Menu
/ / / MIT 2006 Volume: 10 Issue: 7 (August)

Contact

Q&A: Lieutenant General Steven W. Boutelle

Information Warfighter:
Leveraging Commercial Internet Protocol Technology




Lieutenant General Steven W. Boutelle
Army Chief Information Officer/G6


Lieutenant General Steven W. Boutelle has been the Department of the Army Staff’s chief information officer/G6 since 2003.

Previous assignments include director for information operations, networks and space, Office of the Chief Information Officer/G6, Headquarters, Department of the Army from 2001 to 2003; program executive officer for Command, Control and Communications Systems (PEO C3S) from 1997 to 2001; project manager for Field Artillery Tactical Data Systems (FATDS) from 1992 to 1996; and chief of staff for PEO C3S before his assignment as the PEO. From 1996 to 1997, Boutelle was the PEO C3S “Trail Boss” responsible for air defense, intelligence, artillery, logistics, maneuver, satellite and tactical radio software and systems integration for the Army’s Task Force XXI.

During a military career of more than three decades, Boutelle’s assignments have also included serving as commander, 362nd Signal Company, Korea; Army Europe deputy chief of staff of Operations and Plans; and chief, Test and Evaluation and executive officer for the Command System Integration Agency. He holds a bachelor’s degree from the University of Puget Sound and a master’s of business administration from Marymount University. His awards include the Defense Service Medal, Legion of Merit with Oak Leaf Cluster, Defense Meritorious Service Medal and the Army Meritorious Service Medal with four Oak Leaf Clusters.

Boutelle was interviewed by MIT Editor Harrison Donnelly.

Q: What do you see as the key factors influencing the current development of military information technology?

A: I think we’re in for a period of declining budgets in information technologies. Every dollar we have spent over the past several years, in transforming our tactical, institutional and business bases, we will have to live with for a long time. Historically, there has been economic rebalancing. Any time a budget goes up, that budget eventually goes down.

Many of our systems are now in a period of commoditization. Transport, for example—and we’ve spent a lot of effort over the past few years on transport—and Mr. John Stenbit’s [former assistant secretary of defense for command, control, communications and intelligence] concept of “power to the edge,” has been realized in the Teleports and the Transformation Communications Satellite [TSAT] systems. We’ve had some great success in those systems and in the transport area. Another part of Mr. Stenbit’s portfolio was the fiber optic cable Global Information Grid-Bandwidth Expansion [GIGBE]. The Defense Information Systems Agency [DISA] has done a wonderful job on GIG-BE and now it’s incorporated into the Defense Information Systems Network [DISN] Core. The transport gives us a global backbone of fiber.

The Teleport program involved converting seven of our Standardized/StrategicTactical Entry Points [STEP] sites and building them into Teleports over a period of generations. The Teleport program took some of the existing STEP sites, which by definition primarily only accessed military satellites, and converted them to both military and commercial satellite access points. We added commercial capabilities to allow us access to commercial vendors’ transponders, enabling cross-banding (to go up via a commercial satellite and come down, cross-banded to a military satellite). It gives us more access wherever we are globally.

We have converged across all services on the Internet Protocol [IP] standard. We, as a joint community, decided that it makes sense to be standards based—not standardization, but standards. Everyone does not have to have the same device. The decision to make IP a standard, although not the most efficient protocol, allowed us to quickly grow the transport network globally, from the fiber infrastructure, to the existing DISN, to the Teleports and into the commercial and military satellite worlds.

Q: What are you doing to leverage commercial technology?

A: That’s happening very quickly, our networks are being commoditized, because we’re following and leveraging the commercial sector. It’s important that we understand that we no longer drive the market. We leverage what the commercial sector does and bring that into the GIG, the Teleports or the tactical battlefield. We’re able to leverage the great investment that the commercial sector makes in IP. Great partners help us do that. As we’ve done with the GIG, DISN and Teleports, we’ve extended the “edge” lower and lower. John Stenbit said, “Power to the edge,” and we’re now pushing that edge lower and lower on the battlefield.

Previously, with Mobile Subscriber Equipment, the edge was at the brigade. We provided limited bandwidth down to the brigade headquarters. That same bandwidth, now “IP-based,” is extended down to the maneuver battalion HQs, and in some cases, the company and individual platforms—tanks, Bradleys and sensors. A division in Southwest Asia today probably has close to 500 megabits, or almost half a gigabit. That’s a tremendous amount of bandwidth, and it’s Everything Over IP [EOIP]. That’s where we’re moving, and it gives us tremendous efficiencies, allowing us to do things we’ve never been able to do before, such as converge voice, data and video. You’ll be able to have voice, video and data commingled on the same data stream and unclassified, secret and top secret commingled.

We’re finally reaching where we aimed to go. A lot of things came together. First, the transport came together, and then the standards. The commercial sector helped us with commercial satellite-based solutions. The Army’s initial solution was the Joint Network Nodes and the Command Post Nodes. These commercial systems, with data packages, allowed us to push voice, data and video to the lowest level. This was based on the successes of the Special Operations Command [SOCOM] and the Joint Communications Support Element [JCSE]. So we’ve seen transport commoditized.

When I say commoditized, I mean that those products were very expensive when they first came to market about five years ago. Now they’re a commodity, and honestly I don’t care if a router is made by one company or another, only that they’re based on standards. I’m after the one that is the best, most efficient, lightest, takes the least amount of power and has the best environmental capabilities. We are in a commoditized information technology world.

Q: You’ve mentioned the transport level, but what about the application and data levels?

A: The transport level is a commodity, and the edge is being pushed lower and lower, and the bandwidth will continue to increase at the lowest level—that’s step one. The next step is the applications and data level. That’s more difficult and onerous. It’s one thing to have bandwidth down to the lowest level. But which applications are you going to use? Microsoft Office is a family of applications, which were not necessarily built to operate on an environment that is as mobile as our environment. We routinely get connected and disconnected on the battlefield. So our industry partners designed special applications for that.

In those unique applications, we had to define the data elements and data standards. To do that, we needed a data strategy, an Army and joint data strategy as to how those applications will talk to one another. This was not an issue until the transport came together— when we started tying together an application that a soldier has in one company to another application in another battalion, brigade or other service. When the transport matured to where those applications could touch and talk to one another, it required defining data elements, standards and symbology to make sure that one level could talk to another. That’s a process that all the services, DISA, and the Joint Staff have to address. They’re doing a good job addressing it, based on standards, but they haven’t solved it. It’s a time-consuming and very resource-intensive process.

As we’ve commoditized the network and driven those prices down, we need to be focusing our resources on the standardization of data elements, and how we’re going to do that with eXtensible Markup Language [XML], Simple Object Access Protocol [SOAP], Universal Description, Discovery and Integration [UDDI], Web Services Description Language [WSDL] and so on. Now we are at the next level, defining those data elements and symbologies. DISA has done a great job of defining many elements and getting them out to the services to use. Now we have to take it to the next level, and start talking about data.

