US Department of Defense to 'eliminate all firewalls'

Pentagon proposes architecture to protect data rather than networks

The US Department of Defense is attempting to build a single security architecture that aims to eliminate firewalls, according to a Defense Information Systems Agency (DISA) director.

Lieutenant General Ronnie Hawkins Junior claimed that plans for the future architecture are not set in stone and could be altered, but that it will be designed to protect data rather than networks, the Armed Forces Communications and Electronics Association (AFCEA) reported.

"In the past, we've all been about protecting our networks' firewall here, firewall there, firewall within a service, firewall within an organisation, firewalls within DISA.

"We've got to remove those and go to protecting the data. You can move that data in a way that it doesn't matter if you're on a classified or unclassified network, depending on someone's credentials and their need to know," he said.

"We want to be able to normalise our networks to where you can have the collaboration and information moving over our networks and you don't have to have the different firewalls, the separate networks, to get those things done," he added.

The US Department of Defense's proposals are "fascinating", according to business security solutions provider Imperva's senior security strategist, Barry Shteiman.

"[DISA's approach] is based on the realisation that the threats have changed. Hackers want data like IPs, PINs, credentials, proprietary information, and more. And it's very easy for them to steal data due to poor security controls or outright mismanagement," he said.

"Yes, firewalls are important. They help solve network security problems by creating barriers that prevent unwanted network access. But they do not control data access," he added.

Shteiman suggested that DISA is likely to make several changes as part of the new strategy including ensuring that data will be classified in databases and file systems; ensuring access to content is controlled and audited; and monitoring data for configuration, permission and vulnerability issues.

He added that he hoped that DISA's decision would become a guidepost for other organisations to follow.