. 3, 2017