The Defense Information Systems Agency (DISA) is a Department of Defense (DoD) service provider that supplies a global information-sharing architecture for all DoD members "from the President on down."
Their cybersecurity measures are among the best in the world. As Amy Probst, Lead Customer Management Specialist at DISA, explains, DISA’s Cybersecurity Service Provider (CSSP) program "monitors for and protects against malicious cyber activity, reports cyber incidents, and shares pivotal cyber situational awareness to defend the Department of Defense Information Network and customer terrain."
So how does it do it, and what do DISA services entail?
The DISA CSSP Itself
DISA’s CSSP supports over 400 different DoD-related organizations, from defense vendors to geographic combatant commands. As noted on the DISA website, several things set them apart from other cybersecurity providers:
- Comprehensive technology
- Globally distributed analysts (24/7/365)
- Agile and adaptable service construct
And their "demonstrated superior service."
DISA’s Cloud CSSP Service Offering
DISA recently rolled out a distinctive cloud CSSP service offering with Microsoft Azure Impact Level 2-6 hosted applications. This allows the agency to onboard and service CCSP customers even faster, bring down costs, and increase automation.
The real game-changer is this: For organizations with Microsoft Azure-hosted capabilities, transitioning between old cybersecurity tools and new DISA solutions isn’t the costly, resource-sucking overhaul transitions like this usually are. The DISA methodology quickly replaces legacy Defensive Cyber Operations capabilities with commercial, cloud-native monitoring tools so organizations don’t skip a beat – or waste resources making the switch.
"This development allows our team to be better positioned to meet the needs of our [customers] and secures our position as an organization at the ‘tip of the spear’ in defending the DODIN," stated Darrell Fountain, DISA CSSP Services chief.
The end result? Organizations can more easily switch to DISA CSSP and lower CSSP costs in the process. As DISA is one of the few DoD service providers that can offer this level of interim protection to Microsoft Azure cloud environments, this feature arguably makes it easier for teams to receive superior security from a top-performing government cybersecurity provider without the usual burdens of transitioning.
DISA’s Ongoing Pilot Initiatives
As noted in Federal News Network, "It wouldn’t be much of a stretch to say the Defense Information Systems Agency is in a heavy research mode." As of last September, DISA was engaged in at least 14 ongoing or completed pilot projects to better improve the security of the Department of Defense.
Securing Internet Boundaries
Three of these projects are focused on better securing internet boundaries. The U.S. government has about 60 access points to the broader internet, and DISA pilots are attempting to leverage security-as-a-service at those boundaries. They are attempting to take the "convoluted and complex internet access points that we have today" and simplify them by packaging them all into one "so you don’t have the collisions that you have today," as noted in the Federal News Network article.
Some of those collisions are brought on by the widely criticized 2013 Joint Regional Security Stacks (JRSS) initiative, which was meant to alleviate problems but now includes security products from nearly forty vendors.
Validating Current Protections
Two other pilot initiatives are aimed at making sure the protections already in place throughout the DoD are doing what they were put there to do.
In the same article, Lt. Gen. Robert Skinner, DISA’s director and commander of the Joint Force Headquarters, said about validating the agency’s current security apparatuses:
"Right now, we just say, ‘Well, yeah, it is because it’s on and it’s protecting some things.’ But is it protecting everything you want and leveraging the tactics, techniques, and procedures (TTPs) our adversary uses, and we know that they use?"
This is the purpose of some of DISA’s most recent testing, and to do so, they’re vetting everything from the boundary to the endpoint.
Virtual Domain Deception
Yet another pilot in the works revolves around protecting the domain itself by whatever means possible.
Skinner explained, "How do we virtually maneuver the domain itself? How do we use military deception, or even deception writ large, if we have a vulnerability that can be exploited, but somebody who’s scanning from the external cannot see that? Those are three areas that we’re looking at, and it’s all about how we maneuver and posture ourselves so that we’re ready against the adversary and what they’re throwing against us."
As cybercriminals ramp up attacks and improve their machinery – no doubt aided by AI – these pressing issues become even more critical, and the Defense Information Systems Agency steps up to solve them.
Enter: Thunderdome
These new advancements have incited a season of pruning, and DISA is hard at work making the transition from older initiatives like Joint Regional Security Stack (JRRS) to newer, more effective ones.
Sunsetting JRRS
Regarding the outdated, failure-to-thrive JRRS, Skinner said, "I’ll tell you we do not have the time to have JRSS continue for years because it is older technology. It is very complex, and it’s costing a whole bunch...The rush to sunset JRSS is on." In a cybersecurity world where timing and accuracy are threat-catching advantages, being bogged down with confusing, less-than-optimal infrastructure is not an option for the U.S. government.
Introducing Thunderdome
What will take the place of JRRS? DISA is implementing Thunderdome, the initiative to implement zero trust capabilities, to replace it, at least in part. Thunderdome is to:
- Provide virtual routing for software-defined wide area network (SD-Wan)
- Supply identity security tools
- Offer secure access secure edge (SASE) capabilities
Beyond Thunderdome, DISA’s various cybersecurity offerings are set to provide 133 out of 151 required DoD Zero Trust Architecture requirements.
More Accountability for DOD Information Networks
Additionally, several DISA pilots are dedicated to a formal inspection process set to require more accountability from DOD Information Networks around security capabilities. The up-and-coming Command Cyber Readiness Inspection (CCRI) has already been piloted in three places and is being successfully employed to reduce privileges for edge devices and develop strong incident response plans.
Conclusion
The bottom line is that DISA is busy – very busy – putting newer, stouter, more future-proof cybersecurity plans into place to protect contractors and agencies throughout the Department of Defense. The end goal is to streamline, strengthen, and prune outdated DoD defense capabilities and modernize them to match the level of threats launched by sophisticated nation-state actors against critical systems. As the battle ensues on the cybersecurity front, the Defenses Information Systems Agency is leading the way.
How can Fortra help? In tandem with its Tripwire Enterprise product, Fortra offers 200 DISA Policy Frameworks in which those moving towards a DISA Cyber Security Program (CSSP) can utilize to ensure all cloud based endpoints meet security based and compliant hardening standards that DISA is known for.