The Voice of Military Information Dominance
Special Report:
DISA and the Joint Information Environment
JIE Defender Mark Orndorff PEO Mission Assurance and NetOps Chief IA Executive DISA
Data Center Consolidation O Big Data O WIN-T NGEN O Insider Threat
www.MIT-kmi.com
C4
May 2014
Volume 18, Issue 3
Military Information Technology
2014
Editorial Calendar June [18.4]
July/Aug [18.5]
Oct [18.6]
Q&A: Brig. Gen. Kevin Nally Marine Corps CIO Special Section: Education Issue Features: 4G Innovations Software- Defined Networking ID Management Digital IF SATCOM Tradeshows: Cyber Symposium* (June) Closing Date: 6/6
Q&A: Lt. Gen. Michael J. Basla Chief, Information Dominance and Chief Information Officer Air Force Special Section: Air Force Services Guide Features: Airborne Networks Storage Unified Capabilities Tradeshows: Air/Space* (9/16) Closing Date: 7/25
Q&A: Lt. Gen. Robert S. Ferrell Army CIO Special Section: Enterprise Email Features: Network Integration Evaluation Virtualization IT Certification Tradeshows: AUSA* (Oct. 13) Closing Date: 9/24
Nov [18.7]
Dec [18.8]
Q&A: Maj. Gen. Alan Lynn Vice Director DISA Special Section: DISA Guide Features: Radios Cyber Ranges Encryption Tradeshows: MILCOM * Closing Date: 10/31
Q&A: Rear Adm. William E. Leigher Director of Warfare Integration for Information Dominance Navy Special Section: Naval Networks Features: Cross Domain Solutions Collaboration WIN-T Tradeshows: AFCEA West* (2015) Closing Date: 12/12
*Bonus Distribution This editorial calendar is a guide. Content is subject to change. Please verify advertising closing dates with your account executive.
military information technology Features
6
May 2014 Volume 18, Issue 3
Cover / Q&A
Migration to Consolidation
As it strives to reduce its number of data centers, the Army’s task goes beyond just identifying and closing physical sites to the much broader tasks of transitioning enterprise systems from localities to central service centers, identifying redundancies in systems and applications, and choosing what stays and what goes. By Peter Buxbaum
10
DISA: Enabling the JIE
An overview of the Joint Information Environment (JIE) and the role of the Defense Information Systems Agency (DISA), based on information provided by DISA.
16 Mark Orndorff
4
19
To get the full benefits from big data, military and other analysts must combine it with other information and explore new methods. The military, government and other organizations are only starting to realize the full impact of big data analysis, according to Bill Franks, a prominent big data advocate who currently serves as chief analytics officer for Teradata. By Harrison Donnelly
With high profile cases continuing to draw attention to the threat to networks posed by malicious insiders, military and other organizations are increasingly focused on finding ways to protect themselves from those who purposefully or inadvertently allow the release of sensitive information or cause damage to systems. By Harrison Donnelly
No Data Is an Island
Departments 2 Editor’s Perspective 3 program notes/People 14 data bytes 26 COTSacopia 27 Resource Center
Insider Threat Insights
23
Feedback Hones Mobile Network
In response to feedback from users, the Army has made upgrades to Warfighter Information Network-Tactical (WIN-T) Increment 2 to enhance and simplify the system to make it easier to operate and maintain. By broadening the system’s user base to include general purpose users at lower echelons, the Army will increase the scalability and utility of the system. By Amy Walker
Industry Interview Mike Bomba
Senior Solutions ArchitectDefense Riverbed Technology
28
PEO Mission Assurance and NetOps Chief IA Executive DISA
“As we build out and define JIE, what we are focused on is laying out a security architecture that will support the joint commander, and making sure that we are doing that in a way that enables the missions they are executing, and doesn’t overdo security to the point where we are inhibiting their effectiveness…” —Mark Orndorff
EDITOR’S PERSPECTIVE
Military Information Technology Volume 18, Issue 3 • May 2014
The Voice of Military Information Dominance Editorial Managing Editor
Harrison Donnelly harrisond@kmimediagroup.com Online Editorial Manager
Laura McNulty lauram@kmimediagroup.com Copy Editor
Sean Carmichael seanc@kmimediagroup.com Correspondents
Peter Buxbaum • Cheryl Gerber • Karen E. Thuermer
Art & Design Art Director
Jennifer Owers jennifero@kmimediagroup.com Ads and Materials Manager
Jittima Saiwongnuan jittimas@kmimediagroup.com Senior Graphic Designer
Scott Morris scottm@kmimediagroup.com Graphic Designers
Andrea Herrera andreah@kmimediagroup.com Amanda Paquette amandak@kmimediagroup.com
Advertising Account Executive
Patrice Lucid patricel@kmimediagroup.com
KMI Media Group Chief Executive Officer
Jack Kerrigan jack@kmimediagroup.com Publisher and Chief Financial Officer
Constance Kerrigan connik@kmimediagroup.com Editor-In-Chief
Jeff McKaughan jeffm@kmimediagroup.com Controller
Gigi Castro gcastro@kmimediagroup.com Trade Show Coordinator
As is made clear in this issue’s Cover Story Question and Answer interview, officials of the Defense Information Systems Agency and other Department of Defense organizations are working hard to build security into the basic architecture of the Joint Information Environment. While that’s the right approach, a new report is highlighting the potential vulnerability of overall C4 structure at key points—in this case, satellite communications. The report, “A Wakeup Call for SATCOM Security,” was written by Rueben Santamarta, principal security consultant for the information security firm IOActive. In it, he examined SATCOM ground equipment Harrison Donnelly from a number of major companies in the field, and found a range of Editor potential weaknesses. “Multiple high risk vulnerabilities were uncovered in all SATCOM device firmware studied by IOActive. These vulnerabilities have the potential to allow a malicious actor to intercept, manipulate, or block communications, and in some cases, to remotely take control of the physical device,” Santamarta warned. Among the types of risks identified by investigators were hardcoded credentials, undocumented protocols, insecure protocols, and backdoors. Researchers did not examine the actual equipment, instead performing static firmware analysis by reverse engineering all of the devices. Looking at one widely used system, for example, the report projects that an attacker could exploit vulnerabilities to inject malicious code into the terminal, and malware running on an infected laptop connected to the terminal could deploy it. The code could determine the user’s location from the builtin GPS, disable communications or damage the terminal. The companies did not respond to IOActive, except for Iridium, which reportedly is working on fixes for its vulnerabilities. While the report wisely does not reveal the details of the weaknesses, IOActive is currently working with government CERT Coordination Center and the companies to address these issues.
Holly Foster hollyf@kmimediagroup.com
Operations, Circulation & Production Operations Administrator
Bob Lesser bobl@kmimediagroup.com Circulation & Marketing Administrator
Duane Ebanks duanee@kmimediagroup.com Circulation
Barbara Gill barbg@kmimediagroup.com Denise Woods denisew@kmimediagroup.com Data Specialist
Raymer Villanueva raymerv@kmimediagroup.com
KMI MEDIA GROUP LEADERSHIP MAGAZINES AND WEBSITES Ground Combat & Tactical ISR
A Proud Member of
ISSN 1097-1041 is published 8 times a year by KMI Media Group. All Rights Reserved. Reproduction without permission is strictly forbidden. © Copyright 2014. Military Information Technology is free to qualified members of the U.S. military, employees of the U.S. government and non-U.S. foreign service based in the U.S. All others: $75 per year. Foreign: $159 per year.
Military Advanced Education
Military Information Technology
Military Logistics Forum The Publication of Record for the Military Logistics Community
Technology & Intel for the Maneuver Warfighter
Subscription Information
Military Information Technology
Geospatial Intelligence Forum
SPECIAL SECTION: MANNED-UNMANNED TEAMING
UAS Leader Col. Tim Baxter
SPECIAL PULL-OUT SUPPLEMENT USTRANSCOM
Resource Aligner Vice Adm. William A. “Andy” Brown
www.GCT-kmi.com
May 2014
Volume 5, Issue 3
U.S. Army Project Manager UAS Project Office
Deputy Commander U.S. Transportation Command
www.MLF-kmi.com
November/December 2013 Volume 7, Issue 10
Exclusive Interview with:
GAIL JORGENSON Acquisition Director USTRANSCOM
Rapidly Deployable ISR O Tactical UAS O Enduring REF Army Aviation O Wheeled Vehicles O Ammo
www.GCT-kmi.com
Military Medical & Veterans Affairs Forum
www.M2VA-kmi.com
Reverse Auctions O Defense Transportation O Afghanistan Retrograde ILS O Supply Chain Efficiencies O DMSMS O Senior Logisticians
www.GIF-kmi.com
www.MAE-kmi.com
www.MIT-kmi.com
www.MLF-kmi.com
Military Training Technology
Navy Air/Sea PEO Forum
Special Operations Technology
U.S. Coast Guard & Border Security
www.MT2-kmi.com
www.NPEO-kmi.com
www.SOTECH-kmi.com
www.CGF-kmi.com
Corporate Offices
KMI Media Group 15800 Crabbs Branch Way, Suite 300 Rockville, MD 20855-2604 USA Telephone: (301) 670-5700 Fax: (301) 670-5701 Web: www.MIT-kmi.com
PROGRAM NOTES
Compiled by KMI Media Group staff
Navy Nears Completion of NGEN Transition The Navy’s new Next Generation Enterprise Network contractor support. That’s not to say there is none, because we (NGEN) contract has already saved $1 billion over the current are partners in this, and they will purchase NGEN services, to year defense plan, and will soon begin reducing costs by $20 a certain extent, to help their network. But the vast majority of million a month on an ongoing basis, according to program operations of that network are government. officials. “Government-owned/contractor-operated means three Speaking to a recent press briefing, Captain Michael Abreu, things,” Abreu continued. “The government owns the infraprogram manager for naval enterprise networks, outlined the structure, including the physical equipment on the network. state of the transition to the NGEN contract, which is currently There is increased command and control, with our Fleet Cyber set for completion by the end of September, three months ahead Command partners now operating the network and in control of schedule. of it. Contractor operated means that HP employees sit at the In outlining the changes brought about under the NGEN consoles and do the actual work of network operations, under Capt. Michael Abreu contract, which include new business arrangements for Fleet Cyber Command control.” contractor support, enhanced security and increased governThe executives also reflected on the lessons learned so far, ment control of operations, Abreu emphasized their positive which Abreu has been working to diffuse to other government impact on the ongoing Navy Marine Corps Intranet (NMCI), agencies contemplating changes in their networking contracts. which remains the largest network in the world. “One of the lessons is how hard it is to do things at scale. “No one does networking on the scale that we do,” Abreu The lessons we learned about scale in crafting a request for said. “We serve more than 800,000 users, and there is no proposals and contract structure included what type of services centrally managed network in the world that is that big. We’ve to put in the contract, how to arrange them in the contract been leading the way with the NMCI network.” structure, and a reporting structure that gives visibility into Under NGEN, the Navy has assumed ownership of the costs,” said Abreu. equipment and infrastructure of NMCI, with an industry team For Toti, the key lessons have also been about scale: “When led by HP operating the Navy network under government you learn to be an IT specialist, they don’t teach you how to Bill Toti oversight. That will represent the culmination of a multiyear build a network for almost 1 million people. But when you transition from the original NMCI contract, developed in the early 2000s, under scale something up to this size, things don’t work out of the box. So we have to which HP both owned and operated the network. teach Microsoft about how their Exchange system works when you have nearly The Marine Corps, which opted to shift to a government-operated as well as 1 million users, and Cisco about how their routers work when you have tens government-owned network, will operate the Marine Corps Enterprise Network of thousands of devices linked, particularly with all the security needed by the (MCEN) with some contractor support, and in cooperation with NMCI. government and Department of Defense. Abreu and Bill Toti, HP vice president of Navy and Marine Corps accounts, “It isn’t just a matter of bringing people into the government engineering also sought to correct the possibly widespread misapprehension that NGEN repre- space that have engineered things before, because nobody has done this before,” sents an actual new onshore network being built for the department. Rather, it Toti continued. “So you need to develop skills on the government side that you is a new management approach and contract method of supporting the existing didn’t have before, and it becomes a lot harder than anticipated, which means NMCI network. you need more time.” Although the distinctions between the contractor-owned-and-operated The rules change when you transition from a contractor-owned to a original NMCI, the government-owned, contractor-operated network under government-owned network, Toti added. “Government requires tasks like asset NGEN, and the government-owned-and-operated MCEN are important, Abreu management to be done according to law or standard, but a contractor doesn’t also noted that they are to a great extent matters of degree. necessarily have to do that. I can turn a purchase order around in a few days, “Just about any network that the military owns has a contractor presence,” but regulations make that harder for the government to do that. You lose agility, he observed. “How much that presence occurs leads you to the definition of and processes have to change when you move to the government. If you try to government- or contractor-owned. In the case of the Marine Corps, they took operate the same way as the company, which wasn’t constrained by government on a lot of the burden for the network on the government side, and reduced rules, it doesn’t work.”
