Army-wide security plan takes shape

The Army will devise a servicewide computer security plan to boost protection of its information technology assets, according to Army and industry officials.

Army officials say they want to develop a strategy that treats all systems as part

of a cohesive enterprise, rather than

securing each system individually. They

realized the need for such a plan when they began taking an enterprise approach

to managing their hardware and software, officials said.

Their participation in military network defense groups also raised their awareness about the importance of cybersecurity, they said.

"The work being done today is merging a number of initiatives into an overall enterprise approach for the Army," said Col. Thaddeus Dmuchowski, director of information assurance at the Network Enterprise Technology Command (Netcom) and the 9th Army Signal Command at Fort Huachuca, Ariz. "The time is right to document a working plan."

Industry officials, however, believe the new plan stems from persistent attacks on Army systems in recent months.

"It's amazing the government is not more concerned," said an industry official who consults with IT companies that do business with the Army. The person spoke on the condition of anonymity.

Dmuchowski, however, insisted that

this was a proactive move. "No one told me to do it," he said. "It is part of my job now that the Army is planning to operate at the enterprise level, and we have begun to develop or acquire the tools needed, in conjunction with policies."

He cited several factors leading to the formulation of the Army's new computer security plan:

n Participation in the Computer Network Defense Solutions Steering Group led by Strategic Command, which oversees militarywide computer defense.

n Support from the Defense-wide Information Assurance Program, led by the Office of the Assistant Secretary of Defense for Networks and Information Integration, which administers military IT policy.

Top Army IT officials, citing Army policies, would not confirm that their networks have seen more cyberattacks during the past five months.

"The military typically experiences increases in computer network attacks when the geopolitical climate is the way it is," said Lt. Gen. Steve Boutelle, the Army's chief information officer.

Maj. Gen. James Hylton, commanding general of Netcom and the 9th Army Signal Command, said, "We are a nation at war, and although protection of our networks has always had a high priority,we are even more vigilant, and the less the enemy knows, the better it is for the people who protect our networks."

Netcom officials would not discuss details because any comment on the "effectiveness or ineffectiveness of any attacks because this information may provide perceived or possible vulnerabilities within the Army's networks," Hylton said.

In addition to the new information assurance plan, service officials issued a task order in March to hire a vendor to install a storage solution and help manage the Continental U.S. Theater Network Operations and Security Center. The facility monitors the Army's domestic computer networks.

Boutelle and Hylton cited the contract, due for award this summer, as another step the Army can take to secure its systems.

Boutelle compared the measure to adding armor to Army vehicles when enemies find effective ways to attack them. He said the Army can use IT to stay one step ahead of cyberspace enemies.

But the industry official said the Army should be moving faster.

"If it's a matter of money, the Army should do what industry does: finance the infrastructure update over a 10-year-period," the official said.