[ISN] NSA to take lead on Defense info assurance

[InfoSec News]

http://gcn.com/vol1_no1/daily-updates/31383-1.html

By Dawn S. Onley 
GCN Staff
12/15/04 

The National Security Agency is filling a new role in the Defense 
Department: leading the information assurance path DOD takes to 
becoming a network-centric workplace. 

The new assignment is based on security work the agency did for DOD a 
few months ago building a security component for the Global 
Information Grid, said Priscilla E. Guthrie, deputy Defense CIO. 

"We asked NSA to build an IA architecture. NSA did a 
knock-your-socks-off job of doing this," Guthrie said today at a lunch 
the American Council for Technology and Industry Advisory Council 
sponsored in Arlington, Va. 

The IA component calls for integrating security into the GIG by, among 
other things, authenticating credentials and security clearances. The 
plan also calls for the use of some form of user token for the 
security architecture. 

Recently, DOD asked the agency to take the lead for information 
assurance initiatives across the department, Guthrie said, although 
that doesn't mean NSA will build everything or own all of the IA 
dollars. 

NSA will put together a GIG Information Assurance Portfolio so DOD can 
have a go-to agency if portions of the grid lack adequate security, 
Guthrie said. 

"NSA will deliver a vision for what it's going to take to secure the 
environment," she said. "Some have asked me, "Why NSA? They don't have 
the skill set." I don't know a better construct for the department. 
This is a blueprint for us to effect this broad IA environment." 

Guthrie also said the Pentagon is getting out of the business of 
application integration and moving more toward data-level integration. 

"If you only do integration of applications, I hope we put you out of 
business," Guthrie told the executives gathered at the lunch. "You 
must separate data from apps. If they are not separable, we don't want 
you in the department."