PEOPLE Major General George J. Franz III, who has been serving as commander, Cyber National Mission Force, U.S. Cyber Command, has been assigned as commanding general, Army Intelligence and Security Command, Fort Belvoir, Va.
www.MIT-kmi.com
Compiled by KMI Media Group staff
Colonel Patricia A. Frost, who has been serving as deputy commander, Army Intelligence and Security Command, has been selected for the rank of brigadier general and assigned as deputy commander (operations), Army Cyber Command, Fort Belvoir, Va.
Rear Admiral David H. Lewis has been assigned as commander, Space and Naval Warfare Systems Command, San Diego, Calif. Lewis is currently serving as program executive officer for ships, Washington Navy Yard, Washington, D.C.
MIT 18.3 | 3
To get the full benefits from big data, military and other analysts must combine it with other information and explore new methods, says analytics advocate. adds tremendous detail and context on top The military, government and other of the information that has been traditionally organizations are only starting to realize the available,” Franks said. full impact of big data analysis, according to Bill Franks, a prominent big data advocate who currently serves as chief analytics officer Analytic Environment for Teradata. Franks, author of the 2012 book Taming Another trend has been the expansion of the Big Data Tidal Wave, sees analysis of the the scope of the analytic environment. “People floods of data coming in from new sensors and are beginning to see the need for multiple difother sources as offering tremendous potential ferent types of not only analytic algorithms, for the military to add offenbut in some cases the type sive and defensive capabilities. of data is different enough To take full advantage of that, that it requires a different however, analysts must take platform for initial storage,” advantage of new approaches he explained. “For example, being adopted by the private going through images or text sector, target organizational at scale is much different from policies that may hold back going through numbers at the effectiveness of big data, scale, which is what we traand take a realistic approach to ditionally have done. So there dealing with volumes of data at is a necessity to expand the Bill Franks an unprecedented scale. underlying platforms to hanOne place for the military and governdle more types of data and analytics.” ment to begin, Franks observed in a recent There is also increased importance on interview, is to adopt an approach that is what Franks called “discovery analytics, which growing in the private sector, which is that is not about solving a problem that you pretty big data isn’t just a separate thing that can be much understand, with data you understand, analyzed on its own, but provides the most and applying it in a different way. That’s much value when it is combined and mixed with of what we’ve done over the past years, where other data. you can have a fairly good confidence in both “For example, you wouldn’t use sensor the effort and the outcome before you begin. data from a tank alone to understand the way “But when you are suddenly inundated it is operating, but would combine it with with a new type of data about a problem information about who was driving the tank you’ve never attacked before, a lot of time and what were the conditions in which the needs to be spent in discovery mode, which is tank was operating. You need all of that inforabout going after a broad goal without a fully mation to get the full picture, and big data formed plan as work is started,” he continued. 4 | MIT 18.3
By Harrison Donnelly MIT Editor
“Start by exploring the data and figuring out the data quality issues. Once we have the data cleaned up, at what level is the data relevant to the decisions we have to make? Do we need it at the millisecond level, or can it be aggregated to the second or minute level? What problems can you apply the data to?” One of the biggest and most widely misunderstood challenges with big data is that attacking a problem with big data for the first time is going to be more difficult than attacking a new problem with the same type of data that the analyst is used to working with, Franks contended. “That sometimes leads people to underestimate the amount of effort that that they are in for, and therefore the analysts get frustrated or in trouble because they get behind schedule.” A key issue in this area is that many organizations have sub-optimal policies about access to data and the ease with which employees can analyze it. “Having data in a system at an organization is not the same as the people who need to analyze it having the ability to quickly analyze it,” Franks said. “There may be security concerns that prevent access, or system capacity issues, such that I don’t get enough resources to get the job done, and big data has only forced that issue more.” In response, organizations have been upgrading underlying platforms to handle the extra volume, and putting in place new tools and approaches. At Teradata, for example, one of the key themes has been in-database analytics. “The idea is that you don’t move data out of the systems where it resides just to run an analysis, as typically occurs, but rather bring www.MIT-kmi.com
more algorithms into where the data is sitting. That provides a lot of extra scale—you’re not moving a petabyte of data from one place to another just to analyze it, but analyzing it right where it is. “People are changing in the sense of upgrading skill sets and learning new techniques such as text and graph analytics,” he continued. “It is necessary to apply all of the new and old skills to the problems that must be solved for the organization. It’s not a challenge that can’t be overcome, but it is one that you have to be prepared for.”
Internet of Things The emergence of the “Internet of things,” or the interconnections of sensors and other devices communicating automatically, is another factor creating new opportunities and challenges for big data analysis. “With the data that organizations have struggled with in the past, somebody typically had to do something for that data to be generated, such as making a purchase or approving a shipment,” Franks observed. “There are only
a certain number of things that an individual could do in one day that you would want to track. So while the amount of data is large, it had a limit. “But the sensors take things up a notch, because once you turn a sensor on, it can transmit information every millisecond until someone shuts it off. You might have dozens or hundreds of those sensors within a single engine, for example. As those sensors get distributed more broadly, there are implications across the board,” he added. On the other hand, while private industry, government agencies and the military have different needs and concerns, they are more alike than not in that they are large organizations. “In working across different types of industries, I’ve found there are certain challenges that an organization of a certain size faces, regardless of what its core mission is. As the organization grows, the inefficiencies that analytics can address rise to the level that it is worth the effort to address them. So while the military may not have much in common with a bank, they both have a huge scale, and that scale brings with it challenges in
procurement, logistics and decision making,” Franks said. “One push I’m seeing is around making analytics operational,” he said. “By that, I mean that we have spent a couple of years with organizations that are looking at the various pieces of big data that they have, trying to understand it and figure out how it can help their business. Now they’ve found ways that big data can help their business, and the next struggle is how to build an analytic process that can be embedded into their business on a daily basis. The next challenge is to translate what you learn into the way the business operates. “Given the need to collect and use this information for an organization the size of the U.S. military, the opportunity is massive,” Franks said. “It’s not that they aren’t doing a lot today, but I think the military must continue to do more.” O For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
How to Stop Small Thinking from Preventing Big Data Victories
leadership h ology Researc of techn CITOcing the craft Advan
3 ER 201
OC TOB
Stop How to ng Thinki Small ting Preven ies from a Victor Big Dat ored by: Coauth ods arch Dan Wo lyst, CITO Rese Chief
This CITO Research paper defines principles and patterns of a next-generation data architecture and explains how and why organizations should work to improve the integration of big data and data science into existing capabilities.
