Army plans network fortification

Army officials expect to spend millions of dollars as early as next year to fortify networks that are increasingly becoming the targets of cyberattacks, according to service and industry officials.

Army officials approved the computer security procurement because the service needs secure domestic networks to support more mobile and rapidly deployable forces, they said.

Budget constraints are hampering funding efforts, but the Army is in dire need of new security products, said industry officials familiar with the situation. They cite an instance in August 2003 and another in January in which hackers attacked systems at an important U.S. installation.

Companies vying for the Army work include IBM Corp., NCI Information Systems Inc., Net Direct Systems and Symantec Corp. Industry officials acknowledged discussions with the service about the project, sometimes called the secure server initiative, but

declined to comment because of national security and business

concerns.

Army officials will study current and future forms of computer network attacks in preparation for the procurement. In early 2005, they will finish the work detailed in a requirements document that identifies information technologies that are ready or in development, said Joe Capps, director of the Enterprise Systems Technology Activity in the Army's Network Enterprise Technology Command (Netcom) at Fort Huachuca, Ariz. Netcom oversees the operation of service networks.

"What's the next step?" Capps asked, referring to the project's focus. Finding "the groundbreaking technology of the future."

Army officials started working on the computer security document in May and conducted research by talking to service IT officials and companies about network threats.

Defense Department acquisition policy mandates that agencies and services must have requirements documents before proceeding with procurements. Capps said he does not know when the Army will release a request for proposals for the next-generation computer security product program.

Army officials want to conduct a comprehensive procurement that would allow all IT companies to submit proposals. They decided against a fast, finite procurement that would allow only a few firms to bid for the contract, said another industry official.

Capps said companies interested in submitting solutions should make them cost-effective.

The requirements document marks another step taken by Army officials during the past year to strengthen their networks (see box).

Army officials have identified the threat, implemented policy and considered new security solutions and controls, said John Pescatore, vice president of Internet security at Gartner Inc.

But the government's slow procurement process and the rapidly changing cyberthreat environment sometimes inhibits this strategy. A buy-a-little, test-a-little approach can give government and industry officials a quick, significant improvement in security and make them better prepared for the next worm or virus attack, Pescatore said.

Army policy forbids discussing computer network intrusions and vulnerabilities. As a result, Capps and Lt. Gen. Steve Boutelle, the service's chief information officer, declined to comment on hackers' attempts to break into Army networks last summer and earlier this year.

But Boutelle commented on the volume of cyberattacks his networks experience. "We get hammered all the time," Boutelle said, declining to elaborate.

Industry officials said they can fix the Army's computer security problems because their products can close holes in networks, correct flawed code in commonly used software and monitor systems for

intrusions.

Capps said new computer security products can not only protect Army networks but also decrease the costs of operating and maintaining systems. At the same time,

security technologies can increase soldiers' use of and confidence in voice, video and data communications, helping the military's network-centric warfare strategy to evolve, he said.

The Army's latest security initiative will build on its long-standing defense-in-depth strategy, officials say. It creates several layers of hardware and software that hackers must penetrate to access classified and unclassified but sensitive information.

Army officials use secure routers to block unauthorized access to their networks. They also use software to stop entry and guard against network attacks including computer worms and viruses, according to Army documents.

Service officials operate several organizations and get help from DOD offices to protect networks. Netcom operates, manages and defends service systems with help from the Army Intelligence and Security Command at Fort Belvoir, Va., which oversees the Land Information Warfare Activity and the Army Computer Emergency Response Team.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group