Q: Why are standards important?

A: So we’re working through transport, applications, data and standards. It’s like, in the 19th century, when the U.S. decided that our electricity needed a standard. We started out with Direct Current [DC]—it wasn’t Alternating Current [AC]. New York was first lit by DC, which Edison thought to be the answer. It wasn’t until a few years later, that Westinghouse convinced the community that DC was not the answer. Westinghouse proved you could push AC for much larger distances with high voltages. So we agreed upon 120 volt/60 cycle AC as a standard for local use. When that happened, you saw mass proliferation of electricity across the U.S.

That’s about where we are with EOIP. We’ve agreed upon IP, and are seeing it pushed across the battlefield and across the services, just like electricity was pushed across the U.S. But back then, we had to invest in high-power transport lines, and power lines to the edge or to every house and factory. Once you have those power lines to houses and factories, the next investment is the application—a light-bulb, a toaster, a radio or an electric motor in a factory. That’s the step that we’re at now in network-centric warfare, with the network as the enabler for the warfighter. We have to invest in what plugs into the network. That’s the investment we’ve been making in the network. In our case, it’s the application. The application may be on a weapons system, or an intelligence database, or a decision support system for the logistician. That’s where we need to refocus our attention now.

Q: What role will commercial and military satellites play?
 
A: We’ll reach from the continental U.S. though the DISN Core, the STEP sites and Teleports, and commercial and military satellite systems. We hope to use more military systems as they mature, and we expect the maturation process over the next five years to include the Wideband Gapfiller Satellite, which will give us large amounts of Ka and X Band, the Advanced Extremely High Frequency [AEHF] Satellite, which we expect in the next several years, to give us a robust and stable satellite system. In addition, there is the Mobile User Objective Satellite [MUOS] system, which the Navy is putting together and we really need. It will give us expanded Ultra High Frequency [UHF] Tactical Satellite [TACSAT] narrow-band and wide-band.

We have critical needs for those, as we’re now using commercial satellite surrogates. We need to be able to move to more military satellites, to reduce our operation and maintenance costs, and also to have control over those satellites in a stressed environment. We want to make sure there are at least some satellites for which the Department of Defense has control, so we don’t have to rely totally on the commercial sector. So as the military satellite constellation matures, we’ll have to make adjustments. We will move the Joint Network Nodes over to the Wideband Gapfiller, to get onto the military satellite constellation. We would like to move many of our military satellite terminals to the Wideband Gapfiller, and eventually MUOS and some to AEHF. It’s very important to make that transition. So as we’re in declining resources, we’ve focused resources to make sure we make the transition, and get the return on investment using military satellite constellations.

EOIP will make us much more efficient as resources decline. EOIP was pioneered by our special operations people, such as the JCSE, SOCOM and the 112th Signal Battalion. They were our leaders in EOIP. We took the products they were using and pulled together our team from Fort Monmouth, the Fort Gordon Battle Lab, the Program Executive Office for Command, Control, and Communications- Tactical, MITRE Corp. and CIO/G-6, and then partnered with industry. This included Northrop Grumman, General Dynamics, Data Path, Cisco, Lockheed Martin and others. That team put together the Army’s EOIP program, which has allowed us to push EOIP very rapidly across the battlefield. We’ve been very successful with that program, and very pleased with it, but we need to complete it. Over time, with declining resources, we have to continue to enhance those programs as they grow into the Warfighter Information Network-Tactical [WIN-T] program which will bring networkcentricity to a new level.

Q: What are you doing to conserve resources through consolidation?

A: As we get the robust networks enabled by GIG-BE, it finally makes sense to really develop our data centers as envisioned. We have the DISA mega centers around the country, and local server centers have converged into them. But many programs have not made that move, primarily because they did not have the robust network to access them. The next step, as part of our business transformation, is to start collapsing all these servers and systems that we have on Army bases around the nation into a few data centers. We’re going to do that in the Army. We’re going to do it because of the total cost of ownership [TCO], effectiveness and efficiencies. When you go to a major data center, you can afford to invest in backup power and multiple networks that feed that data center. It’s time to start moving and relocating many of our smaller data centers into those larger data centers, most of which are joint and run by DISA. 

We’re in that process and have already selected two data centers. We are collapsing the mail and application servers from different Army bases and depots into those data centers. We expect to see a huge return on investment from this effort, which we have already validated with the Gartner Group and experienced in Europe and Korea. Now we want to start collapsing other services, such as our Enterprise Resource Planning [ERP] programs. Let’s next move our data centers that we have elsewhere into the data centers that are running PeopleSoft, Systems Applications and Products in Data Processing [SAP] and Oracle Financial, for such programs as the Army’s portion of Defense Integrated Military Human Resources System [DIMHRS], General Fund Enterprise Business System [GFEBS], Logistics Modernization Program [LMP] and Global Combat Support System-Army [GCSS-A]. We’re going to move those major servers into those huge data centers for efficiency.

Q: What advantages do you see in thin-client technology?

A: Data centers on the GIG allow us to get into the thin-client world. Not everyone needs a computer underneath their desk to keep their feet warm. It’s a culture thing—people want a computer on their desk. But in fact, if you have a robust network, thin client allows those computers to be consolidated. In a major headquarters, you can mitigate security issues and drive down the cost of ownership by not having computers under some desks with hard drives that have to be updated. Let’s do that in a consolidated place such as a major headquarters, and it’s our intention to do that as we move the Training and Doctrine Command [TRADOC], Forces Command [FORSCOM] and so on. We’re going to make those thin-client major headquarters, at least for a preponderance of users in the headquarters. It’s about TCO.

To some extent, we can also run thin clients off of our huge data centers. The maturation of technology has really changed data centers today. The joint data centers that were built 10 years ago were full of equipment. You’ll find that these older data centers are largely empty today because the hardware has been reduced in size and the amount of power required. We’re going to capitalize on that. We have been working very closely with Lieutenant General Croom at DISA to begin the process of moving into those data centers. We’ll negotiate the cost as it is a cost-based move. It is part of our business transformation.

Q: What is your portfolio management strategy?

A: As we transform on both the business and the warfighting side, the secretary and chief of staff of the Army have directed that we go through a portfolio management process. We’ve identified the Army domains which include warfighting, business, intelligence and computing infrastructure. We’ve identified owners of each domain and the owners are defining which programs they really own. What programs does the G4 really have? How many does she have? In this case, Lieutenant General Dunwoody has hundreds of logistics programs. The G2, Lieutenant General Kimmons, has hundreds of intelligence programs.

We’ve been tasked in writing by the secretary and chief of staff of the Army to reduce the number of redundant programs by 80 percent by the end of 2007. Portfolio management is the vehicle to get that done. We are looking at every application and program and consolidating them into the ones we’re going to keep and not going to keep. Again, it’s about TCO, a maturing of our products and organizations, and an expected reduction in our budget.