Download this free research report at www.Teradata.com/citoresearch
Ana
Gnau Labs Scott Teradata t, Presiden
www.MIT-kmi.com
MIT 18.3 | 5
Army efforts to reduce the number of data centers show the benefits and challenges of an enterprisewide strategy. redundancies in systems and applications, and choosing what stays When the Office and what goes. of Management and Some of that kind of activity has already taken place. The Army’s Budget in 2010 issued direcMain Communications Facility (MCF) for Southwest Asia in Kuwait, tives for a governmentwide consolidawhich became operational last December, consolidated numerous tion of data centers, the Army set a goal of data centers into one facility and standardized diverse and redunclosing 185 by the end of fiscal year 2015. As of middant applications. March 2014, the Army had already closed 223 data centers, “We are keeping an eye on the ball of closing data centers and or 121 percent of its original target. migrating toward a focus on applications,” said Gary It is an impressive result, but in truth the numBlohm, chief of the Army Architecture Integration ber is less indicative of a sudden spike in efficiency Center. “That is where we see the long-term savings at the Department of the Army than of a change in coming from.” metrics. It came as OMB expanded the definition of a data center to include just about any server accessed by more than one person. Enterprise Applications As more such data centers were discovered, more were able to be closed. The Army has since revised The Army CIO, Lieutenant General Robert Ferits goals to close 533 data centers by the end of fisrell, is currently staffing a draft policy memorandum cal year 2018, and expects the number to increase as that will drive the Army’s transition from the hosting additional data centers are identified. of enterprisewide services at local facilities to the Gary Blohm But the expanding spectrum of what constiestablishment of those services in modern, standardtutes a data center is not the only enterprise IT challenge that the ized, and centralized environments in accordance with the DoD Army faces. Last July, Department of Defense Chief Information guidance. This policy will apply to all Army enterprise applications, Officer Teri Takai directed that all enterprise systems and applicawhether currently in use, under development, or to be developed in tions migrate to designated core data centers by the end of 2018. the future, that support users across installation boundaries. That takes the Army’s task beyond just identifying and closing “The Army has already proactively begun migrating enterprise physical sites to the much broader tasks of transitioning enterprise applications to DoD approved facilities,” said Blohm. “This policy systems from localities to central service centers, identifying memorandum will reinforce the requirement to migrate as well as 6 | MIT 18.3
www.MIT-kmi.com
By Peter Buxbaum, MIT Correspondent “The change provide guidance and tools to assist application owners. Retirement in the Army’s thinkof outdated or redundant applications is also receiving additional ing is really a refinement of emphasis. We are pressing to do that.” the original approach,” said Kevin The one exception to this migration will be applications localKelly, chief executive officer at LGS Innoized on a single base or post that serve that location only. One vations. “The original approach was to reduce example would be a test range that has its own purpose-built data the total cost of ownership of technology center and applications that are not used elsewhere. by consolidating the IT footprint and the sheer Data center consolidation and application migranumber personnel required to maintain the larger tion are two of several enterprise IT initiatives number of facilities. Consolidating and migrating overseen by Blohm. The Army Data Center Conapplications furthers those same ends.” solidation Plan (ADCCP) is the Army’s approach “One of the challenges facing the Army involves to implementing the OMB direction released in managing rogue applications or those created by February 2010. local commands to fix local problems,” said Matt “ADCCP is documenting and consolidating Brooks, director of system integrators and strategic the Army’s data center inventory worldwide and programs at Hitachi Data Systems Federal Corp. establishing conditions for improving the secu“Maintaining those applications and using legacy rity of Army information assets,” said Blohm. “In Kevin Kelly infrastructure is a big burden,” Brooks added. “The parallel, the Army’s additional focus is to conArmy is trying to be wise about the application process by creating solidate enterprise applications into DoD approved hosting an enterprise IT infrastructure with its main focus in the service facilities such as core data centers. The Army will leverage comcenter. This way the Army can consolidate facilities and retire applimercial infrastructure such as cloud architectures as much as cations it no longer needs.” possible.” “Cost challenges are driving the need for action,” added Anthony ADCCP itself does not close data centers or migrate applications. Robbins, vice president federal at Brocade. “But I don’t think the It monitors the activities of the commands that own data centers, current course and speed is as aggressive as commercial best pracsystems, and applications, working through the Program Executices would indicate. We don’t have a target to close enough data tive Office Enterprise Information Systems (PEO EIS) to develop centers fast enough. There are opportunities to do better.” designs for future data processing infrastructure on installations. www.MIT-kmi.com
MIT 18.3 | 7
It also involved consolidating enterprise services, Blohm sees the Army CIO’s enterprise initiatives, Kelly noted. “There may have been two logistics including data center consolidation, as being driven applications, for example, each built by two different by three common goals: improved performance, companies and used in two different locations. The increased security and enhanced efficiencies. goal of the project was to evaluate those applications “The ADCCP enables improved performance, and to determine which is better, then to standardincreased information security, and fiscal and operaize the use of that one application across multiple tional efficiencies by migrating applications, when locations and missions using fewer servers and fewer possible, into a discrete number of operating enviapplications.” ronments and taking advantage of a number of geoTo make such a project successful, the onus was graphically dispersed data centers and servers which on the user to define three categories of applications: provide enterprise hosting environments as a manAnthony Robbins those that are mission critical, which need to be aged service,” he said. “ADCCP’s long-term goal is sustained and can suffer no down time; those that are important to decrease the Army’s information technology infrastructure and but not essential to missions, which can tolerate some down time application inventory to garner sizable efficiencies, reduce expoand can potentially be replaced; and those that fulfill administrative sure to cyber-exploitation and streamline information operations.” functions and can be addressed in variety of different ways. Data center consolidation will also increase the Army’s overall “The users did well with this process,” said Kelly. “One thing we IT security posture by making it easier to defend a consolidated found was that some processes that users defined as mission critical network and protect information assets, according to Blohm. weren’t being met by the existing services. This created a need for “Closing data centers will yield savings in terms of money, real development as opposed to just selection.” estate, personnel, hardware and software.” ADCCP officials routinely meet with industry subject matter “If you are going to reduce costs, you have to do more than experts to explore options for improving their understanding of data closing facilities to save on power and cooling,” said Brooks. “By center consolidation challenges, how the private sector has attacked eliminating rogue operations, the Army’s IT security posture and this task, and processes for both documenting inventory and accelcontrol can also be consolidated. The core data centers will also erating data center closure and application migration. Interaction have to learn to become customer centric. If they do, they will be with industry has revealed opportunities for improvements in data able to provide better service at lower costs.” center design, for example to achieve energy savings. The upcoming Army CIO memorandum will delineate the roles PEO EIS recently issued sent a request for information on of the various players in the new shared-services regime as data installation processing node (IPN) configuration, and a working centers continue to close, enterprise applications are migrated to group is currently reviewing the responses to help define IPN core data centers, and enterprise systems and applications become configuration. more rationalized. IPN, which involves a single data center at each post, camp or “The core service centers will be operated by the Defense Inforstation, is considered to be an intermediate point in the process of mation Systems Agency, and DISA will offer the Army and others data center consolidation. IPNs will host all applications and sera catalog of available services,” said Blohm. “In many cases, the vices for their installations until at least some of those services are applications built by functional communities will still own them. migrated to core data centers. So, logistics will still own logistics applications and will be respon“The responses to the request for information will help guide sible for understanding the capabilities they require and providing what we do in the future,” said Blohm. “It will help us build the those to the core data centers. The Army acquisition community, right things, and not with yesterday’s technologies.” including entities like PEO EIS, will act as brokers between DISA Experts say the greatest challenge in moving to a shared serand the application owners. DISA will be the single point of convices environment can be the cultural and psychological issues tact for implementations.” associated with such a move. “Unlike 30 years ago, when there were few data centers and they Aggressive Strategy were easily identified, the ease with which a server based data center can be established to meet real mission requirements has led to Relationships along these same lines have already taken proliferation,” said Blohm. “This partially explains the rapid growth shape in those areas, such as in Southwest Asia, where the in the number of data centers in the Army.” Army has aggressively consolidated data centers and rationalized Until recently, acquiring services meant buying hardware and applications. software and installing it locally where it can be seen and touched. LGS Innovations, which Alcatel-Lucent recently sold to an “That is no longer an option as we migrate to the acquisition of investor group, was awarded a $49 million contract last year to services through more efficient, centralized offerings such as enterupgrade the U.S. Army’s Main Communications Facility (MCF) in prise email, which the Army pioneered with DISA,” Blohm observed. Southwest Asia, located in Kuwait. The 9,000-square-foot facility “I am encouraged by the momentum being achieved by the Army’s was designed as a state-of-the-art commercial communications owning commands. We have really seen a huge shift in support that operations center that will serve as the central information syswas apparent with the last quarterly review just a week ago.” tems hub for the region. Part of the cultural and psychological shift Blohm mentioned “The MCF reached final operational condition in December of involves the new relationships components must enter into with last year, after only nine months,” said Kelly. “The work was part of the managed service provider. “The provider must be capable of a larger initiative to consolidate a number of smaller and dispersed providing clearly defined service level agreements with performance data centers into a single hub.” 8 | MIT 18.3
www.MIT-kmi.com
measures which enable to customer to determine the success or failure of service delivery,” said Blohm. “Coupled with that is the need for real options for the customer should service levels not be met.” Helping overcome cultural barriers are the budgetary constraints that commanders must cope with. “They can’t afford everything they might have been able to afford in the past,” said Blohm. “So if they can get the same or better service more efficiently, they are much more willing to make the necessary changes.”
Email Migration The successful migration to enterprise email has also set the stage for greater acceptance of enterprise services that are beyond the immediate control of a unit commander. “Email users didn’t see any degradation in performance, while at the same time DoD gained efficiencies around security,” Brooks said. “The advice I would give the Army is to continue along the path of focusing on applications and to continue to work to be a better service provider to its commands,” he continued. “Never forget that you are a service organization to the mission.” Robbins urged the Army to step up the pace of consolidation and the migration to shared services. “As they place a greater emphasis on creating shared services, my worry is that the closing of data centers may be losing its momentum,” he said. “In some cases the closing of data centers has to come first. The problem is that if the Army is spending 70 of 80 percent of its IT dollars on legacy infrastructure, and if they are not reducing the costs of legacy infrastructure, they are not creating opportunities to spend money on development infrastructure that allows them to share. You can’t manage shared services on the existing infrastructure. You have to invest in today’s infrastructure to enable the sharing across branches and services,” Robbins said. “The Army has picked up real momentum and will be able to capitalize on that as it moves forward,” Blohm said. “Transformation through application migration is critical for the Army to achieve its enterprise objectives. Advanced technology and effective
www.MIT-kmi.com
management practices will improve security, enhance performance and enable cost control. As applications are migrated or retired, the need for significant infrastructure at the installation level will decrease.” “The bulk of data processing and data storage will move to the enterprise level, simplifying security of the data, enabling efficient use of available resources, and making it possible for the Army to accurately define and control the cost of its IT operations,” he added Kelly observed that the hardest part of the process is for the Army and the department as a whole to figure out not what is needed now, but what will be needed five or 10 years from now. “None of this will happen in the blink of an eye,” he said. “They are having a debate in Washington right now about what the size of the force should be in the future,” Kelly added. “At the same time there is talk about a pivot to the Asia-Pacific region. But to get true savings from data center consolidation and application redundancy elimination you need to know DoD’s future geographical footprint and how many users you will be supporting. To do the job properly, you have to make assumptions about where the U.S. will be projecting force geographically.” The U.S. will maintain forces in Southwest Asia for the foreseeable future, and the number of personnel in CONUS will probably grow. These areas, along with Europe, where the U.S. military mission is well defined, are obvious venues for data center consolidation, according to Kelly. The U.S. military posture in areas of the globe such as AsiaPacific and Africa is less clear at this point, however. “If a sizable number of U.S. military personnel will be deploying to and training in those regions, then the case can be made that building a modern infrastructure like the MCF is a good investment for the military and the taxpayer,” said Kelly. “Until that becomes clear, DoD may want to deploy temporary solutions such as a cloud in the box rather than building something more permanent.” O For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
MIT 18.3 | 9
special section: DISA
DoD IT Future: JIE Target Objective State
JIE: A secure joint information environment, comprising a shared IT infrastructure, enterprise services, and a single security architecture to achieve full spectrum superiority, improve mission effectiveness, increase security and realize IT efficiencies. JIE is operated and managed per Unified Command Plan using enforceable standards, specifications, and common tactics, techniques, and procedures. Optimized Enterprise Information Environment: • Single joint platform—Standardized for all DoD missions • Secure, trusted connections—Protected by a single security architecture • Cloud based information resources reachable by authorized mobile devices • Access by credentialed users eliminating anonymity from the network • Interconnected mesh of fixed and wireless transport • Converged communications, computing and enterprise services • Consists of both commercial and government computing centers • Big data analytics and storage • Reduced attack surface—Efficient mission partner access • Data and applications in the Cloud • MLS Thin Client 10 | MIT 18.3
www.MIT-kmi.com
Consider an objective end state for JIE that is “comprised of a single, secure operational environment that provides a means to reach any necessary data source or set of applications necessary to conduct missions while simultaneously providing a set of enterprise based services available on-demand to all authorized DoD users and mission partners, in garrison and deployed, regardless of device or connection type.�
Strategy: Joint Information Environment 2020 Globally Integrated Operations (Current Status)
Global Implementation on an Incremental Basis Based on Design Maturity
www.MIT-kmi.com
MIT 18.3 | 11
special section: DISA
Major Components and Capability Areas The JIE will normalize the DoD’s communication (NNT) and capabilities (Enterprise Services and Unified Capabilities) … managed by a standard operations center (GEOC/EOC) and data center (CDC), secured through single security stacks (SSA) … that are accessed through common access capabilities (IdAM) … having unlimited and secure access across cross domains and partners (Gateways) and full mobility access (Mobility) … governed by common policies and TTPs. Network Normalization Transport (NNT) • Common Network Standards and TTPs Single Security Architecture Enterprise Operations (GEOC/EOC) Data Center Consolidation • Core Data Centers (CDC) • Installation Processing Nodes (IPN) • Standards and Design Identity and Access Management (IdAM) • Dynamic access and Entity Discovery • Activity Monitoring • Contributes to Mission Partner Environment Enterprise Services • Common IT apps, Unified Capabilities (UC) for messaging, voice, video Mobility • Common carrier, local area networks, Classified/unclassified Gateways • Internet, Mission Partner, Mobility, Tactical Governance • Aligns process to Department’s requirements, budgeting and acquisition process
12 | MIT 18.3
www.MIT-kmi.com
• JIE is an operational imperative and necessity in today’s resource constrained environment • JIE is focused on enterprise standards and interoperable solutions • JIE will result in increased mission effectiveness, security, and efficiencies
Joint Information Environment Benefits Mission Effectiveness • Rapidly and dynamically respond to and support changing mission information needs for all operational scenarios • Users and systems will have timely and secure access to the data and services needed to accomplish their assigned missions, regardless of their location • Users and systems can trust their connection from end to end with the assurance that their activity will not be compromised • Mitigate threats and maintain our ability to operate through a cyberevent Increased Security • Can operate, monitor and defend DoD’s IT assets to attain and maintain information dominance • We’ll know who’s on the network, what they’re doing, and we can prove it IT Efficiencies • Information assets are available for joint use, leveraged by all military departments to meet mission requirements • A consistent IT architecture supports effective fielding of department capabilities • DoD has renewed visibility about its IT expenditures through increased budget transparency JIE: ENHANCING THE NATION’S STRATEGIC FLEXIBILITY
(Editor’s Note: This material was designed by KMI Media Group staff based on information and graphics provided by the Defense Information Systems Agency.)
www.MIT-kmi.com
MIT 18.3 | 13
DATA BYTES Payload Module Delivers Advanced Satellite Communications
Protected Tactical Waveform Technology Demonstrated Intelsat General and L-3 Communication Systems-West (L-3 CS-West) have announced the successful demonstration of new Air Force Protected Tactical Waveform (PTW) technology over Ku-band transponders on the Intelsat fleet. The demonstrations and performance characterization were conducted at the Intelsat teleport in Ellenwood, Ga. Engineers conducting the tests measured the performance of anti-jam modems and waveform technology from L-3 CS-West on a Ku-band satellite emulator and over the Galaxy 18 satellite, built by SSL and launched in 2008. The tests, observed by a representative from the Air Force Space and Missile Systems Center, demonstrated full-duplex voice, video and IP data via PTW. L-3 CS-West is currently working under an Air Force contract, performing studies and developing proof-of-concept modem and security designs using PTW. PTW is designed to provide affordable, anti-jam SATCOM capabilities over existing satellites, leveraging COTS technologies. The testing and transmissions over an existing Intelsat Ku-band satellite validate the compatibility of the PTW with commercial space assets.
Partnership Enables Detection of Evasive Cyber-Threats Northrop Grumman has delivered the fourth Advanced Extremely High Frequency (AEHF) satellite payload modules to Lockheed Martin Space Systems, Sunnyvale, Calif., the AEHF system prime contractor. Complex phased array and nulling antennas, along with the advanced crosslinks, will be shipped later this year to complete payload delivery a full six months early. The payload module contains the processing, routing and control hardware and software that perform the satellite’s communications function. Northrop Grumman also delivered payload modules for the first, second and third Advanced EHF satellites ahead of schedule in 2007, 2008 and 2009 respectively. Launch for AEHF Flight 4 is currently planned for 2017.
Army Evaluation Backs Communications Management Software PacStar’s IQ-Core Software has become one of the first technologies successfully tested and acquired through the Army Network Integration Evaluation (NIE) program, enabling PacStar to more rapidly place IQ-Core Software capabilities in the hands of warfighters and support mission success. NIE 13.1, the fourth evaluation in the series, played an instrumental role in the recent $6.2 million IDIQ contract PacStar secured to support the Warfighter Information Network-Tactical Increment 1. PacStar IQ-Core Software delivers intuitive communications management by replacing time-intensive, complex and error-prone manual set-up and management processes for battlefield tactical communications systems with configuration wizards that automate both complex and routine tasks. 14 | MIT 18.3
Guidance Software and Blue Coat Systems are partnering to deliver a new approach for detecting evasive cyber-threats. The partnership will integrate EnCase Cybersecurity with the Blue Coat Security Analytics Platform to provide an unprecedented level of visibility into both network traffic and endpoint devices that will enable enterprises to close the gap between breach and detection. The combined Security Analytics Platform and EnCase Cybersecurity solution will enable enterprises to gain a 360-degree view of all endpoint data and network traffic across their organizations—allowing proactive identification and remediation of threats that have bypassed traditional security technologies. As a result, organizations will be able to rapidly correlate data-in-motion with data-atrest, and share actionable intelligence across information security stakeholders. The result is a dramatic reduction in the time needed to detect and remediate incidents.
www.MIT-kmi.com
Compiled by KMI Media Group staff
Cross Domain Solution Selected as Enterprisewide Security Standard The Defense Information Systems Agency (DISA) has selected BAE Systems’ XTS Guard as an enterprisewide security standard. It is being utilized by DISA’s Cross Domain Enterprise Services to ensure the agency’s ability to securely share information among authorized users within the Department of Defense
and across the Global Information Grid. The XTS Guard is a high-assurance, cross domain solution that enables secure information sharing between networks of various security classifications and enclaves. A single guard is capable of handling 20 domains and carrying multiple data types at high speed. It
Lab Tests Connections with MUOS SpaceGround Network General Dynamics C4 Systems has opened the MUOS Radio Testing Lab at its Scottsdale, Ariz., location. The Navy-approved laboratory is one of two that support testing for radio terminals intending to connect with the MUOS space-ground network. The lab is equipped with hardware and software that simulates the radio’s connectivity with the MUOS ground network. To test connectivity with the MUOS system, radios are provisioned with the General Dynamicsdeveloped MUOS waveform to make secure voice calls and complete data transmissions at different data rates across the simulated MUOS network. The MUOS waveform, housed in the government waveform information repository, leverages the widely used commercial Wideband Code Division Multiple Access cell phone technology. The first terminal to receive government authorization and enter the Scottsdale lab was Rockwell Collins’ ARC-210 radio.
will specifically be used to protect the agency’s email, file sharing, and system chat features. According to DISA, BAE Systems’ XTS Guard delivers increased performance over legacy guards, reducing overall costs while supporting DISA’s data center consolidation goals and movement to cloud architecture.
Marines Test Networking on the Move
Marine Corps Systems Command has successfully tested a robust mobile command-and-control capability integrated onto the Assault Amphibious Vehicle (AAV) platform. Known as Networking On-the-Move, NOTM is now fielded on two other Marine Corps platforms—the HMMWV and mine resistant ambush protected all-terrain vehicle. NOTM is an evolutionary system, based
upon the capabilities of the Mobile Modular Command and Control systems successfully employed in Afghanistan since 2009. After successfully completing more than seven weeks of rigorous amphibious testing conducted at Camp Pendleton, Calif., by the Marine Corps Tactical Systems Support Activity and Amphibious Vehicle Test Branch, NOTM is now destined for fielding on the AAV.
Enhancement Aids Security Gateway Consolidation Hughes Network Systems has unveiled an enhancement to its HughesON Managed Security Solutions that leverages virtualization technology in its family of HR4x00 Branch Gateways. As enterprise branches have grown in complexity, the security challenges have increased dramatically. Protection of customer and corporate information is paramount, demanding a robust network that provides
www.MIT-kmi.com
highly secure access to the data center, the Internet and SaaS applications via both customers’ and employees’ wireless devices at the branch. The new Virtual Domain (VDOM) technology enables enterprises to meet these challenges by dividing the Hughes HR4x00 Branch Gateway into multiple virtual security devices with completely separate firewalls, routing, VPNs, and other security capabilities.
The HR4700 Branch Gateway with the VDOM feature is the key enabling platform powering HughesON Managed Security Solutions. Combining best-in-class security from Fortinet with high-performance routing and broadband WAN optimization, it lets organizations consolidate all their security gateways affordably into a single solution at each branch.
