The Digital Air Force Initiative
is an effort to leverage data and applications at the edge, along with artificial intelligence and machine learning, to “field a 21st Century infrastructure responsive to the demands of modern combat.” Like other defense organizations, the Air Force aims to modernize its systems and move from siloed platforms to a connected network allowing fighters to access and share information quickly.
The move from platform-centric to network-centric operations is a heavy lift fraught with potential risks. Anytime an organization makes a wholesale move from a legacy, hardware-based infrastructure toward a software-defined network (SDN), there’s a heightened potential for creating additional security vulnerabilities.
Here are three strategies the Air Force should employ to ensure success:
Monitor, Discover, and Map All Endpoints, Including Those at the Edge
Collecting, analyzing, and distributing information at the edge of the network is a core tenet of the Air Force’s strategy. Maintaining the security of edge devices will be paramount. And while network monitoring
has been table stakes for some time, expansion to the edge of the network requires a more robust form of analysis.
Complete infrastructure visibility across the entire network, from the data center to the cloud to the edge, will become extremely important to ensuring information doesn’t get into enemy hands.
Prioritize Data Traffic and Establish Redundancies
To ensure high priority data reaches its intended recipients, the Air Force needs to determine what data is most important. Then, the agency should institute traffic prioritization rules for which information gets transmitted. If there’s a bottleneck, mission-critical data will automatically be sent while lower-priority information is held back.
Data traffic prioritization can be achieved by monitoring network throughput
and proactively measuring and optimizing traffic levels. Bandwidth can be adjusted and allocated accordingly to ensure the information needing to get through makes it to its destination.
Verify New Systems and Monitor API Connections
Connecting and verifying new systems can be particularly challenging. Many of today’s most popular and necessary technologies, like Application Programming Interfaces (APIs), tend to be multilingual, with the ability to connect to many different applications. The problem is many APIs are also vendor proprietary, and there are thousands of different APIs available.
Again, the Air Force must ask the question, “What data values do we want to definitely monitor?” and then expose those data values to their monitoring protocols. This will allow the organization to keep a close eye on the data the API is accessing and maintain a sound and secure operation.
Finally, the agency needs to do the things it’s already doing but go even bigger. Security tests and protocols need to be expanded to cover a much larger environment. The organization will also want to leverage automated security and monitoring controls.
At the end of the day, efficiency is what the Digital Air Force is all about—getting information to pilots more efficiently, so they can make decisions in the blink of an eye. Securing this information and monitoring the network, so it’s operating at top speed, are critical to the initiative’s ability to take flight.
Find the full article on C4ISRNET.