Think about it – students currently making their way through high school and college have never known a world without laptops, smartphones, email and text messaging, and instant access to the internet. Their world is mobile and they expect to be able to access the information they want or need in seconds.
Contrast this with the day of a typical US Department of Defense or intelligence worker working with classified information, where network access is only possible after walking through the secured doors of a concrete building, logging into a computer with a dedicated line no access to other information outside the network while working.
The two are worlds apart – and that’s a big problem when it comes to recruitment and retention. On the one hand, there is a need to protect American citizens and data from cyber attackers trying to disrupt our way of life by locking down networks and access within a building. On the other side are the best and brightest talent who will bring innovative solutions to our nation’s defense and security organizations that expect flexible remote access – and can easily find it in the private sector.
In order to maintain our status as a global power and stay one step ahead of our opponents, we must strike a balance between the two. To do this, the way we work in the Department of Defense and the IC must change.
What is the Commercial Solutions for Classified program?
The federal government is aware of the importance of remote access for the fulfillment of the mission goals now and in the future. Agency leaders are looking to the private sector for technology that will help them maintain the highest levels of security while meeting the needs of today’s workforce for easy access—and that can be implemented quickly. To support this, the National Security Agency has developed the Commercial Solutions for Classified (CSfC) program.
CSfC is based on the principle that properly configured and layered commercial IT solutions can provide adequate protection of classified information in a variety of applications. Under CSfC, secure access to classified information is no longer tied to the hardwired computer housed in a concrete building. An approved CSfC solution allows people who need access to classified information to work anywhere.
To meet strict security standards, the NSA has released four solution-level feature packs under CSfC:
· Mobile access
· Campus Wi-Fi
· Multi-site connectivity
· Data at rest
Taking this a step further, the NSA works with government and industry technologists through the National Information Assurance Partnership (NIAP) to develop and publish product-level security requirements that fall under each feature package.
Use cases for function packages
Innovative solutions are endless, but there are some immediate use cases that can be addressed by industry through the CSfC program. This includes helping field workers access classified networks so they don’t have to drive to a safe location to enter investigative notes or conduct investigations. Another example is the implementation of wireless capabilities on DoD and IC campuses, allowing employees to bring their devices to different locations on campus to get work done — or simply use their mobile devices to connect while to report to their families at work.
Make the change
Implementing a CSfC solution enables the highest level of security and flexible remote access. Here are some things that DoD and IC technology teams should consider when evaluating CSfC solutions:
“Good enough” with security protocols is not an option with the NSA. After all, it’s about access to secret information and our national security. Teach your team to stay alert—no default passwords, no easy workarounds. Stay alert and always disciplined.
Just do it
Not all CSfC solutions are created equal. Agencies go this route to improve the lives of their employees. Implementing solutions that are too complex can have unintended consequences – at worst, it forces employees to find an unsafe workaround. When implementing a CSfC solution, evaluate the usability.
Make sure it’s scalable
CSfC solutions are just like other enterprise IT solutions – you want them to be able to scale as your agency grows and its needs change.
Do your due diligence
Research the options. DoD and IC agencies have the same goals. If a solution works for a team, consider how you can leverage similar functionality.
Resist going it alone
When reviewing the performance package, there will be known elements that could lead to the temptation to build the CSfC solution in-house by assembling the components. This is extremely difficult and very time consuming. CSfC is based on the principles of multi-layered security. It’s difficult to get all these layers right and retool standard solutions to meet the stringent CSfC standards.
To get the results you want in a timely and cost-effective manner, turn to vendor partners experienced with NSA security protocols and the CSfC feature packs. A balance between security and flexible access is achievable and will directly support recruitment, retention, effectiveness and ultimately mission outcomes.
Jimmy Sorrells is President of INTEGRITY Global Security, a DoD and IC community partner.
have an opinion?
This article is an op-ed and as such the opinions expressed are those of the authors. If you would like to reply or have an editorial of your own to submit, please do Email Kent Miller, Managing Editor, Military Times.
Want more prospects like this sent directly to you? Subscribe to our comment and opinion newsletter weekly.