UNIF IED C A PA B ILITIES : THE I P- E N AB L E D B ATT L E F I E L D O F T HE F UT URE
DEFENSESYSTEMS K N O W L E D G E T E C H N O L O G I E S A N D N E T- E N A B L E D W A R F A R E Volume 7, Number 4 | www.DefenseSystems.com
June/July 2013
Mobile military DOD’ mobile DOD’s bil enterprise is moving from pilots to deployment
SPECIAL REPORT
Secure collaboration in the cloud DEFENSE IT
Single security architecture NIE 13.2
•
C O N TA I N E R I Z I N G A P P S •
IP ENABLING
YOUR NETWORK’S BEST KEPT SECRET
Use of images does not imply or constitute U.S. DoD endorsement.
L-3’s Platform Experience and Systems Integration Expertise Are Your Secrets to Mission Success With over 30 years of experience in the nation’s most well-known systems and platforms, L-3 Communication Systems-West offers proven performance with unmatched capability: Ř Largest installed base of data link and SATCOM products Ř Provider of ISR platform communication solutions, including Hawklink, ROVER, VORTEX Tri-Band Shipboard SATCOM, Bandit Mini UAV Data Link, Soldier ISR (SIR) and more... Ř ISR interoperability to the tactical edge via Net-T Ř Products deployed to more than 20 international partners For more information, visit L-3com.com/csw. Communication Systems-West
L-3com.com
CONTENTS | JUNE/JULY 2013 www.DefenseSystems.com Vol. 7, Number 4
SPECIAL REPORT
EDITOR-IN-CHIEF Barry Rosenberg
SECURE CLOUD COMPUTING
CONTRIBUTING EDITORS Terry Costlow | John Edwards CONTRIBUTING WRITERS Greg Slabodkin | Kevin Coleman | David Walsh Kimberly Johnson | Charles Hoskinson | Scott Gourley CREATIVE DIRECTOR Jeff Langkau ASSISTANT ART DIRECTOR Dragutin Cvijanovic SENIOR WEB DESIGNER Martin Peace PUBLISHER Jennifer Weiss
Preparing the military cloud for sensitive data collaboration PAGE 6
PRESIDENT & CHIEF CONTENT OFFICER Anne A. Armstrong CHIEF OPERATING OFFICER Abraham M. Langer SENIOR VICE PRESIDENT/GROUP PUBLISHER Jennifer Weiss VICE PRESIDENT, MARKETING Carmel McDonagh
DARPA MRC initiative: Security in the cloud PAGE 8
PRESIDENT & CHIEF EXECUTIVE OFFICER Neal Vitale SENIOR VICE PRESIDENT & CHIEF FINANCIAL OFFICER Richard Vitale EXECUTIVE VICE PRESIDENT Michael J. Valenti
MOBILE
VICE PRESIDENT, FINANCE & ADMINISTRATION Christopher M. Coates
Building a secure, global DOD mobile enterprise to support warfighters .... 10
VICE PRESIDENT, INFORMATION TECHNOLOGY & APPLICATION DEVELOPMENT Erik A. Lindgren
Unified capabilities: The IP-enabled battlefield of the future .......................... 14
VICE PRESIDENT, EVENT OPERATIONS David F. Myers CHAIRMAN OF THE BOARD Jeffrey S. Klein REACHING THE STAFF Staff may be reached via e-mail, telephone, fax or mail. A list of editors and contact information is also available online at DefenseSystems.com. E-MAIL: To e-mail any member of the staff, please use the following form: FirstinitialLastname@1105media.com. VIENNA OFFICE (weekdays, 9 a.m. – 5 p.m. ET) Telephone (703) 876-5100; Fax (703) 876-5126 8609 Westwood Center Drive, Suite 500, Vienna, VA 22182-2215 CORPORATE OFFICE (weekdays, 8:30 a.m. –5:30 p.m. PT) Telephone (818) 814-5200; Fax (818) 734-1522 9201 Oakdale Avenue Suite 101, Chatsworth, CA 91311
DEFENSE SYSTEMS (ISSN 1558-836X) is published 7 times a year by 1105 Media, Inc., 9201 Oakdale Avenue, Ste. 101, Chatsworth, CA 91311. Periodicals postage paid at Chatsworth, CA 91311-9998, and at additional mailing offices. Complimentary subscriptions are sent to qualifying subscribers. Annual subscription rates payable in U.S. funds for non-qualified subscribers are: U.S. $125.00, International $165.00. Subscription inquiries, back issue requests, and address changes: Mail to: Defense Systems, PO. Box 2166, Skokie, IL 60076-7866, call (866) 293-3194, outside U.S. (847) 763-9560; fax (847) 763-9564 or email DSmag@1105service.com. POSTMASTER: Send address changes to Defense Systems, P.O. Box 2166, Skokie, IL 60076-7866. Canada Publications Mail Agreement No: 40612608. Return Undeliverable Canadian Addresses to Circulation Dept. or XPO Returns: P.O. Box 201, Richmond Hill, ON L4B 4R5, Canada.
Defending DOD networks with a single security architecture ....................... 20 Army tests tactical communications during NIE ............................................. 24 DOD shapes departmentwide mobile standards, policies ............................. 26
FEATURES DEFENSE IT DOD’s new plan for collaboration: Unified capabilities .................................. 28 CYBER DEFENSE The key to BYOD could be ‘containers’ ........................................................... 30
DEPARTMENTS EDITOR’S DISPATCH ............................................................................................4 FORWARD OBSERVER .......................................................................................5 INDUSTRY RECON...............................................................................................32 DIGITAL CONFLICT The need for skilled cyber project managers .................................................... 34
DefenseSystems.com | JUNE/JULY 2013 3
EDITOR’S DISPATCH BY
BARRY
ROSENBERG
The
Going mobile
NETWORK
W
STAY ABREAST
hen the rock band The Who recorded “Going Mobile” in the early 1970s, songwriter Pete Townshend was championing the beauty of dropping out as an “air-conditioned gypsy.” Today the term is more about inclusion than exclusion, especially for a modern-day military that is looking to mobility as a way to connect into the network to access applications and improve situational awareness. This issue of Defense Systems looks at military mobility from a number of angles. It begins with coverage of a mobility conference we held recently in which Defense Department Principal Deputy CIO Robert Carey and others discussed the near-term plans for the use of government-furnished mobile devices (the bring-your-own-device strategy will come after). According to Carey, the Defense Information Systems Agency recently gave 500 classified and 1,500 unclassified devices to senior leaders. Later this year, another 1,500 classified and 5,000 unclassified devices will be issued to DOD users, followed by as many as 100,000 unclassified mobile devices in 2014 (with enterprise capability for classified devices). Those mobility plans will help the military realize its ambitions for what is called unified capabilities, which we also address in this issue and which DISA Director Lt. Gen. Ronnie Hawkins Jr. describes as a disruptive technology with the ability to move everything over IP in order to collaborate at a very high data rate via instant messaging, chat and Web-based conferencing, among other applications. As we note in our article, unified capabilities not only help DOD’s IT infrastructure achieve greater economies of scale, but are also crucial to establishing the department’s plan for a Joint Information Environment. And in our Special Report on secure cloud computing, another key element of unified capabilities, we look at how DOD is weighing security and accessibility issues as it gets ready to send sensitive data into the cloud. There are concerns that the technology is not mature enough to ensure the safety of sensitive data shared between and within military organizations, and what is most needed is an understanding of cloud-security best practices.
Mobility plans will help the military realize its ambitions for what is called unified capabilities.
4 JUNE/JULY 2013 | DefenseSystems.com
One of the best ways to keep abreast of the latest news in C4ISR, cyber and defense IT is to receive Defense Systems’ twice-weekly e-newsletters, which compile the most important breaking news stories reported by our staff, plus aggregated content produced by other respected news outlets. The newsletters are free, and you can sign up at DefenseSystems.com.
IMPORTANT HEADLINES With daily coverage of military C4ISR and net-enabled capabilities, DefenseSystems.com is one of the best ways to stay on top of the most important military and industry developments. You can get immediate access to those stories throughout the day by following @DefenseIT on Twitter.
In what the Navy called a watershed event, the X-47B Unmanned Combat Air System demonstrator (UCAS-D) was launched for the first time by catapult from an aircraft carrier at sea. The aircraft flew from USS George H.W. Bush off the coast of Virginia and landed safely at Naval Air Station Patuxent River in Maryland about an hour later. Completing another important first for the UCAS-D program, the Navy demonstrated the ability to precisely navigate the X-47B within the controlled airspace around an aircraft carrier at sea and seamlessly pass control of the air vehicle from a mission operator aboard the carrier to one located in the mission test control center at Patuxent River for landing. In the coming weeks, the X-47B aircraft will fly approaches to the ship multiple times and eventually land on the pitching flight deck. The Navy will conduct additional shore-based testing with the X-47B at the Patuxent River station before its final carrier-based arrested landing demonstration later this summer.
The Army has completed delivery of more 3,000 systems under the Individual Counter Radio-Controlled Improvised Explosive Device Electronics
The Cobra Judy Replacement (CJR) program surpassed expectations in its first tests during a live rocket launch, Raytheon reports. From approximately 100 miles off
Warfare program, reports the Program
the Florida coast, X- and S-band radars onboard the USNS Howard O. Lorenzen successfully
Executive Office for Intelligence,
acquired and tracked both stages of an Atlas V rocket launched from Cape Canaveral and
Electronic Warfare and Sensors and
collected all associated data.
prime contractor Sierra Nevada of Sparks, Nev. Known as Baldr for the Norse
The demonstration keeps the program on schedule toward initial operational capability in January 2014. CJR is a strategic, global asset to provide the government with long-loiter ballistic missile
god of mythology, the 8.9-pound
data collection capability in support of international treaty verification. The large-scale,
system provides soldiers with a
complex dual-band radar suite of CJR consists of X- and S-band phased-array sensors, a
zone of individual protection against
common radar suite controller and related mission equipment. Each antenna is approximately
radio-controlled IEDs during ground
four stories tall and weighs more than 500,000 pounds.
operations.
DefenseSystems.com | JUNE/JULY 2013 5
SECURE CLOUD COMPUTING
As it strives for maximum cloud security, DOD must also be careful not to make access to sensitive information unnecessarily difficult for end users.
