Dispatch from DoDIIS 2017:  The Incredible Shrinking Decision Space

Here at the DoDIIS 2017 conference, we’re hearing a lot about the role of cybersecurity in so-called “fifth generation warfare” – a concept with direct…

Here at the DoDIIS 2017 conference, we’re hearing a lot about the role of cybersecurity in so-called “fifth generation warfare” – a concept with direct relevance to the power of DNS for network security.

In the fifth generation warfare concept, boundaries between the digital battlefield and the physical battlefield are blurred. Cyberattacks and kinetic attacks happen in tandem, with the goal of taking down critical networks to limit the opposing military’s ability to respond.

Lieutenant General Vincent Stewart, Director of the Defense Intelligence Agency, spoke about how this emerging type of warfare “shrinks the decision space” for any military or political response in the event of an attack.

In the cyber world, this often means constraining the enemy’s network availability when troops on the ground are acting. General Stewart used Russia’s actions in the Crimean peninsula as an example; as the “little green men” came in on the ground, Russia’s cyber warriors were constraining the Ukrainian government’s ability to respond effectively.

This kind of offensive cyber warfare rarely happens all at once.  Infiltrating an opponent’s network often takes place over time, simmering in the background until it is called to action (as it was in Ukraine).

In this environment, enterprise level DNS data is a critical tool for both preventing cyberattacks and establishing resilience when attacks hit.

Sitting at the core of the network’s architecture, a centrally monitored and managed Domain Name System can detect the subtle indications of a breach, “beaconing” pings of outside IP addresses, unusual transfers of data, and searches for sensitive areas of the network – signaling malicious activity. DNS also plays a critical role in network resilience, quickly identifying and annulling the impact of a cyberattack from the network’s core infrastructure.

With in active DNS-based security in place, DOD and intelligence IT security personnel can actively expand the decision space of the political leaders they support. General Stewart’s ideal network – “resilient and maneuverable” – has DNS at its core.

Critical conversations on critical infrastructure

Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.

Join the conversation

Read more

9 tech leaders’ advice on running a technology organization (part 2)

A compilation of 8 tech leaders’ (+ BlueCat CSO Andrew Wertkin) advice on driving innovation and achieving overall success as a tech organization.

Read more
9 tech leaders’ advice on sustaining business alignment (part 1)

Now that Season 1 of the popular podcast Network Disrupted has wrapped, it’s time to parse insights from the show and share them with you.

Read more
Temporary workaround for SAD DNS

Ahead of Linux’s patch taking effect, BlueCat Labs has a temporary workaround for protecting against the revived Kaminsky DNS cache poisoning attack.

Read more
IT pros debate: Should you DIY your DDI?

Five IT pros get real about DIY vs. enterprise DNS solutions during the second Critical Conversation on Critical Infrastructure hosted in Network VIP.

Read more