Every six months, we review all the portfolios in the Army. We’ve had two portfolio reviews so far, and the next one is in January 2007. The domain owner is responsible for reducing his or her applications by 80 percent. The secretary of the Army is very much in tune with this and looks at this program very closely. The CIO/G6 has made significant strides in portfolio management. We’re pleased with where we are now, but concerned where we’ll be by the end of 2007, so we are applying increasing pressure on the domains to get that job done.

Q: What challenges do you face in reducing redundant applications?
 
A: Five or 10 years ago, if you wanted an application in your Army organization, there was no commercial application to do it. So you hired a contractor or a government employee to write that government software and build that application. Those applications and programs still exist across the Army and our sister services. In addition, as applications started to come on the commercial market, we individually bought those applications and have been using them for several years. Now that there are enterprise applications that have become very mature we want to use them but find that there is a reluctance to shift over to enterprise applications when so many have been using a previous application, home-grown or otherwise, for many years. But we have to accept change.
 
We understand that people don’t like change, and want to operate in their zone of comfort. But if you’re going to transform, you have to embrace change. So we’re driving that and are successful in the management of those affected domains. We bought an enterprise license for ProSite, and have now moved it around the world, with teams on the road training worldwide to help with our resource management. ProSite is now picking up a lot of functions that were done by older applications. It’s enabled a large reduction in legacy applications.

But it’s a culture thing, and people like to operate with what they have used for many years, and they also like to have industry partners operating those applications. As we reduce those numbers, that can be onerous. But our investment is in people, and people are expensive. As we become more efficient, we’re able to do more with less. People are very reluctant to give up their applications. We are not unique; all the services are going through this much like the Navy is with Navy Marine Corps Intranet [NMCI]. It’s the right thing to do, and we have to do it. We’ve grown, especially with this war, and we need to bring that back down to something that is more efficient and affordable. We need to be effective, because we’re in a war, but we also need to bring back some efficiencies into our organizations.

As you look at business applications, you also have to look at what has grown within our combat units. One of the divisions in SWA today has more than 500 applications. Many of these were homegrown or brought and are not systems of record. We are working with Combatant Commanders and the Army in defining specifically which applications will be allowed on the next rotations into Iraq and Afghanistan. We’re going to define and reduce those applications. We’ll do that with our warfighters; we do not know what the number is, but 500 is the wrong number.

First of all, the training for those 500 applications is unique to that division. Those 500 applications don’t all reside in the next division that will rotate in, and soldiers move between divisions, brigades and battalions. We owe it to the young soldiers in the Army to ensure that they know what applications will be used at a brigade, division or battalion. So we’re putting a significant effort into defining, refining and documenting each. We’re working with Central Command [CENTCOM], and they’ve asked us to help them with which applications the units rotating into the SWA should be allowed to bring. This too will be part of the 80 percent reduction.

Q: How are you working to foster collaboration through technology?

A: We’re moving from an e-mail environment into a knowledgebased force. If you look over the past few years, e-mail was one of the first things to become popular. Now we’ve moved into a collaborative environment. Collaboration programs are tremendously popular, but more at the grassroots level more than pushed through as systems of record. The major collaboration programs that you will see in SWA were really championed by organizations going to SWA, by divisions, the Multinational Force, etc. Sometimes they have been commercial applications, such as information workspace applications or Groove. However, in some cases, they’ve built their own because of their desire to share information and collaborate in a specific way. So we’re going through a sorting process today, asking what applications we want to use and where we have redundancies. Let’s bring these in, document them and decide what our forces need to use.

We’re also defining which applications brigades and divisions should use for collaboration. What Web site package should they use? When possible we’re going to buy applications, if we don’t already own them, as enterprise licenses. So if the 1st Cavalry has a Web site, which they do, the application software used for their site will be the same application used by other divisions for their Web pages. It’s important to share knowledge and streamline by using enterprise licenses. You can brand your Web site however you like, but the underpinnings will be the same enterprise software. We are going to define specific Application Programming Interfaces [APIs] as well. We will direct the minimum information they should share out of their Web sites. We’re going to leave them a lot of latitude for the things they want to do, but give them a subset of things that they will share to begin to build out our knowledge networks.

We’ve been screening every Army division to see what products they are using, and we’re going to be sure to use enterprise products. We expect to finalize this by the end of the summer. The divisions have asked us to do that. This isn’t something we’ve been pushing from the top; they have asked us to help give structure to some of these applications.

Defining collaboration is really at the center of the work we do today. While the services were worrying about systems of record and long development times, smart young men and women went out and built their own, and use them every day. We need to get on board with those young leaders and say, you’ve done it right, and you know what you need. So we’re putting a lot of effort into collaboration, and seeing quick results.

Q: How are you preparing for the planned consolidation of forces within the United States?

A: As we’ve extended the network, we’ve also had to adjust the network based on Base Realignment and Closure [BRAC] and the Integrated Global Presence and Basing Strategy [IGPBS] which entails bringing most of the Army forces back to the U.S. When we finish BRAC and IGBPS, for the first time in recent history, 90 percent of the Army will reside in the continental U.S. We must make sure that they have a robust network as they move back home to posts, camps and stations. That network needs to be IP-based; the telephone switches need to be digital, and fiber and training needs to be extended down to the lowest level. The Army’s program for upgrading those posts is the Installation Information Infrastructure Modernization Program [I3MP] and we’re upgrading very aggressively to make sure we are ready to receive units when they return from overseas. So bringing those onboard with BRAC and IGBPS is one of our priorities right now.

In many of the posts, camps and stations, we are adopting commercial wireless systems in accordance with the DoD wireless policy. The big move toward wireless is important, and we are moving out on it. We have put wireless at the port in Jacksonville, and at Pohakuloa Training Area, Hawaii, and there are more places going wireless in the near future. We must develop our wireless networks as a seamless part of the entire DISN Core, the DISA mega centers, and our overall architecture.

Q: What are you doing to improve the technology education of the force?

A: As we’ve gone through the process, there are two things we can’t forget. One is the education of our force. When I say the education of our force, we need to start at the beginning, even before young men and women enter the services. We have a partnership with the National Science Center in Augusta, Ga., as directed by legislation, to interest young men and women in math and sciences. We have worked with several hundred thousand young people across the country to ensure that our nation continues to grow in math and science skills.

So we’ve started with young children, and then work up to the men and women coming into the Army. At Fort Gordon, Ga., we’ve started LandWarNet University, spending about $30 million over the last year. We’ve added 39 temporary classrooms and converted almost all the classrooms to an EOIP environment. It’s a Joint IP environment of routers, switches, Voice Over IP [VOIP] and secure video teleconferencing. We’ve revamped the entire Fort Gordon LandWarNet University. All the services are involved at Fort Gordon. It is truly a joint university. The Joint Satellite School is there and we’re putting in a joint warfighter’s course for middlegrade officers. We’re very pleased with the joint environment we’re fostering at Fort Gordon. We must “Train for certainty educate for uncertainty.”