Preparing the military cloud for sensitive data collaboration DOD weighs security and accessibility concerns as it prepares to send sensitive data into the cloud BY JOHN EDWARDS
6 JUNE/JULY 2013 | DefenseSystems.com
R
eliable, efficient and effective combat communications systems are integral components of a modern military. Troops and commanders engaged in diverse theaters of operation require robust, rapidly available and nimble communications technologies to share, process and distribute vital realtime situational data. The Defense Department’s long-term IT strategy calls for storing and distributing virtually all data, even its most sensitive information, in the cloud. In January, the agency reported that it is fully committed to shifting to a cloud computing environment, citing cost, efficiency and user accessibility benefits. The CIA is already on the path to secure cloud services. After attempting to build a private cloud, the agency and other intelligence organizations opted to turn to commercial sources and awarded a contract to Amazon Web Services in late January. IBM protested the award to the Government Accountability Office, and GAO ruled in IBM’s favor. Negotiations to determine the final resolution are still under way, but observers expect the CIA to continue its migration to a cloud-based system. Although cloud services are highly attractive to a DOD that’s facing both a tighter budget and soaring IT demands, some worry that the technology isn’t mature enough to ensure the safety of sensitive data shared between and within military organizations. Mark Cohn, chief technology officer at Unisys Federal Systems, based in Reston, Va., noted that it’s possible to argue that “cloud technology stacks are less mature in the sense that we don’t have as long a history of defending them against the most sophisticated attackers at the level of national security systems, so [they] are therefore simply less proven.” Robert Carey, DOD’s principal deputy CIO, acknowledged cloud risks in a re-
cent DOD report, noting that “the metrics of cloud security are, at best, nebulous.” Carey added that the agency would need time to create secure cloud spaces. “We have lots of [pilot programs] going on...to make sure we understand...the pros, cons and risks of moving into the cloud space.” LOCKING DOWN THE CLOUD Although DOD has obvious reasons for approaching the cloud with caution, most experts believe the department should be able to transition to a secure cloud environment without encountering any major problems. “There is nothing in the cloud technology stack or service delivery model that is inherently and necessarily less secure for hosting large-scale IT systems,” Cohn said. He noted that virtualization actually makes a cloud environment somewhat more secure by providing a “clean-cut restart from known, proven configurations” and improved automated operations. Maria Horton, former CIO of the National Naval Medical Center in Bethesda, Md., said DOD will need to pay particular attention to cloud entry points. “One of the things that’s different about the cloud is that you have the point of entry where it mixes with other network capabilities,” said Horton, who is now CEO of EmeSec, a company that helps government agencies address cloud security issues. “They will also need to meet the [DOD Information Assurance Certification and Accreditation Process] standards.” Horton added that the Federal Risk and Authorization Management Program will also play a role in DOD’s cloud security planning. FedRAMP is a governmentwide program led by the General Services Administration that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
“DOD is currently examining FedRAMP, even though it was developed from the civilian agency-oriented cloudfirst initiative,” Horton said. So far, five companies have received FedRAMP certification. As it strives for maximum cloud security, DOD must also be careful not to make access to sensitive information unnecessarily difficult for end users. “If security controls are too restrictive and too burdensome on the user, the choice will be to not leverage or use the service, which typically leads to using another method to accomplish the same mission,” said Kyle Keller, cloud business director at EMC Federal in McLean, Va. “We see [an] ever-present need for balancing security and usability.” ADDITIONAL MEASURES Best practices for ensuring the security of multi-tenancy cloud environments should be used to implement need-toknow access restrictions, said Ken Bedford, chief technologist for the U.S. Army account at HP Enterprise Services. “Data protection should then be employed based on the sensitivity and timeliness of the data — encryption, for example, for data in flight and data at rest.” To detect and remediate threats before they can do damage, Bedford said DOD should use actionable security intelligence that capitalizes on multiple event sources delivered in context. “Near-realtime [security information and event management] tools as part of the cloud infrastructure, and integrated up to the enterprise, are an important contributor to the total [information assurance] posture,” Bedford said. ■
i
Additional Online Resources
Defense Department CIO’s Cloud Plans http://dodcio.defense.gov
DefenseSystems.com | JUNE/JULY 2013 7
SECURE CLOUD COMPUTING
DARPA MRC initiative: Security in the cloud Researchers are working on a proactive system for handling cyberattacks on cloud services and infrastructures BY JOHN EDWARDS
A
s the Defense Department begins sending its most sensitive information into the cloud, the Defense Advanced Research Projects Agency is developing a new generation of resilient cloud services that are designed to maintain and support military objectives during a cyberattack. According to DARPA, a traditional focus on perimeter defense can’t sufficiently secure existing network enclaves. The approach is even less likely to provide reliable security in cloud environments, where a massive concentration of homogeneous hosts on high-speed networks lack internal checks and rely on implicit trust among hosts within limited perimeter defenses. DARPA’s Mission-oriented Resilient Clouds (MRC) program aims to bolster cloud security by developing technologies that would detect, diagnose, and respond to attacks on cloud services and infrastructures, effectively building a community health system. DARPA researchers are also working on technologies that would enable cloud applications and infrastructures to continue functioning while under attack. “In effect, the idea is to enable a cloudbased architecture that provides fault tolerance and mission assurance for widely distributed multi-host systems similar to business-critical online transaction processing systems that tie together a fabric 8 JUNE/JULY 2013 | DefenseSystems.com
of varied network nodes...into a host architecture that can survive any individual component failure or predicted class of attack,” said Mark Cohn, chief technology officer at Unisys Federal Systems, based in Reston, Va.
DARPA researchers are looking for ways to keep cloud services functioning even while under attack.
PROTECT AND PRESERVE The MRC program’s most important aspect is its focus on preserving access to mission-critical resources, said Geoff Webb, director of solution strategy at NetIQ, a Houston-based user access and security systems vendor. “While cloud computing generally offers a much higher degree of availability due to the inherently distributed nature of clouds, there is a very real threat that monoculture in the cloud might result in a targeted attack against a specific type of host infecting all of the connected systems in a cloud, which could put a mission at risk,” he said. Webb added that the MRC initiative ad-
dresses this issue by “introducing manageable diversity and dynamic trust models that could potentially identify and stop an attack or failure before it affects the entire cloud.” Victor Morrison, senior security engineer at Creative Computing Solutions, a Rockville, Md., company that provides IT services to the federal government, said the program indicates an eagerness by DOD to investigate promising new cloud security approaches. “The DARPA MRC program is focused on creating countermeasures and an evolved architecture to the current approach of perimeter security stance,” he said. Until MRC is ready for deployment, DOD will have to rely on existing government and commercial security technologies and practices, despite the fact that they, too, are undergoing an evolution and have not yet been fully tested in a military cloud environment. Besides the Federal Risk and Authorization Management Program, the other major guidance and resources for adopting cloud computing are the National Institute of Standards and Technology’s cloud computing initiative and 800 series publications, and the Defense Information Systems Agency’s Rapid Access Computing Environment and Secure Technology Application Execution programs. DISA also functions as a cloud broker. ■
i
Additional Online Resources
DARPA’s Mission-oriented Resilient Clouds Program http://www.darpa.mil/Our_Work/I2O/ Programs
M I S S I O N SUCCESS WITH LESS. You’re being asked to do it all. From increasing mobility and ensuring security to consolidating data centers and moving to shared platforms. And it’s made all the more difficult by mounting mandates and reduced resources. BUDGETS ARE BEING CUT. »
-8
%
I.T. SPENDING
Federal IT spending is expected to be cut by about 8% year-over-year.1
LEGACY SYSTEMS ARE DRAINING RESOURCES. »
76
%
of federal IT spending goes to operations and maintenance and infrastructure.1
DEMANDS KEEP INCREASING.
786
%
The increase in cyber security incidents reported by federal agencies between 2006 and 2012. 2
WE GET IT.
WE DESIGN IT. WE CONFIGURE IT. WE IMPLEMENT IT. WE SUPPORT IT. By identifying innovative technology solutions, we can help your agency succeed without breaking the budget. And we have experience implementing solutions for government agencies, including Data Center Optimization, Mobility, Virtualization, Security and more.
THE PEOPLE — Backed by a team of certified solution architects, your dedicated account manager will work to understand your problem and research possible solutions for you.
THE CONTRACTS — We hold numerous contracts with federal government agencies and can help you determine which contract vehicles make the most sense for you.
THE PRODUCTS — Because we work with a wide range of vendors, we can recommend technology that best fits your needs and existing IT environment.
THE PLAN — We have the experience and expertise to find the right solution and help you get it up and running.
Learn more about partnering with CDW·G by contacting your account manager at 800.808.4239 or visiting CDWG.com/fedgov
1
TY13 Civilian Budget Briefi ng Planner, ImmixGroup, 2012 TechAmerica’s Twenty-Th ird Annual Survey of Federal Chief Information Offi cers. CIO Insights: Leading Innovation in a Time of Change, Grant Th orton, May 2013 ©2013 CDW Government, LLC. CDW®, CDW•G ® and PEOPLE WHO GET IT TM are trademarks of CDW, LLC.
2
MOBILE
MOBILE DEVICE MANAGEMENT
More than 600,000 DOD employees use government-issued mobile devices, several thousand of which are capable of handling classified data. The Defense Information Systems Agency is developing enterprise-level secure classified and protected unclassified mobile solutions that support the warfighter globally.
