Army gets the green light for major IT security reorganization

Wednesday - 9/25/2013, 5:46am EDT

Jared Serbu reports.

Download mp3

Key congressional committees have signed off on an Army request to spend $175 million to significantly restructure the way the service secures its computer networks.

The Army will begin with nodes in the U.S. and in the Middle East, which officials said is one of the first major leaps ahead toward DoD's eventual Joint Information Environment (JIE).

The four key Defense committees which oversee DoD reprogramming requests gave the go-ahead last week to spend fiscal 2011 funds that otherwise would have expired to build what the Army calls joint regional security stacks.

Instead of having the Army's networks secured at the local level by each individual post, camp and station, the service will elevate and consolidate those responsibilities at 11 regional centers in the continental U.S. and four more in U.S. Central Command and Europe.

"Right now, we have 400 points of presence where we have major security architecture that interfaces with the Internet, external networks and the DoD dot- mil networks. Those are all a surface area that can be attacked, and so right now they have to be defended," Richard Breakiron, the network capacity domain manager in the Army CIO's office said in an exclusive interview with Federal News Radio. "Reducing that down to 11 gives us much greater capability at each one of those locations and it allows us to focus our attention. Our best trained personnel will be able to work at those locations. Our cyber forces will really be able to work the data at those locations."

No visibility into base networks

Officials said the change will help solve one of the military's biggest network defense challenges. Currently, U.S. Cyber Command, Army Cyber Command and the other military service cyber components don't have visibility down to the individual military bases and the thousands of computer terminals that populate them. The regional approach, based on common network standards, will begin to change that.

It's also much more cost-effective, Breakiron said. The Army currently estimates that its various components rack up a bill of $1.2 billion every five years just to replace equipment in the current disjointed security infrastructure, not counting the cost to operate and maintain it.

The regional security stacks are a sub-part of a larger network modernization the Army already is in the middle of, with installations officially beginning this month. It began with a large bulk purchase of multi-protocol label switching routers (MPLS) at the end of 2012, also through a Congressional reprogramming.

The MPLS technology, increasingly common among private-sector network operators, is designed to dramatically increase the performance and efficiency of a network, and the Defense Information Systems Agency had been planning to start implementing the system across DoD as part of the department's transition to a common computing infrastructure under the JIE plan. The Army said its project, which the Air Force now has joined, effectively moves the timeline up by almost four years.

"What it does for the Army is that I'm changing a business process," Mike Krieger, the Army's deputy CIO told AFCEA's DC chapter last week. "There's a GS-13 who works at Fort Huachuca, and today, if you need more bandwidth at your post, you have to justify it to him. So at Fort Hood, Texas, a core installation of the U.S. Army, they have a total of 650 megabytes per second that he's approved. This MPLS cloud will give us 10 gigabytes at every single installation without anybody having to individually validate the requirement. My argument from the CIO shop is we need to make bandwidth go away as a constraint. It's just a huge upgrade for the Army."

Army officials argue the upgrade represents a huge culture change in the way the U.S. military has historically handled IT.

Legal hoops

For one thing, the Army will not own the hundreds of millions of network technology it just bought — instead, it will immediately hand it over to the DISA, which will operate the network as part of its role as the main enterprise technology provider for the JIE.

Breakiron said the Army and DISA had to work out some complex and creative arrangements to stay within federal law surrounding the authorities and responsibilities of the military services.

"DISA is going to accredit the equipment, they will handle operation and maintenance lifecycle replacement of the equipment, and they will administer the vast majority of the routing and traffic management of the network with these routers," he said. "But the Army, the Air Force, the other services that have legal requirements to defend their networks will be delegated some administrative rights to our network operation and security centers. The same thing will happen with the security stacks. DISA will take ownership, but again, they'll delegate administrative rights to the services, because each of our mission areas are all just slightly different."