Mit 18 3 finalv2

The Voice of Military Information Dominance

JIE Defender

Mark Orndorff

PEO Mission Assurance and NetOpsChief IA ExecutiveDISA

Data Center Consolidation O Big Data O WIN-TNGEN O Insider Threat

www.MIT-kmi.com

C4May 2014

Volume 18, Issue 3

Special RepoRt: DiSa anD the Joint infoRmation enviRonment

Editorial Calendar20

14Military inforMation tEChnology

*Bonus DistributionThis editorial calendar is a guide. Content is subject to change. Please verify advertising closing dates with your account executive.

June [18.4]

Q&A:

Brig. Gen. Kevin Nally

Marine Corps CIO

SpeciAl Section:

Education Issue

FeAtureS:

4G Innovations

Software- Defined Networking

ID Management

Digital IF SATCOM

trAdeShowS:

Cyber Symposium*

(June)

cloSing dAte:

6/6

July/Aug [18.5]

Q&A:

Lt. Gen. Michael

J. Basla

Chief, Information

Dominance and Chief

Information Officer

Air Force

SpeciAl Section:

Air Force Services Guide

FeAtureS:

Airborne Networks

Storage

Unified Capabilities

trAdeShowS:

Air/Space*

(9/16)

cloSing dAte:

7/25

oct [18.6]

Q&A:

Lt. Gen. Robert S. Ferrell

Army CIO

SpeciAl Section:

Enterprise Email

FeAtureS:

Network Integration Evaluation

Virtualization

IT Certification

trAdeShowS:

AUSA*

(Oct. 13)

cloSing dAte:

9/24

nov [18.7]

Q&A:

Maj. Gen. Alan Lynn

Vice Director

DISA

SpeciAl Section:

DISA Guide

FeAtureS:

Radios

Cyber Ranges

Encryption

trAdeShowS:

MILCOM *

cloSing dAte:

10/31

dec [18.8]

Q&A:

Rear Adm. William

E. Leigher

Director of Warfare

Integration for Information

Dominance

Navy

SpeciAl Section:

Naval Networks

FeAtureS:

Cross Domain Solutions

Collaboration

WIN-T

trAdeShowS:

AFCEA West*

(2015)

cloSing dAte:

12/12

Cover / Q&AFeatures

Mark OrndOrffPEO Mission Assurance and

NetOpsChief IA Executive

DISA

16

Departments Industry Interview2 EditOr’s PErsPEctivE3 PrOgraM nOtEs/PEOPlE14 data bytEs26 cOtsacOPia27 rEsOurcE cEntEr

MikE bOMbaSenior Solutions Architect-DefenseRiverbed Technology

4nO data is an islandTo get the full benefits from big data, military and other analysts must combine it with other information and explore new methods. The military, government and other organizations are only starting to realize the full impact of big data analysis, according to Bill Franks, a prominent big data advocate who currently serves as chief analytics officer for Teradata. By Harrison Donnelly

19insidEr thrEat insightsWith high profile cases continuing to draw attention to the threat to networks posed by malicious insiders, military and other organizations are increasingly focused on finding ways to protect themselves from those who purposefully or inadvertently allow the release of sensitive information or cause damage to systems.By Harrison Donnelly

23fEEdback hOnEs MObilE nEtwOrkIn response to feedback from users, the Army has made upgrades to Warfighter Information Network-Tactical (WIN-T) Increment 2 to enhance and simplify the system to make it easier to operate and maintain. By broadening the system’s user base to include general purpose users at lower echelons, the Army will increase the scalability and utility of the system.By amy Walker

May 2014Volume 18, Issue 3military information technology

28

disa: Enabling thE JiEAn overview of the Joint Information Environment (JIE) and the role of the Defense Information Systems Agency (DISA), based on information provided by DISA.