Building a secure, global DOD mobile enterprise to support warfighters BY GREG SLABODKIN
With U.S. military forces increasingly mobile, the Joint Information Environment (JIE) is envisioned as a robust and resilient enterprise that delivers faster collaboration and better-informed decisions through secure, seamless access to information anytime and from any authorized device. To that end, the Defense Information Systems Agency is developing enterprise-level secure classifi ed and protected unclassified mobile solutions that support the warfighter globally. DISA will begin offering mobile services as a subscription10 JUNE/JULY 2013 | DefenseSystems.com
based service in fiscal 2014. Those mobile solutions will not only take advantage of commercial-carrier infrastructure and provide entry points for classified services, they will also capitalize on the enterprise capabilities of JIE. “Mobility is the first phase of the JIE because what we don’t want to do with some of the JIE pieces is to take a disparate, wired architecture at the service level that’s been out there for many years and bring it into a joint environment,” said John Hickey, program manager for DOD mobility at DISA. “We’re building mobility at the enterprise level [from the start], so we’re looking at those joint information environments and looking to provide the efficiencies early on that
create the interoperability,” he added. DISA is leading the Defense Department effort to create an enterprise solution to support mobility requirements by using commercial-carrier networks capable of handling classified data. The agency is taking a phased approach to implementing the program, which will provide DOD’s more than 3 million employees with a range of mobile devices and enable them to use those devices, regardless of location, to share classified and protected data across all components. Currently, more than 600,000 DOD employees use government-issued mobile devices, several thousand of which are capable of handling classified data. The goal of the DISAled mobility program is to ensure that mobile devices — as well as their apps, email and other functions, and the wireless networks that support them — can operate securely regardless of the environment, adapt to rapidly changing technology and scale to accommodate increasing numbers of users. “The enterprise services that DISA can provide will achieve efficiencies across the agencies and capabilities for the warfighter,” Hickey said. “The key is the information [and] the applications, whether it’s email or a voice-overIP solution at the enterprise level. It also has to have the built-in security standards that we require to protect the information. And it has to be cost-effective.”
goal is to develop an overall governance process, a centralized library, and a development framework in which mobile applications can be quickly developed, purchased, certifi ed and distributed to users. In October 2012, DISA released a request for proposals for a combined DOD-wide mobile device management (MDM) and mobile application store (MAS) solution. A single award is expected later this year, with a one-year period of performance and four six-month options. As the RFP states, the MDM capability should function as a traffic cop that enforces policy for network and end devices. The MDM solution would institute the policy, security and permissions that define the functions the user is allowed to conduct on the mobile device. The MAS, operating in conjunction with the MDM, would serve as an online digital electronic software distribution system by obtaining user application permission rights from the MDM. The MDM and MAS solution would be deployed DODwide to the combatant commands, military services, Defense Intelligence Agency, National Geospatial-Intelligence Agency, National Reconnaissance Office, National Media Exploitation Center, National Security Agency, Coast
PUTTING THE PLAN IN PLACE In February, the DOD CIO’s offi ce released its Commercial Mobile Device Implementation Plan to serve as a framework for the department’s use of secure classifi ed and protected unclassified mobile solutions that rely on commercial technology. DOD’s plan focuses on three key areas of mobility: mobile devices, wireless infrastructure and mobile applications. “This is not simply about embracing the newest technology, it is about keeping the department’s workforce relevant in an era when information accessibility and cybersecurity play a critical role in mission success,” DOD CIO Teri Takai said. Given DOD’s mission and inherent concerns about the security of commercial mobile technologies, the department is trying to institute security standards and a certification process that is agile enough to keep pace with the fast rate of technological change. At the same time, DOD wants to promote the development and use of mobile applications that “improve functionality, decrease costs and enable increased personal productivity.” Under the plan, DISA is charged with establishing a DOD Mobility Program Management Office by fiscal 2014 that will provide guidelines for secure classified and unclassified mobile communications capabilities. According to the implementation plan, the DOD CIO’s DefenseSystems.com | JUNE/JULY 2013 11
MOBILE
MOBILE DEVICE MANAGEMENT
Guard, National Guard, reserves and possibly more components in the future. The objective of the enterprise MAS is to optimize the functionality and distribution of mobile apps to mobile devices while minimizing replication, cost and downtime. “As end-user dependence on mobile devices rises, enterprise management implemented via an MDM becomes necessary to ensure secure mobile device operation and maintenance in a cost-efficient manner,” the Commercial Mobile Device Implementation Plan states. Furthermore, MDM capabilities “ensure [that] the security of the entire user community is not compromised by an improperly configured or operated device.” However, the plan also states that “until the development of multi-level security is a viable construct,” separate MDM systems in the classified and unclassified DOD information domains will be implemented. An enterprise-level service capability for unclassified information processing will be accomplished by an MDM system, with an enterprise MAS that will deliver, update and delete applications on mobile devices without the user having to return the device for service. “On the unclassified side, that mobile application store will include commercial apps, as well as governmentdeveloped apps, and the review of the code and how we put those apps out, as well as the licenses that we procure for some of the enterprise capability,” Hickey said. “We have to maintain control of the number of devices that use those applications, much like a commercial environment.” An enterprise-level service capability for unclassified information processing will be accomplished by an MDM system with an enterprise MAS. The MDM system will be a decentralized capability hosted at several DISA Defense Enterprise Computing Centers. “Right now, we don’t have an MDM on the classified [side], but we’re working with [the National Security Agency] on what could meet our very unique security requirements,” Hickey said. “We’re in the planning stages right now.” DISA’s objective is to establish an enterprise mobility architecture that will provide secure delivery of email, mobile applications, voice services and other data services, including initial network operations and reporting capabilities. DISA will implement the MDM and MAS in three phases. Phase 1, which includes the purchase of 1,500 devices, 12 JUNE/JULY 2013 | DefenseSystems.com
The goal of the DOD CIO is to make sure that pilots are innovative and that we don’t hamper the good ideas and development that can happen at various levels. — JOHN HICKEY, DISA
will deploy voice and data services via a commercial wireless network and award a contract for the initial MDM and MAS. Phase 2 will provide the capability to manage as many as 5,000 devices. Phase 3 is an operational capability that will be offered as a subscription-based service to support 100,000 devices. “We’re looking to have 5,000 devices by the end of this fiscal year [2013],” Hickey said. “With Android, Apple, BlackBerry and Windows, we see demand from all over for different mobile devices.” “Our goal is to be device-agnostic,” he added. “That’s what we’ve said all along to create competition in this space, lower our overall costs and improve the capability. DISA is not in the business of trying to determine a specific device [for everyone to use]. That is up to DOD users to decide. We’re providing a service.” MOBILITY PILOTS, SPIRAL DEVELOPMENT Currently, DISA is conducting both unclassified and classified operational pilot projects to test existing mobile technologies. The projects evaluate select mobile capabilities, including information assurance, security, logistics and performance. This series of pilots will incorporate lessons learned, ensure interoperability, refine technical requirements, influence commercial standards and create operational efficiencies, officials said. “The biggest difference between unclassified and classified [devices] is that we require a second layer of encryption on the classified device, as well as we route all the traffic through what we call a mobile gateway,” Hickey said. “That provides us with the capability to look at the information that is inbound and outbound. And it ties back into our secure voice-over-IP network.” In May 2012, DISA began its mobility pilot activities to build an enterprise mobile capability that is the wireless
entry point into the Global Information Grid. The agency plans to complete an initial operational capability by October. The military services and combatant commands are partners for the unclassified portion of the pilot projects, while NSA is a partner for the classified portion. “On the classified side, we just delivered the first device in partnership with NSA on the secret fabric infrastructure for voice,” Hickey said. “We’re working some of the data pieces for that now. The next step on the classified side is to work the top secret classified capability.” Centralized management and control of secure classified mobile communications services and devices will be provided with classified voice and data communications up to the top secret level. “NSA has developed some unique applications to monitor the device. We’ve developed a gateway to allow the device to come onto the classified network,” Hickey said. “So far, we have been able to communicate with all our legacy devices that are on the desktop and classified, such as [Secure Terminal Equipment] and [Secure Telephone Unit], as well as our Red Switch capability. We’ve had some success on our voice capability. The next piece that is coming is a tie-in to our enterprise email on the classified side.” Three commercial carriers — AT&T, Sprint and Verizon — are participating in DISA’s mobility pilot project. Hickey said the agency is also looking to add T-Mobile. The ultimate goal is for DISA to capitalize on commercial-carrier networks that are capable of handling classified data. “The reason why we went with an NSA solution [on the classified side] was because the commercial companies weren’t quite ready for some of the unique encryption pieces that we wanted to enable,” Hickey said. “We partnered with NSA in this area to come up with the capability that we just delivered. What we’re doing is working with NSA on their protection profiles and other initiatives, as well as our security requirements guides, so that we have the vendors come to us with capabilities that meet DOD security requirements.” DOD’s mobile enterprise will use commercial cellular and wireless devices to access classified data and voice services while minimizing the risk when connecting to existing enterprise services. Commercial carriers and other unclassified access networks provide the controlled connectivity between users and the mobile enterprise. “We’re looking at how we can control the devices, what devices are approved and a phased approach through short, spiral 60- to 90-day cycles to deliver capability,” Hickey said. The series of rapid spirals is meant to provide the learn-
ing and expertise in deploying, operating, supporting and upgrading services to mobile devices while maintaining the security of DOD information systems. Spirals 1 and 2 focus on solutions for the processing of unclassified information, while Spiral 3 involves the initial implementation of a classified capability. DISA is in Phase 2 of its mobility pilot. The first classified device — a Motorola Razr — came out recently, and there are approximately 1,000 unclassified devices in use. “On the unclassified side, there are well over 20 pilots, and the goal of the DOD CIO is to make sure that pilots are innovative and that we don’t hamper the good ideas and development that can happen at various levels,” Hickey said. “We have approximately 500 devices that have been issued for what we call the operational system, and [we] have about the same number [of devices] in our development environment.” And those numbers are “building pretty quickly.” ■
DefenseSystems.com | JUNE/JULY 2013 13
MOBILE
UNIFIED CAPABILITIES
Soldiers repair a joint combat camera imagery transmission system server at a forward operating base in Iraq.
Unified capabilities: The IPenabled battlefield of the future BY GREG SLABODKIN
The Defense Department’s CIO has called for the enterprisewide implementation of unified capabilities to be fielded to DOD components by fiscal 2016. UC includes a broad set of voice-, video- and data-sharing capabilities that promise to enable unprecedented joint collaboration among the military services, combatant commands and defense agencies. IPbased solutions will enable DOD users to better collaborate via instant messaging, chat and Web-based conferencing, among other applications. “The promise of UC is to have a more collaborative environment that will allow us to be a more efficient and effective 14 JUNE/JULY 2013 | DefenseSystems.com
workforce and to collaborate better across the DOD enterprise,” said Margaret Sebastian, chief of the Capabilities Center at the Defense Information Systems Agency. “We have numerous tech-refresh projects already in place in the infrastructure to upgrade the Defense Information Systems Network [DISN] for what is known as IP convergence.” Described as DOD’s move to an everything-over-IP network infrastructure, UC is critical to meeting the requirements of the IP-enabled battlefield of the future. UC supports the Office of the Secretary of Defense’s initiative to consolidate DOD IT infrastructure to achieve greater economies of scale, and it’s also crucial to establishing the department’s Joint Information Environment (JIE).