Q: What role does distance learning play?

A: Technology in our business moves so fast that you can’t expect to send every man and woman back to Fort Gordon every time a new version of an operating system or router is released. Although they get their basic training there on these technologies, part of our investment over the past year was to build a very robust online e-learning program. When a new operating system, router or switch comes out, a young man or woman deployed around the world can go online to the LandWarNet University and get trained on those new systems or devices to stay current. The training is available to all our DoD people.

Our Army e-learning Program is extremely popular. There are currently over 31,000 Army users registered for the program. We have more than 2,600 free Web-based courses in our Army e-learning catalog, available to active Army, National Guard, Reservists and Department of Army civilians. Users must have an Army Knowledge Online [AKO] account prior to registering for a program. For example, we have 30 Rosetta Stone foreign language courses. We see large numbers of soldiers training on their own time to learn languages. The number one language is Spanish [Latin American], followed by Arabic and German. Also, 21,000 are taking classes on information assurance, Transmission Control Protocol/Internet Protocol [TCP/IP], firewalls and “Lean Six Sigma.”

It is interesting to note that when enlisted soldiers complete a class and take the exam, the system automatically updates their completion in the Army Training Requirements and Resources System [ATTRS] and that automated transcript provides promotion points. So there’s an incentive. We also provide preparatory courses for more than 40 information technology certifications to include Microsoft and Cisco certification and 28 course modules that have been recommended by the American Council on Education for college credits.

Educating our men and women, both civilian and military, is a key part of the richness of the Army and DoD for the future. It is important that as resources decline, we do not allow a decline in the resources focused on the education of our force. We also have a program called Army Knowledge Leaders. The CIO/G6 annually selects about six of the best students we can find in universities, in software and electrical engineering, who have graduated with honors. We put them into a two-year CIO/G-6 sponsored program, where we move them around the world and teach them about the Army. We’ve had that program for quite a few years, and it’s been very successful. It’s producing a lot of superstars for the next generation of leaders.

Q: What about technology education at the senior level?

A: At the senior level, we tend to forget about educating those of us who have been around for a while and have not grown up with this technology. So our vice chief, supported by the chief of staff of the Army [CSA], directed the G3 and G6 to put together a battle command workshop, and run all of our general officers and selected Senior Executive Service people through it. It’s to teach them about IT on the battlefield. We show them how we and our adversaries leverage IT. The chief of staff said, “I want to change the way our senior leaders view the network on the battlefield.”

There’s a lot going on that you don’t see on the network. It’s by adversaries, nation states, white collar criminals and individuals. They use instant messaging and Web sites, and attack our networks constantly. We can’t forget that, because sometimes the decisions on where improvised explosive devices [IEDs] and rocket-propelled grenades [RPGs] will be employed are being made on our adversaries’ networks. They leverage the Internet just like we do. We’re trying to change the culture of our senior leaders so that they understand more about the networks and the processes used by adversaries, as well as by our own soldiers.

Most of our senior leaders grew up before the Information Age and the Internet became popular. So we spend a Friday and Saturday, with about 30 generals and SES executives, from the Army and other services. We run one course a month, educating them on these types of devices and technologies, so they can have that knowledge in their quiver of arrows when they go back to the fight.

 It’s important that senior leaders understand this, because they’re also the ones who allocate resources and make decisions. They need to understand the entire battlefield, including the networked battlefield. It’s been very successful. We have graduated about 200 Army generals from this program so far. We plan on having all our generals go through the program by the summer of 2007. The CSA attended one of the sessions, and believes we’re on target and has validated our curriculum.

Q: Any final thoughts?

A: Often, we get enthralled by the technology. The technology is exciting, but at the end of the day everything we spend on technology has to be about enhancing our warfighters, and enhancing and enabling those who make decisions about our forces. Sometimes we get so wrapped up in technology, we forget why we’re doing this. It’s about warfighting, defending our nation, and the global war on terrorism. Resources need to be focused on defending the American way of life, our future and our children’s future. That’s the way our dollars should be allocated, and that’s what Congress expects as we design systems and put them into the field, whether they be Teleports, fiber or systems for individual soldiers. At the end of the day, it’s for ensuring that our children have the same great way of life that we have had.  ♦

Back_to_Top

INDUSTRY INTERVIEW: By Light Professional IT Services



Robert J. Donahue
Bob Donahue
By Light Professional IT Services


Army Lieutenant General Robert J. Donahue (Ret.) is chief executive officer, and Bob Donahue is president, of By Light Professional IT Services.

 


Q: Can you tell us about By Light Professional IT Services and what it has to offer to the military?

 

A: (Bob) By Light is a service-disabled, veteran-owned small business that is headquartered in Arlington, Va. We provide a broad range of hardware and software engineering services with approximately 100 cleared personnel. Our experienced management team leverages real-world expertise from the commercial, defense and intelligence sectors to provide tailored solutions for the demanding requirements in today’s federal market. Our true strength comes from our people, who are the driving force behind our rapid growth. We have a very strong and experienced management team that enables us to provide tailored support to our customers. By Light’s core expertise includes network engineering design and implementation, software services, contingency communication, and turn-key security solutions. We’re aggressively developing a new security capability within By Light that we see as a tremendous growth area and differentiator. We’re tying in electronic security with the traditional focus on information assurance to deliver a more cost-effective design to meet today’s heightened security requirements.

 

Q: What unique advantages does your company offer to military customers?

 

A: (Robert) I think that one of our biggest advantages is that we not only provide an industry-leading engineering staff, but also a seasoned program management capability with the quality that you would typically only find in a large integrator. We have a mature back-office capability with a DCAA-certified accounting system and a full companywide DELTEK automated time sheet implementation.

 

Q: What was your role in the Global Information Grid-Bandwidth Expansion (GIG-BE) project?

 

A: (Bob) By Light was an integral part of the engineering design and network installation effort for the GIG-BE program under the DGS contract with SAIC. SAIC partnered with AT&T to deliver a carrier-class solution for the GIG-BE effort, and By Light was fortunate to be selected by AT&T to be their implementation arm. We managed the network installations and provided a significant portion of the engineering design under their direct supervision. At one time we had more then 120 people working on the GIG-BE program performing a broad scope of responsibilities that ranged from the engineering design effort with the production of what we called TSIPS, Technical Site Implementation Plans, to the actual installation, test and turn up of the entire node at over 86 sites worldwide. By Light was able to leverage our senior management experience with the DISN Expansion Program to provide a focused engineering effort as part of the DGS team under AT&T.

