14
Unclassified//FOUO Cyberspace: A Fragile Ecosystem 1 Robert F. Lentz Deputy Assistant Secretary of Defense Cyber, Identity and Information Assurance
Unclassified//FOUO
Cyberspace: A Fragile Ecosystem
1
Robert F. Lentz Deputy Assistant Secretary of Defense
Cyber, Identity and Information Assurance
Unclassified//FOUO
Dependence on Cyberspace
2
UNCLASSIFIED
UNCLASSIFIED
Unclassified//FOUO
Waves of IT Industry Growth in the Information Age
Source:DavidMoschella,“WavesofPower”,1997
Looking Ahead . . . Looking Back
Grosch’sLaw
Moore’sLaw
Metcalf’sLaw
LawofTransforma4on
Systems Systems ‐ ‐ Centric Centric
PC PC ‐ ‐ Centric Centric
Network Network ‐ ‐ Centric Centric Content Content ‐ ‐
Centric Centric
10000
1000
100
10
1 1970 1980 1990 2000 2010 2020 2030
Num
berofUsers(M
illions)
Systems Systems ‐ ‐ Centric Centric
PC PC ‐ ‐ Centric Centric
Network Network ‐ ‐ Centric Centric Content Content ‐ ‐
Centric Centric
10000
1000
100
10
1 1970 1980 1990 2000 2010 2020 2030
Num
berofUsers(M
illions)
Unclassified//FOUO 4
Looking Ahead . . . Looking Back (alternate story)
Unclassified//FOUO
Paradigm Shift
Unclassified//FOUO
Are you a Starfish or a Spider?
6
UNCLASSIFIED
UNCLASSIFIED
Starfish Peered Adaptive Resilient
Spider Hierarchical Resists Change Fragile
Unclassified//FOUO
Time & Environment
Content & Services
Individuals, Organizations, Equipment
Cyber Risk Management
Cyber
Information
Identity
Unclassified//FOUO
Vignette: The Recapture of Fallujah
8
UNCLASSIFIED
UNCLASSIFIED
Unclassified//FOUO
Vignette: World War II Cryptography
9
UNCLASSIFIED
UNCLASSIFIED
Unclassified//FOUO
Shift in Strategic Focus
FROM TO
• Protect Information • Ensure Operational Success
• Static Pre-Placed Defenses • Dynamic Network and Information Operations
• Proprietary Point Solutions • Policy-Based Enterprise
• People Intensive • Integrated Services
• Fragile Information Technology • Resilient Cyber Ecosystem
Unclassified//FOUO 11
Speed of Action
Secu
re In
form
atio
n A
cces
s E E
C C
D D
A A
A A B B C C D D E E
B B
Resilient
Reactive & Manual
Tools-Based Interoperable Policy-Based
Security administrators follow
rules and do their best to “put out fires”
Tools and technologies are applied piecemeal to assist people in
reacting faster
Loosely integrated tools exchange data to
assist people with cyber situational
awareness
Resilient The enterprise
instantiates security policy,
illuminates events and helps the operators
find, fix, and target for response
Enterprise optimizes service to user by to dynamically isolating
and containing effects – including in supply
chain and underlying infrastructure
Toward a Resilient Cyber Ecosystem
Unclassified//FOUO
Trends, Challenges, and Opportunities
• Strengthen Network Underpinnings • Assure Software & Systems • Managing Attack Surfaces • Reducing Anonymity • Improving Cyber Awareness • Automating Security Content • Mission Based Architectures
Unclassified//FOUO
It’s not just about technology . . .
106 Colleges & Universities in 38 States & DC
National Centers of Academic Excellence in Information Assurance Education
The US Cyber Challenge – discover, train and recruit the best talent in the country
Unclassified//FOUO 14
UNCLASSIFIED
UNCLASSIFIED
Culture Change for Cyberspace . . .