“The commercial world already went through IP convergence, and we in DOD always lag behind. That’s not news to anyone,” Sebastian said. “So we are now going through IP convergence. It becomes not about the telephone network or video network. It’s all unified together. That’s the whole point.” UC uses commercial technology to meet DOD’s mission requirements and standardizes and consolidates component IP convergence efforts across DOD to reduce telecommunications costs and streamline management while achieving savings by implementing enterprise requirements for interoperability, security and network performance. Accelerating the migration of increasingly costly circuit-switched technologies to interoperable and secure IP-based network-centric services is a big incentive for the Pentagon, especially given the budgetconstrained environment for the foreseeable future. ROLLING UC IMPLEMENTATION DISA is taking a phased approach to introducing UC into DOD’s IT environment, including providing an approved set of commercial solutions that defense agencies and services can implement. The UC Approved Products List is the single approving authority for all military services and defense agencies in the acquisition of communications equipment that will be connected to DISN. The solutions are IP-based, interoperable and compliant with the security standards set by the DOD CIO as part of the baseline for JIE. Those standards-based services will be integrated with available enterprise UC in the business, intelligence and warfighting communities. UC enterprise services will be provided to DOD fixed, mobile and tactical users, as well as to authorized U.S. government interagency and multinational mission partners. “This is going to be an enterprise service. That’s the way of the future,” Sebastian said. “It’s in direct partnership with all our mission partners, who want the ability to choose their end-user experience and at the same time interoperate with each other on a variety of different devices in various resource-constrained environments. We have environments where we have a lot of bandwidth available and a rich feature set, and we have environments that are going to be very resource-constrained.” DISA is responsible for UC enterprise funding, engineering, acquisitions, operations, maintenance and sustainment associated with the DISN backbone. Additionally, the agency is tasked with providing acquisition vehicles for the DOD components to use to acquire edge infrastructure solutions from the Approved Products List. In June 2012, DISA released a request for information for UC Certification Office (UCCO) and DISN configuration management support. The RFI states: “DISA will maintain a list of products that provide or support UC, acquired or
operated by the DOD components, [and] certified for interoperability and information assurance.” In addition, the RFI says the task order is intended to provide vendor support for operating and maintaining “the UCCO in support of the DOD UC Approved Products List process. Also, this effort will provide [configuration management] assessment, planning, development, implementation and project management support to DISA/Network Services in support of the DISN.” DOD has begun deployment of approved IP-based products. The operational framework takes advantage of IP technologies and the department’s aggregated buying power to provide enterprise UC solutions through collaboration between DISA, as the backbone and edge services provider, and the other defense components, as the edge services and infrastructure providers and users. The UC strategy includes the implementation of competitive acquisitions of approved products based on common user requirements. “DISA provides a set of UC capabilities today and will continue to expand the service offerings and the related level of integration to implement the DOD CIO UC strategy,” said Jennifer Carter, DISA’s component acquisition executive.
DefenseSystems.com | JUNE/JULY 2013 15
MOBILE
UNIFIED CAPABILITIES
“The procurement of these capabilities will include competitive acquisition of both new and follow-on capabilities. The acquisition strategy will be updated to leverage advances in commercial offerings to the greatest extent while meeting capability and integration requirements for a broad range of DOD customers.” However, DISA can only do so much through its own efforts. To truly enable enterprise UC, the military services are responsible for putting their networks on an IP path so that systems can achieve interoperability. “DISA has been working with the DOD CIO and our mission partners at the service, combatant command and agency levels,” said Army Col. David Grauel, DISA’s deputy program executive officer for enterprise services. “These mission partners have begun their own local transitions to UC-type solutions. But we realize that not everybody has the same set of circumstances. They’ve all got unique mission sets, timelines, budget constraints and interests.” A MORE COLLABORATIVE ENVIRONMENT UC encompasses a broad range of communications, including voice, video, instant messaging/chat, voice mail and email. According to Grauel, UC will include myriad services on the unclassified and classified side, including enterprise voice-over-IP (VOIP), global video services, IP video, Web conferencing and unified messaging. Those services will also be interoperable with DOD’s enterprise email offering hosted by DISA. “We’re creating a flexible environment where these services, for example, can choose the particular user experience that they want for their particular service,” Grauel said. “And it will work together with our enterprise offerings — such as enterprise directories, as one example. It really is a great opportunity to bring this all together and deliver a set of capabilities that will improve the effi ciency and productivity of our DOD workforce.” Enterprise VOIP is designed to provide a full range of voice-related capabilities to more than 2.7 million DOD users that take full advantage of DISN and IP technologies. The purpose is to avoid the duplication of costs for voice services, operations and maintenance, network operations, sustainment and information assurance at nearly 2,000 locations worldwide with a lower total cost of ownership. Enterprise classified VOIP is available today over the core 16 JUNE/JULY 2013 | DefenseSystems.com
The beauty of IP convergence is that voice, video and all these cool applications operate and interoperate across the IP network. — MARGARET SEBASTIAN, DISA
network, and before the end of the calendar year, it will be available over satellite communications, Sebastian said. Unified messaging integrates voice-mail and email capabilities, thereby enabling subscribers to access voice mail via email or email via voice mail. She added that unified messaging would be turned on by the end of the year. UC services are driven by emerging IP and changing communications technologies, which recognize evolving communication capabilities from point-to-point to multipoint, voice-only to rich-media, multiple devices to a single device, wired to wireless, non-real time to real time, and scheduled to ad hoc. “These capabilities absolutely will all be integrated into various client experiences and feature sets that support both the needs of the user and the resource configuration of the environment,” Sebastian said. “For example, we’ve demonstrated an IP video capability in a mobility pilot. Th e IP video solution that we’re rolling out works in a resourceconstrained environment and on multiple platforms.” These kinds of enterprise services will be consumed via a variety of end-user equipment, such as computers, IP phones and mobile devices. Combined together, these capabilities will result in ubiquitous access to services by any user at any location on any approved device. “There are pieces of UC that are very centralized that we do across the core infrastructure, and then there are other things, like applications, that are deployed on a device or close to the edge for rich content,” Sebastian said. “The pieces of UC are going to be placed based on where they need to be for maximum performance.” Several of the UC capabilities are being introduced into the operational environment and can be used as independent capabilities today. Many others are in the planning phase and are being scheduled for pilot releases. The mobile unclassified pilot, launched in May 2012,
established an environment to perform controlled testing and evaluation. The service solution consists of a mobile networking infrastructure that delivers 3G/4G LTE commercial mobile radio services to extend enterprise UC to commercial mobile endpoint devices via DISN enterprise mobility gateways. “iPhones and Androids are going to have our UC client deployed on them,” Sebastian said. “We’re providing the application.” In addition, in a joint effort with the National Security Agency, DISA is enabling commercial mobile technologies to support DOD’s classified voice and data requirements while securing DOD Mobile Classified Capabilities (DMCC) information enterprisewide. The increased capabilities include mobile interoperations with existing DISN secure IP and legacy voice and data networks. DISA’s Capabilities Center “is involved in supporting the classified pilot through the work that we do in telephony. That’s the platform on which we deployed the IP video client to demonstrate it,” Sebastian said. “IP video is deployed now in a pilot form, but it’s going to be rolled out on the low side by the end of the calendar year and on the high side by the following year.” Those efforts support clearance-level secure voice calling from mobile device to mobile device and interoperation with existing DISN secure voice services. DISA is responsible for maintaining full control and accountability of DMCC devices.
— become a single, collapsed DISN that is a multi-classification way of transporting IP applications.” Circuit-switched services are migrating to IP-based nonassured/assured services over DOD component assured services local-area networks and intranets and UC transport using products from the UC Approved Products List. During the implementation, both converged and non-converged UC will be provided by technologies that are a hybrid of TDM and IP. “Right now, our TDM-based voice and video networks are probably on life support,” Grauel said. “We’re facing some issues with the technology on the underlying networks. We’ve got a situation where some of our enterprise contracts for our voice, video and data services will be running their course over the next several years.” “We have fundamental underpinnings that we have to do to the infrastructure of the DISN that we are addressing through existing tech-refresh projects today,” Sebastian added. ■
THE TRANSPORT LAYER The implementation of UC across DOD is dependent on UC transport, which is the secure and highly available enterprise network infrastructure used to provide voice, video and data services through a combination of DOD and commercial terrestrial, wireless and satellite communication capabilities. UC transport will primarily be provided by the DISN Non-classified but Sensitive IP Router Network (NIPRnet) for unclassified services and by the DISN Secret IP Router Network (SIPRnet) for classified services. “UC is a collection of application-based services that’s going to be delivered across the black IP core,” Sebastian said. “If you think about the evolution of DISN over time, it was looked at as a multitude of separate networks, such as the [time-division multiplexing] network, NIPRnet and SIPRnet. And everything was its own network. The beauty of IP convergence is that voice, video and all these cool applications operate and interoperate across the IP network. So all forms of transport — including optical [and] satellite DefenseSystems.com | JUNE/JULY 2013 17
Taking airborne mobility beyond ISR to en route command and control Access to broadband while airborne is one of the crucial elements of effective mobile command and control. New developments in antenna and satellite technology—along with more nimble, high-capacity global networks—is bringing this dream of military commanders closer to a reality. In this Defense Systems Pathfinder, we discuss the issues with Paul Baca, vice president and general manager of global mobile broadband systems, ViaSat Inc.
Q A
What is the state of broadband for airborne mobility today?
We’re on the forefront of that technology and capability, and it’s certainly a growing market space. In years past, people have succeeded in putting broadband on airborne platforms. But because of the cost of the space segment and the high cost of service via satellite, it hasn’t really had the traction that it’s getting today with many options for providing that capability.
Q A
What are the hardware requirements for airborne mobility in terms of antennas, etc.?
It’s very dependent on the size of the platform. For smaller aircraft of course you need smaller antennas. It’s difficult to put a large antenna on a small airplane. On an airplane, especially a military airplane, they want to get a lot of data off of an aircraft, so doing that with a small antenna is complex. Typically, larger airplanes fly much faster than smaller airplanes, which means you can’t have a big radome— a big bubble on top of the aircraft— to accommodate a large antenna. You must have much lower-profile type antennas. Ideally a flat-panel sort of phased-array antenna would be great for larger aircraft, but that technology isn’t mature enough, especially for a moving platform.
Q
You’ve described airborne mobility as beyond ISR to en route Internet and broadband communications. Please explain.
Read the full interview online at DefenseSystems.com/2013AirborneMobility
Paul Baca VP and General Manager of Global Mobile Broadband Systems, ViaSat
A
We have to set up a worldwide network that stitches together many, many satellite beams to create a network. It’s analogous to a cell phone network. An aircraft flying around the world and transitioning from beam to beam to beam is just like when you transition from cell site to cell site as you’re driving from city to city. There’s a lot of background networking required to allow aircraft to operate without interruptions in service as they transition from satellite to satellite. So we’ve effectively taken the satellite beams that we have leased around the world and stitched them together and applied networking techniques similar to those used in the cell phone industry.