MIT 18.3 | 15
JIE Defender
Q& A
Laying Out a Security Architecture to Support the Joint Commander
Mark Orndorff Mission Assurance Executive DISA Mark Orndorff recently received the title of Mission Assurance Executive for the Defense Information Systems Agency (DISA), after previously serving as program executive officer for mission assurance and NetOps and chief information assurance executive. Previously, Orndorff served as chief of DISA’s Field Security Operations organization. As such, he served as the single IA certification authority within DISA, supporting accreditation decisions for all DISA systems and networks. He was also responsible for the execution of significant portions of DISA’s IA program, including implementation and management of Department of Defense enterprise solutions; development and maintenance of Security Technical Implementation Guides, checklists and evaluation scripts; development and maintenance of DoD’s NetOps and IA training program; and development of a NetOps and computer network defense service provider certification program. Orndorff was also responsible for DISA’s IA support to the Unified Commands and management of the regional Net Defense contract. Prior assignments included service as the operations manager within the DISA Network Operations Center, Fort Ritchie, Md., where he provided remote network and systems management support for Army units worldwide. Orndorff was also a network engineer for Army Training and Doctrine Command, and a project manager for the Army’s program manager for tactical management information systems. Prior to joining the civil service, Orndorff served as an Army officer with assignments as a company commander and platoon leader. Orndorff attended the University of Virginia, where he received a Bachelor of Arts degree. He also received a Master of Science degree in computer systems from the Air Force Institute of Technology. Orndorff was interviewed by MIT Editor Harrison Donnelly. Q: As Mission Assurance Executive for DISA, how would you define your mission in the development of JIE? A: The overall objective of JIE is the delivery of capabilities to the operational commander in the joint environment. That purpose for JIE aligns perfectly with the purpose of my organization, which is mission assurance. So there is complete and total alignment from the beginning. Everything that we are focused on is tied to assuring the missions of the joint commanders. As we build out and define JIE, what we are focused on is laying out a security architecture that will support the joint commander, and making sure that we are doing that in a way that enables the missions they are executing, and doesn’t overdo security to the point where we are inhibiting 16 | MIT 18.3
their effectiveness, but also provides enough security that they can count on the information and reliability of the JIE. Basically, it’s designing the environment so we can support the joint commanders and ensure the security of that environment. Q: Looking broadly at JIE and its development, how would you characterize the overall opportunities and challenges in terms of security? A: We have been trying to achieve security objectives by publishing security standards and guidelines that each program manager and network was required to implement. You would have an entire set of requirements that each was trying to execute, and then we’d inspect to see how well people did that. The approach is completely different with JIE. We’re building those requirements into the environment up front, designing it in and laying it out with a careful design, and then as program managers and network owners stand up capabilities, they inherit the benefits of the overall environment to the maximum extent possible. We build it consistently, meet a security objective, and then others who build capabilities on top of that are able to leverage what we have put in place as part of the Single Security Architecture. Another key piece of this is the joint situational awareness of cyber-activity across the entire environment. I already talked about how we were building things in pockets, and we would also see www.MIT-kmi.com
activity in those pockets. For example, the Army would run its network and see activity there, as would other components of DoD. As we’re building JIE, we’re pulling all of that cyber-activity together into on analytic environment, so there is less opportunity for an adversary to move around without being detected in our networks. The last and most important piece is that because we have a joint approach up front, we’re going to have a different way of building the cyber-workforce, where we can train to a consistent set of standards and processes. Instead of trying to keep up with each other, we’re trying to build each other up. As for challenges, we have a legacy environment we’re trying to maintain as we build something new. So how do we take some old applications and technologies and move them into a new architecture without breaking anything? Getting systems moved to the right places in the network and rationalizing the applications to be able to take full advantage is the number one challenge. And we’re trying to do this with constrained budgets and contracting rules and regulations that make things harder than you would like. Q: What is DISA’s overall strategy for bringing a better cybersecurity paradigm to the JIE? A: It all starts with the workforce. I define the cyber-workforce with a broader scope than other people, because we’re all part of the cyber-workforce. Obviously people who are operating and defending the network every day are a key part of the workforce, and they are the ones we are going to train and evaluate first. But our program managers, engineers and staff that support them are part of the cyber-workforce as well. The basic strategy is to make sure that all of the people who design, build and operate the network understand cyber and threats in a way that will drive us all to contribute to the same security objectives. Q: One of the key aspects of your efforts to building out JIE is the creation of a Single Security Architecture (SSA). Why do you think this is necessary? A: The SSA, which gives us a consistent architecture across the entire joint environment, is important because it gives us the opportunity to look through the architecture and think in terms of a threat actor trying to attack a target. We can trace threats all the way through the SSA defenses and see exactly what capabilities we need to have in what spots in the network. We can define the SSA upfront and put defenses where they need to be—to make sure we have exactly the right capabilities to address the various threats. We have to think through the threats and the architecture, and put what we need where we need it. Q: What will SSA look like when fully implemented, and how far along are you in the process? A: We will have specific set of defined security components. What we’re focusing on now are capabilities that will be placed between DoD and the Internet, which we call the Internet access points. We have a defined set of capabilities there and a defined set of capabilities at the core data centers. We’ll have the Joint Regional Security Stacks (JRSS), which modernizes and improves what was previously provided at the base level. We’ll also have another set of capabilities facing into the tactical community. Each one of those has a baseline www.MIT-kmi.com
capability today, so we’re not starting with a blank sheet of paper. We’ve analyzed it and feel that we already have adequate baseline capabilities at the Internet point, at the core data centers, and JRSS coming on line this year will give us baseline capabilities there. We also have adequate capabilities at the tactical interface, although we’ve pushed more responsibilities to the tactical side than we should in the end state, so we have an opportunity to make improvements there. Q: What role will Joint Regional Security Stacks play in the security architecture of JIE? A: We have had a fantastic partnership with the Army, led by Mike Krieger of the Army CIO office. We were able to pull together some network modernization initiatives that they were working on, and take it from an Army program to a joint program, and use that opportunity to build out the JRSS throughout CONUS, Europe and SWA as the first wave of activity. As part of that, we’ll be taking what was done at the base level, move it to the regional locations, modernize it, expand on the capabilities and then support the joint community and not just the Army. It’s a huge opportunity for us, which is underway now. It’s fully built and tested in the lab. We’re installing our first two sites as we speak, and the acquisition is completed to roll out the rest of CONUS, Europe and SWA. Q: Do you see any issues related to acceptance of JIE and its security architecture within DoD, and what do you see as being helpful in building enthusiasm? A: Focusing first on the security side of JIE, one of the key points is that this is not DISA’s SSA or JIE security architecture. At the beginning, there were people from the Army, Air Force, NSA and DoD CIO as well as DISA, starting from a blank sheet of paper and building out the security architecture in close partnership. From the start, this was an initiative we were all buying into. It wasn’t a DISA idea that we were trying to convince others to adopt, but an idea that we developed together. That was huge. We’ve also had great senior leadership support, such as Mike Krieger heading up initiatives within the Army to get them on board. There were many generals from the Air Force pushing to bring the Air Force into the security architecture. The Navy has some challenges because of the contract arrangements that they have in place, so it’s been slower bringing the Navy onboard, but they are helping to define where we are going so that as opportunities open up they can join as well. Also, from the cyber-situational awareness perspective, I want to emphasize that because it’s a key enabler of the JIE objectives that we are trying to achieve. Lieutenant Colonel Stanton from the Army is the lead engineer, even though cyber-situational awareness and Acropolis is a DISA program. He is working with our team to build out that architecture and start delivering the analytics that will be key to defending JIE. Q: What opportunities does JIE offer for improved data center management? A: Dave Bennett is the lead for that, but what we’re doing in partnership with him is that as he builds out the MilCloud, and offers a number of different ways for the services, agencies and combatant commands to come into the data centers. He has a lot of great MIT 18.3 | 17
automation in place to support the rapid adaption and movement of applications into the data centers. It’s a much more modern process than it was even six months ago. The ability to provision systems into the data centers has changed dramatically. We’ve tried to partner with him in a way that streamlines the security processes, so that anyone who is bringing systems into the data centers is able to benefit from all of the security and accreditation work that we have done upfront. They inherit that, and don’t have to do the paperwork and processes that we’ve done in the data centers. So we hope that will benefit those who are trying to leverage the data centers operated by DISA. Q: What are you doing in the area of range environments to fully develop the right architecture? A: In partnership with the Marine Corps, we have a range at Stafford, Va., that is used to train the operate-and-defend portion of the cyber-workforce. We run training events there, and have a number of joint exercises, where we can bring in simulated or actual Red teams, and have an opportunity to fight on the network in a realistic environment. We’ve built the SSA into the range, so that they will be training and exercising on the same equipment and environment that they would see in the real world. As the department stands up the cyber protection teams, which was a key initiative of General Alexander and U.S. Cyber Command, this is also a platform that they can use to train and learn the techniques they will use as part of their requirement to defend DoD networks. Q: What role do you see for big data analytics, such as the current Acropolis program, in ensuring JIE security? A: I mentioned earlier about how we had compartmented views of cyber-activity. Part of that was because of the way we were building and operating networks, and part was because of limitations on the technology we were using to analyze the data that was available. Frankly, we had outgrown the capabilities that were available in the marketplace. We were in the position that we had good, robust data available to us, but we had to stop it at the door and not bring it into our correlation engines or analytic activities, because we didn’t have the capacity to take it all in. But as we have moved to big data analytics, we’re taking that constraint away as a decision point, and no longer spending a lot of time thinking about the value of the data and only ingesting the most valuable data. We can take in the data that we need and then build the analytics that would leverage that more robust set of data sources. Doing that across the joint environment is a huge benefit. As we’ve built this, we have a thin governance process to make sure that we have the community buying into the baseline environment that DISA has built and will operate for the department. Everyone who has the capability will build analytics to operate in that environment. So no one is throwing requirements to a single vendor or organization. We all—DoD, national labs, industry—can add analytic capabilities to this environment. Q: How are you working to leverage commercial IT, and what role do you see for industry? A: The way I see DISA’s role in building the security architecture is almost exclusively leveraging commercial technology. Only in 18 | MIT 18.3
rare cases are we going to build something other than what is available in the commercial sector. DARPA and others may go in other research and development directions, but our core competency is leveraging commercial technology, integrating it into a package, and achieving our requirements through that technique. That’s what we do—leverage commercial technology and weave it together in a way that makes sense and scales out to support the department. Q: To help put your JIE efforts in context, can you give readers a brief overview of some of the other high priority initiatives underway in your office? A: I would call out mobility as a key part of what we are focusing a lot of time and attention on. Mobility is where we’re going in the future. The role of mobility in DoD today is important, but it’s not as important as it will be in the future. We’re trying to stay in front of that as much as we can. We’ve had great partnerships with industry to take security objectives and requirements that we develop in collaboration in industry, and industry is building products that meet or exceed our requirements. Through that partnership, we’re able to take commercial products at the day of release, and bring into DoD and start using them, and take advantage of the best available technology. As part of that, we’ve built out the backend infrastructure, so your mobile device in DoD is not like your mobile device at home. It looks, feels and keeps up with what you are used to, as far as flexibility and power, but through what we call the mobility ecosystem, we have a number of capabilities that reduce the risk and leverage the features that we’re building into the JIE security architecture, to help mitigate the risk of a commercial mobile device operating out in the wild. I think our mobility strategy makes a lot of sense. It’s still in a building phase, but it has a huge amount of potential. One aspect of that is the user identity side. We have the public key infrastructure and the CAC cards that everyone uses today. Those are foundational from a security architecture standpoint. Moving the CAC into the mobility space has been a challenge for us, but I think we’re at the breakthrough point. Because of how mobile device manufacturers have improved the security of their devices, we are now going to be able to take our credential that today is on the CAC card, and have a derived credential embedded into mobile devices. We’ll be able to use the derived credentials to provide strong authentication into the DoD systems. We’ll maintain your identity just as we do with the CAC card at your desk, and be able to access the whole set of DoD mission systems. This is an area I’m really excited about. It’s going to enable the department to leverage technology in ways we’ve never thought of before, and it will be key to our future. Q: Is there anything else you would like to add? A: I want to reinforce the point about how much we are working together with the services, agencies and combatant commands as we build out and define what we’re doing for JIE. The collaboration and support across the community has been unprecedented. We’re learning so much from each other as we go through this process; it’s an exciting time to be working in this space. There are a lot of opportunities ahead of us, and we have the right people working to make it happen. O www.MIT-kmi.com
Insider Threat Insights
As the risk to networks grows, organizations need to look both to technology and management policy, experts say.
