Norton: Secure, operate, and defend are the fundamentals

Navy RADM Nancy A. Norton, vice director of the Defense Information Systems Agency, served as the keynote speaker at the Armed Forces Communications and Electronics Association (AFCEA) Central Maryland Chapter Monthly Member luncheon in Greenbelt, Maryland, on Sept. 28.

Her remarks focused on the significance of DISA’s efforts to secure, operate, and defend cyber operations for users across the Department of Defense (DOD) and how the organization relies upon partnerships with industry to accomplish that mission.

“As DISA evolves, we will never lose sight of the fundamentals to secure, operate, and defend the networks,” said Norton. “Our goal is to reduce the attack vector in the architecture itself, reduce the threat vectors, and reduce the amount of cybersecurity attacks that we have to actually deal with and respond to, potentially.”

She described the scope of services DISA provides to users around the world and the challenges that result from it.

“DISA executes defensive cyber operations for virtually all of the DOD - for more than 3 million users,” said Norton.

The admiral spoke about one of the agency’s most effective defensive tools – the Enterprise Email Security Gateway, which protects the Unclassified-but-Sensitive Internet Protocol Router Network (NIPRNet) from inbound email traffic with spam, phishing, and malware.

“We have 1.9 million DOD Enterprise Email users, and 38 million emails per day pass through the Defense Enterprise Email Security Gateway. About 80 percent of those are blocked, that’s how much spam we get across the DOD.”

Norton outlined how the evolving cybersecurity landscape is leading to major changes in DISA’s operations and will determine how the agency will stay ahead of the multifaceted problem.

“The current cyber environment transforms daily,” said Norton. “It is very complex and is adding an ever-evolving array of threats and threat actors, characterized by tremendous complexity and accelerating change.”

She highlighted the importance of DISA’s relationship with industry partners to reduce cyberattacks and to better understand challenges and complexities. 

“The idea of sticking to a single constrict or a specific set of operational practice or a specific set of skill sets over time just doesn’t work anymore,” she said. “We can’t do that. We have to be willing and able to evolve, and that’s something that we very much need industry to help us with.”

According to Norton, the working relationship between DISA and industry partners can lead to a more proactive approach and ensure the proper tools are used to effectively monitor and secure the network.

“We’ve got to work with mission partners and our industry partners for multiple perspectives on how to achieve cyber defense in the future,” said Norton. “Sharing information on what we know to be current issues and what we expect for indications of warning in the future. That information sharing is absolutely key.”

She completed her remarks by outlining DISA’s long-term goals and impact on warfighting operations.

“We at DISA need to enhance our cyber situational awareness and ensure survivability against highly sophisticated cyberattacks,” said Norton. “These are goals we share with the DOD chief information officer, to ensure that warfighting government operations and intelligence missions are conducted in a secure communications environment.”

Posted Oct. 3, 2017