Q
What role will next-generation airborne mobility play in command-and-control on the move for the Army, for example?
A
Army Rangers or Army airborne operations typically hitch a ride on Air Force aircraft to perform their missions. This nextgeneration airborne mobility, which allows their aircraft to be constantly
Sponsored Content
connected to their networks back at home, enables them to do mission planning. It makes them much more responsive, much more short-fusereaction capable such that they can make en route adjustment to any activities that they’re going to deal with in real time. It also allows senior army officers and decision makers— the command and control echelon— to remain connected while they’re flying around the world to various bases.
Q
ViaSat says it also runs the network for airborne mobility. What does that entail in so far as setting up hubs, getting satellite capacity and running network operations centers?
A
We have a worldwide Ku network today that we call the ViaSat Global Network. Our model for operating that network is that we own all the hubs and all of the ground equipment and we lease the bandwidth that we connect via these hubs. So we own the network and we’re continually augmenting and upgrading the network. It’s a turnkey capability that the government can rely on. With us operating our own network, we can sell it just like Verizon sells their cell phone service. We can sell equipment that the government can install on an aircraft, as well as a monthly subscription for bandwidth.
Q A
How does all of this make the military more nimble?
They don’t have to plan months in advance where they think they will need satellite capacity. Since we have our worldwide network, we can quickly lease commercial bandwidth, and quickly set up hubs. We’re able to accommodate them when they come to us and say we need ViaSat service in North Africa or a region of the Middle East by next week.
Q
Q
A
A
Tell me about the security issues associated with airborne mobility, and how that’s being addressed.
First, the actual satellite link from the airplane down to the ground to the hub must be secure, it must be encrypted, it must be protected in such a way that an adversary can’t tap into that signal and try to extract information. Users on the government aircraft that we equip also use our encryption capability to encrypt the link. There are also other layers of security that are of special concern to us, specifically the security of the hubs themselves. We are putting in place various security features into our hubs. Keep in mind that many of these hubs connect to secure government networks, but a lot of them also connect directly to the Internet. We need to protect them against vulnerability, and so that’s a major effort that we are investing in this year.
Q A
How would Special Forces, for example, take advantage of this airborne mobility?
Special Forces often are required, at a moment’s notice, to fly halfway around the world to deal with a problem. Airborne, broadband mobility allows them to have en route communications capability. So rather than just sit in the back of an airplane and do nothing while they’re flying to a mission, they can conduct mission planning, gather lastminute intelligence information and download it to the aircraft en route, and do a lot of productive tasks during those many hours of transition from their home base to wherever they need to operate. So this en route communications capability really allows them to be constantly connected and not have that long interruption when they have to transition to a skirmish
You’re also investing heavily in high-capacity Ka band. What capabilities does that give you compared to conventional Ku or X band systems?
With our Ka band satellite designs, and the fact that we have more spectrum allocation, allows us to offer much higher data rates, much higher capacity than Ku band and certainly more than X band. We’re talking about factors of 10 in terms of the data rates they can get with high-capacity Ka versus what they can get today with Ku. Rather than 3 or 4 megabits/sec off an aircraft, we can potentially look forward to 20, 30, 40 megabits/sec in the future.
Q A
Any final comments?
We are outfitting some key government aircraft with Ka technology today, and some of them are starting to deploy in regions like North Africa and the Middle East. Over time, our goal is to provide service to the government using high-capacity Ka systems so they can get the highest data rates possible. But we see that as a long-term transition. We’re not going to flip a switch and every one of the aircraft we service is going to be on highcapacity Ka. There are aircraft that will remain on our Ku networks for many years, and we want to allow our future government customers to roam from our Ka networks to our Ku networks. We’re developing technology that does that easily and seamlessly. t
You can read the rest of the interview online at DefenseSystems.com/2013AirborneMobility
MOBILE
STANDARDIZED SECURITY
The Joint Information Environment encompasses IT infrastructure, enterprise services and a standardized approach to security to achieve full spectrum superiority. Data center consolidation and standardized computer configurations are also key elements.
Defending DOD networks with a single security architecture BY GREG SLABODKIN
As the Defense Department moves to a network architecture that will one day serve the core needs of all the military services, it envisions a Joint Information Environment (JIE) that comprises shared IT infrastructure, enterprise services and a single security architecture (SSA) to achieve full spectrum superiority, improve mission effectiveness, increase security and realize IT efficiencies. Through the implementation of JIE, 20 JUNE/JULY 2013 | DefenseSystems.com
Pentagon planners hope to reduce the department’s overall IT footprint, standardize configurations, create shared security protocols at the enterprise level and simplify data routing. The Defense Information Systems Agency is responsible for leading JIE technology synchronization and is creating a set of common IT services to support JIE based on trusted identity and access management, data center consolidation, and enterprise services such as DOD Enterprise Email, collaboration and file storage. Cybersecurity also constitutes a
significant portion of JIE, which seeks to enhance network security by employing an SSA to better protect DOD networks, while giving warfighters easier access and allowing for better information sharing among all mission partners. The SSA is designed to enable DOD’s cyber operators at every level to see the status of their networks for operations and security and enable commonality in how cyber threats are countered. By implementing a standardized security architecture, the U.S. military wants the ability to know who is operating on its networks and what they are doing and be able to attribute their actions with a high degree of confidence. “The single security architecture is one of the major components of JIE,” said Mark Orndorff, DISA’s chief information assurance executive and program executive officer for mission assurance and NetOps. “The No. 1 most important advantage is the ability to actively defend the DOD networks in a time frame that we need to execute cyber defensive operations. What I mean by that is the single security architecture will allow us to understand what’s going on across the entire DOD network with global cyber situational awareness to a level that we can’t do today.” According to Orndorff, the SSA will minimize complexity for a synchronized cyber response, maximize operational efficiencies, and reduce the risks while also reducing the number of organizationally owned firewalls and unique routing algorithms and the inefficient routing of information that currently exists. In addition, a standardized security architecture will better protect the integrity of information from unauthorized access while increasing the ability to respond to security breaches across the system and improving how DOD operates and secures its networks globally, he said. The SSA “will allow us to implement security controls and countermeasures across the entire network in real time,” Orndorff said. “Today we’ve got a lot of decentralized implementations of some pretty sophisticated and robust capabilities. But they’re implemented in pockets, so we don’t share information across all the pockets and don’t have the ability to simultaneously change policies or controls across all those pockets instantly or at the same time.” ELIMINATING OVERLAP AND DUPLICATION The problem is that mission assurance services are currently implemented via a complex set of overlapping and duplicative roles and responsibilities. JIE’s SSA is a multiphase ap-
Single security architecture will allow us to understand what’s going on across the entire DOD network…to a level that we can’t do today. — MARK ORNDORFF, DISA
proach that solves that problem by collapsing the network security boundaries, reducing the external attack surface, and standardizing the management, operational and technical security controls to ensure the confidentiality, integrity and availability of DOD’s information assets within all required mission contexts while also facilitating rapid attack detection, diagnosis, containment and response. “We had in a lot of cases more security layers than we actually need,” Orndorff said. “As we design this under the single security architecture, we feel like we can get the right security controls in the right places in the network and eliminate a lot of the duplicate layers that exist in the architecture today. We’re going to pick the key places to control network traffic and the key places to implement security capabilities. And then the security layers that exist today over and above the ones that need to be there for this design…will be eliminated.” SSA provides for a common approach to the structure and defense of computing and the networks across all DOD organizations. For example, the SSA describes how core DOD data centers and the server computing resources they contain must be structured, what cyber defenses are required on those computers, and what cyber firebreaks are necessary as part of the internal networks of the data center. In addition, the SSA also describes how remote management and automation of data centers is to be structured and secured, and what cyberattack detection, diagnosis and reaction capabilities the data center and the remote management system must have. “We are shifting a bit in the approach so that more security will be wrapped around the data centers and the applications,” Orndorff said. “So we’re getting a shift in terms of trying to do security at the network boundaries to look at where the applications and data are and better aligning our security architecture to that, which will free up some of the network boundary base defenses.” Another high-priority objective for the SSA is to enable dynamic information sharing with DOD and its mission partners by shifting the focus from securing systems and netDefenseSystems.com | JUNE/JULY 2013 21
MOBILE
STANDARDIZED SECURITY
