Defense Department Chief Information Officer Terry Halvorsen is leading a charge to modernize the department’s information technology-cyber enterprise using every available tool, especially those in commercial markets, a defense official in the CIO’s office said.
David A. Cotton, acting deputy CIO for information enterprise, recently spoke to an audience at the FedScoop 2015 Mobile Gov Summit about how DoD is leveraging the power of commercial IT to give its workforce access to information at the point of need.
The Air Force’s 26th Network Operations Squadron and the Defense Information Systems Agency led the migration of Joint Base San Antonio-Lackland’s network traffic through the newly installed Joint Regional Security Stack at the Texas base in September 2014. Here, members of the 33rd Network Warfare Squadron based at JBSA-Lackland execute their network-defense mission. Photo: U.S. Air Force/Released)
Cotton said the department has 1.4 million active-duty men and women, 718,000 civilians and 1.1 million National Guard and Reserve members. More than 450,000 of those employees, he noted, are overseas or outside the continental United States. The department, he added, has several hundred thousand buildings, and structures at more than 5,000 locations on 30 billion acres of land.
Contributing to the Mission
“To us, the mobile workforce is very important. We’ve got to bring [them] capability so they can contribute to the mission wherever they might be located,” Cotton said.
The framework for the department’s IT-cyber modernization is the Joint Information Environment, or JIE, which Cotton calls a vision for the future and something the department always will be trying to achieve. Within the JIE are shared IT infrastructure, common configurations and management, and a common set of enterprise services and capabilities, all with a single security architecture so the system will be more secure, more effective and more efficient. Improved security will give mission commanders a better sense of their level of risk and, from a cyber perspective, a better understanding of their situation within the network, he added.
Shared Situational Awareness
“The network operators –defenders– will have the same shared situational awareness, instead of disparate networks that require much more collaboration to understand the enterprise perspective,” Cotton said, adding that a consistent IT architecture will make the network resilient and defendable.
On the effectiveness side, he said, department personnel will have timely, secure access to data no matter where they are or what device they’re using, and they’ll have access to information and services in case of disruption, degradation or damage. The system also will be more efficient: reducing duplication of capabilities across the services, increasing the return on investment, reducing IT operating costs, and allowing for budget transparency on the IT expenditures.
Joint Regional Security Stacks
The foundation of the JIE is called Joint Regional Security Stacks, or JRSS, Cotton said.
The JRSS itself is a series of 19-inch racks in cabinets, with network applications and appliances in the racks. The technology enables a consolidated view of the network activity and potential anomalies.
“Army started the initiative, then the Air Force joined in, with Marines and the Navy soon to follow,” Cotton said.
The Defense Information Systems Agency is partnering with the Army and Air Force and using JRSS to change the way the department secures and protects its information networks. According to DISA, a joint regional security stack is a suite of equipment that performs firewall functions, intrusion detection and prevention, enterprise management and virtual routing and forwarding, and provides network security capabilities. Deploying JRSS centralizes network security into regional architectures rather than locally distributed architectures.
With this, the deputy CIO added, the obvious next step is connecting the network environment to the cloud computing environment.
The Commercial Cloud
In December, Halvorsen published a memo giving updated guidance on commercial cloud acquisition, Cotton added, and his office worked with DISA and the community to develop a related security requirements guide.
“DISA … is now the keeper of the security requirements,” he said, “so they drafted the requirements for using cloud [services] and distilled them down to four levels of security — from public-facing information on a website to Secret.”
DISA published the requirements on the Internet and sought comments, using them to continually refine the requirements.
Cotton said the security aspects are based on the Federal Risk and Authorization Management Program, or FedRAMP, a government-wide program that offers a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.
Cryptographic Credentials
On the secure communications side, Cotton said, “We want to transition to commercial [technology] … and we actually have some things coming out this year,” including a Samsung smart phone that has secure voice and secure data via Web mail.
Such phones will come with the benefit of derived or cryptographic credentials. These, according to the National Institute of Standards and Technology, are derived from credentials in a common access card and carried in a mobile device rather than a card.
“There is extreme demand for that,” Cotton said, “to put the right information with the right person at the right time in the right format.”
Story and information provided by DoD News
Follow Armed with Science on Facebook and Twitter!
———-
Disclaimer: The appearance of hyperlinks does not constitute endorsement by the Department of Defense. For other than authorized activities, such as, military exchanges and Morale, Welfare and Recreation sites, the Department of Defense does not exercise any editorial control over the information you may find at these locations. Such links are provided consistent with the stated purpose of this DoD website.
from Armed with Science http://ift.tt/1KX2uW7
Defense Department Chief Information Officer Terry Halvorsen is leading a charge to modernize the department’s information technology-cyber enterprise using every available tool, especially those in commercial markets, a defense official in the CIO’s office said.
