DISA to pay $1.2B for network protection

Defending against insider threats puts squeeze on budget

Related Links

Amazon.mil?

The Defense Information Systems Agency plans to spend $1.2 billion in the next three years to protect Defense Department networks from attacks. That spending is necessary to thwart insider threats and defend classified networks, according to DISA’s fiscal 2008 budget documents.

Such spending for network defense might sound staggering. However, Bernie Skoch, a consultant at Suss Consulting, said a billion-dollar network security budget could be a bargain if it protects networks essential to DOD’s global operations. Skoch, a retired Air Force brigadier general, was formerly principal director of customer advocacy at DISA.

The bulk of that proposed spending would be for DISA’s Information Systems Security Program. It would receive $959 million for fiscal 2007 through fiscal 2009, an amount that includes $819 million from operations and maintenance accounts and $140 million from procurement accounts.

DISA’s three-year network operations and defense budget also includes $147.5 million in operations and maintenance funding for network security in the Pacific and European commands and DISA field offices that support nine combatant commands. Another $41.3 million in three years would go to the Strategic Command to operate and defend the Global Information Grid. And DISA would spend $54 million on operating a Joint Staff Support Center.

It is well-known that DOD’s Non-classified IP Router Network (NIPRNET) is under increasing attacks from the outside. But DISA’s budget documents indicate that the agency has additional concerns about insider threats. DISA plans to deploy tools to 1,500 locations worldwide to analyze, detect and respond to insider threats against information and information systems.

DISA’s three-year budget would pay for increased security on the Secret IP Router Network, which is less susceptible to outside attacks than the NIPRNET because it does not connect to the Internet. DISA intends to deploy automated network access controls on the SIPRNET to prevent inadvertent or malicious connections of unknown or improperly configured devices, the budget documents state.

DISA also plans to deploy a departmentwide risk-management system to verify that connections to the SIPRNET come from valid DOD users. The agency will expand its use of subnets called demilitarized zones (DMZs) to isolate the NIPRNET and SIPRNET from unverified external networks. DISA said the DMZs will improve security and make it easier for authorized users to access DOD information.

Skoch said DMZs will help DOD maintain public Web sites that support activities such as e-commerce without compromising internal DOD networks and information.

Budget documents show that DISA has already deployed tools from Secure Computing and Blue Coat Systems for DMZ security.

Steve Schick, a Blue Coat spokesman, said the company’s tools provide protection from malware, spyware and viruses. A reporting tool analyzes incoming traffic. Because the use of such tools on the edge of a network often slows traffic, the Blue Coat tools include an acceleration engine that helps speed traffic, Schick said.

Secure Computing’s Cyberguard Web Washer scans incoming DMZ traffic. Phyllis Schneck, vice president of research integration at Secure Computing, said the company’s tools detect and block malware. They also detect global trends in malicious traffic and automatically forward that information to customers, such as DISA.

“Providing safety and security is priceless,” Schneck said.
A security project named CentaurThe Defense Information Systems Agency introduced a network security program in 2006 called Project Centaur. It collects, stores, retrieves and analyzes message header flow data and metadata from incoming traffic that is captured by border routers on secret and unclassified Defense Department networks.

Project Centaur is one of several new security programs disclosed in the agency’s fiscal 2008 budget request.

Bernie Skoch, an analyst at Suss Consulting, said the Centaur project is valuable to DISA because it conducts traffic analysis that helps the agency determine the origin of network attacks.

DISA did not respond to requests for additional information on Project Centaur. 

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above