 

Q: What are some of your other projects with the military?

 

A: (Bob) One of our other real success stories is our work on the SCAMPI program. By Light is providing the network design and implementation for the new Everything Over IP implementation on the SCAMPI Network, which is U.S. Special Operations Command’s C2 network. This project has been a tremendous success story for us because it allowed us to leverage the skill set that we developed on the GIG-BE program to provide a turn-key solution from the design to the implementation and hot cutover. This is one of our big differentiators: We have the ability to not only come in and provide the high-end network design, but also to execute the installation and turn up with carrier class standards.

 

This includes a turn-key solution from the DC power and BICSII certified installers to the programming of the routers and development of the encryption design. This success is truly a testament to the skill set of the people.

 

Q: What projects are you working on for the future?

 

A: (Robert) By Light has a strong focus on contingency communications support and our customer base at Fort Bragg, N.C. We recently purchased a new 8,000 sq. ft. integration facility in Fayetteville, N.C., near Fort Bragg, that we call the By Light Integration Center (BIC). It has enabled us to pre-position our contingency communications packages and has provided us with a state-of-theart facility for maintenance and lifecycle support services. We’re currently pre-positioning our contingency communications support satellite systems out of the BIC, which enhances our ability to support existing contracts with NORTHCOM and DoD that are delivering engineering design and satellite services. We are excited about the opportunities in the Fort Bragg area and feel that it has positioned us for several large opportunities emerging in the next two quarters.

 

Q: Please tell us more about your work in the security field.

 

A: (Bob) By Light is focusing on the emerging convergence of physical and electronic information security. Electronic surveillance and access devices will interact with the network as additional IP addresses. It’s the convergence of information assurance and physical security, and we are excited to be out in front of it. ♦

 
Back_to_Top

Trust the Computer

  • Written by CHERYL GERBER
  • Hits: 4364



INDUSTRY GROUP DEVELOPS “TRUSTED COMPUTING”
STANDARDS TO HELP BUILD SECURITY INTO THE HARDWARE.


An industry group is developing open security standards aimed at resolving ongoing, multi-faceted threats to Department of Defense and other computers and networks by providing dedicated hardware-based solutions that also offer considerable savings on development time and cost.

The Trusted Computing Group (TCG) was formed in 2003 to develop open standards for hardware-enabled, platform-neutral, security technologies that work across multiple devices and peripherals. The idea behind the group, which now counts 141 industry members, is to work together to develop specifications for different facets of trusted computing that address a myriad of computer and network security problems transparently while minimizing the obstruction of open access.

The chief objective of the TCG was to produce a dedicated chip on the motherboard called the Trusted Platform Module (TPM) based on TCG-developed specifications. The goal of the TPM is to improve protection of data and the security in the login, e-mail and Web access process.

Once the TPM was built, chipmakers seized it, since the technology both improved security and represented savings on individual development time and cost. They then pumped out a succession of TPM implementations in their chipsets. Intel’s is called LaGrande Technology; AMD’s is the Secure Execution Mode; Hewlett Packard’s is ProtectTools; and IBM has the Embedded Security Subsystem and ThinkVantage Technology. National Semiconductor, Phoenix and Fujitsu also have implementations.

Microsoft’s next operating system, Windows Vista, will ship with technologies that take advantage of the TPM chip, including BitLocker Drive Encryption and a Microsoft cryptography application programming interface.

The TCG then released its Trusted Network Connect (TNC) protocol specification, based on a computer security protocol called Authentication, Authorization and Accounting (AAA). However, the TNC has richer functionality than AAA, adding network authorization based on hardware configuration and numerous other factors.

All of these developments proved decisive for the Army, which decided this spring to require TPM in its Army Small Computer Program solicitation. In fact, to react swiftly to the TCG’s industry-based security improvements, the Army instituted the requirement ahead of any announcement and many months prior to the expected 2007 release of Microsoft’s new Vista operating system. This way, newly bought computers with TPM will be ready and able to take advantage of the Vista security enhancements as soon as the operating system hits the market.

“With TPM, we are starting with a trusted baseline and building on that. That’s the difference between trusted computing and computer security. The latter is, in some cases, after the fact, putting in products to react without a trusted base,” said Ed Velez, chief technology officer for the Army Program Executive Office Enterprise Information Systems.

MULTI-VENDOR SOLUTION

Participants say the use of the open standards process of developing specifications ensures that the best minds and technology in the industry are contributing to specifications that solve the most difficult Ed Velez computer and network security problems ever faced.

“Once the specifications are approved by the TCG membership, then they are made public on the Web site for anybody, including nonmembers, to use. This gives the specs broader scrutiny in the process of evaluation,” said Brian Berger, chairman of TCG’s Marketing Working Group and a vice president at Wave Systems, a TCG founding member.

“The premise of the TCG is a hardware root of trust to protect secrets. This is a big change from the past, when security was based on software,” Berger noted.

In addition, the large membership of the TCG keeps healthy competition alive. “The TCG architecture has got the backing of a lot of companies, so we are not locking ourselves into any proprietary technology,” Velez said. “As we look at how the taxpayer gets the most bang for the buck, we see an opportunity to compete for the best technology with TCG because it’s a multi-vendor solution.”

When Dell and Gateway began shipping computers in April with Trusted Platform Modules, their systems came bundled with Wave Systems’ TPM-enabling security software, called Embassy Trust Suite, which consists of six modules. A client version of it is bundled with Dell Latitude laptops, for example, and a server version allows the enterprise or government agency to manage PCs with TPMs in their networks. Enhanced client and server versions of the software provide scalability.

Wave’s Embassy Trust Suite offers a list of features, including document protection, digital signatures, password management, key management and TPM management.

“We built the software for the new TCG standards, and with this, we now have the beginning of a common security structure with strong authentication and data protection on every machine,” said Steven Sprague, chief executive officer and president of Wave Systems.

Sprague emphasized the huge technology development savings inherent in the standards-based TCG multi-vendor security solution. “The industry has invested hundreds of millions of dollars in the course of building an interoperable security standard that every federal, municipal or state group or first responder or citizen will ultimately have. This is not something the government can do. It is something the industry can do, and the industry standards will make it happen,” he said.

Key defense contractors have also accepted standards-based TCG technology as a useful long-term solution to meet DoD requirements. “The TPM is effectively a tool that the computer uses to take a trusted measurement. When the computer boots up, it can take a measurement of the software integrity it’s loading into its memory,” noted Bill Ross, director of high assurance systems for General Dynamics C4 Systems.

But in order to complete the process, the Trusted Network Connect protocol must be used with the TPM to take the measurement and report it back to a central infrastructure. “As a result of the use of TPM with TNC, systems and network administrators can then create limited network access, which puts a suspected system into a quarantined network until a security problem is resolved,” said Ross.

