The Post-GIG Era: From Network Security to Mission Assurance
By Dr. Kamal Jabbour
| November 15, 2019
The shortcomings of the Global Information Grid (GIG) may be traced to a disconnect between cyber policy and technology, and an illusion that cyber defense contributes somehow to mission assurance. Therefore, it is necessary to look past the GIG to a future of affordable access and mission assurance. Prescriptive cyber policies have impeded the mission, as the compliance approach to security led to indiscriminate application of monitor-detect-react constructs to Information Technology (IT) systems regardless of criticality.
In this paper, we present a paradigm shift from cybersecurity through network defense to mission assurance through information assurance. We shift our emphasis from the illusion of building persistent security out of trusted components to the imperative of composing timely assurance out of untrusted components. We distinguish between national security missions and office automation applications and acknowledge the different risk calculus for missile defense versus online commerce. We advocate a shift away from the GIG towards commercial cloud solutions across all phases of the information life cycle, mathematical specification of mission requirements, and implementation validation through operationally realistic testing.
We propose a three-pronged strategy to assure national security missions in a contested cyber environment, focusing separately on legacy systems, current systems, and future systems. Each category brings unique technological challenges, with little commonality within the three categories. We advocate Tactics, Techniques, and Procedures (TTP) wherever applicable, commercial materiel solutions where a TTP-only mitigation falls short, and revolutionary Science and Technology (S&T) where TTP and commercial solutions prove insufficient.
Read More: The Post-GIG Era: From Network Security to Mission Assurance