works to securing data With the commerand its use. cial explosion of smart “If you secure the sysphones and the populartems and the data, you’re ity of the Android and in a better position to iOS operating systems, understand the exact DISA is trying to leversecurity requirements age the commercial marof that system and what ketplace and determine that system is trying how it can best be used to support,” Orndorff to address DOD’s needs. said. “If you are trying “If we try to impose to secure at the network our security requirelayer, it’s a much more ments on the commercomplicated problem cial mobile devices, we’d and harder to tune the end up with a device that security policy to acnobody would ever want Rather than impose security requirements on commercial complish what needs to or use,” Orndorff said. devices, DISA wants to use a single security architecture to be accomplished without “The approach we’ve mitigate risks and is giving companies the responsibility for impacting information taken is to build a mobile writing the security technical implementation guides for their sharing and the dynamecosystem that leverages devices. ics of the missions that all the benefits of the DOD needs to support.” single security architecDOD’s first installture so that when you’re ment of JIE is coming together initially in Europe. JIE Incre- using a DOD-provisioned mobile device, you get all the ment 1 is based within the U.S. European Command area benefits of the security architecture and infrastructure that of responsibility. DISA is building on the successes of that we have to mitigate a lot of the risk associated with a generic pilot project and will bring the process to the Pacific Com- mobile device operating in the wild.” mand to learn further lessons about what works and doesn’t DISA wants to ensure that DOD users stay compliant with work as DOD seeks to create a set of standards and an archi- security rules and regulations. In the past, it mandated spetectural construct that will facilitate jointness among all the cific configuration settings for mobile devices through the military services’ networks. use of security technical implementation guides (STIGs), “We have a formal JIE Increment 1 that is being worked which are developed by DISA and updated periodically in an in Europe with multiple upgrades planned out between now effort to keep pace with documented emerging threats and and the end of this calendar year,” Orndorff said. “While In- changes to technology. However, the agency has changed crement 1 is being worked, follow-on planning for another that model by giving industry the responsibility for writing increment planned for the Pacific [Command] and all the the guides. additional phases will be scheduled. In the background, we “Where we’re headed is we’re giving the vendors the sehave work under way within [the continental United States] curity requirements guide, and the vendors are writing the that aligns with JIE and will help set the conditions, so as STIGs for their device,” Orndorff said. “Industry will deliver we move from the formal Increment 1 work in Europe into to the department the STIG and the device, and we will go other parts of the world, we aren’t sitting still.” through a very quick, streamlined process to review what they’ve submitted and then release that as a DOD STIG for ENABLING MOBILE FORCES general use across the department.” Mobility is another challenge that isn’t limited to JIE but is “Our expectation is that we will be issuing STIGs right in common across DOD as it becomes an increasingly mobile line with the release of the commercial mobile devices to the force. One of JIE’s primary goals is to provide the warfighter marketplace,” he added. “There won’t the long lag that has with secure access to information from any mobile device, been an issue in the past, plus we will have better-quality with an SSA that is available globally and accessible at the STIGs because the experts from industry will be writing tactical edge. them as they build their products.” ■ 22 JUNE/JULY 2013 | DefenseSystems.com
SPONSORED CONTENT
Bandwidth on Demand: Ethernet Services
T
he Defense Department, like many federal agencies, is adopting a new generation of Internet Protocol (IP) transport services that address today’s capacity, speed and quality-of-service requirements. However, in the current resourceconstrained environment, both defense and civilian agencies are grappling with how to meet the growing demand for bandwidth while achieving the lowest possible total cost of ownership. Government agencies increasingly are turning to Ethernet services, which provide many benefits over other technologies, including the ease of deployment, bandwidth on demand, controlled routing and cost advantages. Ethernet’s elastic bandwidth capability allows agencies to manage their information technology costs with optimal effectiveness while meeting ever-increasing data requirements. “Ethernet provides government agencies with a number of important advantages, including bandwidth on demand that meets their needs as they ebb and flow so customers only pay for what they actually need. Ethernet interfaces are also less expensive, which provides a significant cost savings,” said Diana Gowen, senior vice president and general manager for the public sector at CenturyLink, one of the world’s largest telecommunications companies and a leading cloud infrastructure and hosted IT solutions provider. CenturyLink is at the forefront of providing high-tech, cost-effective Ethernet services to the U.S. Department of Defense (DOD) and other government clients. And with emerging product standards becoming available, government agencies can now use Ethernet solutions to solve
own. CenturyLink also helps agencies their IT dilemmas and focus on their make long-term service decisions based mission. on offerings that will provide the best For example, to deliver the value in the future, she added. command-and-control capabilities For example, over the next 10 years, and enterprise infrastructure that CenturyLink will provide Ethernet, IP warfighters need, DOD is pursuing and optical wave services Virtual Private LAN through VPLS for the Services. VPLS provides DOD High Performance Ethernet-based, Computing Modernization multipoint-to-multipoint Program via the recently communication over awarded Defense Research IP networks that Engineering Network enable sharing across (DREN) III contract. These geographically dispersed services will link defense sites. scientists and engineers at VPLS offers the same leading research institutions, connectivity as a device Diana Gowen Sr. Vice President and labs and test facilities at more connected directly to General Manager, than 150 defense locations an Ethernet switch. In CenturyLink Public nationwide. addition, by migrating Sector DREN serves as a national from carrier-controlled test bed to accelerate the development Multi-Protocol Label Switching to and deployment of ultra-high-speed customer-controlled VPLS switching, bandwidth applications as well as nextDOD is reclaiming control of its generation networking and security network. technologies. With support from “For security conscious-customers CenturyLink, DREN III will accelerate like DOD and other government these network advancements into even agencies, there is a need to control higher levels of performance. and manage their routing and routing CenturyLink is committed to meeting protocols without having to share the communications mission of the them. Using Ethernet from end to end federal government with the most on the access side and across the entire robust, secure networks possible. By network backbone allows them to leveraging timely, economical and regain that control,” Gowen explained. dynamically allocated bandwidthCenturyLink works with agencies on-demand Ethernet solutions from to help them choose the right network CenturyLink, government agencies will routing protocols that best meet their be better positioned to focus on their needs and distinguish between the ever-expanding mission requirements. r company’s routing setup and their For more information about CenturyLink’s Government services and offerings, please contact your agency’s representative or email us at CTLfederal. federal@centurylink.com. For more information on CenturyLink, go to: CenturyLink.com/gov
MOBILE
NETWORK INTEGRATION EVALUATION
Army tests tactical communications during NIE BY HENRY KENYON
decision-making, allow unit communications tasking orders to be reorganized across the network, and reduce network complexity through soldier training and education. A big part of NIE 13.2 was mission command on the move, which Miller said goes beyond testing hardware to more effectively using networking technology.
communication between commanders at different levels. A fully equipped brigade conducted If forces have no unified strategic operations in New Mexico’s vast White and tactical view, “you get bogged Sands Missile Range as part of the down in a quagmire,” he said. Army’s Network Integration EvaluNIE allowed the Army to underation 13.2 in May. Soldiers tried out stand how orders moving across all new communications and networking echelons interact through a spectrum equipment so the Army could test how of events, from combat through peaceits forces stay connected and aware of keeping and disaster relief. As in previtheir surroundings ous years, the results while maneuvering on of the evaluation are the battlefield. helping the service At the latest bisee which systems and annual event, the equipment allow warArmy continued its fighters and comevaluation of Incremanders to make ment 2 of the Warmore effective decifighter Information sions while on the Network-Tactical, the move, Miller said. Nett Warrior soldier At the heart of the communications and Army’s efforts was situational awareness how to best match up system that connects and balance physical through the rifleman gear and systems with radio, the Joint Battle the techniques and Command-Platform, training needed to use and the Tactical Comthem efficiently. “We A soldier tests new communications and networking equipment as part munication and Proknow we’re not going of the Army’s Network Integration Evaluation 13.2. The exercises help the tective System. to get it right today,” NIE 13.2 also sought Army further enhance its tactical networking capabilities by having soldiers Miller said. “We’re goto evaluate how com- evaluate commercial and government technologies. ing to get it partially manders use all those right.” components in a single network, said Col. David Miller, dep“Mission command is not a techni- SOLDIER FEEDBACK uty commander of the Army’s Brigade cal, physical piece of equipment,” he Soldier feedback is at the heart of NIE. Modernization Command. said. “It is an intellectual concept.” He As troops test new systems, the results NIE activities included using tacti- added that effective mission command are plugged into modifications in future cally deployed networks, extending the requires a dialogue among all echelons. capability sets — the annual packages of network to soldiers, testing networkBased on recent experience in coun- tested and approved equipment issued to enabled air-to-ground communica- terinsurgency operations, Miller said Army units prior to deployment. Miller tions integration and understanding most tactical intelligence is generated said those changes have already apcyberspace capabilities as force protec- from lower-echelon units, but there is peared in Capability Set 13 and will be tion, Miller said. The Army looked at often a disconnect between the tactical part of future updates. capabilities that improve collaborative and strategic views because of a lack of The latest NIE emphasized movement 24 JUNE/JULY 2013 | DefenseSystems.com
tems, Wellons said. By combining soldier feedback in the selection and acquisition process, the Army can be sure that the gear meets soldiers’ needs, he added. Furthermore, the information collected from the event is incorporated into the training and operational doctrine for the systems. Wellons said soldiers in the field prefer to use equipment they’re familiar with, which underscores the importance of testing new equipment and training soldiers in how to use it. ■
Mission command is not a technical, physical piece of equipment. It is an intellectual concept. — ARMY COL. DAVID MILLER
and maneuvering across long distances. The Army brigade participating in the exercise — the 1st Armored Division’s 2nd Heavy Brigade Combat Team — simulated an overseas deployment by traveling 100 miles from Fort Bliss in El Paso, Texas, to the far end of the White Sands Missile Range. Their activities tested how effectively the network provides commanders and soldiers with a common operating pic-
ture while on the move, said Col. David Wellons, who recently retired as commander of the Army’s Integrated Test and Evaluation Directorate. Once the brigade arrived at White Sands, it conducted force protection operations in a simulated friendly nation. The results of previous NIEs have saved the Army $6 billon because officials avoided purchasing unsuitable sys-
i
Additional Online Resources
Network Integration Evaluation Website http://www.bctmod.army.mil/ nie_focus Brigade Combat Team Modernization http://www.bctmod.army.mil/program
When you’re ready to do something bigger When you’re ready to advance your career You are ready for American Public University American Public University is ready to help you move your career forward. We offer respected degrees in Business Administration, Information Technology, Security Management, Management, Military Management and Program Acquisition, and more — completely online. We’re also able to provide our students with opportunities beyond the virtual classroom working with select Fortune 500 companies and government agencies. And people are taking notice. We’ve been nationally recognized by the Sloan Consortium for effective practices in online education.
When you’re ready, visit StudyatAPU.com/DS We want you to make an informed decision about the university that’s right for you. For more about the graduation rate and median debt of students who completed each program, as well as other important information—visit www.APUS.edu/disclosure.
