12 years, $1.6 billion and counting

Defense Department officials have a tough road ahead, with only 18 months to move millions of messages from an aging but familiar messaging system to a new but troubled one.

It has been 12 years since DOD conceived of the Defense Message System, the replacement for its Automatic Digital Network (Autodin). In the interim, the Pentagon has awarded a $1.6 billion contract, missed several deadlines and spent $30 million a year to maintain Autodin. Now leaders and lawmakers are pushing to get DMS running by 2003.

DMS was designed to provide writer-to-reader message services for classified and top-secret information to all DOD users at their desktops and, if needed, to other federal agencies, contractors and U.S. allies. The individual message service, which isn't working as well as some Defense officials had hoped, would have enabled a user to send messages directly to recipients from his or her computer, rather than having to go to a message center.

With so much time and money invested, and no viable alternative that meets their information security requirements, department officials say they have no choice but to make DMS work—even if it means lowering their expectations to do so. However, some critics contend that DOD should have abandoned DMS years ago and explored other secure messaging options.

Making it Happen

When it comes to fielding DMS, failure is not an option. The services have until Sept. 30, 2003, to stop using the nearly 40-year-old Autodin messaging system or face Congress' wrath. "If we don't make the 2003 deadline, we're dead in the water," said Army Lt. Gen. Joseph Kellogg Jr., director of command, control, communications and computers for the Joint Chiefs of Staff.

Building one system to meet every messaging need in the military is a monumental project—one that probably wouldn't survive current procurement requirements. And in 1989, when DOD started looking for Autodin's successor, cutting-edge technology was an Intel Corp. 25 MHz 486 microprocessor. Then there's the sheer size of the requirement: supporting all four military services at some 7,000 sites worldwide—and being able to transmit classified messages.

Although DMS has had technical shortcomings, Kellogg blames much of the system's difficulties on poor management. "It's a leadership issue."

Along with the Defense Information Systems Agency and the Office of the Secretary of Defense, the Joint Chiefs of Staff is supposed to be a loyal cheerleader for DMS. But until recently, the Joint Chiefs wasn't even using DMS, Kellogg said.

The tide may be turning, however. Art Money, DOD's chief information officer, reiterated his support for DMS in a Feb. 8 message to top military leaders and set the updated deadlines.

Kellogg said that Money is treating DMS as the next Year 2000 problem and is serious about the deadlines that DOD must meet. But DOD officials have already missed two DMS deadlines, and they can probably get away with missing this year's June 30 deadline to send top-secret and collateral messages exclusively via DMS.

One of the reasons that the switch to DMS has been "painfully slow" is because DOD is adding Fortezza security—used to identify authorized users—onto commercial products for both DMS and Medium Grade Services, said Rear Adm. Robert Nutwell, deputy assistant secretary of Defense for command, control, communications, intelligence, surveillance, reconnaissance and space. DOD uses Medium Grade Services to send sensitive-but- unclassified messages, such as correspondence and contract awards, using commercial e-mail products such as Microsoft Corp.'s Exchange and Outlook 2000 and Lotus Development Corp.'s Notes.

In some ways, he said it would have been easier to use a commercial product or software built entirely by the government rather than DMS, which is a commercially based product with government- developed security enhancements.

One benefit of DMS is that DOD will be able to take advantage of technical breakthroughs in Microsoft and Lotus products as they hit the market. The look and feel of DMS software, for example, is similar to Microsoft Exchange and Lotus Notes because about 90 percent of the software is based on such commercial products, he said.

How DMS Stacks Up

Still, Nutwell is not dissuaded by what DMS doesn't do and instead focuses on some of its promising features. DMS is a technically superior software product to Autodin, he said. For example, it runs faster and can handle e-mail attachments.

Autodin "doesn't give you the flexibility you need," and it's expensive to train personnel to support two messaging systems, Nutwell said. Autodin also requires its own telecommunications circuits, which cost about $30 million yearly to maintain.

The switch to DMS also is forcing DOD to "professionalize our networks," Nutwell said. For example, the armed services and other defense agencies are having to examine and clean up decades-old Autodin mailing lists as they manually create new DMS mailing lists, said Jerry Bennis, DMS program manager at DISA.

Another benefit is that network managers now must be diligent in administering their servers and digital certificates, Nutwell said.

"I don't know anyone in industry who's doing this," said Maj. Chris Michelsen, the Marine Corps' DMS project officer, speaking of the high level of security provided through DMS—such as integrity of data and user assurance.

A larger issue than the DMS deployment is technology innovation, which has made Autodin and DMS obsolete for much of the classified and sensitive-but-unclassified messaging that would have gone through them previously.

During a January speech at the Armed Forces Communications and Electronics Association/Naval Institute West 2001 conference in San Diego, Nutwell said that it's important to "keep the pressure on" the DMS deployment because "some [DOD] people are using commercial services to send e-mail" via DOD's classified and unclassified networks.

During the decade that DMS was in the works, some officials said information technology simply passed it by. But Nutwell defends DMS and its security features. "Even if it's on the [Secret Internet Protocol Router Network, or SIPRNET], it's not necessarily protected," he said. "It's certainly not protected from the insider threat. That's not the way we want to do business."

"Autodin, when it came up, was the e-mail of the day," said Col. William Cooper, the Air Staff's mission systems director. In early 1999, the Air Force was sending 19 million Autodin messages each month, but by December 2000, that number had dropped to half that, even when the Autodin and DMS messages were added together, he said.

"For many applications, it appears that the Defense Message System has been supplanted by the Internet and SIPRNET and NIPRNET," said Ed Whitman, technical director at Anteon Corp., Fairfax, Va. "A lot of stuff that would have formerly been sent through Autodin or DMS is now being sent through the Internet," said Whitman, who served as the assistant secretary of the Navy for command, control, communications, computers, intelligence, electronic warfare and space from 1990 to 1993.

DOD organizations are supposed to use the Non-Classified Internet Protocol Router Network (NIPRNET) or SIPRNET as their Internet access providers. The problem with using a commercial e-mail product through SIPRNET or NIPRNET is that, without a Fortezza card requirement to send and receive e-mail, there's not the same degree of user authentication in commercial e-mail, Nutwell said. Also, commercial e-mail products don't give service organizations control over delivery precedence, and they lack user authentication features.

Nutwell said that DOD still has "a few back doors" to the Internet that "we're trying to close," more than a year after a Money directive required DOD organizations to close the back doors or get an exception from Money's office.