AMU Emergency Management Public Safety

DoD Plan Outlines Cybersecurity Guidance

The Department of Defense (DoD) recently amended and made public its military-wide cybersecurity implementation plan that seeks to ensure leaders are held accountable throughout its organization for network security.

The [link url=”http://dodcio.defense.gov/Portals/0/Documents/Cyber/CyberDis-ImpPlan.pdf” title=”DoD Cybersecurity Discipline Implementation Plan“] links to the 2015 Department of Defense Cyber Strategy, and puts in place strict measures that place heavy responsibility on leaders within the organization throughout its chain of command.

The plan outlines methods for raising awareness and accountability through the implementation and management of cybersecurity to appropriate levels.

The plan seeks to:

  • Reduce the number of vulnerable access points
  • Continually safeguard against attempted intrusions by committing to aggressive:
    • Protection
    • Monitoring
    • Analysis
    • Detection
    • Response
  • Use a four point system to bolster its network defenses:
    • Strong authentications – enforcing authenticity and accountability through strong passwords, secure credentials, appropriate access
    • Hardening of devices – vulnerability patching, removing obsolete software, disabling active content in emails
    • Reduction of attack surface – Appropriately managing trust relationships, allow only authorized devices to access infrastructure physically and logically
    • Align with providers of cybersecurity and computer network defense services – improving detection and responses to hostile intrusions, and ensuring no trust relationships exist between internal and external networks

Raise awareness, ensure protection

When introducing the document, the DoD noted that cyber threats against the organization have increased, placing the department’s mission at risk.

Consequently, the goal of the plan is to raise awareness of threats, ensure appropriate protections, and provide high levels of monitoring to avoid unauthorized access to the department’s systems — both its internal and external networks.

The report also seeks to prioritize actions, but emphasizes that tasks can be completed simultaneously in order to ensure swift compliance and a healthy change in the overall culture of cybersecurity within the organization.

The plan’s goal of monitoring and reporting will ensure compliance with all directives and allow for the prioritization of budgetary and resource decisions should areas fall short of outlined goals.

[relink url=”https://amuedge.com/dod-invites-specialists-to-hack-the-pentagon/”]

Kimberly Arsenault serves as an intern at the Cleveland/Bradley County Emergency Management Agency where she works on plan revisions and special projects. Previously, Kimberly spent 15 years in commercial and business aviation. Her positions included station manager at the former Midwest Express Airlines, as well as corporate flight attendant, inflight manager, and charter flight coordinator. Kimberly currently holds a master's degree in emergency and disaster management from American Public University.

Comments are closed.