Security is a cross-cutting perspective in Enterprise Architecture, but I treat it as its own EA perspective because of its importance. And this is especially true in a law enforcement and defense readiness organization.
While security in EA is generally of a defensive nature, we must remember that as a nation, we must be ready to not only defend ourselves, but also to launch offensive operations and take out the enemy.
According to Military Information Technology Magazine, 9 April 2008, in an interview with Major General William T. Lord, the Department of Defense is standing up a new Cyberspace Command in the U.S. Air Force.
Why do we need this new Cyberspace Command?
There are many threats to us that emanate from cyberspace that include:
- Cyber-criminals—looking to steal your identity or your money
- Cyber-terrorists—“wants to disrupt, dissuade, or deter us from doing something
- Nation States—“some of which are out to interrupt U.S. interests anywhere in the world.”
Cyberspace is a dangerous place, especially if you’re DoD; they “get about 3 million attempted penetrations” a day!
This is why defense in depth is so important, so that if an enemy manages to get through the perimeter of our network security, we can still stop them at the second or third tiers of our defensive capabilities.
In terms of offensive capabilities, sometimes you have to take the battle to the enemy. At times, it is necessary to “disrupt an enemy prior to the conduct of kinetic combat operations, [so] that the enemy could not figure out what its command and control system was, had false data, could not see an attacking force, and was making decisions based on information systems that been manipulated in advance of combat operations.”
To architect the defensive and offensive cyberspace capabilities necessary to combat our enemies, it is imperative to continuously build information sharing and partnership between the parties involved, such as the Departments of Defense, Homeland Security, Justice and the Director of National Intelligence. This is a core tenet of user-centric EA.
Just as we invest in the latest and greatest kinetic weapons to defeat our enemies, we must also invest in non-kinetic weapons including “our electronic warfare, space systems, and cyber-systems. As Major General Lord, stated: “it’s not always about destroying things, but about changing behavior, so that an enemy concludes that the costs of whatever they had in mind is too great and will stop. [Then again,] sometimes you have to be able to whack somebody in the nose.”