MigratiOn tO cOnsOlidatiOnAs it strives to reduce its number of data centers, the Army’s task goes beyond just identifying and closing physical sites to the much broader tasks of transitioning enterprise systems from localities to central service centers, identifying redundancies in systems and applications, and choosing what stays and what goes. By Peter BuxBaum

106

“As we build out and define JIE, what we are focused on is laying

out a security architecture

that will support the joint

commander, and making sure that

we are doing that in a way

that enables the missions they

are executing, and doesn’t

overdo security to the point

where we are inhibiting their

effectiveness…”

—Mark Orndorff

As is made clear in this issue’s Cover Story Question and Answer interview, officials of the Defense Information Systems Agency and other Department of Defense organizations are working hard to build secu-rity into the basic architecture of the Joint Information Environment. While that’s the right approach, a new report is highlighting the poten-tial vulnerability of overall C4 structure at key points—in this case, satellite communications.

The report, “A Wakeup Call for SATCOM Security,” was written by Rueben Santamarta, principal security consultant for the information security firm IOActive. In it, he examined SATCOM ground equipment from a number of major companies in the field, and found a range of potential weaknesses.

“Multiple high risk vulnerabilities were uncovered in all SATCOM device firmware studied by IOActive. These vulnerabilities have the potential to allow a malicious actor to intercept, manipu-late, or block communications, and in some cases, to remotely take control of the physical device,” Santamarta warned.

Among the types of risks identified by investigators were hardcoded credentials, undocumented protocols, insecure protocols, and backdoors. Researchers did not examine the actual equipment, instead performing static firmware analysis by reverse engineering all of the devices.

Looking at one widely used system, for example, the report projects that an attacker could exploit vulnerabilities to inject malicious code into the terminal, and malware running on an infected laptop connected to the terminal could deploy it. The code could determine the user’s location from the built-in GPS, disable communications or damage the terminal.

The companies did not respond to IOActive, except for Iridium, which reportedly is working on fixes for its vulnerabilities.

While the report wisely does not reveal the details of the weaknesses, IOActive is currently working with government CERT Coordination Center and the companies to address these issues.

Harrison DonnellyeDitor

The Voice of Military Information Dominance

EditorialManaging EditorHarrison Donnelly [email protected]

Online Editorial Managerlaura mcnulty [email protected]

Copy Editorsean Carmichael [email protected]

CorrespondentsPeter Buxbaum • Cheryl Gerber • Karen E. Thuermer

art & designArt DirectorJennifer owers [email protected]

Ads and Materials ManagerJittima saiwongnuan [email protected]

Senior Graphic Designerscott morris [email protected]

Graphic Designers andrea Herrera [email protected] Paquette [email protected]

advertisingAccount ExecutivePatrice lucid [email protected]

kMi Media groupChief Executive OfficerJack kerrigan [email protected]

Publisher and Chief Financial OfficerConstance kerrigan [email protected]

Editor-In-ChiefJeff mckaughan [email protected]

ControllerGigi Castro [email protected]

Trade Show CoordinatorHolly Foster [email protected]

Operations, circulation & ProductionOperations AdministratorBob lesser [email protected]

Circulation & Marketing AdministratorDuane ebanks [email protected]

CirculationBarbara Gill [email protected] Woods [email protected]

Data Specialistraymer Villanueva [email protected]

a Proud Member of

subscription informationMilitary Information

Technologyissn 1097-1041

is published 8 times a year by KMI Media Group.all rights reserved. reproduction without permission is

strictly forbidden. © Copyright 2014. Military Information Technology is free to qualified mem-

bers of the u.s. military, employees of the u.s. government and non-u.s. foreign service based in the u.s.

all others: $75 per year.Foreign: $159 per year.

corporate OfficesKMI Media Group

15800 Crabbs Branch Way, suite 300rockville, mD 20855-2604 usa

telephone: (301) 670-5700Fax: (301) 670-5701

Web: www.mit-kmi.com

Military Information Technology

Volume 18, Issue 3 • May 2014

eDitor’S PerSPectiVe

KMI MEDIA GROUP LEADERSHIP MAGAZINES AND WEBSITES

www.GCT-kmi.com

UAS Leader

Col. Tim BaxterU.S. Army Project Manager UAS Project Office

Technology & Intel for the Maneuver Warfighter

May 2014Volume 5, Issue 3

www.GCT-kmi.com

Rapidly Deployable ISR O Tactical UAS O Enduring REFArmy Aviation O Wheeled Vehicles O Ammo

SPECIAL SECTION:MANNED-UNMANNED TEAMING

Ground Combat & Tactical ISR

www.M2VA-kmi.com

Military Medical & Veterans Affairs

Forum

www.GIF-kmi.com

Geospatial Intelligence Forum

www.MT2-kmi.com

Military Training Technology

www.MAE-kmi.com

Military AdvancedEducation

www.NPEO-kmi.com

Navy Air/Sea PEO Forum

www.MIT-kmi.com

Military Information Technology

www.SOTECH-kmi.com

Special Operations Technology

www.MLF-kmi.com

Reverse Auctions O Defense Transportation O Afghanistan RetrogradeILS O Supply Chain Efficiencies O DMSMS O Senior Logisticians

The Publication of Record for the Military Logistics Community

Resource Aligner

Vice Adm. William A. “Andy” Brown Deputy CommanderU.S. Transportation Command

SPECIAL PULL-OUT SUPPLEMENTUSTRANSCOM

www.MLF-kmi.com

November/December 2013Volume 7, Issue 10

Exclusive Interview with:

GAIL JORGENSONAcquisition Director USTRANSCOM

Military Logistics Forum

www.CGF-kmi.com

U.S. Coast Guard & Border Security

Program noteS Compiled by KMI Media Group staff

The Navy’s new Next Generation Enterprise Network (NGEN) contract has already saved $1 billion over the current year defense plan, and will soon begin reducing costs by $20 million a month on an ongoing basis, according to program officials.

Speaking to a recent press briefing, Captain Michael Abreu, program manager for naval enterprise networks, outlined the state of the transition to the NGEN contract, which is currently set for completion by the end of September, three months ahead of schedule.

In outlining the changes brought about under the NGEN contract, which include new business arrangements for contractor support, enhanced security and increased govern-ment control of operations, Abreu emphasized their positive impact on the ongoing Navy Marine Corps Intranet (NMCI), which remains the largest network in the world.

“No one does networking on the scale that we do,” Abreu said. “We serve more than 800,000 users, and there is no centrally managed network in the world that is that big. We’ve been leading the way with the NMCI network.”

Under NGEN, the Navy has assumed ownership of the equipment and infrastructure of NMCI, with an industry team led by HP operating the Navy network under government oversight. That will represent the culmination of a multiyear transition from the original NMCI contract, developed in the early 2000s, under which HP both owned and operated the network.

The Marine Corps, which opted to shift to a government-operated as well as government-owned network, will operate the Marine Corps Enterprise Network (MCEN) with some contractor support, and in cooperation with NMCI.

Abreu and Bill Toti, HP vice president of Navy and Marine Corps accounts, also sought to correct the possibly widespread misapprehension that NGEN repre-sents an actual new onshore network being built for the department. Rather, it is a new management approach and contract method of supporting the existing NMCI network.

Although the distinctions between the contractor-owned-and-operated original NMCI, the government-owned, contractor-operated network under NGEN, and the government-owned-and-operated MCEN are important, Abreu also noted that they are to a great extent matters of degree.

“Just about any network that the military owns has a contractor presence,” he observed. “How much that presence occurs leads you to the definition of government- or contractor-owned. In the case of the Marine Corps, they took on a lot of the burden for the network on the government side, and reduced

contractor support. That’s not to say there is none, because we are partners in this, and they will purchase NGEN services, to a certain extent, to help their network. But the vast majority of operations of that network are government.

“Government-owned/contractor-operated means three things,” Abreu continued. “The government owns the infra-structure, including the physical equipment on the network. There is increased command and control, with our Fleet Cyber Command partners now operating the network and in control of it. Contractor operated means that HP employees sit at the consoles and do the actual work of network operations, under Fleet Cyber Command control.”

The executives also reflected on the lessons learned so far, which Abreu has been working to diffuse to other government agencies contemplating changes in their networking contracts.

“One of the lessons is how hard it is to do things at scale. The lessons we learned about scale in crafting a request for proposals and contract structure included what type of services to put in the contract, how to arrange them in the contract structure, and a reporting structure that gives visibility into costs,” said Abreu.

For Toti, the key lessons have also been about scale: “When you learn to be an IT specialist, they don’t teach you how to build a network for almost 1 million people. But when you

scale something up to this size, things don’t work out of the box. So we have to teach Microsoft about how their Exchange system works when you have nearly 1 million users, and Cisco about how their routers work when you have tens of thousands of devices linked, particularly with all the security needed by the government and Department of Defense.

“It isn’t just a matter of bringing people into the government engineering space that have engineered things before, because nobody has done this before,” Toti continued. “So you need to develop skills on the government side that you didn’t have before, and it becomes a lot harder than anticipated, which means you need more time.”

The rules change when you transition from a contractor-owned to a government-owned network, Toti added. “Government requires tasks like asset management to be done according to law or standard, but a contractor doesn’t necessarily have to do that. I can turn a purchase order around in a few days, but regulations make that harder for the government to do that. You lose agility, and processes have to change when you move to the government. If you try to operate the same way as the company, which wasn’t constrained by government rules, it doesn’t work.”

Navy Nears Completion of NGEN Transition

Capt. Michael Abreu

Bill Toti

Major General George J. Franz III, who has been serving as commander, Cyber National Mission Force, U.S. Cyber Command, has been assigned as commanding general, Army Intelligence and Security Command, Fort Belvoir, Va.

Colonel Patricia A. Frost, who has been serving as deputy commander, Army Intelligence and Security Command, has been selected for the rank of brigadier general and assigned as deputy commander (operations), Army Cyber Command, Fort Belvoir, Va.

Rear Admiral David H. Lewis has been assigned as commander, Space and Naval Warfare Systems Command, San Diego, Calif. Lewis is currently serving as program execu-tive officer for ships, Washington Navy Yard, Washington, D.C.

PeoPle Compiled by KMI Media Group staff

www.MIT-kmi.com MIT 18.3 | 3

The military, government and other organizations are only starting to realize the full impact of big data analysis, according to Bill Franks, a prominent big data advocate who currently serves as chief analytics officer for Teradata.

Franks, author of the 2012 book Taming the Big Data Tidal Wave, sees analysis of the floods of data coming in from new sensors and other sources as offering tremendous potential for the military to add offen-sive and defensive capabilities. To take full advantage of that, however, analysts must take advantage of new approaches being adopted by the private sector, target organizational policies that may hold back the effectiveness of big data, and take a realistic approach to dealing with volumes of data at an unprecedented scale.

One place for the military and govern-ment to begin, Franks observed in a recent interview, is to adopt an approach that is growing in the private sector, which is that big data isn’t just a separate thing that can be analyzed on its own, but provides the most value when it is combined and mixed with other data.

“For example, you wouldn’t use sensor data from a tank alone to understand the way it is operating, but would combine it with information about who was driving the tank and what were the conditions in which the tank was operating. You need all of that infor-mation to get the full picture, and big data

adds tremendous detail and context on top of the information that has been traditionally available,” Franks said.

AnAlytic EnvironmEnt

Another trend has been the expansion of the scope of the analytic environment. “People are beginning to see the need for multiple dif-ferent types of not only analytic algorithms,

but in some cases the type of data is different enough that it requires a different platform for initial storage,” he explained. “For example, going through images or text at scale is much different from going through numbers at scale, which is what we tra-ditionally have done. So there is a necessity to expand the underlying platforms to han-

dle more types of data and analytics.” There is also increased importance on

what Franks called “discovery analytics, which is not about solving a problem that you pretty much understand, with data you understand, and applying it in a different way. That’s much of what we’ve done over the past years, where you can have a fairly good confidence in both the effort and the outcome before you begin.

“But when you are suddenly inundated with a new type of data about a problem you’ve never attacked before, a lot of time needs to be spent in discovery mode, which is about going after a broad goal without a fully formed plan as work is started,” he continued.

“Start by exploring the data and figuring out the data quality issues. Once we have the data cleaned up, at what level is the data relevant to the decisions we have to make? Do we need it at the millisecond level, or can it be aggre-gated to the second or minute level? What problems can you apply the data to?”

One of the biggest and most widely mis-understood challenges with big data is that attacking a problem with big data for the first time is going to be more difficult than attacking a new problem with the same type of data that the analyst is used to working with, Franks contended. “That sometimes leads people to underestimate the amount of effort that that they are in for, and therefore the analysts get frustrated or in trouble because they get behind schedule.”

A key issue in this area is that many organizations have sub-optimal policies about access to data and the ease with which employ-ees can analyze it. “Having data in a system at an organization is not the same as the people who need to analyze it having the ability to quickly analyze it,” Franks said. “There may be security concerns that prevent access, or system capacity issues, such that I don’t get enough resources to get the job done, and big data has only forced that issue more.”

In response, organizations have been upgrading underlying platforms to handle the extra volume, and putting in place new tools and approaches. At Teradata, for example, one of the key themes has been in-database analyt-ics. “The idea is that you don’t move data out of the systems where it resides just to run an analysis, as typically occurs, but rather bring

Bill Franks

By HArrison DonnElly

mit EDitor

to gEt tHE full BEnEfits from Big DAtA, militAry AnD otHEr AnAlysts must comBinE it witH otHEr informAtion AnD ExplorE nEw mEtHoDs, sAys AnAlytics ADvocAtE.

www.MIT-kmi.com4 | MIT 18.3

Download this free research report at www.Teradata.com/citoresearch

How to Stop Small Thinking from Preventing Big Data Victories

How to Stop

Small Thinking

from Preventing

Big Data Victories

OCTOBER 2013

CITO Research

Advancing the craft of technology leadership

Coauthored by:

Dan Woods

Chief Analyst, CITO Research

Scott Gnau

President, Teradata Labs

This CITO Research paper defines principles and patterns of a next-generation data

architecture and explains how and why organizations should work to improve the

integration of big data and data science into existing capabilities.

more algorithms into where the data is sit-ting. That provides a lot of extra scale—you’re not moving a petabyte of data from one place to another just to analyze it, but analyzing it right where it is.

“People are changing in the sense of upgrading skill sets and learning new tech-niques such as text and graph analytics,” he continued. “It is necessary to apply all of the new and old skills to the problems that must be solved for the organization. It’s not a chal-lenge that can’t be overcome, but it is one that you have to be prepared for.”

intErnEt of tHings

The emergence of the “Internet of things,” or the interconnections of sensors and other devices communicating automatically, is another factor creating new opportunities and challenges for big data analysis.

“With the data that organizations have struggled with in the past, somebody typically had to do something for that data to be gener-ated, such as making a purchase or approving a shipment,” Franks observed. “There are only

a certain number of things that an individual could do in one day that you would want to track. So while the amount of data is large, it had a limit.

“But the sensors take things up a notch, because once you turn a sensor on, it can transmit information every millisecond until someone shuts it off. You might have dozens or hundreds of those sensors within a single engine, for example. As those sensors get dis-tributed more broadly, there are implications across the board,” he added.

On the other hand, while private industry, government agencies and the military have different needs and concerns, they are more alike than not in that they are large organiza-tions. “In working across different types of industries, I’ve found there are certain chal-lenges that an organization of a certain size faces, regardless of what its core mission is. As the organization grows, the inefficiencies that analytics can address rise to the level that it is worth the effort to address them. So while the military may not have much in common with a bank, they both have a huge scale, and that scale brings with it challenges in

procurement, logistics and decision making,” Franks said.

“One push I’m seeing is around making analytics operational,” he said. “By that, I mean that we have spent a couple of years with organizations that are looking at the various pieces of big data that they have, try-ing to understand it and figure out how it can help their business. Now they’ve found ways that big data can help their business, and the next struggle is how to build an analytic process that can be embedded into their busi-ness on a daily basis. The next challenge is to translate what you learn into the way the business operates.

“Given the need to collect and use this information for an organization the size of the U.S. military, the opportunity is massive,” Franks said. “It’s not that they aren’t doing a lot today, but I think the military must con-tinue to do more.” O

For more information, contact MIT Editor Harrison Donnelly at [email protected]

or search our online archives for related stories at www.mit-kmi.com.


When the Office of Management and

Budget in 2010 issued direc-tives for a governmentwide consolida-

tion of data centers, the Army set a goal of closing 185 by the end of fiscal year 2015. As of mid-

March 2014, the Army had already closed 223 data centers, or 121 percent of its original target.

It is an impressive result, but in truth the num-ber is less indicative of a sudden spike in efficiency at the Department of the Army than of a change in metrics. It came as OMB expanded the definition of a data center to include just about any server accessed by more than one person.

As more such data centers were discovered, more were able to be closed. The Army has since revised its goals to close 533 data centers by the end of fis-cal year 2018, and expects the number to increase as additional data centers are identified.

But the expanding spectrum of what consti-tutes a data center is not the only enterprise IT challenge that the Army faces. Last July, Department of Defense Chief Information Officer Teri Takai directed that all enterprise systems and applica-tions migrate to designated core data centers by the end of 2018. That takes the Army’s task beyond just identifying and closing physical sites to the much broader tasks of transitioning enterprise systems from localities to central service centers, identifying

redundancies in systems and applications, and choosing what stays and what goes.

Some of that kind of activity has already taken place. The Army’s Main Communications Facility (MCF) for Southwest Asia in Kuwait, which became operational last December, consolidated numerous data centers into one facility and standardized diverse and redun-dant applications.

“We are keeping an eye on the ball of closing data centers and migrating toward a focus on applications,” said Gary Blohm, chief of the Army Architecture Integration Center. “That is where we see the long-term savings coming from.”

EntErprisE ApplicAtions

The Army CIO, Lieutenant General Robert Fer-rell, is currently staffing a draft policy memorandum that will drive the Army’s transition from the hosting of enterprisewide services at local facilities to the establishment of those services in modern, standard-

ized, and centralized environments in accordance with the DoD guidance. This policy will apply to all Army enterprise applications, whether currently in use, under development, or to be developed in the future, that support users across installation boundaries.

“The Army has already proactively begun migrating enterprise applications to DoD approved facilities,” said Blohm. “This policy memorandum will reinforce the requirement to migrate as well as

Gary Blohm

Army Efforts to rEDucE tHE numBEr of DAtA cEntErs sHow tHE BEnEfits AnD cHAllEngEs of An

EntErprisEwiDE strAtEgy.


provide guidance and tools to assist application owners. Retirement of outdated or redundant applications is also receiving additional emphasis. We are pressing to do that.”

The one exception to this migration will be applications local-ized on a single base or post that serve that location only. One example would be a test range that has its own purpose-built data center and applications that are not used elsewhere.

Data center consolidation and application migra-tion are two of several enterprise IT initiatives overseen by Blohm. The Army Data Center Con-solidation Plan (ADCCP) is the Army’s approach to implementing the OMB direction released in February 2010.

“ADCCP is documenting and consolidating the Army’s data center inventory worldwide and establishing conditions for improving the secu-rity of Army information assets,” said Blohm. “In parallel, the Army’s additional focus is to con-solidate enterprise applications into DoD approved hosting facilities such as core data centers. The Army will leverage com-mercial infrastructure such as cloud architectures as much as possible.”

