Defending the evolving 21st century battlefield
Today’s battlefield is not just a physical space populated with assets such as fighter jets, tanks and destroyers. Bits are as important as in battle. A significant portion of today’s arsenal is composed of IT devices, software, servers and other technologies that any large enterprise relies on. In addition, weapons and communications systems are digital, connected, data-intensive and potentially vulnerable to hacking.
Securing the nation involves securing those technologies as well. And that’s a daunting task that will only get harder as artificial intelligence (AI), quantum computing and other potential game-changers are deployed. How do you secure all that? The answer involves a process with many moving parts.
At the U.S. Department of Defense (DoD), that process starts with a Security Technical Implementation Guide (STIG). STIGs will play a major role in fulfilling security initiatives such as the Zero Trust Architecture directive from the White House. Lumen already performs STIG hardening services for several DoD agencies and commands. We are now making this service available across DoD.
A roadmap for a never-ending journey
A STIG is a configuration standard consisting of cybersecurity requirements for specific devices. These guides, when implemented, provide optimal security for software, hardware, physical and logical architectures to further reduce vulnerabilities. Advanced STIGs cover the design of a corporate network, involving configurations of routers, databases, firewalls, domain name servers and switches. STIGs also describe maintenance processes for software updates and vulnerability patching. These ongoing updates are crucial to maintaining the security of any technology since cybersecurity is an arms race of sorts between good actors and bad actors.
The DoD produces STIGs for all technologies in their network architectures. But, as I said, the STIG is just the first part of the process. The “I” stands for “implementation” and that’s where things can get complicated.
How many desktop systems does a given military base have? How many mobile devices? How many commands operate out of that base, each with unique applications? We can multiply these questions across all facilities, all commands and all technologies. You have to identify all your resources and then match them to their appropriate STIGs.
STIGs can be highly specified, such as those that apply to a given hardware device. They can also be broader in scope, encompassing multiple systems and the ways they are used. For instance, there are STIGs involving “information security” that touch on many devices, applications, data types and practices surrounding them. These STIGs must be interpreted by someone who understands the relevant technologies, their uses and the real intention of the details in the STIG. That knowledge is crucial to understanding the various categories of issues (think of them as green, yellow, and red for severity) and how they apply in a given situation.
And once you have all that information, there is the remediation phase of implementation. But it doesn’t end there. Every update of the technology could drive an update of the STIG that applies. Monitoring the status of everything you have is an ongoing requirement. And, of course, new technologies are always being introduced with their own STIGs and their own versions of this same process.
The scope and scale of managing STIGs create a daunting process. Those obligations come alongside the mission of securing the nation.
The Lumen approach
This process has many moving parts, complicated by the difficulty of finding and keeping security experts in the midst of the war for talent. What if some portion – or all – of this process could be handed off to a trusted partner? That’s the idea behind the Lumen STIG as a Service (STIGaaS) offering.
Lumen security experts can take care of as much or as little of the STIG process as agencies and commands need. If you know your inventory and requirements, we can do the remediation, ongoing monitoring and maintenance. We can do the upfront inventory and STIG evaluation and leave the ongoing part to you. Or we can do it all while you keep the nation safe. We can keep you STIG-compliant with new technologies because of our deep relationships inside the technology industry. In the cases where commands are already working with Lumen on larger projects, we may be able to deploy technologies that are already STIG-compliant out of the box.
STIGs are now part of securing the nation. They require expertise, constant investment and the vigilance to ensure they are interpreted correctly, updated constantly and evolved correctly as new technologies join the arsenal of national defense. The STIGaaS model accomplishes those goals with a trusted partner, freeing up DoD resources to focus on their mission.
Learn more about our integrated security solutions.
This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue.