DISA rethinks its security strategies
Defense Department’s net-centric data policies expose weaknesses in operational awareness
- By Sebastian Sprenger
- Oct 04, 2007
The Defense Department is taking new steps to detect traditionally hard-to-pinpoint performance outages and security breaches on DOD networks. Officials said a test program to
begin later this month is part of a departmentwide effort to improve awareness of network incidents or trouble spots.
The Defense Information Systems Agency will initiate the test program, which will lead to establishing an information sharing operations center (ISOC) early next year, said Anthony Montemarano, DISAs program executive officer for information assurance and network operations.
The centers purpose will be to collect data on the status of services that feed information to DOD networks for various applications.
The military is moving toward a services-based environment, but DODs ability to detect anomalies in the performance of each of those services is limited, said Michael Krieger, director of information policy in DODs Office of the Chief Information Officer.
The data that those services feed to applications could be as simple as the time of day or as complex as a geospatial map.
You cant go to a computing center and say, Its on, so its working, Krieger said. It may be on, but it may not be responding to your requests.
John Grimes, DODs CIO, recommended establishing an ISOC in an August 2006 progress report on the implementation of the departments network-centric data strategy. DOD officials have traditionally used software agents, which are tiny computer programs, to monitor the performance of services on the militarys networks. The ISOC would attempt to monitor the health of a large number of those services simultaneously.
There are two types of systems: systems that are down and systems that are going to go down, Montemarano said, highlighting the need for a picture of the operational status of those systems.
He added that DISA plans to eventually integrate the ISOC with the agencys Global Information Grid Common Operational Picture program.
In the past several years, DOD officials have accepted the notion that military networks will always operate in a somewhat degraded state rather than at peak performance and with uncompromised security.
That recognition has prompted officials to seek ways to improve their situational awareness of incidents on DODs networks.
The focus has gone away from higher walls and wider moats with more alligators, said Linton Wells, a former assistant secretary of Defense in the CIOs office. Wells said projects such as the ISOC are essential for securing DODs networks.
DISA officials are evaluating sites for housing the ISOC, including an agency facility in Columbus, Ohio, and a secret facility that the intelligence community uses, Montemarano said.
The test program will begin in early October and continue for about 60 days. After that, officials will decide what kinds of equipment, how much money and how many employees they will need to create the ISOC.
During the testing phase, DISA officials will experiment with data and services from the Maritime Domain Awareness Community of Interest. That group is a collaborative effort by several federal agencies to collect and distribute data that tracks ships near U.S. coasts.