DefenseSystems.com | JUNE/JULY 2013 25
MOBILE
COMMERCIAL DEVICES
DOD shapes departmentwide mobile standards, policies BY HENRY KENYON
The Defense Department’s efforts to issue mobile devices to its civilian and uniformed personnel continue to take shape as multiple pilot programs mature and get ready to shift to initial operational capability. After several years of tests and modifications, the Defense Information Systems Agency will acquire a mobile device management system that will allow the military services to more effectively and securely manage mobile devices across their networks. But that program is just part of a departmentwide undertaking to connect warfighters to information anywhere, anytime. This is an exciting time for DOD mobile programs, said Robert Carey, the department’s principal deputy CIO, at a Defense Systems seminar on military mobility in June. One of the military’s main goals is to give commanders and other decisionmakers the ability to access vital information wherever they are. He noted that DOD’s mobile strategy involves connecting some 600,000 mobile devices. As the number of devices continues to proliferate, Carey wants to see more of them issued to DOD personnel, especially in tactical battlefield environments where communications currently end at the squad level. DOD’s mobility plans are focused on three areas: developing policies and standards for mobile devices, selecting and acquiring a mobile device management system, and educating and training mobile device users. But while it is pursuing these goals, DOD must remain aware of certain requirements, Carey said. One consid26 JUNE/JULY 2013 | DefenseSystems.com
eration is that while mobile devices and applications provide warfighters with improved command and control capabilities, purely commercial solutions can be prone to failure in harsh combat environments. Vendors do not have to provide military-grade ruggedized systems, he said, but they should be aware of security considerations — for example, the need to keep functions such as Global Positioning System tracking turned off in the field. As a part of its Commercial Mobile Device Implementation Plan, DOD has begun building more gateways to allow devices better access to the network enterprise, Carey said. To do that costeffectively, the military is working with multiple vendors to provide services and equipment. “We’re trying to leverage what [companies] bring to market so that we can reduce the cost of the infrastructure,” he said. He noted that the BlackBerry Z10 smart phone was just cleared for use across DOD in May. Additional tablet PC and smart phone platforms — such as the Samsung Knox, which has DOD-specific security modifications to its Androidbased operating system — will be ready to be issued this fall. A BYOD ROAD MAP The military has also been focusing on bring-your-own-device (BYOD) policies. DOD is working on what Carey describes as a BYOD road map for setting up policies and programs governing the use of personal mobile devices. “BYOD is a goal of ours,” Carey said. “It is out there in front of us.” Although the military has made progress, there are still many concerns about BYOD that remain to be addressed re-
lated to security, cost and policies. He noted that there are many BYOD pilot programs across the government but none on the scale of DOD’s. The requirements for a DOD-wide BYOD program include establishing public key access-based security for connecting to military networks, isolating government applications and data from personal data on a device, developing applications, ensuring device integrity, handling technology insertion and making sure that users’ devices stay up-todate within the mobile device life cycle, Carey said. “Are [companies’] applications written in such a way that they can be accessed from a mobile device? That’s another thing that we are working on — to ensure that these things are woven into the fabric of DOD’s communications infrastructure,” he said. While DOD addresses enterprisewide issues through its overarching mobility program, the military services are moving ahead with a number of pilot programs. For instance, the Air National Guard is seeking to provide mobile devices and service to all 89 of its wings, said Air Force Lt. Col. Anmy Torres, the National Guard Bureau’s chief for cyber plans and sustainment. The goal of the pilot program is to provide mobile devices, connectivity and application management systems to those units. The challenge is to connect some 5,300 BlackBerry smart phones and roughly 2,000 other handheld devices to the network, Torres said. But while the Air National Guard is setting up the network, it is waiting for DISA to finish its crossDOD mobile environment to plug into that larger enterprise. There is a lot of pressure from users
BYOD is a goal of ours. It is out there in front of us. — ROBERT CAREY, DOD
ZAID HAMID
to get a mobile system up and running, but the Air National Guard wants to give DISA time to set up the network correctly. “We don’t want to tell people we have an environment to set up and then have to turn it off because we didn’t do it right,” Torres said. IT SERVICES AT THE PENTAGON Another organization working on its own mobile programs is the U.S. Army’s Information Technology Agency (ITA), which is responsible for providing IT support for Army headquarters. ITA is also charged with supporting all the IT services at the Pentagon. Those responsibilities include setting up and manag-
ing mobile device service in the facility, said Thomas Sasala, ITA’s chief technology officer. There is a moratorium on bringing wireless devices into the Pentagon, he said, because of a combination of security concerns and poor reception due to the building’s heavy concrete 1940s architecture. ITA has established Wi-Fi services throughout the building and also manages the Pentagon’s wireless intrusiondetection system, which keeps track of any wireless transmissions from approved and unapproved devices within the building. The agency is actively involved in DISA’s mobility programs. Sasala said that as part of that effort, ITA discussed
the state of the market with vendors in 2012, but he added that in the course of a year, the market has changed completely. “It is moving faster than we can adapt,” he said. “It is moving faster than any enterprise can adapt.” ITA is also the organization behind the Pentagon’s IT road map, which has a mobile component. One aspect of the plan is to make the network as flexible and scalable as possible through centralized network management, Sasala said. ITA also has a pilot program under way that is expected to be in full production by the end of the year. To support the effort, he said he has 48 terabytes of data storage for both desktop virtualization and mobile applications. ITA has already virtualized 48 percent of the data centers in the Pentagon with the goal of reaching 80 percent in the next three years. Furthermore, there are 15 data centers housed in server rooms at the Pentagon, and over the next three years, Sasala wants to see that number reduced to eight. ■
DefenseSystems.com | JUNE/JULY 2013 27
DEFENSEIT COLLABORATION
DOD’s new plan for collaboration: Unified capabilities BY DEFENSE SYSTEMS STAFF
MASS COMMUNICATION SPECIALIST 2ND CLASS MARK R. ALVAREZ
W
ith an eye toward improving collaboration by moving everything over IP, the Army’s Program Executive Office for Enterprise Information Systems has issued a request for information on elements of what the military is calling unified capabilities (UC). The RFI was issued in conjunction with the Defense Information Systems Agency. DISA Director Lt. Gen. Ronnie Hawkins Jr. described UC in an interview with Defense Systems. “Our unified capability is going to be one of those disruptive technologies that move us away from the standard collaboration suite that we’ve used in the past,” he said. “For us, unified capability is the ability to move, as much as possible, everything over IP. When you get into that environment, you are able to collaborate at a very high data rate.” According to the RFI’s problem statement, “DOD currently relies on many different, disparate capabilities that are components of a desired UC solution. Many of these component capabilities are not integrated, limited in scale, at or near endof-life, and targeted for specific commands or locales of use.” “As a 24x7x365 enterprise, the DOD requires a highly available UC solution across the entire set of users from mobile users and fixed installations to deployed soldiers utilizing austere communications, on the move, and in hostile environments,” the document states. “UC is expected to support administrative information processing, command and control, public safety, and intelligence, surveillance and reconnaissance.” Information is requested regarding current and emerging UC solutions in the following areas: 28 JUNE/JULY 2013 | DefenseSystems.com
• Presence and awareness of users. • Text and voice chat. • Ad hoc and persistent work spaces. • Videoconferencing and interoperability with industry standards for preplanned and ad hoc meetings. • Synchronous collaborative spaces, virtual whiteboards, screen sharing, application sharing, and document sharing with markup and editing. • Telephony and telephony integration to allow, for example, method-independent voice access and dynamic routing of incoming calls to recipients’ currently accessible capabilities. • Email integration with messaging — for example, receiving voice mail in an email inbox. • Device access for desktop computers, thin clients and mobile devices for both government- and nongovernment-furnished equipment. • Role of standards and other capabilities to
integrate into non-UC systems (e.g., warfighting, medical, logistics or warfighting simulation systems). • Integration with DOD’s implementation of identity management with the use of Common Access Cards. • Integration with DOD’s implementation of public-key infrastructure for digitally signing and encrypting messages. • Recording and playback. • Life cycle management, including user migration and help desk support. • Deployment methodologies that range from DOD fully purchasing, deploying and maintaining to industry fully providing as a service. ■
i
Additional Online Resources
UC Certification Office http://www.disa.mil/Services/ Network-Services/UCCO
Senior leaders from the U.S. Navy, the U.S. Marine Corps and the Japan Maritime SelfDefense Force participate in a videoconference onboard the USS Essex. The military is seeking to integrate a variety of communications tools to enhance collaboration.
Seamless mobility comes down to a simple equation. Intelsat General is already known within the industry to have the fastest, most reliable global mobility network on land, sea or sky for critical military communications needs, including end-to-end solutions, and Intelligence, Surveillance and Reconnaissance applications. Still, our Intelsat EpicNG platform, launching in 2015, will make the best even better. New spot beam technology will complement our current C-, Ku- and X-band solutions, allowing you greater throughput as well as greater  exibility and control. And, as you’d expect from Intelsat General, this technology is designed intelligently to be backwards compatible with pre-existing equipment. When the communication is mission-critical, the choice is epic.
Step up to best-in-class mobility. Visit farmorethansatellites.com.
CYBERDEFENSE BYOD STRATEGIES
The key to BYOD could be ‘containers’ Segmenting enterprise apps from personal activities on the same device could offer a solution to mobile’s privacy vs. security dilemma BY KIMBERLY JOHNSON
The ultimate goal of using personal mobile devices to secure access to Defense Department applications begins with keeping the two interests completely separate, according to a major network provider. “There is the school of thought that the only way to deal with mobile devices is mobile device management [MDM], in the sense that there is an IT department somewhere taking control of a device and taking it under management,” said Jon Green, director of government solutions at Aruba Networks. As the military looks to extend access to mobile platforms, the bringyour-own-device (BYOD) strategy could help stretch thinning defense acquisition dollars. Military personnel are no different from their corporate counterparts: They want access to their email on mobile devices, but they don’t want the IT department to see what they’re doing on those devices, Green said. “There’s a balance between security and privacy, and I don’t think the traditional MDM solves that very well,” he said. One solution, he added, comes from containment. Aruba has proposed a container solution called WorkSpace, which is installed as a single application that becomes the gateway to enterprise applications. “Within that container, all of the approved apps that your IT department wants you to run get installed automatically,” he said. “Within that work space, 30 JUNE/JULY 2013 | DefenseSystems.com
everything is encrypted. Data is protected so that you can’t copy and paste it out of the container. IT can exercise all the control that they want inside the container, but they have no visibility about what’s happening on the rest of the device.”
Like their corporate counterparts, military personnel want to use their personal mobile devices at work without the IT department taking control.
For example, users could run Facebook on their devices and the site wouldn’t have access to secure data, and vice versa, he said. The issue of controlling mobile devices has surged to the forefront in the wake of a blistering review by DOD’s inspector general of the Army CIO office’s
strategy for tracking commercial mobile devices within the service. According to the report released in March, the Army CIO failed to implement an effective cybersecurity program for commercial devices and lost control of more than 14,000 smart phones and tablet PCs, which were largely left untracked. The report underscores the fear of compromising secure defense networks and the need to be able to protect the devices that are out there, Green said. “That becomes really important in a BYOD scenario as well,” he said. “If I’m providing a Wi-Fi network or some kind of gateway on the cellular network for these mobile devices to come in, I need to know they’re there [in order] to understand what their posture is so that I can control them.” In an interesting twist, however, the IG report could actually help the Defense Information Systems Agency attract the funding it’s seeking, Green said. “Somebody needs to be in charge here, and DISA is probably the natural agency to do that,” he added. “I think having a report like that highlights the need for someone to be in charge.” According to Terry Sherald, chief of DISA’s Information Assurance Standards Branch, DISA’s role extends beyond MDM procurement. “DISA will issue security requirements guides and security technical implementation guides that will define [information assurance] controls for mobility systems throughout DOD,” he said. ■
DefenseSystems HasGone Mobile. Download the tablet app today! GO TO: DEFENSESYSTEMS.COM/TABLET
MOBILE, RUGGED COMPUTING DRS Tactical Systems of Melbourne, Fla., won a $455 million firm-fixed-price contract from the Army Contracting Command at Aberdeen Proving Ground in Maryland for production of the mounted family of computer hardware for the Army Mounted Common Operating Environment. DRS Tactical Systems, a subsidiary of Italy’s Finmeccanica, manufactures a variety of rugged systems for the military, including the RVS-330 rugged vehicle system and the Scorpion rugged vehicle terminal touch-screen tablet computer with external keyboard. PROPRIETARY CODE The Defense Information Systems Agency awarded Microsoft a $412 million contract for enterprise technical support services necessary to obtain highly trained Microsoft Blue Badge Cardholder-support. The
Stryker combat vehicles
contract is for one year, with four one-year options. The military services require access rights to Microsoft’s proprietary code. The contract’s core requirements are for Microsoft to provide consulting services so software developers and product teams can take advantage of a variety of proprietary resources and source code. In addition, Microsoft’s support services will include tools and knowledge bases, assistance with problem resolution, and access to Microsoft source code when applicable.
