The national security landscape is rapidly evolving, and agency leaders must navigate complex, often conflicting challenges. Agile and capable adversaries and expanding attack surfaces raise the cost of managing cybersecurity while government budgets are tight. Reliable connectivity is essential to a workforce often dispersed around the globe, and the criticality of the mission raises the security bar.
“National security has a different risk posture they’re managing against because the data they’re operating with is just so critical, and a lot of it is classified,” said Richard Durand, client executive vice president at AT&T. “As a result, they have reduced risk tolerance when it comes to their data and protecting it.”
On top of these challenges, national security agencies, like all federal agencies, face a cybersecurity workforce shortage significant enough to prompt executive action. This talent shortage has prompted many industry leaders to increase their collaboration with government partners to secure and modernize agency networks.
“The federal government is not a homogenous organization,” Durand said. “There are government-owned networks that are contractor-operated. And there are contractor-owned, contractor-operated networks. Because of budget limitations, we frequently see agencies focus their limited resources directly on the mission while contracting with experts to manage their networks.”
Jill
Singer
Vice President of Federal Solutions
AT&T
"National security community CIOs and technical leaders frequently want to look under the hood to gain a deeper understanding of commercial technologies,” Durand said. “We bring in our expert technologists, show the agencies how advanced commercial networks operate and how we deploy and operate software-defined networking across our global network architecture, so they can feel more comfortable using it in support of their critical missions."
Richard Durand
Client Executive Vice President, AT&T
National security network modernization brings unique challenges
Expanding attack surfaces, tight budgets and classified data create hurdles for national security agencies. The right partners can help balance security and innovation.
Learn More
Those experts include thousands of AT&T employees operating networks and IT infrastructures for federal government agencies on and off their premises. Like all federal organizations, national security agencies often need help to fit large-scale modernization into a fixed budget. At the same time, they must contend with their unique complexities and mission requirements.
“They frequently operate in austere environments; a lot of their missions are not conducted here in the U.S.,” Durand said. “They operate globally and need to communicate globally while finding ways to defy their budget challenges and still meet the needs of their agency's workforce in support of the nation. And that is where we can help.”
It’s a task that often includes upgrading legacy or end-of-life software and equipment — technology that in some instances can be quite dated. Some are still using time division multiplexing (TDM) networks, for example, and are working toward transitioning to Internet Protocol (IP). While national security agencies did not shift to remote work on as large a scale as the rest of the government due to the classified nature of much of their work, they did incorporate more video conferencing, resulting in increased workforce productivity, but with significantly increased bandwidth requirements.
The disaggregation of hardware and software can also help reduce costs and increase flexibility. Still, some of those cost benefits are often offset by the need to consume significantly more bandwidth, according to Durand. Furthermore, government transformation naturally lags behind the commercial sector, thanks to many regulatory, compliance, and security issues agencies must navigate. This combination can make technology adoption difficult.
“National security community CIOs and technical leaders frequently want to look under the hood to gain a deeper understanding of commercial technologies,” Durand said. “We bring in our expert technologists, show the agencies how advanced commercial networks operate and how we deploy and operate software-defined networking across our global network architecture, so they can feel more comfortable using it in support of their critical missions.”
Emerging technologies
Software-defined networking (SDN) is a critical tool that can help agencies exponentially increase bandwidth without exponentially increasing their budgets.
In December 2023, the National Security Agency released an information sheet entitled, “Managing Risk from Software Defined Networking Controllers (SDNCs).” Though it highlights multiple angles through which SDNs increase attack surfaces, including the SDNC and any endpoints it manages, it also highlights that “SDNCs enhance the network environment through dynamic command and control of network devices and access to applications.”
“Software-defined networks for providers like AT&T are an evolution of our network to support the exponential bandwidth our national security customers require,“ Durand said. “Any new technology has two sides of the coin, often great benefits and almostjust as frequently, increased risks.”
There are steps and protocols to help mitigate the security risks posed by new attack surfaces while reaping the benefits of SDN. They include network segmentation, implementing granular access control, and many of the same principles that fit under Zero Trust, which is not a singular solution or tool but an overall architectural approach.
“People sometimes want to buy Zero Trust off the shelf, like it's ‘Zero Trust in a box,’” said Jason Tolbert, vice president of federal operations at AT&T. “But Zero Trust is a philosophy and a framework. It’s going to be custom for every agency. It's more like a methodology — you build it into your applications, you build it into your network infrastructure, you build it in overall.”
By developing relationships with industry partners, national security agencies can work around heightened security concerns, dated regulations, and compliance issues to fit learnings from the commercial space to their unique needs. In a time of cyber and IT worker shortages, professional and managed services can help close gaps.
“Agencies can collaborate with industry partners like AT&T to identify network solutions that are innovative, and allow you to implement the new technology with the confidence that you’re still safe, secure and capable of executing the mission,” said Jill Singer, vice president of federal solutions at AT&T. “Take your government personnel — who are technically strong, steeped in the mission, and know the mission language of what they're supporting — and connect them with technology-centered professionals from a company like ours so you can increase the capacity of the entire IT department.”