David A. Cotton, acting deputy CIO for information enterprise, recently spoke to an audience at the FedScoop 2015 Mobile Gov Summit about how DoD is leveraging the power of commercial IT to give its workforce access to information at the point of need.
The Air Force’s 26th Network Operations Squadron and the Defense Information Systems Agency led the migration of Joint Base San Antonio-Lackland’s network traffic through the newly installed Joint Regional Security Stack at the Texas base in September 2014. Here, members of the 33rd Network Warfare Squadron based at JBSA-Lackland execute their network-defense mission. Photo: U.S. Air Force/Released)
Cotton said the department has 1.4 million active-duty men and women, 718,000 civilians and 1.1 million National Guard and Reserve members. More than 450,000 of those employees, he noted, are overseas or outside the continental United States. The department, he added, has several hundred thousand buildings, and structures at more than 5,000 locations on 30 billion acres of land.
Contributing to the Mission
“To us, the mobile workforce is very important. We’ve got to bring [them] capability so they can contribute to the mission wherever they might be located,” Cotton said.
The framework for the department’s IT-cyber modernization is the Joint Information Environment, or JIE, which Cotton calls a vision for the future and something the department always will be trying to achieve. Within the JIE are shared IT infrastructure, common configurations and management, and a common set of enterprise services and capabilities, all with a single security architecture so the system will be more secure, more effective and more efficient. Improved security will give mission commanders a better sense of their level of risk and, from a cyber perspective, a better understanding of their situation within the network, he added.
Shared Situational Awareness
“The network operators –defenders– will have the same shared situational awareness, instead of disparate networks that require much more collaboration to understand the enterprise perspective,” Cotton said, adding that a consistent IT architecture will make the network resilient and defendable.
On the effectiveness side, he said, department personnel will have timely, secure access to data no matter where they are or what device they’re using, and they’ll have access to information and services in case of disruption, degradation or damage. The system also will be more efficient: reducing duplication of capabilities across the services, increasing the return on investment, reducing IT operating costs, and allowing for budget transparency on the IT expenditures.
Joint Regional Security Stacks
The foundation of the JIE is called Joint Regional Security Stacks, or JRSS, Cotton said.
The JRSS itself is a series of 19-inch racks in cabinets, with network applications and appliances in the racks. The technology enables a consolidated view of the network activity and potential anomalies.
“Army started the initiative, then the Air Force joined in, with Marines and the Navy soon to follow,” Cotton said.
The Defense Information Systems Agency is partnering with the Army and Air Force and using JRSS to change the way the department secures and protects its information networks. According to DISA, a joint regional security stack is a suite of equipment that performs firewall functions, intrusion detection and prevention, enterprise management and virtual routing and forwarding, and provides network security capabilities. Deploying JRSS centralizes network security into regional architectures rather than locally distributed architectures.
With this, the deputy CIO added, the obvious next step is connecting the network environment to the cloud computing environment.
The Commercial Cloud
In December, Halvorsen published a memo giving updated guidance on commercial cloud acquisition, Cotton added, and his office worked with DISA and the community to develop a related security requirements guide.
“DISA … is now the keeper of the security requirements,” he said, “so they drafted the requirements for using cloud [services] and distilled them down to four levels of security — from public-facing information on a website to Secret.”
DISA published the requirements on the Internet and sought comments, using them to continually refine the requirements.
Cotton said the security aspects are based on the Federal Risk and Authorization Management Program, or FedRAMP, a government-wide program that offers a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.
Cryptographic Credentials
On the secure communications side, Cotton said, “We want to transition to commercial [technology] … and we actually have some things coming out this year,” including a Samsung smart phone that has secure voice and secure data via Web mail.
Such phones will come with the benefit of derived or cryptographic credentials. These, according to the National Institute of Standards and Technology, are derived from credentials in a common access card and carried in a mobile device rather than a card.
“There is extreme demand for that,” Cotton said, “to put the right information with the right person at the right time in the right format.”
Story and information provided by DoD News
Follow Armed with Science on Facebook and Twitter!
———-
Disclaimer: The appearance of hyperlinks does not constitute endorsement by the Department of Defense. For other than authorized activities, such as, military exchanges and Morale, Welfare and Recreation sites, the Department of Defense does not exercise any editorial control over the information you may find at these locations. Such links are provided consistent with the stated purpose of this DoD website.
from Armed with Science http://ift.tt/1KX2uW7
Aucun commentaire:
Enregistrer un commentaire