News & Media

One federal agency's approach to securing their top-secret intelligence network

Written by Matt Malarkey | April 18, 2024

All federal agencies have been making strides towards a zero trust architecture to comply with the Executive Order (EO) 14028, "Improving the Nation's Cybersecurity", issued in 2021 by the Biden Administration. The EO acknowledges the importance of protecting the US Government networks, and so requires federal agencies to take immediate action to improve their cybersecurity. But the need to meet the mandate isn’t the sole reason that agencies must implement a zero trust architecture; the increase of sophisticated security threats have made adopting zero trust architectures imperative.

Implementing zero trust is particularly important for US government agencies that handle classified data and information, as they are often targeted by the most sophisticated attackers. So, it’s not surprising to see that some of them are leaning into incorporating zero trust as part of their network modernization efforts.

A great example of this is the Defense Intelligence Agency (DIA), who are now in their second year of commitment to modernizing the federal government's top-secret intelligence network – JWICS, the Joint Worldwide Intelligence Communications System. The DIA’s modernization focus for this year is on the continuous assessment of networks, addressing the growing issue of insider threats, hardening interior network devices, and implementing zero trust security.  

The importance of hardened routers and switches for secure networking 

As the DIA continues their efforts to modernize JWICS and enhance cybersecurity measures, its commitment towards the adoption of a zero trust architecture reflects a forward-thinking approach to cybersecurity and safeguarding the classified information on their networks.  

Appropriately hardened and properly configured infrastructure devices are foundational to zero trust-based network security, as this keeps unauthorized users and devices segmented from critical data, applications and systems. Indeed, whilst a lot of focus has traditionally centred on perimeter (firewall) security, switches and routers (interior devices) are increasingly seen as the ultimate mitigating control in containing threats, stopping lateral movement and preventing privilege escalation – in the event that the perimeter is breached.   

This is why the DIA is prioritizing hardware as part of the JWICS modernization effort, ensuring the reliability and resilience of the network – from the perimeter to the interior – in the face of evolving threats.  

Continuous assessments of existing local networks 

Network infrastructure devices are inherently complex that need to be configured in a hardened manner, and changes to their configurations due to planned or unplanned activities (accidental or nefarious) can leave networks vulnerable to attack. Therefore, assuring their security is critical. Yet, many organizations have traditionally approached assessing the security of network appliances on an ad hoc basis.  

Recognizing this approach is insufficient when defending against today’s most advanced cyber threats, Doug Cossa, DIA's Chief Information Officer, highlighted the shift towards continuous cybersecurity assessments through the JWICS Cyber Inspection Program (JCIP). Unlike traditional one-time assessments, this program seeks to ensure ongoing monitoring of local networks connected to JWICS, addressing a wide range of cybersecurity measures – from user account management to hardware integrity and patching protocols. 

Proactively assessing devices in light of any configuration changes – whether planned or unplanned – is also critical to maintaining a secure posture and ensuring that no new vulnerabilities have been introduced into the network as a result of the change. Indeed, alerting to any configuration changes in and of itself can also help identify potential indicators of compromise, including those representatives of nefarious insider activity. 

The need for automation tools 

So, the continuous assessment of network infrastructure devices is a focus for the DIA, and should be likewise for all US government agencies, as they more towards zero trust networking and to ensure security against current and future threats – from both outside and within. But, even the most forward-thinking organizations require the right tools to implement continuous auditing and attack surface analysis to support their zero trust security strategies and defend their network from preventable attacks. 

Specialising in router, switch and firewall security, Titania is uniquely positioned to help organisations move beyond a perimeter-focused approach to network security. With this focus on strengthening networks from the inside-out, Titania solutions provide organizations with the practical capability to continuously and accurately assess the security and compliance status of every device configuration, as well as determine which devices are at risk of exploitation. And where misconfigurations are detected, it produces risk-prioritized findings and remediation guidance to expedite securing the network. 

Learn more about how Nipper solutions can help your organization to strengthen networks from the inside-out here.