Pentagon’s Transition to Windows 10 Yields Increased Cyberdefenses, CIO Says

SAN FRANCISCO — It’s no surprise the Defense Department with its treasure trove of data is constantly blitzed by hackers and cybercriminals. But despite the sophistication and velocity of the threats, the Pentagon’s cyberdefenses can easily withstand “a terabyte of death” — or even more — as one senior official put it earlier this year.

So, how is DOD, the largest federal agency, able to pull that off?

The migration to Windows 10 was a key part of hardening cyberdefenses, said Essye Miller, DOD’s chief information officer. She spoke April 16 to a crowded room at the Marriott Marquis, as part of Carasoft’s Public Sector Day in San Francisco. The event runs in conjunction with the RSA Conference.

The Pentagon rapidly deployed Windows 10 departmentwide in January, and March 31 marked the first time nearly 95 percent of DOD was on a single operating system, Miller said. (The Pentagon planned in November 2015 to implement Windows 10, but was unsuccessful in doing so across the entire department.)

“If that doesn’t give us a foundation for security posture, I’m not sure what does,” Miller said.

The migration was no small task. DOD has 3.4 million users, data in over 1,000 data centers and more than 500 cloud initiatives across the department.

But one operating system was a nudge in the right direction.

“We had to start somewhere to get a common framework,” as Miller said.

Although DOD shares threat information with the departments of Justice and Homeland Security, Miller called on the private sector to reach out, because “the key is to make sure we can partner with all of government and all of industry — this is a team sport.”

That collaborative approach was evident in preventing the spread of WannaCry last May. The ransomware wreaked havoc across the globe, targeting machines running Windows operating system. The cryptoworm encrypted users’ data, and held it hostage until a ransom was paid in bitcoin.

Despite its destructive path worldwide — 150 nations were affected — U.S. federal systems were spared of WannaCry. The White House has fingered North Korea as the culprit behind the malicious code.

“That information (about the malware) that we got would not have been readily available to us had it not been for some of the key partnerships we have with industry today,” Miller said.

The recent appointment of Suzette Kent as federal CIO, a title previously held by former Disney executive Tony Scott, also lends itself to more opportunity for collaboration within government.

“You’ll see an alignment between her office, DHS and DOD — anyone see the trend there?” Miller said. “The largest government agencies partnering not only on IT modernization but how we get to the heart of the threat and the vulnerabilities we need to deal with.”

Because, as Miller so well knows, the recipe for multifaceted, hardened cyberdefenses comes down to working closely with others. No island — even one the size of the Pentagon — can go about it alone.