Last week, we published the first part of the testimony I gave on Nov. 14 before the Senate Armed Services Subcommittee on Cybersecurity, titled “Department of Defense’s Cybersecurity Acquisition and Practices from the Private Sector.” The committee was seeking guidance on security strategies the DoD should adopt to optimize its cybersecurity efforts. Part 1 was on threat hunting and included my introductory remarks.
As CrowdStrike CTO and co-founder, my introduction to the committee addressed CrowdStrike’s mission and experience in dealing with today’s most sophisticated and stealthy adversaries, and I emphasized that the DoD faces challenges similar to those of the private sector. The very same threat actors that are targeting private industry today — stealing intellectual property and sometimes carrying out destructive attacks — are trying to break into DoD networks to conduct espionage and degrade our warfighting capabilities. I also outlined the three strategies I feel are most critical for the DoD to adopt: Hunting, Cloud Technologies and the “1-10-60” Rule.
In Part 2 on Cloud Technologies, I explain the underlying cloud-based architecture that makes the implementation of other advanced protection strategies possible.
We must accept that DoD is — and will continue to be — burdened by obsolete infrastructure. For instance, it is challenging to upgrade IT systems on ships deployed at sea for months at a time. But the private sector grapples with the legacy infrastructure problem, as well. Many of the largest financial services companies we work with still rely on mainframes from the 1970s. You accept such constraints where you must, and use forward-thinking acquisition strategies where you can. The presence of outdated IT infrastructure is not an insurmountable barrier to stopping our cyber enemies. Such thinking is not tolerated in the private sector, and DoD cannot accept it either.
Industry has demonstrated that cloud-based technologies can drive enormous efficiencies. DoD should continue adoption of these capabilities. It is encouraging to see significant movements toward the cloud, governmentwide, as mandated in the American Technology Council’s 2017 IT Modernization Report. Various initiatives in the intelligence community and across the defense enterprise are, in some respects, actually leading the way. But the key is ensuring that individual programs are designed with that approach. I see positive changes and hear the right things in high-level strategies, but change is slow to arrive and results on the ground are uneven.
In security, cloud-enabled technologies work because they flip the asymmetry between offense and defense. Modern security approaches take advantage of cloud resources by recording all computer security-related events in massive cloud-based data stores and perform advanced analytics and forensics on that data to uncover subtle adversary activity. Tracking trillions of events provides rich context for identifying suspicious patterns. What is more, once a threat is identified in one part of the network, cloud-based security technologies allow instantaneous distribution of protection against it, across the entire ecosystem. With millions of endpoints under management, DoD can leverage cloud systems to turn its scale into a strength, rather than a challenge.
Please Note: In Part 3 of his testimony, Dmitri discusses the “1-10-60” rule.
For More Information:
Watch the complete Hearing of the Senate Subcommittee on Cybersecurity including Dmitri’s Testimony.
Read Part 1 of Dmitri’s Senate Hearing testimony on Hunting.
Read a blog on CrowdStrike cloud technology: “CrowdStrike Falcon on GovCloud: Cloud-Delivered Endpoint Protection for the Public Sector.”