When the Defense Department releases its annual report on system security in the coming months, it most likely will focus priorities on information sharing and identity management, reflecting an aggressive move to a "content-centric" strategy, said a top Defense official.
Comment on this article in The Forum.The Committee on National Security Systems sets information security policy, direction, operational procedures and guidance for systems that deal with national security. The annual report includes goals for the coming year that drive focus beyond the network to the data, said Robert Lentz, deputy assistant secretary of Defense for information and identity assurance. He spoke at an executive luncheon on April 1.
Specifically, the report named five key priority areas: Assured information sharing, management of risk, identity assurance, network resilience for mission assurance, and building and sustaining of a superior information assurance workforce.
Lentz did not provide details on its findings or a date when Defense would release the report. He said Defense plans to meet the goal of a highly trained information security workforce by certifying 100,000 employees as green belts in information security who would promote best practices in network protection and how to securely manage content. A smaller group of employees who possess in-depth, technical knowledge in data assurance and protection would be certified as black belts.
The goals outlined in the report reflected a deeper commitment to a content-centric approach, Lentz said, building on the netcentricity approach at Defense. Netcentricity ties together the military services through wireless networks and defines the department's strategy to fight wars. It's a strategic use of the latest technology that rapidly grew from concept to departmentwide policy, Lentz said.
"There's no selling of this concept anymore," Lentz said. "It's fully embraced" at Defense. Civilian agencies are trying to implement similar efforts that leverage the Web 2.0, collaboration capabilities of the Internet, but on a smaller scale, he said.
"Today, [organizations are] in these boundary-based areas, trying to connect through these [virtual] federal bridges," Lentz said. "The reality is that [such a model] impedes our ability to share information. We need to break down silos to get to the netcentric environment; but then, the real utopia will allow us to all live together. That's the sweet spot."
By focusing on content, rather than networks and individual applications, agencies will be able to pool information and use data from other organizations without compromising security. Content-centricity will rely heavily on advanced technological concepts, Lentz said, such as service-oriented architecture, which uses standard software for an organization's functions to access data in a shared environment, for example. Another example would be virtualization, which merges workloads onto a few servers, and storage devices, which provide a more unified view of the IT infrastructure. Such concepts used to be explored primarily in research programs, Lentz said, but now are emerging as part of business and mission-oriented IT strategies.
"It's ready to be given birth," he said.