The Army innovatively uses IT to enhance its warfighting capabilities. The Joint Network Node and Blue Force Tracking programs are excellent examples of how the Army uses commercial technologies to sharpen the power of the warfighter.
But to stay ahead in the ongoing cyberwar against terrorism, the military services need new tactics, techniques and procedures.
Defense Department leaders understand the importance of protecting information and properly categorize information assurance as a force protection issue. They also understand the need to take decisive action to correct vulnerabilities that exist.
They are, however, focused on current cyberbattles and not necessarily on all future threats.
Lt. Gen. Steven Boutelle, the Army’s CIO, addressed the issue of this technology frontier at the recent Army LandWarNet Conference in Fort Lauderdale, Fl. According to Boutelle, “Data at rest is data at risk.” The Army needs to encrypt data on all computing devices, especially mobile systems such as notebooks and handhelds, used for official business, he says. Really, this should become a practice throughout DOD.
“Encrypting data at rest reduces the likelihood of its falling into enemy hands.”
The recent spate of missing government notebook PCs is a concern. Quite frankly, the government cannot maintain information superiority if it is incapable of securing its own data.
Data encryption is the key to staying on the winning side in future cyberspace battles. Encrypting data at rest reduces the likelihood of useful data falling into enemy hands.
Public-key infrastructure provides encryption in transit from sender to receiver. By combining encryption of data at rest and data in transit, DOD can be reasonably assured that only the most sophisticated adversaries are a concern. This would also let the department streamline its protective efforts and become more effective in separating serious adversaries from nuisance hackers and petty criminals.
Coded Messages
The nation’s enemies understand the value of encryption. For years, they have used steganographic programs to send messages. Steganography is the encrypting of textual data in the unused or redundant pixels of an image or delivering a coded message in an ostensibly innocent film frame. There are numerous other tactics for using code or basic encryption to transmit messages. These tactics can easily penetrate our defense-in-depth devices, such as network intrusion detection and prevention systems and firewalls at network boundaries.
If U.S. adversaries take such approaches to pass encrypted data through network edge devices, current information assurance tactics and devices may not be spotting this data at rest.
Recognizing the data-at-rest threat is an important first step, and DOD needs to develop new techniques to counter this threat to defeat IT-savvy adversaries.
Ted Dmuchowski, a former director of information assurance for the Army, is a senior associate focusing on IT strategy for Booz Allen Hamilton Inc. of McLean, Va.
![1105 Media [justice]](/images/ds1_pntmlogo.gif "1105 Media [justice]"){kind=small}