However, access control extends beyond the network into hard drives and other peripherals and devices. Concern about the lack of hard drive data protection arose in May, for example, when the Department of Veteran’s Affairs reported the theft of a department data analyst’s laptop containing the private information of 26.5 million veterans.

NETWORK ACCESS

In a world with increasingly diverse networks with heterogeneous software and devices, network access is the biggest concern. By using TNC, network administrators can enforce security policies.

The TNC refers to a subgroup of the TCG and also to the set of nonproprietary specifications for open standards that address the network access and policy control portion of trusted computing. As one of the companies involved in developing TNC specifications for TCG’s interoperable security technologies, Juniper Networks announced in May that its own Unified Access Control product supports the TNC open standard.

Network access traditionally has been based on the user’s identity, but just because the user is authorized, that doesn’t mean the user’s machine is clean. “If a computer has been turned off for a week or two, it’s vulnerable once it’s turned on again because it doesn’t have the latest operating system and security patches,” pointed out Steve Hanna, Juniper Networks distinguished engineer and co-chair of the Trusted Network Connect subgroup of the TCG.

Hanna provided another real example of seemingly innocent computer use that is actually a threat to the system. “A lot of times people will turn off their anti-virus software and their firewall and then they are vulnerable. You need to turn them back on before you connect to the network,” he said. “If you get a brand new computer and bring it onto the network, the first things it will do is try to download the latest patches from Microsoft. But it gets infected before it has a chance to download those patches.”

The TNC architecture includes the endpoint Access Requester (AR), a Policy Enforcement Point (PEP), which functions like guards at the network that only let in machines that comply with network security policy and a Policy Decision Point (PDP). “The PDP is the brains of the operation, which evaluates each AR and makes complicated decisions to determine which machines should get in or not. It can bebased on hardware or software, but it is moving increasingly into the hardware appliance mode,” said Hanna.

The TNC also includes a series of plugin application programming interfaces, which hook the whole system into TPM. And TCG members have contributed various types of technology to the TNC ecosystem. For instance, IBM, Symantec and Wave have all provided Integrity Measurement Collectors as part of the TNC.

Symantec’s anti-virus software has an add-on that works as part of the TNC system. IBM’s Tivoli has a Security Compliance Manager that acts as an early warning system by identifying security vulnerabilities and security policy violations. And Wave System’s Embassy Endpoint Enforcer, which works with Juniper Networks, Meetinghouse and Nortel products, serves to link the TPM to the TNC system.

One of the biggest threats is criminally organized malware that produces a stealthy infection called Rootkit. “It hides from anti-virus software, burrows its way into your operating system at a low level where it can’t be found and gives false reports to anti-virus software,” explained Hanna. “The only way to detect Rootkit is with hardware.”

Rootkit is but one example of why a growing number of enterprises are moving toward the use of hardware-based TPM. “You can’t change the TPM. If it’s turned on and used to measure everything that loads when the machine boots up, it will then report it back to the server, which then will check for a valid configuration. If the configuration is invalid, the PDP will send remediation instructions to your machine through the client server interface and finally, the PEP will quarantine the suspected machine,” he said.

Given the requirement to have the strongest possible network security, DoD is looking not only at TPM but also at using the TNC as a way to provide that, Hanna noted.

The TCG is also working steadily to continue expanding its security technology health checks. “Someday, we will have TNC health checks with cell phones,” Hanna predicted. “Even if you don’t download games or ringtones, a lot of mobile phones have Web browsers and Instant Messaging, and they could get infected that way. The bottom line is that anything that connects to the network should be included in a health check.” ♦

Back_to_Top

  • Written by PATRICK CHISHOLM
  • Hits: 3468



AIR FORCE LAUNCHES WIDE RANGE OF INITIATIVES
AIMED AT DEPLOYING AIRBORNE NETWORKS.

 

As they look ahead to potential future missions, defense officials know that they may have to deploy hundreds of aircraft, ground vehicles, ships and satellites to an area that contains little or no existing network infrastructure. A major challenge in such situations is building and securing an ad hoc, mobile network capable of integrating the multifaceted participants in order to achieve seamless decision-making, greater speed and greater precision in the targeting process.

A key enabler for achieving this type of network-centric capability is moving to Internet Protocol-based routing. This enables platforms such as aircraft to access more sources of information and greater volumes of it, faster.

But while ground-based IP networking exists, Air Force leaders have been concerned that there is no airborne IP network to speak of. The vast majority of air platforms currently rely on a Link 16 line-ofsight capability.

Many platforms are not even connected via a data link of any kind. Moreover, current networks are not conducive to adding new nodes and platforms easily, at a time when the number of deployed sensors and platforms is increasing greatly, with an associated increase in bandwidth needs.

At transmission speeds of 118 kbps, Link 16 has limited capability. Transmitting the amount of data equivalent to an unabridged dictionary would take two minutes. IPbased networking using the common data link (CDL), by contrast, enables speeds of 274 mbps, or more than 2,000 times faster. Transmitting the same dictionary would take just 5 milliseconds.

The Office of the Secretary of the Air Force envisions establishing a “self-forming, self-healing” Global Information Grid, in which IP-addressable aircraft can dynamically enter and leave a network, and where more there are more entry and exit points for data to pass between the ground and airborne GIG. IP-based protocols would automatically find and connect with a network within an RF range.

A goal is to upgrade information-sharing capabilities of aircraft from voice-only or data link-only, to a network-centric LOS and beyond line-of-site (BLOS) connectivity. Instead of broadcasting, information could be routed to only those platforms that need it. And airborne platforms could act as routers, dynamically choosing the best path to send information.

In response to these concerns, the Air Force has launched a wide range of initiatives aimed at deploying airborne networks. The Air Force Communications Agency (AFCA) and Air Force Research Laboratory (AFRL) recently sponsored a conference to review progress on airborne networking, which they defined as “an infrastructure that provides communication transport services through at least one node that is a platform capable of flight.”

STRATEGY SHIFT

From an architectural point of view, the goal is to move beyond stovepiped tactical data links, or point-to-point communication systems, and toward more network-oriented IP-based communications, and to obtain tactical data link formatting and link it to an IP structure. The Battlefield Airborne Communications Node (BACN) is an example of that. “It tackles point-to-point radio communications—data or voice—and integrates them using an IP packet routing architecture to better integrate in, and be interoperable with, the Global Information Grid,” said Colonel Robert Steele, commander of the AFCA. “It enables moving toward a netcentric IP-based platform. That in itself isn’t a capability, but rather an architectural or technological construct.” AFCA is the lead command for the Airborne Network Integration initiative within the Air Force.

As recently as a year ago, the Air Force approached the challenge of Airborne Network Integration through the framework of the C4ISR Roadmap. Moving away from a “platform-centric” way of looking at airborne communications that were essentially stovepiped, the C4ISR Roadmap indicated where the programs and platforms specifically should be at a given point in time, and what each platform would yield, and what could be done to better integrate them into a net-centric environment.

