DISA builds more security into military networks

The Defense Department’s IT management arm is examining new methods to enhance network security. The Defense Information Systems Agency is pursuing a variety of programs that will help defends military networks from a variety of threats, Mark Orndorff, program executive officer for the agency’s Mission Assurance and Network Operations office, said Aug. 17 at the DISA Customer and Industry Forum in Baltimore. 

DISA’s Mission Assurance office works with the Strategic Command and Cyber Command. The agency’s strategy for cybersecurity is to focus on operational capability and mission assurance, Orndorff said. The goal is to focus on operational capability and to train operators to their missions and not their equipment.

As part of its ongoing security efforts, the agency is also moving to machine-to-machine communications to speed network defense. However, Orndorff noted that there have been cultural issues as some groups have resisted the new capability. Those who resist need to let go of old ways to work more efficiently, he said.

PEO Mission Assurance’s approach for cyber operations is to build defensible network boundaries by protecting the areas where DOD networks meet the Internet. These defensive capabilities include detecting attacks, diagnosis and reaction at network speeds. “If we can do it there, then you don’t have to do it below us,” he said.

Another area of consideration is safe sharing to protect against insider threats. As a part of these efforts DISA is now producing Secure IP Router Network tokens in limited numbers. Industry was asked to help design this capability, said Orndorff. As a part of this effort, DISA will establish regional protection areas that create defended bubbles in the network. Establishing joint network operations is key to this capability, he said.

Tactically, DISA is working on capabilities such as secure configuration management and leveraging machine-to-machine data. The agency has recently issued a request for information and is looking at commercial development and the possible use of commercial equipment for the system.

Some project areas that PEO Mission Assurance is interested in are:

• Cross Domain Enterprise Services, which seeks to develop technology to meet the needs of the DOD enterprise for cross domain transfers. This program includes areas such as enterprise email, file transfer, chat. An RFI for enterprise e-mail has already been issued and RFIs for the file transfer and chat capabilities are pending, he said.
• The Host Based Security System Phase II, which seeks to create an open framework to provide network situational awareness. Build around an open architecture, the capability would be automated, enterprisewide and provide host-based security. “It is absolutely essential that we move to an open architecture,” he said.

Other emerging project areas include:

• The Defense Enterprise Security Architecture, a joint approach to DOD network defense.
• Nonsignature-based attack detection.
• Bootable media. The DOD wants a way to securely connect to potentially compromised public computers. This program represents one potential approach as the PEO wants to look at the broader requirement space.
• Mobile device security.
• Advanced attack analysis. There are many network sensors producing a flow of data that humans cannot analyze. The goal of this program is to produce systems to identify threats from the sea of data.