Army plans network fortification

Army officials expect to spend millions of dollars as early as next year to fortify networks that are increasingly becoming the targets of cyberattacks, according to service and industry officials.

Army officials approved the computer security procurement because the service needs secure domestic networks to support more mobile and rapidly deployable forces, they said.

Budget constraints are hampering funding efforts, but the Army is in dire need of new security products, said industry officials familiar with the situation. They cite an instance in August 2003 and another in January in which hackers attacked systems at an important U.S. installation.

Companies vying for the Army work include IBM Corp., NCI Information Systems Inc., Net Direct Systems and Symantec Corp. Industry officials acknowledged discussions with the service about the project, sometimes called the secure server initiative, but

declined to comment because of national security and business

concerns.

Army officials will study current and future forms of computer network attacks in preparation for the procurement. In early 2005, they will finish the work detailed in a requirements document that identifies information technologies that are ready or in development, said Joe Capps, director of the Enterprise Systems Technology Activity in the Army's Network Enterprise Technology Command (Netcom) at Fort Huachuca, Ariz. Netcom oversees the operation of service networks.

"What's the next step?" Capps asked, referring to the project's focus. Finding "the groundbreaking technology of the future."

Army officials started working on the computer security document in May and conducted research by talking to service IT officials and companies about network threats.

Defense Department acquisition policy mandates that agencies and services must have requirements documents before proceeding with procurements. Capps said he does not know when the Army will release a request for proposals for the next-generation computer security product program.

Army officials want to conduct a comprehensive procurement that would allow all IT companies to submit proposals. They decided against a fast, finite procurement that would allow only a few firms to bid for the contract, said another industry official.

Capps said companies interested in submitting solutions should make them cost-effective.

The requirements document marks another step taken by Army officials during the past year to strengthen their networks (see box).

Army officials have identified the threat, implemented policy and considered new security solutions and controls, said John Pescatore, vice president of Internet security at Gartner Inc.

But the government's slow procurement process and the rapidly changing cyberthreat environment sometimes inhibits this strategy. A buy-a-little, test-a-little approach can give government and industry officials a quick, significant improvement in security and make them better prepared for the next worm or virus attack, Pescatore said.

Army policy forbids discussing computer network intrusions and vulnerabilities. As a result, Capps and Lt. Gen. Steve Boutelle, the service's chief information officer, declined to comment on hackers' attempts to break into Army networks last summer and earlier this year.

But Boutelle commented on the volume of cyberattacks his networks experience. "We get hammered all the time," Boutelle said, declining to elaborate.

Industry officials said they can fix the Army's computer security problems because their products can close holes in networks, correct flawed code in commonly used software and monitor systems for

intrusions.

Capps said new computer security products can not only protect Army networks but also decrease the costs of operating and maintaining systems. At the same time,

security technologies can increase soldiers' use of and confidence in voice, video and data communications, helping the military's network-centric warfare strategy to evolve, he said.

The Army's latest security initiative will build on its long-standing defense-in-depth strategy, officials say. It creates several layers of hardware and software that hackers must penetrate to access classified and unclassified but sensitive information.

Army officials use secure routers to block unauthorized access to their networks. They also use software to stop entry and guard against network attacks including computer worms and viruses, according to Army documents.

Service officials operate several organizations and get help from DOD offices to protect networks. Netcom operates, manages and defends service systems with help from the Army Intelligence and Security Command at Fort Belvoir, Va., which oversees the Land Information Warfare Activity and the Army Computer Emergency Response Team.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group