That approach has been improved. Today it is much more capability oriented. “What we do now is leverage things like the Integrated Capability Review and Risk Assessment [I-CRRA], and look at the missions that we would be required to fly. Things like time-sensitive targeting, close air support, homeland defense and humanitarian relief operations—critical missions that we do every day. Then we look at the capabilities needed to effectively carry out those missions, and go from there.”

The approach now, explained Steele, is developing an overall strategy for airborne networking that’s more closely aligned with those risk assessments and the shortfalls and gaps in existing programs the risk assessments uncover. For example, there are challenges with BLOS connectivity for tactical data links. An F-16 Block 50/52 may be data-link enabled, but it could be flying outside of the connectivity footprint of another Link16-enabled aircraft or gateway.

“Rather than just chasing a technology,” pointed out Steele, “the new approach involves running scenarios based on experience from past missions, and from that, deriving the requirements that will in turn drive the systems required for airborne networking,”

In reporting on progress in Airborne Networking Integration, traditionally the Air Force would give briefings on the family of data links, encompassing areas such as narrowband and wideband satellite systems, individual weapon system data links. “It was very program centric, such as ‘here’s what this thing, by itself, will do for you, and here’s what it will yield,” said Steele. The new approach is reflective of DoD direction—to look at capability-based planning and effects-based programming. “Before, we were driven by the programs,” he added. “Now we’re at the point where we’re trying to drive the programs to be integrated, interoperable, more cost-effective and more netcentric.”

Funding issues prompted much of the shift in approach. Iraq and Afghanistan, as well as higher-than-expected costs of the Joint Tactical Radio System program, have been consuming dollars that would have gone into many airborne network integration programs, according to Colonel James Henderson, chief of the expeditionary network operations division within the Secretary of the Air Force Office of Warfighting Integration and Chief Information Officer. “We lost a lot of money, so we stepped back and looked at our missions, and which platforms are really helping us in those missions,” he said.

As the services build their budgets, all airborne networking programs are being evaluated. “If you can specifically show the warfighting effect of a program and how it relates to a mission, you get better support for that than if you can’t link it to a mission,” Henderson said.

All ongoing airborne networking programs are still important, Henderson said, but they cannot be funded based on the timelines they have been on. Decisions are being made as to which can be cut back, although nothing has been finalized.

Continued Henderson, “A number of years ago we didn’t have huge war bills driving a lot of issues, and we didn’t have people out there in harm’s way on a daily basis. But we can’t just put all of our money towards that with no transformation funds. So finding that balance is what we’re trying to do.”

The process involves identifying gaps and shortfalls in existing systems, then investing in those systems in order to satisfy those gaps and short falls. For example, explained Steele, there are challenges with BLOS connectivity for tactical data links. An F-16 may be data-link enabled, but it could be flying outside of the footprint of another receiver.

“Rather than just chasing a technology, the new approach involves running scenarios based on experience from past missions, and from that, derive the requirements that will in turn drive the systems required for airborne networking,” Steele said.

SYSTEMS APPROACH

In addressing challenges in the airborne networking environment, traditionally the approach has focused on one particular aspect, such as a faster data link, a better routing protocol, a smarter application or a way to do quality service. Now it’s recognized that solving the problems requires a systems approach. All of the issues need to be fundamentally addressed.

AFRL has also been heavily involved in this area. In recent interviews, AFRL officials discussed programs they are working on that take that systems approach.

One such program is the Interim Capability for Airborne Networking (ICAN), an ongoing program to enable aircraft to communicate with participants on the ground. This program enables the creation of a network among disadvantaged links, which may suffer from low bandwidth, high error rates, long latency or non-connectivity. ICAN gives aircraft an unprecedented ability to participate in the planning and targeting process.

ICAN is essentially a smart router, said Dan Hague, senior scientist within the Information Grid Division at AFRL. It is aware of the system-level concerns and also fluent in tactical radios and other disadvantaged links. For instance, the ICAN box is placed in an aircraft and connects to the existing radio resources on the aircraft.

A ground infrastructure is put in as well, in the form of radio access points or ground entry sites. These are connected to the SIPRNet, and there is a distributed set of hardware that talks to the individual radios that are located throughout the SIPRnet infrastructure.

“ICAN determines the most effective link protocol in order to send IP data over highfrequency radios, and looks at how mobile IP can help and support this, and integrate better and smarter transport protocols. And, make performance-enhancing proxies that improve the performance of the system overall. And most importantly, how to put that all together,” said Hague.

The focus is routing, quality of service, cross-layer protocol work and interoperability.

“ICAN and JCAN [Joint Capability for Airborne Networking] are providing IT enabling,” said Hague. “A user, whether in an aircraft or on the ground, will be able to connect in either an local network or an individual computer on their end, and be able to communicate with other resources like they were sitting at their desk at work, with the ability to chat, e-mail, share information and use Web browsers, just as they do at their desk.”

AFRL has been working closely with AFCA in developing ICAN, as well as the Air Force’s Electronics System Center, Aeronautical System Center, C2ISR Center and others. AFRL is working on integrating ICAN with the Navy as well.

Another program aimed at integrating disadvantaged links to the GIG is the Battlefield Airfield Targeting Network (BATN). It consists of a high-data-rate, IP-capable radio that helps close the last tactical mile between disadvantaged users and other nodes.

“We’re putting in our requirements to create one radio for these disadvantaged users, in order to connect into the airborne networks, to make sure that the ground users have requirements [that] are fulfilled, and be able to communicate to the weapons, and if necessary take over control of their radio and guide that weapon into a target opportunity or talk to a UAV to be able to transfer data,” explained program manager Captain Robin Watts.

A disadvantaged user is someone who doesn’t have a backbone of support like a whole brigade would have, Watts said. It typically would be a foot soldier, particularly special operations personnel. Development of the radio is expected to begin at the end of 2008, and deployment a few years after that. Rockwell Collins is the lead contractor.

Intelligence Information Routing for Airborne Networks (I2RAN) is another systems-approach-oriented program, which is getting under way this fiscal year. It consits of creating a mission- and scenario-modeling capability for airborne networking.

Fred Hall, senior electronics engineer at AFRL and program manager for I2RAN, said it will enable users to more effectively design and construct ad-hoc networks and establish concepts of operations. Users could look at a mission from a top-down view, examining the type of missions, scenarios and platforms. It will also provide for a bottom-up view, such as types of radios, waveforms and other equipment needed. It will help plan out the enterprise management as well as the technologies to enable the connections between points.

“One of the big problems of applying enterprise management to the airborne network is that it’s so dynamic. You have nodes leaving and entering, whereas with groundbased networks nodes are more static. Sothat’s where we’re taking this program,” said Hall. ♦

Back_toTop
 

Building the IA Offensive Line

  • Written by MICKEY MCCARTER
  • Hits: 3754



INFORMATION ASSURANCE DIRECTOR FOCUSES
ON DEVELOPING PEOPLE TO PROTECT NETWORK SECURITY.


