3 Practical Case Studies for Gov’t Network Innovation in the Cyber Domain
Renee Reinke (@Renee_Reinke) leads Ciena's vertical marketing for government and public sector networks on a global basis, and has a background spanning engineering, product management and product marketing at several tier 1 U.S. service providers.
Last week a new research report from security benchmarking firm SecurityScorecard placed government networks dead last in a ranking of industries most vulnerable to cyber-attacks. While certainly a dubious indication of the state of government networks, it may not be all that surprising considering the unique challenges they face.
Even with the growing use of cloud services, the shift towards virtualization, and the increasing frequency and sophistication of cyber threats, government network operators’ ability to pivot often gets mired in the challenge of legacy network complexity and the need to support critical legacy applications. These legacy networks can prolong service delivery times, require operational costs be over-rotated towards maintaining legacy systems, and increasingly challenge the ability to maintain cyber resiliency across a vast expanse of network infrastructure components.
While government organizations recognize the mission impacts caused by these challenges, many solutions involve a “maintaining the status quo” approach to how networks are architected and managed. This phenomenon has less to do with an aversion to change and more to do with resource and budget realities.
But innovating in the cyber domain doesn’t necessarily require a complete network overhaul or a disruptive shift in network design. Let’s take a look at three use cases for innovation in the cyber domain—each of which doesn’t require massive resources or re-architecture, but does have a significant impact on mission readiness:
1. Leverage a Future-Proof Infrastructure to Modernize Networks
The Challenge: Today’s government networks are often a combination of SONET, Ethernet, and IP infrastructure components, much of which is at or nearing the end of its lifespan. While this infrastructure is considered difficult to support, it still plays a critical role to the mission. As a result of aging architecture, adding capacity is often unfeasible, leading to the creation of additional networks to support new applications.
The Solution: A converged packet-optical solution can replace end-of-life equipment or upgrade bandwidth while still supporting legacy systems and applications. Existing fiber can be leveraged to implement a converged Packet-Optical network that provides transport of legacy TDM and IP traffic, as well as full layer 2 capabilities and SONET-like resiliency of five 9’s availability with < 50ms restoration. Additionally, optional integrated OTN capability provides protocol-agnostic bulk traffic transport and the ability to provision timeslot-segmented point-to-point services for diverse customer needs. In this scenario, encryption can also be added at the transport layer to ensure full data protection.
2. Enable Automation & Service Agility
The Challenge: Government networks are often a mix of disparate systems and networks with a plethora of vendor hardware. These factors make provisioning complex, increasing the opportunity for human error, slowing the speed of service delivery, and significantly impacting readiness.
The Solution: An SDN-driven service orchestrator makes the automation of provisioning services across network layers, infrastructure vendors, and domains possible. Templates can automate provisioning so that service delivery takes minutes, not weeks. Complex networks can then be managed through a “single-pane-of-glass” view that dramatically improves visibility into the network, thereby improving cyber resiliency. Additionally, overall operations costs are reduced, leaving more budget allocation for innovation initiatives.
Also, with NFV, a single, x.86 “white box” at each mission partner location can receive a software push that provides the same capabilities as the individual, specialized boxes. The controlling authority would then have the ability to add, change, and remove applications as needed, and specific profiles can be created for specific missions or specific mission partners.
3. Leveraging the Network as a Cyber Defense Tool
The Challenge: The network is a wealth of “big data” information, collecting millions of bits of information on the network state every second. Unfortunately, this data sits within multiple vendor devices and systems and is not, today, usable. Instead, we rely on the most simplistic network signals to alarm network discrepancies—often after a breach has occurred.
The Solution: With SDN, various points in the cyber event chain—breach, reconnaissance, and exploitation—become both an indicator of events and a response mechanism. The flexibility and responsiveness of the network becomes a defense, as well as an offense to combat denial-of-service-type attacks, especially as these attacks evolve toward cloud type services.
Supplemental network capabilities, and sensors coupled with dynamic provisioning capabilities, open the door to an extremely resilient active defense focused at the lower layers. With active defense, the network can adjust its performance profile characteristics—including different network compositions, depending on threat environment. Additionally, the network resource allocation mix can be adjusted in accordance with the threat environment, while flow table policies can be adapted. This creates, in essence, policy-based—programmable—network defense.
As demonstrated in these three use cases, innovating in the cyber domain doesn’t require a complete network overhaul or a disruptive shift in network design. Instead, it simply requires that we reconsider the traditional views on network architecture and evolve our way of thinking as we start down the path towards modernization. Every day, new network technologies make the unthinkable possible; it’s time to make the migration to a modern government network. Ciena is here to help you do it on your terms.