By Harrison Donnelly MIT Editor
With high profile cases continuing to draw attention to the threat to networks posed by malicious insiders, military and other organizations are increasingly focused on finding ways to protect themselves from those who purposefully or inadvertently allow the release of sensitive information or cause damage to systems. The approaches include both technology, in the form of monitoring, analysis and identification systems, and management, such as policies governing passwords or network access for former employees.
www.MIT-kmi.com
MIT 18.3 | 19
With a host of products and services emerging from industry aimed at helping agencies cope with the insider threat, Military Information Technology recently reached out to a number of industry executives for their perspectives on how the Department of Defense and other agencies can best address this issue. Following are brief accounts of their responses.
The Four A’s
The first thing to realize about the insider threat is that, arising as it does from within an organization, it should be solvable with an effective management strategy, said Paul Christman, vice president of public sector for Dell Software. “The internal threat is different from the external threat, which is very challenging because it’s all exterDeterrence and Response nal—you don’t know what the challenges are going to be. We look at the internal threat, howFor Brendan Callahan, vice president, National ever, as being entirely owned by the organization Security Division for MTSI, the answer lies in for agency. All of the resources, assets and conkeyless signature infrastructure (KSI), a technolcerns are inside the control of the organization. ogy that provides a digital signature or electronic What we need to do is to say we own and control stamp for any binary data. this problem, which in some cases we have made. MTSI and Guardtime, the developer of KSI, So it is solvable by us. We don’t have to guess recently launched Insider Threat Services, which about what advanced persistent external threat is provides federal enterprises with next-generagoing to come along,” he said. tion enterprise integrity protection and real-time Brendan Callahan “You know who these people are and have threat detection, contextual threat intelligence, granted them privileges, or otherwise they wouldn’t be insiders,” and rapid incident response. Christman continued. “We have created the rights and privileges “If you have an insider who is maliciously tampering with that have created the threats, and it leads us to the solutions that or stealing data, and if you are using a scalable digital signature we should be implementing.” and signing every single piece of data in your objects store, you The solutions are based on the “four A’s”—authentication, can instrument all of that data to learn if it is changing or is still authorization, automation and auditing, he explained. “The four intact,” Callahan explained. “If it’s changing, who is changing A’s start the discussion about where the internal threat starts. it? I can do attribution of change very quickly. If an audit log Most people think of it as involving a rogue system administrahas been changed and I can detect that, which KSI enables you tor. But I would start with a different approach, because the to do, I can look at my signed audit log and see who did it, and basic idea of authentication and authorization includes simple can extract the proof of that event in a very portable way. KSI things like ‘onboarding’ a new user and deprovisioning an is an extremely portable way of proving the integrity of data, at exiting user. a rate that no other digital signature technology available today “We did a survey that found that many agencies take can support.” weeks to deprovision a user. What you have created is an inadPart of the benefit of the solution lies in deterrence. “If I am vertent internal threat, because the user has been told that an insider and I’m sitting in an environment where I know that they are no longer part of the organization, but their access KSI has been infused into everything I’m touching, I will know persists after termination. That is a gigantic security hole that that the system will detect adverse activity extremely quickly, most people think is an administrative oversight. But it’s really that I will not be able to cover my tracks, and that I will be disa security risk created by the lack of automation,” Christman covered before I get out of the building. If anyone lifts a finger to said. compromise the integrity of the enterprise, everyone will know To reduce risks involving system administrators, Dell is about it very quickly,” he said. developing solutions that grant specific rights to do systems That also speeds remediation by rapidly making actionable administration to a group of “super users.” There is a workflow information available. “That’s what has prevented us from hanthat allows people to be routinely granted system access, but it dling some of these insider threat cases. The people who are is automated, tracked and auditable. charged with taking action cannot get actionable information “Once the person has requested super user access, you are quickly enough, so long periods of time go by between the bad able to log what that person did. A lot of the internal threat act and the response. KSI is a way to cut that down to minutes, problem is that there is no audit of super users. It’s a huge and that’s deterrence,” Callahan said.
20 | MIT 18.3
www.MIT-kmi.com
problem that we don’t audit or track, but we’re coming up with alternatives so that super users are granted authentication and authorization, but are never granted a password, so they are not able to reuse, divulge or compromise it. A lot of the threat comes from social engineering to have people give you their passwords. We’re overcoming that problem by never letting super users have passwords,” Christman said.
Involving Stakeholders
Analytics are also coming to the forefront. “SureView is a sensor collecting information based on policies, and it does a tremendous job in grabbing both metadata and context. But we’re also integrating best-of-breed third party analytics into SureView, so that you can really look at the metadata and find the needles in the haystack. We’re looking to be more proactive, and look at things that you couldn’t on a manual basis. But by automatically crunching through the data, you can pull out the needles and show them to the investigator, who can act appropriately,” he said.
Michael Crouse, director of insider threat strategies at Raytheon Cyber Products, emphasized the need for an organizational perspecContinuous Monitoring tive on the insider threat. “Getting stakeholders involved early in the process is something that At Tenable Network Security, the solution to is being used by all organizations, because it’s the insider threat and other issues is continuous not just a counterintelligence problem. You want networking monitoring, with technologies for Michael Crouse to get the legal department involved from a measuring vulnerabilities, watching network trafprivacy perspective, or your inspector general fic and creating logs. involved from a fraud perspective, and your IT “We have two unique differentiators in this folks from their perspective. It’s evolving as addimarket,” said Ron Gula, the company’s chief tional stakeholders come into play knowing that executive officer and chief technical officer. “One the insider can do damage at many different levels, is that we can prove we have 100 percent covernot just espionage. They can do fraud or sabotage age of the network. Often, people deploy security or steal proprietary information, so there is awaretechnologies, which provide a lot of data. But they ness now of the need to get all your stakeholders don’t realize that the data they have is coming involved.” from some percentage of their network. What The next step is to select technology to meet about the rest? We have 100 percent coverage. your requirements, Crouse explained. “The tech“Secondly, we have brought together all of Ron Gula nologies today are going beyond traditional inforthis technology,” he continued. “When you look mation assurance tools, such as data loss prevention systems. at something like incident response or insider threat, if you Now you are seeing technologies bring context to the forefront, only had logs or user lists, you might find something. But if so you can determine the intent of an insider. You can see if the you had all of that in one spot, you can do a wide variety of insider was actually malicious, trying to steal information on analytics. purpose, while another might just have made a mistake, was “There are certain behaviors that vendors say they find all of. bending the rules to get a job done or didn’t know the policies But they’re lying, because there are so many different ways you in place. You need context and intent to determine the insider’s can steal data. Our differentiator is that once you are looking behavior.” for someone, you have all the evidence in one spot, so you can Raytheon favors a layered defense approach for the insider quickly determine if this is a wild goose chase or there is somethreat, just as for the external threat. “We’ve taken the same thing going on,” Gula said. mentality and flipped it to protect the organization against the “If you have certain technologies that are preventative in insider threat,” Crouse said. “We’re looking at combining our nature, such as passwords, firewalls or locked doors, it is one SureView product, which is an end-point monitoring system, thing to worry about who tried to knock on that door,” he added. with a product that is looking at the external threat, and inte“You could spend a lot of time looking for that. But if you watch grating them together. Raytheon is taking its external tools and where the data is flowing on the network, that’s something else. integrating with insider threat tools such as SureView to provide Those are two different things—analyzing who is talking to each a dynamic layered approach.” other, and what is being prevented and who is trying to get in.
www.MIT-kmi.com
MIT 18.3 | 21
They are actually very similar, but often done by different teams. We want to bring those things together. “Typically, the security people look for bad things, using antivirus software, intrusion detection, anomaly detection and other capabilities, while the auditors look at who are the authorized users, if the system is configured correctly, or if the system is even supposed to exist. Those two roles are done completely differently. Tenable is trying to unify them, and much of what the government is trying to do, with continuous monitoring and other efforts within DoD, is to make those two processes unified, because if you have those in one place, you can infer a great deal of things that you would have completely missed,” Gula said.
Chris LaPoint
In addition, adoption of Internet Protocol version 6 (IPv6), which enables Web space expansion and affects data security, will improve insider threat detection by eliminating source network address translation, he said, noting that address translation masks the location of a user authentication event and obstructs user activity monitoring and correlation. “Agencies will see improvements in the tracking of insider activities across disparate systems from technology that reduces ambiguity and simplifies computations. This will yield a more holistic account of their actions to identify misuse or malicious intent from authorized or unauthorized users,” Swindle said.
