DISA charged with securing networks for all but two agencies


Move is in response to WikiLeaks; State and FBI handle their own security.

DISA buried this information in a sole source justification document appended to a contract award, obscurely titled DISA PEO-MA Common Service Provider, posted on the Federal Business Opportunities website Monday. In its new role as the common security for most federal departments and agencies, DISA said, “token management capability and certificate authorities need to be significantly changed to reflect federal naming standards, add additional profiles and configurations for the other federal agencies, and provide the separation of the agencies within the registration and issuance process.”

The Defense Information Systems Agency has been tapped to tighten up network security of all branches of the federal government except the State Department and the FBI, which have their own systems. The move is in response to the unauthorized release of hundreds of thousands of pages of Pentagon and State classified documents in 2010 and 2011 by the website WikiLeaks, the agency said.

Defense Secretary Leon Panetta on July 20 hinted at Pentagon assistance to other federal agencies to beef up security for their networks. DISA obliquely disclosed Monday in contract documents that it will function as the common service provider for the new public key infrastructure hardware tokens, certificates and services for federal classified and secret networks except those belonging to State and the FBI.

DISA made clear that the fallout from WikiLeaks’ disclosure of classified Defense Department documents and State cables is the reason for its broad new governmentwide network security role.

“In response to WikiLeaks, the Office of Management and Budget and the [21 agency] Committee for National Security Systems determined that all federal agencies that operate on the federal classified [or] Secret networks must implement a hardware-based PKI solution to protect their information and networks. The objective is to remove anonymity and improve the overall security of the federal Secret networks,” DISA said.

The agency added, “there is a sense of urgency to have all federal agencies using hardware tokens to access their networks and information as quickly as possible. Since DoD is already well on their way to implementing the DoD PKI SIPRNET [Secret Internet Protocol Router Network] token capability, it was decided that DoD would leverage its existing infrastructure to stand up a common service provider capability to all federal agencies except for Department of State and FBI, which already had their own systems. Because DISA is the operator of the DoD PKI, DISA will be the CSP for the federal agencies.”

The agency said it tapped Tangible Software Inc. of McLean VA, the Defense PKI contractor, to support PKI tokens and related security services governmentwide, as it is the only contractor with the requisite knowledge, experience and skills to accomplish the job. DISA awarded the company a contract valued at $8.9 million for one base year and two option years.

As federal network common services provider, DISA said it will be responsible for operating the infrastructure to provide certificate life-cycle management to participating agencies, registration authorities services to support certificate issuance, overall management for smaller agencies, training and help desk support.