A failed Iranian rocket launch at the Imam Khomeini Space Center in northern Iran

Technical Debt: The Cybersecurity Threat Hidden in Plain Sight

Who remembers when floppy disks provided a new level of capability for the Department of Defense to support strategic force operations around the world?

Only in recent years has the DoD retired these 8-inch floppy disks in favor of modern computing capabilities, and the push is underway to accelerate the modernization of systems that rely on older technology to to deal with modern threats.

This accumulation of older software and infrastructure, known as technical debt, requires considerable budget and resources to maintain, putting pressure on new innovations needed for business functions such as cybersecurity.

The Pentagon recognizes the impact of technical debt on protecting systems and data from cyberattacks. He intends to roll out a department-wide zero-trust strategy by 2027. Assuming that every application, network, login, and user can become a threat, a zero-trust framework validates access through Control policies for specific functions – a significant advancement in perimeter-based security that can allow unrestricted access once an attacker enters the network.

Technical debt hinders cybersecurity

The Biden administration’s executive order on cybersecurity in May 2021 started the movement toward a zero-trust architecture. He called for modernized cyber defenses, better information sharing and stronger responses to attacks, all of which start with zero trust and depend on modern technologies such as identity management, cloud, artificial intelligence, machine learning and data analysis.

To accelerate this establishment of zero trust, the DoD must continue to repay its technical debt.

The Pentagon can look to the Department of Labor as a model for balancing legacy system needs and innovation. As CIO Gundeep Ahluwalia explained in a recent interview, “When I joined the department six years ago, we only invested 10% of the funds in modernization and development. Now we allocate 25% of our overall funds, and ideally this will increase to 40% in the near future for modernization and development. Modernization is a continuum, and this investment essentially pays off that technical debt while preventing it from replenishing itself.

Technical debt has taken on new importance with its reference in the National Defense Authorization Act of 2022, which authorizes the DoD to study it and make recommendations on its impact on software-intensive systems. DOD CIO John Sherman recently highlighted the link between technical debt and zero trust as cyber defense, and he confirmed the department’s commitment to addressing it as adversarial threats increase.

The size of the technical debt problem is difficult to calculate, but if historical patterns have continued, 75% of the federal budget is spent on operating and maintaining legacy systems. This is older technology that is not prepared or hardened for today’s cyberattacks.

Technology that stays ahead of evolving threats

There are ways to surround legacy systems with newer, resilient technologies and provide layered defense of critical applications and data.

Identity management, for example, distinguishes a digital identity, while authentication confirms identity to enable permission-based access to networks, applications, and data. Additionally, operating in a zero-trust environment prevents users from accessing unless they have proper authentication and authorization.

The massive amount of data from cyberattacks requires innovations in artificial intelligence, machine learning, and analytics so that data is quickly aggregated and filtered, patterns are detected, and threats are elevated for scrutiny. more in-depth.

Because the Pentagon is such a big target for cyberattacks, the Department of Defense needs these technologies and a zero-trust methodology to weed out both old technology and manually run processes, which will reduce threats. and prevent penetration.

As perimeter security has become the norm for many networks, the DoD Cybersecurity Executive Order and Zero Trust Strategy represent the government’s intent to change that. It will take more than technology to negate existing threats and prevent unknowns from becoming attacks.

For the DoD to achieve its full cybersecurity potential, it must inspire a change in mindset that goes beyond perimeter defenses. Users must adhere to requirements such as multiple logins for enterprise-wide zero trust as well as information sharing that enables better threat detection and response.

As the Pentagon tackles its technical debt to improve cybersecurity and overall asset protection, it can seize the opportunity to renew users’ passion for the mission and good cyber behavior.

Kynan Carver is the head of defense cybersecurity at Maximus, a federally-focused IT service management company.

#Technical #Debt #Cybersecurity #Threat #Hidden #Plain #Sight

Leave a Comment

Your email address will not be published. Required fields are marked *