Trusted Access
Log and Event Management
Ten years into the implementation of HSPD12 credentials for federal employees and contractors, technology and processes for authentication Chris LaPoint, vice president of product and access control remain a crucial element of management at SolarWinds, pointed to a recent strategies for managing insider threats, argued SolarWinds cybersecurity survey that showed Ken Ammon Ken Ammon, chief strategy officer at Xceedium. that 41 percent of DoD respondents claimed “Over time, as with the introduction of DoD instruction data leakage or theft as their top cybersecurity threat. What 8520.03 in 2011, we’ve seen our approach to managing access was most notable, he said, was that 53 percent also named for users of all kinds mature and become more sophisticated,” careless and untrained insiders as their top security threat Ammon said. “At the same time, the environment being prosources. tected is also growing more complex, with the rapid uptake “Given the very real concern of insider threats, and the of virtualized and cloud computing technologies. These techmilitary’s competing priorities and budget constraints, DoD IT professionals must consider new approaches, including nologies not only increase the scale of the environment, but also introduce new attack surfaces to protect. the implementation of continuous network monitoring solu“Add in growing compliance mandates, and security and tions that allow IT teams to collect data once and report to compliance teams are faced with a substantial hurdle to many,” LaPoint said, pointing to technologies such as log overcome,” he continued. “But when we look at the tools we and event management systems, which automatically anause to manage insider access, particularly privileged users, lyze network activity, and user device tracking software, we find they’re not well prepared for the task. All too often, which can automatically monitor switches, ports and network these management tools are point solutions, delivering unintedevices. grated views of activity and inconsistent enforcement of policy. “Using these types of continuous monitoring tools, system That’s inefficient and costly, and just isn’t working to prevent administrators can create watch lists of potentially suspicious critical breaches that fundamentally impact operations and and unauthorized devices, receive alerts if one of these devices missions.” attempts to connect the network, and even take automated There are two key requirements for managing trusted actions to mitigate. insider access, Ammon said. “First, successfully addressing these According to our data, 67 percent of DoD IT professionals risks requires an integrated privileged identity management have implemented at least one continuous monitoring solution solution that supports the consistent application of policy across to address IT operations and information security domains. Of what today are often standalone functions, such as password those who have implemented continuous monitoring, nearly and credential management, access control, monitoring and half have measured the return on investment and report it is recording. Second, that suite of capabilities has to be available paying off nicely,” he reported. across the whole of the hybrid cloud, including traditional data centers, virtual infrastructure, and public/private clouds. It’s Multiple Encryption Levels only by addressing both these requirements will DoD truly be well equipped to manage these risks.” O For agencies to fend off insider threats, multiple levels of encryption that limit decryption of information to only those with proper authentication are essential, according to Robert R. Swindle, director of enterprise solutions for Tangible Security. For more information, contact MIT Editor Harrison Donnelly Layered encryption allows agencies to restrict access to sensiat harrisond@kmimediagroup.com or search our online archives tive data only to authorized users, allowing for better protection for related stories at www.mit-kmi.com. across the operating system or database. 22 | MIT 18.3
www.MIT-kmi.com
Feedback Hones Mobile Network Army upgrades Warfighter Information Network-Tactical (WIN-T) Increment 2 to make it easier to operate and maintain. Captain Alexander Marotta is looking forward to receiving upgrades to the Army’s new mobile network backbone that will make it easier and faster to initialize, navigate and troubleshoot. “Commanders love the capability; they do,” said Marotta, communications officer (S6) for the 3rd Brigade Combat Team, 101st Airborne Division (Air Assault), whose unit is training with the mobile network. “Now we’ve just got to make it easier for them to use. The new upgrade is going to make things even better; operators will be able to get in their network-equipped vehicles, hit start and all the systems will start automatically—that will be great.”
www.MIT-kmi.com
By Amy Walker
In response to feedback from users like Marotta, the Army made upgrades to Warfighter Information Network-Tactical (WIN-T) Increment 2 to enhance and simplify the system to make it easier to operate and maintain. By broadening the system’s user base to include general purpose users at lower echelons, the Army will increase the scalability and utility of the system, and reduce dependence on signal soldiers now free to manage the holistic network rather than troubleshoot. “WIN-T Increment 2 works; it’s the foundation of everything we do,” said Colonel Thomas Dorame, commander for 2nd Brigade, 1st Armored Division (2/1 AD), the unit that executes the Army’s Network Integration Evaluation
MIT 18.3 | 23
The Warfighter Information Network-Tactical (WIN-T) Increment 2 Point of Presence, which provides mobile mission command at the battalion level and above, was part of the WIN-T Increment 2 developmental test in February 2014 at the Aberdeen Test Center (ATC) at Aberdeen Proving Ground, Md. The second developmental test is scheduled for June 2014 at Fort Bliss, Texas. [Photo courtesy of U.S. Army/Dan Augustyniak, ATC]
(NIE) exercises. “This is advanced networking; we are able to move information, data and voice down to lower echelons, but we have to do it in a way that doesn’t encumber soldiers so they can get that information without having to take on a lot of additional tasks to access it.” Soldier feedback from theater, Capability Set fieldings and semi-annual network evaluations help the Army to continually enhance the tactical network. The recent simplification and reliability improvements to WIN-T Increment 2 are being assessed during two intensive developmental tests. The first of these tests was completed in late February at the Aberdeen Test Center at Aberdeen Proving Ground, Md., with soldiers putting a large part of a brigade’s worth of equipment through its paces in a tactical environment. The second developmental test is scheduled for June 2014 at Fort Bliss, Texas, and a follow-on operational test and evaluation is planned for NIE 15.1 in October-November 2014. The Army’s challenge is to extract all of the complex network configurations and management functions inherent within the WIN-T Increment 2 network environment and make them run in the background so they’re invisible to general purpose users, said Lieutenant Colonel LaMont Hall, product manager for WIN-T Increment 2. “We want soldiers to be able to log onto the system with a single user ID and password and one or two clicks, and be able to access the information they need to do their jobs,” Hall said. 24 | MIT 18.3
WIN-T Increment 2 enables deployed soldiers operating in remote and challenging terrain to maintain voice, video and data communications while on the move, with connectivity rivaling that found in a stationary command post. The recent improvements to the system enhance the capabilities of the WIN-T Increment 2 Soldier Network Extension (SNE) vehicle, which provides network communication and extension capabilities at the company level, and the Point of Presence (PoP), which provides mobile mission command at the battalion level and above. As part of these improvements, the Army automated the startup for the PoP and SNE, significantly reducing the complexity and length of the startup process. More than a dozen buttons and switches were reduced to a single startup switch, dropping the total time to get a networked vehicle up and running from over 12 minutes to four and a half minutes. The Army also made the user interface more intuitive, so it’s easier and quicker to use. Among the most important improvements to WIN-T Increment 2 are simplified and streamlined troubleshooting capabilities for the PoP and SNE, moving from an in-depth interface designed for the signal soldier to one more suitable for a general purpose operator. The Army’s intent is to enable operators, in a matter of minutes, to troubleshoot and resolve 80 percent of issues themselves. “I’m a 25 series [signal corps] military occupational specialty; that is my job, but most of the WIN-T Increment 2 vehicle drivers and operators are not 25 series. They are 19Ks [armor crew], they are scouts, and they are 11 bravos [infantry],” said www.MIT-kmi.com
WIN-T Increment 2 enhancements, based on soldier feedback from theater, Capability Set fieldings and the Network Integration Evaluations, are being assessed during two intensive developmental tests. The first of these tests was completed in late February 2014 at the Aberdeen Test Center (ATC) at Aberdeen Proving Ground, Md., with soldiers putting a large part of a brigade’s worth of equipment through its paces in a tactical environment. [Photo courtesy of U.S. Army/Dan Augustyniak, ATC]
Staff Sergeant Nicholas Vettore, 2/1 AD Brigade network operations satellite communications non commissioned officer. “The Army is working to make the network less time consuming and simpler for them to learn, so it is an easy transition and they can do their job effectively as operators and maintainers of the equipment.” On the battlefield, commanders and soldiers use WIN-T Increment 2 to quickly access mobile communications applications such as Tactical Ground Reporting, chat and voice-over-Internet Protocol calls. The new upgrades cut in half the time it takes to launch these applications and increased the performance of Joint Battle Command-Platform (JBC-P), a friendly-force tracking and messaging application that soldiers rely on for situational awareness, when it’s being operated on a WIN-T Increment 2 node. Additional enhancements were also made to the SNE’s Combat Net Radio (CNR) Gateway, which takes advantage of the vehicle’s on-the-move satellite communications systems to help extend lower tactical internet radio networks and keep users connected. To improve capability, CNR Gateway operations were simplified and automated; operational steps to start it up were reduced from nearly a dozen manual steps to a single log-in and a click. Now warfighters merely select and connect, with mere seconds to execute. The Army has been using soldier feedback to continually improve WIN- T Increment 2 since it was first fielded in 2012. Before the system’s initial follow-on operational test, the service acted on user feedback requesting improved speeds and response times when using applications and accessing Web portals over the network. By upgrading the network drives in WIN-T Increment 2-equipped vehicles and making software and network www.MIT-kmi.com
improvements, the Army was able to significantly improve the user experience. “I have noticed definite improvements with the bandwidth,” said Specialist Gerardo Cabrera, who operated the 2/1 AD commander’s WIN-T Increment 2 PoP at NIE 14.1. “Two years ago if you were to click on the portal and open it up, it would have taken a long time, but now it moves much faster.” As part of the Army’s Capability Set (CS) 13, WIN-T Increment 2 has now been fielded to four infantry brigade combat teams, three of which have deployed to Afghanistan with the system. Throughout 2014, the Army is planning to field 10 additional units with CS 14 and WIN-T Increment 2 components. As with any new system, there is always room for improvement as operators learn and create innovative ways to leverage the network on the battlefield. “The more WIN-T Increment 2 is put through its paces by soldiers in operational environments, the more we can flesh out and implement system improvements,” Hall said. “We will continue to listen to soldier feedback and improve the system to provide them with the best network possible.” O Amy Walker is a staff writer for Symbolic Systems, supporting the Program Executive Office Command, Control, and Communications-Tactical PM WIN-T and Miltech Solutions.
For more information, contact MIT Editor Harrison Donnelly at harrisond@kmimediagroup.com or search our online archives for related stories at www.mit-kmi.com.
