WASHINGTON — With an increasingly expanding attack surface – exacerbated by droves of employees now working remotely – officials at the Defense Information Systems Agency say the organization’s new cloud-based browsing tool boasts stronger security for the Department of Defense networks.
The Cloud Based Internet Isolation (CBII) program, which hosts internet browsing in an isolated cloud environment, transfers the traffic away from the user’s desktop or laptop device.
It is an especially important tool with personnel working remotely, safeguarding against potentially malicious code being downloaded to endpoints and infecting the broader network, officials said. Moreover, it works even if employees forget to connect to the virtual private network “to get to the DoD-specific stuff and they just go to Google or something and click around, they’re still protected,” Angela Landress, chief of Defensive Cyber Operations at DISA, told C4ISRNET.
Landress explained that when browsing the internet, visiting a single website can mean communicating with an average of 31 other websites, which often include advertisers. CBII hosts that connection in a separate cloud environment, meaning there’s only one line of code when looking at the source code of the website because its routed it to secure isolated vendor space.
Over the summer, DISA awarded an other transaction agreement with a ceiling of $198.9 million to By Light Professional IT Services. The program initially began with 100,000 users and is now up to 105,000 users. It is in the incremental enterprise adoption phase with plans to expand it to more users across the DoD.
Landress also outlined other measures DISA has taken to secure networks. These include increased identity management, multifactor authentication, refocusing of analysts to defend against cloud and internet threats and partnering with other federal agencies to defend against threats that aren’t part of DoD but can influence the workforce.
Landress declined to specify which federal agencies they’re collaborating with, but said DISA is working with those organizations and with internet access point owners to compare and contrast what has worked and what hasn’t.
Many of these efforts weren’t spurred on by the pandemic, Landress said, but they were accelerated as a result.
While she also declined to discuss threats to the network and how increased telework may present unique threats, Landress did mention the intangible effect of the human element.
“When you’re in a government facility around your co-workers you’re held to a standard and your security strategy is always reinforced.
"When you take almost 100 percent of that population and put them in their homes distracted by their families and TV and trying to be on conference calls with phones and cameras and all kinds of things nearby, the threat landscape changes because you’re introducing a lot more of that human element in,” she said. “When you’re in a government facility around your co-workers you’re held to a standard and your security strategy is always reinforced.”
She added that there isn’t any direct evidence these distractions have created a threat or lack of vigilance, but that teleworkers are opens to some distractions that don’t exist in the workplace.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.