Bob Lentz
Bob Lentz
In the business world and across the government enterprise, mission success relies on the availability of trustworthy information.

In the Department of Defense (DoD), information is targeted and threatened every single day. It is critical to our mission that Defense information systems are not brought down.

We have made significant strides in the cybersecurity domain. We have increased the profile of the deputy assistant secretary of defense for cyber, identity and information assurance. We have deployed the largest public-key infrastructure (PKI) in the world. We have established a joint office created by the CIOs for the DoD and the Office of the Director of National Intelligence (ODNI) to address the inefficiencies and ineffectiveness resulting from years of uncoordinated activities.

Additionally, we have improved on education and training and have increased our partnerships with the Department of Homeland Security, private industry and the global defense industrial base (DIB).  We established a strong partnership with the DIB to increase network security, as well as put in place a robust model of threat and vulnerability-sharing that extends to all critical sectors.

We also launched the Defense Venture Catalyst Initiative (DefVenCI), a program that brought cutting-edge technology innovation to the national security community right after Sept. 11, 2001, enabling agencies to solve many hard challenges.

Still, as far as we've come, there is much work left to do. If I had to list the biggest challenges that remain, my list would include:

The need to continuously harden the network in this era of social networking, cloud services, the increasing mobile workforce and growing global requirements. We also need to move to multi-factor and attribute-based identity assurance access for people, devices, data and applications.

Further, as the threat changes, we need to adjust as well, which includes rolling out technologies that inspect and secure the supply chain.

Also vital is continuing to stress the importance and necessity of education, training and workforce manning for critical IT/IA skill sets.

Since 2004, when the Department of Defense issued its first information assurance strategy, much has changed. We have witnessed a stark increase in both the cyber threat and the sophistication of the enemy to penetrate our mission-critical systems.

Recently, my office implemented a new information strategy that lays out our vision and goals for cyber, identity and information assurance. We must become more agile. Although training and education of our workforce is vital, eventually we must begin to take people out of the mix and move toward an automated security systems platform where devices can recognize a threat and respond quicker and more efficiently than humans. We have to improve the time it takes to roll out commercial technologies. We can no longer afford to wait three, four and five years to put capabilities within our enterprises or out on the battlefield.

We must trod a new path, one that focuses on automating security systems that rely less on systems engineers detecting intrusions and installing security patches.

Today, we anticipate scans and attacks and have adjusted our approach more toward keeping our mission-critical systems up and operating in the midst of attacks. Layered security is enabling us to do this.

Tomorrow, we will rely less on a static, standalone information assurance environment and move toward a cyber information assurance realm. We must be faster, more agile and better prepared. We're on the right track.


Robert Lentz retired in Oct. 2009 as deputy assistant secretary of defense for cyber, identity and information assurance, Department of Defense.