Take 5G, for example. It’s another innovative, rapidly expanding technology that can carry a certain amount of risk. The national security community needs to use phones or other mobile communication methods when they are outside agency compounds and operating around the world. At the same time, they need to maintain the integrity of classified information, which can be impeded by using existing and newer means of mobile connectivity. Despite frameworks like the NSA’s Commercial Solutions for Classified, which are intended to accelerate solution delivery and implementation, modernization for highly sensitive, classified networks can take longer as risk mitigation is harder.
“The Intelligence Community is being very deliberate in adopting new wireless technologies because of security concerns,” Durand said. “They are keenly aware of the vulnerabilities wireless devices introduce. Conversely, national security agencies remain highly interested in advanced wireless communications capabilities because of their global missions.”
Experimental programs like those planned for the National Geospatial-Intelligence Agency’s new St. Louis, Missouri-based campus, Next NGA West, serve as pilots for the overall national security community. Next NGA West, plans outline a “mobile and connected work environment.” The campus will also include an innovation center to “serve as a collaboration lab with a flexible environment for emerging technology, such as application development with nontraditional partners.”
“For our mission customers, we’ve been very engaged to provide the mobility they need — Wi-Fi, LTE, and now 5G,” Durand said. “Spectrum is a foundational element of mobile networks. Right now all of the talk is about 5G, but the next Gs are on the horizon and we need to be looking ahead.”
Click here to learn more about how AT&T can help national security agencies strike a balance between innovation and security.
As agency leaders consider transformation, their focus often centers on modernizing both local area networks (LAN) and wide area networks (WAN), according to Matherne. The LAN discussion has been significantly impacted by recent changes in the way government employees work.
“[Prior to Covid-19], they were plugged in directly to an ethernet cable in the office and working,” Matherne said. “When they had to go meet with folks that weren’t directly adjacent to them, they picked up the telephone or they had a conference call.”
The sudden shift to remote work sent employees home with laptops to meet on video. Even now, as more employees return to offices, most are still in the habit of jumping onto Zoom or Microsoft Teams instead of the phone.
“What becomes apparent very quickly to federal leaders is that the office environments and LAN networks of 2019 do not support the expectations and the traffic profiles of federal employees of 2024,” Matherne said. “There's a tremendous gap there, and modernization in that environment is really helping to close that gap.”
Barriers to
national security modernization
AT&T
Client Executive Vice President
Richard Durand
AT&T
Vice President of Federal Operations
Jason Tolbert
Quantum ready: Preparing for the future
The national security landscape of tomorrow includes preparing for a post-quantum world. As quantum computing capabilities advance, national security leaders warn about potential threats to sensitive data currently secured via traditional cryptography methods. Agencies like the NSA, Cybersecurity and Infrastructure Security Agency (CISA), and National Institute of Standards and Technology (NIST) are urging organizations to work toward quantum readiness now.
“The transition to a secured quantum computing era is a long-term intensive community effort that will require extensive collaboration between government and industry,” said Rob Joyce, director of NSA Cybersecurity, in a press release.
“The key is to be on this journey today and not wait until the
last minute.”
If near-peer and other adversaries achieve the means to leverage quantum computing technology to break traditional cryptographic algorithms before the U.S. can encrypt via post-quantum means, they may access information that puts the nation at risk.
“Quantum computing as an emerging technology, like AI and others, presents a lot of promise for many aspects of human endeavor,” Durand said. “But relative to national security … once that quantum computing capability is available, our adversaries will have the capabilities to unlock historical sensitive data encrypted by the standards we have today. It'll open up a Pandora's Box of sensitive information with potentially harmful consequences.”
Heeding the call from national security agencies, AT&T is working closely with industry and government organizations via efforts like the Quantum Economic Development Consortium. From a defensive perspective, the date when quantum computing will become a serious problem is unknown. The U.S., its allies, and its adversaries are all racing to get there first.
“Obviously, we'd like the United States to get there first so that we're not only able to unencrypt data we may have collected, but also so that we're able to deploy even stronger encryption algorithms to U.S. information to protect it,” Singer said, adding that our near-peer competitors are also leveraging commercial technologies from their own countries, as well as other countries, to win the quantum race.
AT&T has its own goal of being quantum-ready by 2025, according to Durand, with a multi-pillar roadmap guiding efforts to achieve that goal. Success will depend on a whole-of-nation approach leveraging the best of government mission expertise and commercial technologies through deep, ongoing partnerships, which Durand and his colleagues are working
to cultivate.
“Working with government officers every day who are out doing critical work, it really ties you into the mission,” he said. “It’s not providing them with a service and saying, ‘Good luck.’ You’re right there with them, day in and day out. That’s what keeps me in it: supporting the mission.”
©2024 AT&T Intellectual Property. AT&T and globe logo are registered trademarks of AT&T Intellectual Property. All other marks are the property of their respective owners.
