Software licensing issues delay Pentagon's computer security plan

A forthcoming DVD containing standard security settings for quickly configuring computers on the battlefield likely cannot be used departmentwide until each service's multiyear software licenses expire, Pentagon officials said.

The point of the unified master gold disk, set to become available during the first quarter of 2012, is to reduce the money and energy components are spending to develop similar gold masters that only work servicewide. Golden masters, typically code stored on a DVD disk, are replicas of operating systems and security settings required to run a computer safely.

But the cost-efficiency of the Defensewide program hinges on the ability to negotiate enterprise, or department-level, license agreements, which allow an unlimited number of troops to use it without paying additional user fees. The military services cannot enter into those deals until their current software contracts end, Defense Department officials said.

In the meantime, there is confusion among service components about the various disks under development.

"There are three separate efforts all with very similar names," said Alana R. Casanova, Defense Information Systems Agency spokeswoman. "Our program is the gold disk program. The Army has a gold master program and then there is a unified gold master program. A lot of working groups with each one, different pilots, and so I am told they are often confused for one another."

Pentagon officials recognize there are misunderstandings about the projects. "The unified master gold disk: that's an important disk to remember because there are a lot of gold disks around," Jim Clausen, co-chair of the Defense Enterprise Software Initiative working group, said at a Sept. 22 event hosted by the SANS Institute, a security research center, and Government Executive Media Group, which includes Nextgov.

To test the concept, a hybrid of the Army's and Air Force's disks, called the Unified Global Master, was deployed during the last four months on about 2,000 computer workstations in the Southwest Asia theater, said Daniel Bradford, deputy to the commander, senior technical director and chief engineer for the Army Network Enterprise Technology Command, 9th Signal Command. That disk will become the standard for the U.S. Central Command.

"Software licensing across an organization the size of the DoD is always a challenge," he said.

"CENTCOM started first, but we want to get it for everyone," said Frank Konieczny, Air Force chief technology officer. The Army and Air Force are working together on licensing and will likely develop a disk within the next year. "DISA would come along probably a year after that because their contract is totally different from our contract on enterprise licensing," he told Nextgov after a recent panel discussion on Defense technology hosted by Government Executive Media Group in Crystal City, Va. The Navy will necessarily take longer because of its software licensing agreements associated with the Navy Marine Corps Intranet program, he said.

When the number of users grows, the military will have the purchasing power to negotiate volume discounts, Bradford said. "As current contracts expire, we will be consolidating our purchases and elevating our negotiations to the DoD level," he added.

Pentagon officials call the Army-Air Force disk a precursor to the unified master gold disk, which will be based on all of the various services' designs.

Bradford said, "Given the similarities between the Army's and Air Force's work and deliverables on their respective golden master images, there was a lot to be gained by collaborating and taking advantage of what had already been done."

A Defensewide disk also will help the services overcome compatibility issues on joint bases, he said.

At the Sept. 22 event, David DeVries, deputy Defense chief information officer for information management, integration and technology, said, "We take out of the equation the many different certification processes -- that gives time back to the warfighter."

The project, headed by the CIO's shop, is trying to inject as much commonality as possible into a single operating system master that each component can load and then overlay with its own service-specific applications, Bradford said. Pentagon officials said they expect to release updates every six months but have each service apply its own patches to protect against emerging software vulnerabilities.

Katherine McIntire Peters contributed to this report.