Mike Walsh, President at Forescout Government Systems

June 30, 2024

Navigating the Compliance Maze

Presented by Forescout Government Systems and Carahsoft

Mike Walsh, President at Forescout Government Systems, discusses the "Comply to Connect" program, a DoD initiative aimed at enhancing cybersecurity across millions of endpoints within the Department of Defense's infrastructure. Currently managing around 4 million licensed endpoints, the program is a key component of the Zero Trust framework, focusing on collecting extensive device information. Walsh notes that while progress has been made, integrating operational technology (OT) remains a challenge that will take about another year. OT systems, such as phones, generators and battery systems, present unique security challenges, especially in light of the Volt Typhoon espionage hack, which poses significant long-term risks. To mitigate these risks, the NSA issued a Binary Operational Directive (BOD) BOD 2004-001, mandating the inventory and reporting of OT assets, with compliance crucial for future budget allocations and cybersecurity measures by 2026-2027. Walsh emphasizes the importance of adhering to these directives to secure a resilient infrastructure capable of withstanding sophisticated cyber threats.

Key Takeaways:

1.  The "Comply to Connect" program will soon include OT devices like phones, generators, and battery systems to enhance overall cybersecurity within the DOD. 

2. The Volt Typhoon espionage hack poses a significant long-term security risk. Immediate action is required to inventory and protect OT devices, following directives such as NSA's BOD 2004-001*, to mitigate these threats effectively.

3. Adhering to NSA's directives and accurately inventorying OT assets are essential steps for securing future budget allocations and maintaining comprehensive cybersecurity by 2026-2027.