recommended reading

DISA charged with securing networks for all but two agencies

Shutterstock.com

The Defense Information Systems Agency has been tapped to tighten up network security of all branches of the federal government except the State Department and the FBI, which have their own systems. The move is in response to the unauthorized release of hundreds of thousands of pages of Pentagon and State classified documents in 2010 and 2011 by the website WikiLeaks, the agency said.

Defense Secretary Leon Panetta on July 20 hinted at Pentagon assistance to other federal agencies to beef up security for their networks. DISA obliquely disclosed Monday in contract documents that it will function as the common service provider for the new public key infrastructure hardware tokens, certificates and services for federal classified and secret networks except those belonging to State and the FBI.

DISA made clear that the fallout from WikiLeaks’ disclosure of classified Defense Department documents and State cables is the reason for its broad new governmentwide network security role.

“In response to WikiLeaks, the Office of Management and Budget and the [21 agency] Committee for National Security Systems determined that all federal agencies that operate on the federal classified [or] Secret networks must implement a hardware-based PKI solution to protect their information and networks. The objective is to remove anonymity and improve the overall security of the federal Secret networks,” DISA said.

The agency added, “there is a sense of urgency to have all federal agencies using hardware tokens to access their networks and information as quickly as possible. Since DoD is already well on their way to implementing the DoD PKI SIPRNET [Secret Internet Protocol Router Network] token capability, it was decided that DoD would leverage its existing infrastructure to stand up a common service provider capability to all federal agencies except for Department of State and FBI, which already had their own systems. Because DISA is the operator of the DoD PKI, DISA will be the CSP for the federal agencies.”

DISA buried this information in a sole source justification document appended to a contract award, obscurely titled DISA PEO-MA Common Service Provider, posted on the Federal Business Opportunities website Monday.

The agency said it tapped Tangible Software Inc. of McLean VA, the Defense PKI contractor, to support PKI tokens and related security services governmentwide, as it is the only contractor with the requisite knowledge, experience and skills to accomplish the job. DISA awarded the company a contract valued at $8.9 million for one base year and two option years.

In its new role as the common security for most federal departments and agencies, DISA said, “token management capability and certificate authorities need to be significantly changed to reflect federal naming standards, add additional profiles and configurations for the other federal agencies, and provide the separation of the agencies within the registration and issuance process.”

As federal network common services provider, DISA said it will be responsible for operating the infrastructure to provide certificate life-cycle management to participating agencies, registration authorities services to support certificate issuance, overall management for smaller agencies, training and help desk support.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.