MIT 18.3 | 25
COTSacopia Rugged Units Offer Powerful Solutions for Unforgiving Conditions
Dell has announced the launch of the Latitude 14 Rugged Extreme and the Latitude 12 Rugged Extreme convertible notebook for customers who require powerful solutions that can survive unforgiving conditions. The Dell Latitude Rugged Extreme solutions are purpose-built to withstand hazards such as dust, moisture, drops, vibration, extreme temperatures and other punishing conditions faced by users in fields such as military service, public safety, manufacturing and first response. Latitude Rugged Extreme notebooks are independently tested to military standards including drops up to six feet, as well as ingress protection, emissions and hazardous materials certifications by a third-party testing facility. No single field test accounts for every possible scenario, so the Dell Rugged Extreme portfolio is tested above and beyond every existing standard to verify survivability in real world situations. The Dell Latitude 12 and 14 Rugged Extreme are built to endure worst-case conditions with the most robust materials available, including impact-resistant ultra-polymers and sturdy magnesium alloy.
New Service Speeds Public Sector Adoption of Mobile Technology HP Enterprise Services has announced a new service designed to help accelerate the U.S. public sector’s adoption of mobile technology to drive workforce productivity, while securing IT assets. The growth in adoption of highbandwidth mobile services presents the opportunity for a new era of digital government. HP Enterprise Cloud Services (ECS)–Mobility for U.S. Public Sector—part of the HP Mobile Enterprise Services portfolio—offers a complete enterprise mobility management service. It is hosted on HP’s secure, Federal Risk and Authorization Management Program -authorized managed cloud environment to meet the requirements for regulated environment operations under FISMA, ITAR and HIPAA. The cloud-enabled solution allows for a fast and flexible deployment that can be scaled to fit the unique mobility needs of an agency, while ensuring that users have easy and secure access to applications across multiple device types and platforms. HP ECS–Mobility for U.S. Public Sector enables government and commercial clients to establish and enforce effective security policies and access privileges to address their unique mission challenges while protecting sensitive information. Plus, the offering’s HP Management Essentials package combines HP Mobile Device Management and HP Mobile Application Management to address security concerns at the device, application and data level.
Tool Simplifies Secure Data Collaboration and Dissemination SIBA from BAE Systems is a tool that redefines and simplifies secure data collaboration and dissemination for both government and commercial customers. SIBA provides an innovative solution to secure information sharing for the nation’s intelligence community, as well as banks, law firms and users of electronic medical records. The SIBA solution works seamlessly with Microsoft Office and SharePoint without modifying those applications.
It is imperative that agencies in the intelligence community are able to quickly migrate intelligence data to shared repositories, where it can be accessed securely in real time by multiple users in multiple agencies. SIBA provides this capability to any government agency or business by leveraging their existing Microsoft Office and SharePoint investments. Unlike competitor solutions, no additional investment is required for the development of new secure
interagency clouds or other big data platforms to ingest, tag, replicate and share information. SIBA enables analysts to tag (portion mark) specific characters, words, paragraphs and images within their documents to define need-to-know access to portions of data. This allows other users, like field personnel and coalition partners, to access redacted versions of the intelligence product, based on network access and security clearance.
Security, Feature Enhancements Offer Mobile Productivity Citrix has announced new security and feature enhancements to its XenMobile solution. The new release empowers organizations in highly regulated industries, such as government agencies, to embrace device choice, improve productivity with quick access to more apps, and provide support for Microsoft Lync online meetings and other communication environments, without sacrificing security, control and most importantly, user experience. Citrix also enables enterprises and government agencies that are planning to phase out BlackBerry devices to transition smoothly, 26 | MIT 18.3
knowing their data and existing apps are secure, integrated and supported. XenMobile enables government agencies and other highly regulated organizations to mobilize their employees without sacrificing security or control. XenMobile provides a complete EMM solution for highly regulated organizations to manage mobile apps, data and devices. With XenMobile, government agencies and enterprises gain control over personal and corporate-issued mobile devices with full configuration, security, provisioning and support capabilities. www.MIT-kmi.com
The advertisers index is provided as a service to our readers. KMI cannot be held responsible for discrepancies due to last-minute changes or alterations.
MIT RESOURCE CENTER Advertisers Index Riverbed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 www.riverbed.com Teradata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 www.teradata.com/citoresearch
University of Maryland University College. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C4 http://military.umuc.edu/miltech
Calendar May 22, 2014 DI2E Plugfest Fairfax, Va. www.afei.org/events
September 15-17, 2014 Air and Space Conference National Harbor, Md. www.afa.org
October 6-8, 2014 MILCOM Baltimore, Md. www.milcom.org
June 24-25, 2014 AFCEA International Cyber Symposium Baltimore, Md. www.afcea.org
September 24-26, 2014 Modern Day Marine Quantico, Va. www.marinemilitaryexpos.com
October 13-15, 2014 AUSA Annual Meeting Washington, D.C. www.ausa.org
NEVER STOP LEARNING Considering a new degree? Advising your troops on their education options? You need Military Advanced Education’s 2014 Guide to Military-Friendly Colleges & Universities! Check out the searchable database at www.mae-kmi.com for the details prospective students and commanders are looking for! • Access all the survey answers from the hundreds of schools that participated in MAE’s 2014 Guide to Military-Friendly Colleges & Universities • New and improved design makes it easier than ever to find what you’re looking for • Search the database by school name, state, online or brick-and-mortar schools • Compare and contrast institutions with all the info MAE used to score and designate our top schools
www.MIT-kmi.com
MIT 18.3 | 27
INDUSTRY INTERVIEW
Military Information Technology
Mike Bomba Senior Solutions Architect-Defense Riverbed Technology Michael Bomba has worked within the Department of Defense for more than 35 years, and is currently Riverbed’s senior solutions architect for defense. Previous major efforts he has been involved in include leading Army engineering support for the Joint Information Environment, providing senior engineering for the Army’s migration to Defense Enterprise Email, building the Army’s first two area processing centers, designing and fielding the Army’s network perimeter defense solutions, designing and fielding the Army’s global Active Directory solution, and designing and fielding the Army’s first global email service. In addition, he has participated in leading the Army’s efforts to build and distribute secure versions of Microsoft operating systems; designing and fielding large scale communications systems for Army efforts in Saudi Arabia, Kuwait and Afghanistan; building the first deployable email services for tactical users; moving the Army to Internet based networks; and moving Army transport solutions from analog to digital solutions. Q: What types of products and services are you offering to military and other government customers? A: Riverbed offers a robust platform that truly enables location independent computing—the idea that enterprises can now use distance and location to their advantage. Within our platform, the various products offer a broad range of solutions to the military and government. Our core strengths and roots lie in WAN optimization, application acceleration, branch office virtualization, enterprise scale cloud backup/archiving, virtual/cloud based application delivery controllers, Web application firewalls and storage projection. With the acquisition of Opnet, our platform extended to application performance management, network performance monitoring and diagnostics, network planning/mapping/modeling and unified communications management. This common platform ensures that all technologies work as a 28 | MIT 18.3
We can rapidly determine the cause of service disruptions and are the only company that can see problems in the entire end-to-end application delivery chain before the end-user is adversely impacted. Q: What are some of the most significant programs your company is currently working on with the military?
cohesive whole, providing end-to-end management solutions for enterprises of any scale. All of these technologies are in use across a diverse customer base in defense, government and the commercial segment. In addition to our platform, we also have a strong professional services group, which has been recognized by J.D. Power for its service excellence. Q: What unique benefits does your company provide its customers in comparison with other companies in your field? A: Riverbed is the only company with WAN/application optimization, application performance management and network performance management and diagnostics in multiple Gartner leadership quadrants. Our capabilities span solutions for automation of testing for large scale voice-over-IP deployments to detailed simulation and modeling for development of new network protocols. We have integrated our WAN optimization solution with our application and network performance management solutions to eliminate the need for our customers to purchase point solutions for packet capture and analysis. In addition to WAN and application optimization, our SteelHead WAN solution is also a major sensor for our management solutions. We deliver the capability for network operations organizations to see all parts of the application delivery chain, including the ability to instrument the end-user browser, measure flow and packet performance across a large network, automate application dependency mapping, and instrument the servers involved in application delivery.
A: Riverbed has fully embraced cloud and virtual computing environments. For programs like the Army Warrior Information Network, our solutions all run inside their virtual platform. Our application delivery controller and Web application firewall is software only and licensed by the megabit, not by the number of devices like most of our competitors. Amazon Web Services government cloud uses this to allow customers to spin up as many ADCs as needed. Since our solutions can run as virtual appliances, the ability to fail over entire cloud data centers is greatly simplified, as our customers are no longer dependent on physical appliances like load balancers or Web firewalls at the secondary cloud site. Providing our Web application firewall in a software-only model allows organizations to embed the firewall on their web server, install it as a virtual appliance inside a cloud data center or place it on a dedicated device to provide a physical appliance capability. We provide all our technology in cloudready format to ensure it can be run as virtual appliances inside cloud computing environments, as well as providing performance enhanced hardware solutions for networks operating as speeds as fast as 10 GBs. Riverbed fully supports government efforts to improve information security and has just completed FIPS certification for our common cryptographic module, which is used across a large portion of our portfolio. Because we also provide softwareonly solutions, our technology can inherit security efforts from industry operating system leaders such as Red Hat, VMware and Microsoft. O
mbomba@riverbed.com www.MIT-kmi.com
NEXT ISSUE
June 2014 Vol. 18, Issue 4
The Voice of Military Information Dominance
Cover and In-Depth Interview with:
Brig. Gen. Kevin Nally
Chief Information Officer U.S. Marine Corps
Features 4G Quandary 4G/LTE technology offers huge opportunities for the military, but the booming popularity of consumer uses is crowding the military out of the electromagnetic spectrum. DoD is searching for ways to benefit while also accommodating the economy’s need for more bandwidth.
Softwaredefined Networking A new approach called softwaredefined networking is drawing increasing attention from government and industry in order to improve management of network services.
ID Management
Digital SATCOM
With the aging of technology used in the Common Access Card for both physical and network access, government and industry are exploring a variety of alternatives.
Digital intermediate frequency (IF) technology offers enormous benefits to the buyers and users of SATCOM terminals, beginning with performance, cost and size, and addresses performance challenges that cannot be solved with conventional analog IFs.
JIE Report The recent Joint Information Environment (JIE) Mission Partner Symposium spotlighted the role of the Defense Information Systems Agency and other Department of Defense organizations in developing the JIE.
Insertion Order Deadline: May 30, 2014 • Ad Materials Deadline: June 6, 2014
THIS IS OUR CAMPUS
Creating learning opportunities wherever the U.S. military serves More than 95 career-relevant programs available online and on-site cybersecurity • criminal justice • business
AT YOUR SERVICE SINCE 1947
Serving the military is in our DNA. Talk to us. 877-275-(UMUC) 8682 • military.umuc.edu/miltech