Email this Article Email   

CHIPS Articles: DoD-Wide Windows 10 Rapid Deployment to Boost Cybersecurity

DoD-Wide Windows 10 Rapid Deployment to Boost Cybersecurity
By Cheryl Pellerin, DoD News, Defense Media Activity - March 9, 2016
WASHINGTON, March 8, 2016 — The Defense Department will deploy Windows 10 departmentwide by January to strengthen cybersecurity and streamline the information technology operating environment, according to a Feb. 26 memo by Deputy Defense Secretary Bob Work.

Work addressed the memo to secretaries of the military departments, the chairman of the Joint Chiefs of Staff, defense undersecretaries, defense agency directors, DoD field activity directors and other senior leaders.

“After consultation with department leadership and through discussions with the DoD chief information officer, I am directing the department to complete a rapid deployment and transition to Microsoft Windows 10 Secure Host Baseline,” Work wrote.

“This decision,” he added, “is based on the need to strengthen our cybersecurity posture while concurrently streamlining the IT operating environment.”

Strengthening Cybersecurity

The secure host baseline approach to the transition was developed in partnership with the military departments and other DoD components, including the DoD Chief Information Office, National Security Agency and Defense Information Systems Agency.

The deputy secretary directed U.S. Cyber Command, through U.S. Strategic Command, and in consultation with the CJCS and DoD CIO Terry Halvorsen, to lead the directive’s implementation.

“Because cyber technology and threats evolve rapidly, we recognize a critical need for accelerated acquisition and deployment of new tools and capabilities,” said Navy Adm. Mike Rogers, Cybercom’s commander. “The rapid deployment of the Windows 10 Secure Host Baseline throughout the DOD will be a demonstration of such agility.”

Halvorsen said the DoD-wide shift to a single operating system is unprecedented and offers several benefits.

“Transitioning to a single operating system across the department will improve our cybersecurity posture by establishing a common baseline,” the CIO said, adding that deploying Windows 10 also will help lower the cost of DoD IT.

Pass the Hash

DoD will transition more than 3 million Windows-based desktops, laptops and tablets to Windows 10, a cross-platform release that does not include mobile phones, David Cotton, deputy CIO for information enterprise said.

New security features in Windows 10 will help the department enable faster software patching, he said, and counter a major cyber-intrusion technique called “pass the hash.”

In this hack, an attacker accesses a remote server by using a stored hash, or a one-way transformation, of a user’s password rather than the standard plain-text password.

The operating system also will increase accountability and transparency across DoD networks, allowing cyber defenders to better detect malicious activity, Cotton said.

Critical Implementation

Work said in his memo that he expects the full cooperation of all critical implementation components, including DISA and NSA.

“DoD components are responsible for planning, resourcing and executing the Microsoft Windows 10 SHB deployment consistent with this memorandum,” he said, noting that the DoD CIO may update and refine the deputy secretary’s direction as needed during the implementation.

From his perspective as Stratcom commander, Navy Adm. Cecil D. Haney said that cyberspace underpins all his mission areas and has become a critical facet of national power.

“This transition is another step toward ensuring we strengthen our cybersecurity posture. It is also another example of a number of partners, including the DoD CIO, NSA, DISA, Cybercom and DoD components, successfully working together to ensure our networks are resilient and secure.”

For more information see Special Report: The DoD Cyber Strategy

Follow the Department of Defense on Facebook and Twitter!

Louisiana Army National Guard Lt. Col. Henry T. Capello, chief communications plans officer, trains members of the Cyber Defense Incident Response Team to defend the state’s cyber assets at Louisiana State University’s Stephenson Disaster Management Institute in Baton Rouge, Nov. 15, 2015. The team was created to respond to cyber events within Louisiana by securing and restoring affected networks and defeating threats. It is made up of soldiers and airmen who have technology backgrounds in both their civilian and military careers. Louisiana Army National Guard photo by Spc. Garrett L. Dipuma
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer