DISA rethinks its security strategies

The Defense Department’s net-centric data policies expose weaknesses in operational awareness.

The Defense Department is taking new steps to detect traditionally hard-to-pinpoint performance outages and security breaches on DOD networks. Officials said a test program tobegin later this month is part of a departmentwide effort to improve awareness of network incidents or trouble spots.The Defense Information Systems Agency will initiate the test program, which will lead to establishing an information sharing operations center (ISOC) early next year, said Anthony Montemarano, DISA’s program executive officer for information assurance and network operations.The center’s purpose will be to collect data on the status of services that feed information to DOD networks for various applications.The military is moving toward a services-based environment, but DOD’s ability to detect anomalies in the performance of each of those services is limited, said Michael Krieger, director of information policy in DOD’s Office of the Chief Information Officer.The data that those services feed to applications could be as simple as the time of day or as complex as a geospatial map.“You can’t go to a computing center and say, ‘It’s on, so it’s working,’” Krieger said. “It may be on, but it may not be responding to your requests.”John Grimes, DOD’s CIO, recommended establishing an ISOC in an August 2006 progress report on the implementation of the department’s network-centric data strategy. DOD officials have traditionally used software agents, which are tiny computer programs, to monitor the performance of services on the military’s networks. The ISOC would attempt to monitor the health of a large number of those services simultaneously.“There are two types of systems: systems that are down and systems that are going to go down,” Montemarano said, highlighting the need for a picture of the operational status of those systems.He added that DISA plans to eventually integrate the ISOC with the agency’s Global Information Grid Common Operational Picture program.In the past several years, DOD officials have accepted the notion that military networks will always operate in a somewhat degraded state rather than at peak performance and with uncompromised security.That recognition has prompted officials to seek ways to improve their situational awareness of incidents on DOD’s networks.“The focus has gone away from higher walls and wider moats with more alligators,” said Linton Wells, a former assistant secretary of Defense in the CIO’s office. Wells said projects such as the ISOC are essential for securing DOD’s networks.DISA officials are evaluating sites for housing the ISOC, including an agency facility in Columbus, Ohio, and a secret facility that the intelligence community uses, Montemarano said.The test program will begin in early October and continue for about 60 days. After that, officials will decide what kinds of equipment, how much money and how many employees they will need to create the ISOC.During the testing phase, DISA officials will experiment with data and services from the Maritime Domain Awareness Community of Interest. That group is a collaborative effort by several federal agencies to collect and distribute data that tracks ships near U.S. coasts.

DARPA explores future

As Defense Department officials seek to enhance their ability to detect service outages and security breaches on military networks, the Defense Advanced Research Projects Agency is looking for better ways to do that in the future.

DARPA said military networks’ increasing size makes it hard to identify security threats as soon as they occur. “As a result, many conventional approaches to defending our networks will not be sustainable,” according to a DARPA statement.

DARPA’s Scalable Network Monitoring program will develop new strategies that DOD can use regardless of a network’s size, officials said.

— Sebastian Sprenger

NEXT STORY: Management briefs