DOD taking steps to secure secret network further

SALT LAKE CITY—Looking to protect its classified information network from internal security threats, the Defense Department is considering a new policy that will limit strictly network users' access to information.

DOD uses the Secret Internet Protocol Routing Network, or SIPRNET, as a secure intranet for sharing information classified as secret. Though SIPRNET provides no direct connections to the Internet, some DOD officials worry that giving personnel access to too much information could pose a security risk. The new policy would create "communities of interest" within the network, in which users would have access only to information required by their work.

"You don't want to give anybody access to all of your [organization's] information," said Richard Hale, an information assurance engineering executive with the Defense Information Systems Agency. "We are concerned that 500,000 of our closest friends are looking at our secrets," said Hale, referring to the approximate number of government personnel who have access to some sort of classified information.

Speaking at the Software Technology Conference here, Hale said senior DOD officials are expected to brief Deputy Secretary of Defense John Hamre today on the possibility of including the new policy as part of DOD's overall public-key infrastructure security initiative.

PKI solutions combine encryption, digital certificates and other technologies to authenticate a user's identity and to ensure that data and transactions are not tampered with during transmission over the Internet. DOD announced plans last month to use PKI solutions to secure both internal and external communications.

But PKI "doesn't solve anything itself," said Hale. Rather, because many of today's commercial security products "are not that good," DOD needs to devise a common set of policies governing both access and standards, he said.

In addition, Hale said the department needs to address the "hodgepodge" of Internet connections and protection policies that make up the DOD security architecture and process, which he described as "just a mess." As a solution, Hale recommended formulating a set of standard policies that spell out what type of information will be allowed to enter and leave DOD networks.

Hale said the modern way of dealing with adversaries, whether cyber-based or otherwise, remains "essentially unchanged" since the construction of the Great Wall of China, when nations erected stone embankments to protect their citizens against invading forces. "I do not think this can continue if we're really going to be serious about fighting wars using [COTS systems]," he said.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.