DISA Plans to Change How Pentagon Employees Browse the Internet

Flickr user Prachatai

Officials are looking to isolate the internet from agency networks by pushing web browsing to the cloud.

The Defense Information Systems Agency doesn’t want Pentagon employees using the agency’s internal networks to browse the internet.

DISA is looking for vendors to build a cloud-based system that allows employees to access the internet while isolating their online actions from the Defense Department’s internal networks. The contract, valued at roughly $27.5 million, would “provide defense against a variety of attacks that exploit Department of Defense networks and compromise end clients,” the Pentagon said in a post on FedBizOpps.

Proposed systems would redirect web browsing to remote servers located in federal data centers and support all approved agency browsers and authentication tools. It must be equipped to handle more than 3.1 million users at any given time and offer a secure way to log each users’ online activity and transmit that data back to the agency.

Given the size and scope of the Pentagon’s activities, hackers and online bad actors naturally target its employees in droves. DISA estimates the agency fends off some 36 million emails full of malware, viruses and phishing attacks every day.

The internet isolation effort comes as the most recent attempt to batten down the hatches on the department’s cybersecurity. In 2015, the Pentagon made all web links in emails unclickable in an effort to prevent phishing attacks. In May, it banned cell phones, laptops, tablets and other devices that transmit and store data from all classified areas after a fitness app shared its users’ location data and inadvertently revealed overseas military bases.

DISA in its post highlighted a long list of performance specs the cloud network would be required to meet, including a minimum throughput of 10 gigabytes per second, a start up time of five seconds or less, and the ability to support more than 25 browser tabs simultaneously without hurting quality. It must also allow the agency to whitelist or blacklist sites based geolocation, category and other factors.