Plunkett, director of the National Security Agency’s Information Assurance Directorate (IAD), unofficially kicked of the summit with an early morning session titled “Information Assurance: Strengthening the Defense”.
Speaking about IAD’s mission, Plunkett said it must “play defense the entire time – not just when it counts”. This must be done at the same time that the agency faces increases in threats and capabilities, with the added increase in demand for the services the IAD provides.
The NSA’s IAD is responsible for the agency’s information security, including R&D for information assurance products and services that safeguard national security systems (largely classified) in the US. This also includes systems used for military and intelligence operations.
Plunkett has been encouraged by a recent trend she has witnessed in her time with the NSA, a tenure that began back in 1984. “The good news for me as security professional is that, unlike ever before, we have customers in the national security systems community that are asking for security.”
She recalled a time, not too long ago, when there was no welcome mat to be found when the IAD came knocking on a particular agency’s door. “Today, the demand signaled for our products and services is literally off the chart”, Plunkett said. “We can’t keep up with the demand, which means we now have a workforce that is much more aware”.
This same workforce, far more security savvy and perhaps a bit scared about the evolving threat environment, is also more demanding. And as Plunkett shared, the public sector – even those in the intelligence circles – are demanding to use consumer-based devices within the government’s classified networks.
“[Confidential, secure mobility] is our number one challenge today, and I would say it is the requirement that I am being asked most about no matter where I move throughout the government”, the IAD director said.
The challenge for IAD in this area, Plunkett continued, is to allow commercial smartphones and tablets to access classified networks at the highest levels, and it’s a problem the IAD has been working on for more than two years when the NSA director expressed his desire to access to the agency’s top-secret email using a consumer-based device.
“It’s a small task”, Plunkett said jokingly, prompting a rumble of laughter from the rather red-eyed crowd gathered to hear her speak early this morning. But it’s the same type of call coming from executives outside the public sector, who are demanding the use of consumer devices within their own enterprises.
The IAD then stood up a research lab to tackle the challenge, a luxury that not many enterprises would have. But after two years, continued Plunkett, the NSA is finally piloting its mobile security solution for smartphones and tablets.
“It’s not been without challenges”, she said. “There is nowhere I go today that I don’t get asked about secure mobility and what are our prospects for delivering. The fact of the matter is that we have to deliver because the demand signal is as strong as it gets – from the highest levels of our government.”
Plunkett closed by expressing what is perhaps the largest change in federal IT security that anyone could observe over the last decade: “What our customers are demanding is what we have not historically felt so obligated to deliver – that is, user experience.”