DOD intertwines data security, interoperability challenges
- By Jason Miller
- Mar 06, 2007
ORLANDO, Fla. -- The Defense Department is spending $2.5 billion on information assurance in fiscal 2007, and a good portion of those funds is intended to ensure the military can share data safely and more easily with the intelligence community.
John Grimes, DOD chief information officer, said March 5 the key to information sharing is security: “If you can’t protect information, you can’t share it.”
“We are looking at those two areas in our architecture and in the next generation of security technology and how we may change the nonclassified IP router network,” he said at the Information Processing Interagency Conference, sponsored by the Government IT Executive conference. “The only way to get to net centricity is to ensure we can share information and it is interoperable. We are spending a lot of money on this.”
One program DOD is working with the Homeland Security Department and other agencies on is the National Command Coordination Center, which will improve information sharing among federal, state and local agencies.
Grimes also pointed to DOD’s ongoing move to net centricity and using service-oriented architecture to separate data from the application layer.
“The information must be understandable and must be able to be used over and over again,” Grimes said.
To ensure data interoperability, DOD is moving more toward communities of interest, including one recently set up in the maritime community with the Coast Guard, the Navy and other agencies. Grimes said the Office of Management and Budget is paying close attention to how these communities succeed.
Although information sharing is important, Grimes said, most of DOD’s efforts are to ensure all data is secure.
“We have seen a huge increase in targeted incidents over the Internet,” he said. “We are under attack 24 hours a day, seven days a week, and we are starting to share information on cyberattacks or holes with DHS and they are sharing back.”
Grimes illustrated DOD’s challenges by pointing to increasing statistics such as:
- 46 percent increase of hackers altering DOD Web sites.
- 28 percent increase in e-mail scams.
- 250 percent increase in malware.
He also pointed to a recent attack that took down the National Defense University’s system and another attack on the Army’s Fort Hood in Texas.
“The Army spent about $50 million to $60 million to bring their sites up after the attack,” Grimes said.
To combat these challenges, DOD is relying on enterprise security solutions such as public-key infrastructure with the Common Access Card and patch management software, he said.
DOD also is working with the Office of the Director of National Intelligence to develop standard security policies and a uniform reciprocity agreement to accept certification and accreditation of each other’s systems.
Grimes also said DOD is moving to next-generation security technology using the Global Information Grid information assurance portfolio.
“We are tagging data and it will go into our service-oriented architecture,” he said. “We are on that road and pushing hard.”