[ISN] No easy fix for DOD security issues
isn at c4i.org
Tue Mar 22 03:11:29 EST 2005
By Bob Brewin & Frank Tiboni
March 20, 2005
A panel of industry experts formed by the National Security Agency
reviewed the information assurance requirements of the Defense
Department's Global Information Grid, (GIG) last December and
concluded that providing security for it depends on "technologies that
do not exist and may not be feasible."
The assessment was based on a preliminary draft of the information
assurance strategy for the grid, but "does not, and never has
represented NSA's view of the GIG," an NSA spokeswoman said. "NSA
believes that the current draft of the GIG [information assurance]
strategy will help ensure DOD is able to deploy a robust, survivable
GIG well into the future."
But "in order for the GIG to move forward, new capabilities will need
to be developed that address the security challenges inherent in any
enterprise architecture as complex as the GIG," she said.
The grid essentially forms the backbone of the Pentagon's concept of
network-centric operations, where data is made readily available to
the people who need it. Deputy Defense Secretary Paul Wolfowitz
defined the grid in September 2002 as DOD's enterprise-level
architecture to provide computer and communications services to
commands worldwide. Former DOD chief information officer John Stenbit
has said that if such data is posted on networks, information security
becomes even more critical.
The grid includes the GIG-Bandwidth Expansion, designed to provide
gigabit-speed networks worldwide, the Joint Tactical Radio System and
satellites for last-mile connectivity, top DOD officials have said.
The NSA spokeswoman added that securing the grid "will require
significant investments by the community in [information assurance]
solutions. However, NSA has capabilities in place and under
development to address some of these challenges."
Warren Suss, president of Suss Consulting, said providing information
assurance for the grid "is a leading-edge challenge because the GIG is
something that has never been done before."
Besides protecting data transmitted via GIG-BE fiber-optic networks,
NSA and DOD also have to develop gear to protect information that
flows to and from battlefield systems, such as unmanned aerial
vehicles transmitting live video feeds, Suss said.
Despite the challenges, Suss said he believes officials in the
Pentagon's CIO office and at NSA "are working hard to resolve the
GIG-BE's wideband, gigabit circuits required development of a new
class of gigabit Ethernet encryptor devices that comply with federal
High Assurance IP Encryption standards for GIG-BE.
A Congressional Budget Office report released last month said that
development of high-speed encryption devices is essential to take
advantage of GIG-BE's broadband capabilities.
"GIG-BE's capability to transport classified data is [based] on the
speed of high-assurance IP encryptor devices available," the report
said. The Defense Information Systems Network, which uses GIG-BE for
transport, currently has 16 nodes that can operate at rates of up to
10 gigabits/sec and eight nodes that operate at 2.5 gigabits/sec, the
CBO report states.
The NSA spokeswoman said development of an information assurance
strategy for the grid is a long-term project that has undergone a
great deal of change since the agency completed its first draft.
Developing an information assurance architecture is so complex that
NSA has already completed a 2,000-page draft document for the grid,
Federal Computer Week has learned.
"DOD is expected to approve the GIG [information assurance]
architecture documents in the near future," said Michael Johnson,
chief of NSA's information assurance architecture office. "Once
approved, this work will be integrated into existing DOD compliance
documents, processes, policies and regulations."
For example, plans are under way to integrate the architecture
strategy into the GIG Architecture, Net-Centric Operations and Warfare
Reference Model, Net-Centric Key Performance Parameter and Net-Centric
Checklist, Johnson said.
More information about the ISN