By Dawn S. Onley
The Defense Department recently made it mandatory for computer users
to deploy automated security tools across the department to better
protect networks from viruses.
The Communication Tasking Order, a policy directive released Nov. 3 by
the commander of the Strategic Command, orders Defense agencies to
"immediately initiate" the machine-to-machine patches to automatically
repair vulnerabilities as soon as software patches become available.
The order sets a phased timeline for compliance and allows for
operational necessities, according to Timothy Madden, spokesman for
the Joint Task Force for Global Network Operations. JTF-GNO is charged
with operating and defending the Global Information Grid - the Defense
Department's classified and unclassified network.
The new directive requires that all patches be installed immediately
using commercial and government tools currently available, with an eye
toward standardization in the future.
"There are various tools available now, both in the commercial sector
and in the government, that are capable of providing such
remediation," Madden said. "The JTF-GNO is directing the use of such
tools across the GIG, and that such tools must be standardized by a
Air Force Lt. Gen. Charles Croom, director of the Defense Information
Systems Agency, said automated patch rollout would boost the network
security posture across DOD. Croom called the current process
"When there's a vulnerability identified in a particular piece of
software, they [software companies] push those patches to us and we
push those patches to the services and require implementation," Croom
said. "Obviously, the trick is how fast can you get them and how fast
can you implement them? And so, I think you see us focusing on the
techniques, tactics and procedures to do that better."
Croom, who also serves as commander of JTF-GNO, said the new policy
would make the implementation of patches an instant process.
"We don't do the patches instantly. But we get viruses instantly, so
even days are too long to implement patches, and for us it takes days
and weeks," Croom said. "The vision for the future is you get the
person out of the loop and you get machine-to-machine ability so you
have the patches automatically distributed and loaded on whatever
piece of equipment needs to be patched."
Earn your Master's degree in Information Security ONLINE
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.