Army Lt. Gen. Paul Stanton, Defense Information Systems Agency director and commander of the Department of Defense Cyber Defense Command, has urged cyber professionals to shift from a reactive cyber incident response to a proactive mindset to better protect the Department of Defense Information Network from adversaries.
Speaking at a fireside chat at the recent HammerCon convention, Stanton stressed that cybersecurity is not about reacting to random incidents, but anticipating the moves of adversaries and imposing costs on them.
“Don’t randomly chase incidents. Don’t chase events. Think in context. Think about what the enemy is attempting to accomplish. Think about what missions are relevant to us. Think about where our missions and the enemy’s intent and capabilities overlap, and in the center of that Venn diagram, build your engagement area, and then beat the enemy,” the DISA director said.
Embracing a Warfighting Mindset in Combating Cyberthreats
Stanton highlighted the need to view cybersecurity through a warfighting lens and the importance of applying warfighting principles to cyber defense, prioritizing missions, identifying enemy intent, and focusing resources on defending what matters most, drawing on his military experience, including leading soldiers in combat during the initial invasion of Iraq.
“Attempting to defend everything effectively defends nothing, because you spread yourself too thin,” said Stanton.
To enhance DODIN security further, Stanton recommended modernizing the architecture and developing a workforce with the skills to operate the network. He described DODIN as a weapon system that requires rigorous training and a certain level of understanding, noting the complex process associated with the configuration of a zero trust environment.
“If you don’t understand the tools that are inherent to it, then you’re not going to configure it right,” the DISA director explained. “If you don’t configure it right, then you’ve wrapped yourself in a false blanket of confidence that you have security.”
