27 November 2014

DISA's biggest IT initiatives focus on securing DoD networks

Written by AMBER CORRIN
Nov. 24, 2014

DISA is preparing to play a key role in a new joint force headquarters dedicated to Defense Department network defenses. (Caleb Barrieau/ / Army)

It’s been a busy year at the Defense Information Systems Agency, where the military saw significant changes in how the Defense Department handles major IT initiatives including cloud computing, mobility, joint regional security stacks and the Joint Information Environment.

These changes are still taking shape against a backdrop of institutional shifts at DISA, where a reorganization is restructuring some of the agency’s functions and officials are preparing to play a key role in a new joint force headquarters dedicated to DoD network defenses.

“Right now the [DoD Information Network, or DoDIN] and joint force headquarters concepts are at the Pentagon for consideration by the senior leadership level, and that’s going to determine the relationship of DISA with [U.S. Cyber Command] as they stand up the joint force headquarters concept,” said Alfred Rivera, DISA acting director of strategic planning and information. “In the meantime DISA, as the major DoDIN service provider, is looking at how to best profile ourselves to be supportive to that joint concept. We’re awaiting direction and working on when we think we can reach initial operating capability based on that guidance.”

There’s no shortage of other priorities as DISA awaits word on a joint force headquarters directive. Agency officials are busy preparing for a new security oversight role in relation to DoD cloud use, helping guide the military’s transition to the Joint Information Environment, standing up joint regional security stacks around the world, and arming DoD users with mobile devices. While agency leaders are balancing numerous priorities, here’s a brief look at what’s happened over the past year in four of DISA’s biggest initiatives:
Changes to cloud broker status

In September DoD CIO Terry Halvorsen said DISA no longer would be considered DoD’s de facto cloud broker. Instead, the military departments will receive greater authority to purchase their own commercial cloud services for handling nonsensitive and unclassified data, while DISA focuses on the security pieces behind the scenes.

“DISA is going to be moving away from participation as cloud broker and in cloud services, with more focus on providing security guidelines to include security reference models, the basis in determining costs and the types of applications that are candidates for cloud services,” Rivera said. “I think we’re going to continue to play a very big role from the cloud broker perspective in that respect as cloud server provider, [and] also be a vehicle for network access to cloud service providers [that are] available, secure and reliable. Those two elements are still going to be germane to DISA’s responsibility.”

Official word on DoD’s new cloud policy was expected by the end of October, but Halvorsen told reporters in September that military departments will be required to conduct thorough business case analyses that consider DISA cloud services. DISA’s internal services, such as DoD’s internal milCloud, still will need to be used for sensitive or classified data that cannot be housed in the commercial or public cloud space.

“We’re still maintaining security requirements, provisioning authorizations [and] designing the architecture for cloud access points. Those key roles, Mr. Halvorsen still expects us to support,” said Dave Mihelcic, DISA chief technology officer. “If you look at the changes, it’s just leveraging the military departments’ capabilities to do some of the acquisition work so that together we can accelerate the pace of adoption of commercial cloud.”
The evolving Joint Information Environment

JIE, DoD’s move toward more streamlined, enterprisewide technology, processes and shared services, may not be ready for prime time just yet, but over the course of 2014 DISA helped establish the path forward for the initiative.JIE’s many moving pieces became somewhat clearer this year as DoD officials sought to define its goals and the benchmarks the military departments need to achieve to move the process forward. It includes tying together all things defense IT — think mobility, security, networks, common operation picture — as well as the people and policies involved in day-to-day operations.

“Our real challenge is how we move out in what industry calls commodity services and apply those efficiencies,” said Dave Stickley, director of the DISA JIE office. “The imperative has changed … we can’t afford to allow the services to do their own IT in their own way anymore.”

The momentum behind the moving pieces is where focus is trained now as officials hammer out specifics required for moving forward.

“I think the thing that needed more concentration was to get more discrete about the specific events in JIE, and to really get things in a set of priority order that you could individually cost,” Halvorsen told reporters in September. “I think the security pieces of this were understood, what it did for mission was understood, but I don't think we understood how to cost it.”

In the near term, some of the so-called on-ramps to JIE will include a DISA-led move to unified capabilities, as well as the launch of joint regional security stacks and better, more affordable mobile solutions.
The rollout of joint regional security stacks

JRSS currently stands as a foundational piece of broader departmentwide efforts to transform how the military handles IT, networks and global communications under JIE, and it’s one of a handful of areas making concrete, measureable progress.

“One of the early successes of the JIE is the deployment of joint regional security stacks, which are a component of the single security architecture and will ultimately help to improve command-and-control and situational awareness across the enterprise,” said Col Daniel Liggins, vice director of DISA’s JIE implementation office. “The stacks are being installed at various sites around the world.”The first site, at Joint Base San Antonio, reached initial operating capacity on Sept. 14. It’s just the first of 11 continental U.S.-based (or CONUS) JRSS locations, and one of what will eventually be 23 locations around the world.

“Joint Base San Antonio has been our proof of concept,” said MG Alan Lynn, DISA vice director. He noted that with the other services on track to integrate with the Army’s efforts down the line, San Antonio serves as the 1.0 version of JRSS, with the coordination of the Air Force and DISA down the road being the “1.5” version and a 2.0 also coming but at the moment remains “undefined.”

Currently, DISA officials are considering how they might integrate existing Navy and Marine Corps gateways, which serve essentially as naval regional security stack solutions, into JRSS. Most likely that move would coincide with the Navy’s and Marines’ tech refresh cycle to update those gateways, but no formal timeline has been determined.

“They already essentially have the capabilities we’re building out for the Army and integrating into the Air Force, so there’s not the same gap to address or urgency to bring them in,” Rivera said. “We’re currently considering an approach where existing Navy-Marine Corps gateways fold in under JRSS so we have global visibility while leveraging existing capabilities. Bottom line, we’ll be syncing the timeline so that we’re leveraging Navy-Marine Corps investments, getting those capabilities at the earliest opportunity and integrating at an appropriate time in the life cycle of the Navy-Marine Corps system.”
Mobility on the move

After a plethora of pilot programs and struggles with the long-maligned SME-PED (Secure Mobile Environment-Portable Electronic Device), DISA is preparing to ramp up the mobile options it provides to DoD users, including through Apple, Android and BlackBerry platforms.

Today, the number of BlackBerrys on the hips and in the hands of DoD personnel far outnumbers iPhones and Androids, but that’s set to change as DISA prepares to roll out as many as 40,000 of those devices — both smartphones and tablets — on military networks over the next year. It’s a significant jump from the current 4,000 or so devices currently deployed.

“I think we’re going to continue to grow and see our numbers increase,” said Kimberly Rice, DISA mobility program manager. “As we keep moving down the path, [mobile device management] and some of the additional security requirements we’ll need to address will mean that we’re going have to keep getting better. We also have a lot of users out there that are under contracts — just because a new device is out doesn’t mean that they can get a new device right away. So I think it’s going to be a ramp-up that’s going to be in line with whatever our customers have in terms of their service plans and coverage.”

DISA also is preparing to replace end-of-life SME-PEDs — used since 2008 for classified communications — but not until 2015, by the end of which Rice said she expects DISA will deploy 1,500 devices. In the interim, the agency has retrofitted and approved Motorola’s RAZR MAXX to meet SME-PED level requirements and replace the aging devices, but so far only 270 have been

deployed.

No comments: