Secure telework capabilities top DISA's 2021 plans

The Defense Information Systems Agency is looking at "gray networks" and expanding its cloud-based internet isolation browser solution to email.

shutterstock ID ID: 1700010517 By Tama2u
 

Telework and cybersecurity tools top the Defense Information Systems Agency's priorities for 2021, including adding onto its cloud-based internet isolation browser solution that created an air gap between internet traffic and DOD's network.

Steve Wallace, DISA's systems innovation scientist for the emerging technology directorate, said the plan is to take CBII's technology and apply it to email and attachments in fiscal 2021.

"Now we're thinking we can take some of those same technologies and apply them to the problem around email and attachments," Wallace said during the virtual AFCEA TechNet Cyber conference Dec. 3, adding that DISA is still trying to understand that space.

DISA is also exploring the potential use for a "gray network," which is separate from the Commercial Virtual Remote environment, to enhance classified telework capabilities, Wallace told reporters.

"The purpose behind a gray network is when we get in the commercial solutions for classified (CSFC)," Wallace said. "It's very thin; users don't actually live there. It's really a stopping off point for traffic," adding that gray networks require two virtual private network solutions, where the outer VPN terminates in the gray network while the inner VPN "continues its way back up."

The developments come as the Defense Department plans to move CVR, the Microsoft Teams based teleworking tool for DOD, to a permanent capability in 2021 and the demand for classified remote technologies -- or at least tools where people with various classification levels can collaborate -- increases.

Demand for secure teleworking tools is expected to continue trending up amid the coronavirus pandemic, but Wallace said that there wasn't a releasable date for when the gray network capability would roll out. (DISA is also working on a classified prototype that uses virtual mobile infrastructure that could wrap up in 2021, he said during the conference.)

"We expect the demand to continue as well and we're working very hard. I don't have a date that I can announce right now on it, but we are working really hard to get something delivered as quickly as possible because we do realize the urgency in it."

In addition to classified telework tools, DISA is also looking at encrypted traffic analysis, looking for anomalies to help better detect malware, as well as potential alternatives to network perimeter security using zero trust security concepts, Wallace said.