DOD taking steps to secure secret network further

SALT LAKE CITY—Looking to protect its classified information network from internal security threats, the Defense Department is considering a new policy that will limit strictly network users' access to information.

DOD uses the Secret Internet Protocol Routing Network, or SIPRNET, as a secure intranet for sharing information classified as secret. Though SIPRNET provides no direct connections to the Internet, some DOD officials worry that giving personnel access to too much information could pose a security risk. The new policy would create "communities of interest" within the network, in which users would have access only to information required by their work.

"You don't want to give anybody access to all of your [organization's] information," said Richard Hale, an information assurance engineering executive with the Defense Information Systems Agency. "We are concerned that 500,000 of our closest friends are looking at our secrets," said Hale, referring to the approximate number of government personnel who have access to some sort of classified information.

Speaking at the Software Technology Conference here, Hale said senior DOD officials are expected to brief Deputy Secretary of Defense John Hamre today on the possibility of including the new policy as part of DOD's overall public-key infrastructure security initiative.

PKI solutions combine encryption, digital certificates and other technologies to authenticate a user's identity and to ensure that data and transactions are not tampered with during transmission over the Internet. DOD announced plans last month to use PKI solutions to secure both internal and external communications.

But PKI "doesn't solve anything itself," said Hale. Rather, because many of today's commercial security products "are not that good," DOD needs to devise a common set of policies governing both access and standards, he said.

In addition, Hale said the department needs to address the "hodgepodge" of Internet connections and protection policies that make up the DOD security architecture and process, which he described as "just a mess." As a solution, Hale recommended formulating a set of standard policies that spell out what type of information will be allowed to enter and leave DOD networks.

Hale said the modern way of dealing with adversaries, whether cyber-based or otherwise, remains "essentially unchanged" since the construction of the Great Wall of China, when nations erected stone embankments to protect their citizens against invading forces. "I do not think this can continue if we're really going to be serious about fighting wars using [COTS systems]," he said.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.