When
NETWORKED STRYKERS Raytheon said its battlefield radio recently transmitted data securely over the air to more than 30 Stryker combat vehicles, showing that it could meet the Army’s need for a tactical wireless Internet via a vehicle-mounted mobile radio system. Soldiers of the 4th Stryker Brigade Combat Team were able to send and receive email and chat messages, and could access the team’s intranet-like Web portal using Raytheon’s EXF1915, an upgraded version of Enhanced Position Location Reporting System radios. It marks the first time the team was able to tap into a secure wireless network, according to Raytheon. When connected to the Army’s middle- and upper-tier networks, the EXF1915, also known as the RT-1915, provides high-speed IP network services for an entire brigade of Stryker and other combat vehicles, Raytheon said. ■
ISR is the Mission: SATCOM
iGT Brings the Battlefield into Focus Clarity on the battlefield drives mission success. There is more to learn, visit: www.iDirectGT.com/battlefield
IGT’s IP-based satellite communications provides hardware, software and services that bring you high resolution images from the battlefield while securely connected on the ground, at sea, or in the air – anywhere in the world. Network flexibility, high mobility and seamless integration with existing systems means you are up and running quickly – with mission success clearly in sight. Stay connected. Stay informed. The mission depends on it.
32 JUNE/JULY 2013 | DefenseSystems.com
BARRY ROSENBERG
INDUSTRY RECON
INDEX OF ADVERTISERS
Accenture accenture.com . . . . . . . . . . . . . . . . . . . . . . . 11,13,15,17 American Public University studyatapu.com/ds. . . . . . . . . . . . . . . . . . . . . . . . . . 25 CDW-G cdwg.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Would you like to receive a complimentary subscription to Defense Systems? Go to: DefenseSystems.com/subscribe
CenturyLink Government centurylink.com/gov . . . . . . . . . . . . . . . . . . . . . . . . 23 Defense Systems Innovation Forums defensesystems.com/forums . . . . . . . . . . . . . . . . . . C3 Defense Systems
Start Your Free Subscription Today! Available in print and digital formats
defensesystems.com/tablet . . . . . . . . . . . . . . . . . . . .31 iDirect Government Technologies iDirectGT.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Intelsat General Corporation intelsatgeneral.com . . . . . . . . . . . . . . . . . . . . . . . . . 29 ITT Exelis - Electronic Systems exelisinc.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C4 L-3 Communications - West L-3com.com. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C2 ViaSat Inc. ViaSat.com/focus . . . . . . . . . . . . . . . . . . . . . . . . . 18-19
DEFENSE SYSTEMS ADVERTISING MEDIA CONSULTANTS
Jessica Marty CA, OR, WA
(916) 740-3308 jmarty@1105media.com
Mary Martin DC, MD, VA
(703) 222-2977 mmartin@1105media.com
Tania Norris DC, MD, VA and Southeast
(410) 552-5899 tnorris@1105media.com
David Tucker Midwest
(515) 256-0156 dtucker@1105media.com
Matt Lally Northeast
(973) 600-2749 mlally@1105media.com
VICE PRESIDENT OF SALES
This index is provided as an additional service. The publisher does not assume any liability for errors or omissions.
Stacy Money
©Copyright 2013 by 1105 Media, Inc. All rights reserved. Printed in the U.S.A. Reproduction of material appearing in Defense Systems is forbidden without written permission. The information in this magazine has not undergone any formal testing by 1105 Media, Inc. and is distributed without any warranty expressed or implied. Implementation or use of any information contained herein is the reader’s sole responsibility. While the information has been reviewed for accuracy, there is no guarantee that the same or similar results may be achieved in all environments. Technical inaccuracies may result from printing errors and/or new developments in the industry. Media Kits: Direct your Media Kit requests to Carmel McDonagh, Vice President, Marketing, 703-876-5040 (phone), 703-876-5059 (fax), cmcdonagh@1105media.com. Reprints: For single article reprints (in minimum quantities of 200-500), e-prints, plaques and posters contact: PARS International, Phone (212) 221-9595, email: 1105reprints@parsintl.com, web: www.magreprints.com/QuickQuote.asp List Rentals: This publication’s subscriber list, as well as other lists from 1105 Media, Inc., is available for rental. For more information, please contact our list manager, Merit Direct. Phone: 914-368-1000; E-mail: 1105media@meritdirect.com; Web: www.meritdirect.com/1105.
(415) 444-6933 smoney@1105media.com
CORPORATE HEADQUARTERS 9201 Oakdale Ave., Suite 101 Chatsworth, CA 91311 www.1105media.com
DefenseSystems.com | JUNE/JULY 2013 33
DIGITAL CONFLICT
The need for skilled cyber project managers
T
he availability of properly skilled cybersecurity resources has been in the spotlight for some time. The demand is being driven by countless projects and programs requiring those special skills, most of which also require security clearances. Several entities have responded to this shortage with training programs and internships, as have many individuals who are actively seeking a career in one of the three general disciplines in the cyber domain: offense, defense and intelligence. Although the shortage of resources for the offensive, defensive and intelligence-gathering careers in the cyber domain is beginning to be addressed, another highly specialized profession remains in fairly short supply: cleared and experienced program and project management for classified initiatives. On the day I began writing this piece, there were 30 job postings for project and program managers and directors on just one of the classified jobs boards. The demand is certainly there but how about the resources? I conducted a search on a social networking site with millions of professional users. Only two individuals came up who had identified themselves as Defense Department project managers. I reviewed their professional biographies, and neither had any cyber background listed. I saw an article a year ago that said defense acquisition research and development projects are 42 percent over budget on average, and some say the average weapons program comes in 22 months late. I wonder what the overrun stats will look like for projects in the cyber domain, with much less historical data to go on and much less experience. Looking further into this area, I cannot find any cyber project estimation guidance or tools that assist project/ program managers in this critical function. For that matter, I cannot find any courses that teach classified project/program management. Looking back on my career and that of some of my colleagues, it is clear we were the product of onthe-job training and the school of hard knocks. On typical projects, many team members 34 JUNE/JULY 2013 | DefenseSystems.com
take work home and often work on weekends. That can’t happen on a classified project. As a program manager, I received calls a number of times at home during nights and weekends about critical program issues. That can’t happen on a classified project. The biggest challenge remains staffing. Finding qualified resources with the appropriate training and experience is very difficult and time-consuming. The above issues are just a few of the project and program management challenges for classified initiatives. Add to those the compliance and regulatory requirements for government initiatives or the DOD regulations and standards for projects and programs and one can easily see the huge challenge. Now layer on top of all that the dynamics of the cyber domain (offense, defense and intelligence) and you can begin to appreciate the complexities that the industry and military face when executing projects. Given the billions of dollars spent each year on cyber projects and programs that are classified, maybe we should invest in professional development programs that address the unique characteristics and challenges that project and program managers face when dealing with classified projects. Many organizations offer cleared staff the opportunity to pursue professional development activities to enhance their skills and knowledge. Perhaps a continuing education professional development program that addresses all the unique challenges of project and program management in a classified setting would be of great interest to those individuals. I looked at the websites of several institutions offering project and program management courses and found no reference to applying those skills in a classified setting. I should note that I did find references to tools for managing classified projects and programs. Given the substantial amount of funds going to cyber warfare systems, defense and intelligence, maybe it is time for a program like this to be developed. ■
KEVIN COLEMAN
The biggest challenge remains staffing. Finding qualified resources with the appropriate training and experience is very difficult and timeconsuming.
Kevin Coleman (kgcoleman@technolytics.com) is a senior fellow at the Technolytics Institute, former chief strategist at Netscape and an adviser on cyber warfare and security. Coleman’s weekly blog on cyber war can be found at www.defensesystems.com.
Free Seminars for Defense IT Executives
SEMINAR TOPICS INCLUDE: Defense IT and NCW Mobility Enterprise Architecture Cyberwarfare Information Security
STAY UP-TO-DATE on current and future defense IT challenges and learn about the emerging technologies that will transform operations and enable warfighters to excel in their missions. Events are held in-person in Washington, DC or online nationwide. UPCOMING EVENTS: JULY 25 Transformative Technologies for the Warfighter — Moving Ahead with Mobility NOVEMBER 05 Transformative Technologies for the Warfighter — Enterprise Infrastructure Essentials
. . . and many more!
WWW.DEFENSESYSTEMS.COM/FORUMS
TO REGISTER AND FOR MORE EVENT DETAILS
For Innovation Forums sponsorship information, contact Eric Pesachowitz at eric@1105media.com
Remote mission. Proven broadband. Cost-effective solution. In the world of satellite communications, GNOMAD stands apart. Combatproven by the U.S. Army in Northern Iraq and Kuwait, GNOMAD equips forces with reliable broadband communications by extending Wi-Fi and 3G/4G cellular networks into harsh environments. Modular by design, GNOMAD delivers affordable networking beyond line of sight while on the move. To learn more about GNOMAD’s innovative capabilities, visit www.exelisinc.com/gnomad-dom.
www.exelisinc.com
Exelis is a registered trademark and “The Power of Ingenuity” is a trademark, both of Exelis Inc. ITT is a trademark of ITT Manufacturing Enterprises, LLC., and is used under license. Copyright © 2013 Exelis Inc. All rights reserved. Photo courtesy of the U.S. Army and Sgt. Ken Scar.