The Department of Defense has been making significant progress in recent months to implement various information assurance initiatives, including a directive establishing policy for information assurance training and certification, according to DoD Information Assurance Director Robert Lentz.

The department hopes to fully set up workforce certification in information assurance within five years, Lentz said in a recent interview. What DoD really requires, he suggested, is the equivalent of a driver’s license for information assuance.

“If you want to run a motor generator in the Army, you have to go out and get a training certificate,” he said. “We did not have that up until this directive was issued for those people that are key system administrators or network administrators or security officers who are managing this very expansive and complex network.

“Through this directive, we have now put into place a process for getting up to 90,000 or 100,000 personnel who will ultimately have to be certified on a regular basis to operate and to perform those duties in these key positions,” Lentz continued. “That driver’s license is what we are attempting to get out of that directive.

The DoD directive on IA training was issued in August 2004, and the Office of the Secretary of Defense for Networks and Information Integration (ASD NII) issued a manual to support the directive last fall. Now, ASD NII is getting into the details of setting up a certification solution for training, certifying and managing the information assurance workforce throughout DoD.

Within five years, Lentz plans to finalize a certification program to deal with up to 100,000 personnel in various IA capacities. As the first part of that effort, DoD components must identify the specific positions dealing with information assurance and record those in a database. From there, administrators must work to determine what training each annotated position requires and enact a program to deliver that certification.

“It will take a little bit of time, as you can imagine, to get all of the databases coded and all of the positions properly annotated for certifiable positions needing certain certifications, and then get the schoolhouses with the requisite amount of training to support those required certifications,” Lentz noted.

“The key to this directive is that it is really based on commercial certification providers,” he continued. “We are going to be leveraging those commercial services to get those certifications. It allows us to do it faster and, by using those commercial certification providers, it allows for a heck of a lot more agility in allowing us to adapt continuously to the changing art form of network security.”

DoD has allocated about $100 million over five years to establish certification training programs and begin personnel activities to support them.

“That amount of money, in the neighborhood of about $20 million or so a year, is allocated to support that across the entire enterprise,” Lentz said. “As with any program, you always are searching for some newer techniques and tools that come along. But the baseline funding is in place.”

To jumpstart information assurance certification across the department, Lentz hopes to identify the top 15,000 or so personnel and certify those core positions within the next 18 months. Afterward, DoD could branch out and rapidly certify the remainder of the information assurance workforce within the next three to four years.

New personnel joining the department would receive training for their positions as quickly as possible to ensure a smooth transition into the new way of doing business, Lentz said. Those personnel would include military, civilian and contract employees as well as some foreign nationals responsible for DoD networks overseas.

Lentz stressed that the plan for information assurance certification was part of a larger plan to focus on the people responsible for maintaining DoD network security.

“We try to focus on in information assurance as a combination of technical means, operational means and people,” he said. “Those three legs of the stool will make or break our ability to protect and defend the network and information that is flowing across the network.

“The people part of it, in my mind, is really the offensive line to our ability to succeed or fail. You can have all of the great quarterbacks and running backs in the world, but you are not going to be that successful without that offensive line.”

CERTIFIED SECURE

Information assurance certification is not the only new initiative that Lentz is dealing with these days. Several other key programs have launched within the past several months to boost network security across DoD and between the department and some of its key collaborators.

John Grimes, the ASD NII and DoD chief information officer, this summer released the interim DoD Information Assurance Certification and Accreditation Process (DIACAP).

“That policy is a very critical policy that will set in place a transformative process for having enterprise certification and accreditation based on a service-oriented architecture and based on the security controls that we have in place. It is a very important bedrock policy for us as we move in a net-centric fashion,” Lentz remarked.

DIACAP details the standard processes for the identification, implementation and validation of information assurance controls of the use of DoD information systems and the management of information assurance across the defense enterprise. The process replaces a former standard, the Defense Information Technology Security Certification and Accreditation Process (DITSCAP).

In response, companies are rushing to ensure that their products meet the standards. For example, a company called SecureInfo recently announced that its SecureInfo RMS certification and accreditation software now conforms to DIACAP standards. The software automates certification and accreditation processes, enforcing DoD information assurance standards throughout federal networks.

In addition, Grimes and Air Force Major General Dale W. Meyerrose (Ret.), the CIO for the director of national intelligence, recently launched the Cross-Domain Management Office. The office examines and issues security solutions to protect information that travels between top secret, secret and sensitive and unclassified DoD and intelligence networks, as well as between DoD and security partners like the Department of Homeland Security and international coalition partners.

“It is a jointly led program office with the intelligence community because we want to flow information from the intelligence community assets throughout the entire range of areas of interest that we have out there that are growing every single day in leaps and bounds in the global war on terrorism,” Lentz said.

Meyerrose announced in June that one goal of his office was to reduce the number of cross-domain interfaces. He indicated plans to reduce the number of joint crossdomain solutions from what could be hundreds to only two dozen.

The DoD Enterprise Solutions Steering Group also is deploying new capabilities to boost information assurance while launching new activities to help secure networks.

IDENTITY INFRASTRUCTURE

Lentz’s office is also heavily involved with accelerating the deployment of public key infrastructure across DoD to meet the demands of Homeland Security Presidential Directive 12 (HSPD-12).

HSPD-12 requires all federal agencies to implement a security standard developed by the National Institute of Standards and Technology (NIST) for both physical and logical access to federal systems. At DoD, HSPD-12 initiatives are co-managed by the DoD CIO and the Office of the Undersecretary for Personnel and Readiness.

“HSPD-12 is another very important security control,” Lentz said. “We have a whole host of security controls and standards that we follow in DoD. Many of them are married up with the NIST national-level set of controls.”

The key principles of identity protection and management established under HSPD-12 become part of the information assurance standards that key personnel will be required to master as part of their roles and responsibilities. The HSPD-12 requirements will be one part of the greater set of information assurance regulations that personnel must learn when they obtain information assurance certification in the future, Lentz said.

“There is no doubt that not only today but in the future the Global Information Grid has as its basic foundation this idea of identity protection and management,” Lentz said. “Clearly, all sys-admins who really are very good see the great benefit of having strong access control. You want to get rid of passwords, but you want to have people on the net that you know are the right people to be on the net. That will make your job better and more effective as a sys-admin. So it is going to be a fundamental criteria for how we operate.”

Lentz pointed out that personal identity verification through the use of smart cards—as many agencies are preparing for HSPD-12 compliance—is not new at DoD. In the late 1990’s, the department first deployed a PKI system across its networks, linking it to its common access card, which DoD employees used to log in to networks. ♦

Back_to_Top