ADCCP itself does not close data centers or migrate applications. It monitors the activities of the commands that own data centers, systems, and applications, working through the Program Execu-tive Office Enterprise Information Systems (PEO EIS) to develop designs for future data processing infrastructure on installations.

“The change in the Army’s think-ing is really a refinement of the original approach,” said Kevin Kelly, chief executive officer at LGS Inno-vations. “The original approach was to reduce

the total cost of ownership of technology by consolidating the IT footprint and the sheer number personnel required to maintain the larger number of facilities. Consolidating and migrating applications furthers those same ends.”

“One of the challenges facing the Army involves managing rogue applications or those created by local commands to fix local problems,” said Matt Brooks, director of system integrators and strategic programs at Hitachi Data Systems Federal Corp.

“Maintaining those applications and using legacy infrastructure is a big burden,” Brooks added. “The

Army is trying to be wise about the application process by creating an enterprise IT infrastructure with its main focus in the service center. This way the Army can consolidate facilities and retire appli-cations it no longer needs.”

“Cost challenges are driving the need for action,” added Anthony Robbins, vice president federal at Brocade. “But I don’t think the current course and speed is as aggressive as commercial best prac-tices would indicate. We don’t have a target to close enough data centers fast enough. There are opportunities to do better.”

By pEtEr BuxBAum, mit corrEsponDEnt

Kevin Kelly


Blohm sees the Army CIO’s enterprise initiatives, including data center consolidation, as being driven by three common goals: improved performance, increased security and enhanced efficiencies.

“The ADCCP enables improved performance, increased information security, and fiscal and opera-tional efficiencies by migrating applications, when possible, into a discrete number of operating envi-ronments and taking advantage of a number of geo-graphically dispersed data centers and servers which provide enterprise hosting environments as a man-aged service,” he said. “ADCCP’s long-term goal is to decrease the Army’s information technology infrastructure and application inventory to garner sizable efficiencies, reduce expo-sure to cyber-exploitation and streamline information operations.”

Data center consolidation will also increase the Army’s overall IT security posture by making it easier to defend a consolidated network and protect information assets, according to Blohm. “Closing data centers will yield savings in terms of money, real estate, personnel, hardware and software.”

“If you are going to reduce costs, you have to do more than closing facilities to save on power and cooling,” said Brooks. “By eliminating rogue operations, the Army’s IT security posture and control can also be consolidated. The core data centers will also have to learn to become customer centric. If they do, they will be able to provide better service at lower costs.”

The upcoming Army CIO memorandum will delineate the roles of the various players in the new shared-services regime as data centers continue to close, enterprise applications are migrated to core data centers, and enterprise systems and applications become more rationalized.

“The core service centers will be operated by the Defense Infor-mation Systems Agency, and DISA will offer the Army and others a catalog of available services,” said Blohm. “In many cases, the applications built by functional communities will still own them. So, logistics will still own logistics applications and will be respon-sible for understanding the capabilities they require and providing those to the core data centers. The Army acquisition community, including entities like PEO EIS, will act as brokers between DISA and the application owners. DISA will be the single point of con-tact for implementations.”

AggrEssivE strAtEgy

Relationships along these same lines have already taken shape in those areas, such as in Southwest Asia, where the Army has aggressively consolidated data centers and rationalized applications.

LGS Innovations, which Alcatel-Lucent recently sold to an investor group, was awarded a $49 million contract last year to upgrade the U.S. Army’s Main Communications Facility (MCF) in Southwest Asia, located in Kuwait. The 9,000-square-foot facility was designed as a state-of-the-art commercial communications operations center that will serve as the central information sys-tems hub for the region.

“The MCF reached final operational condition in December of last year, after only nine months,” said Kelly. “The work was part of a larger initiative to consolidate a number of smaller and dispersed data centers into a single hub.”

It also involved consolidating enterprise services, Kelly noted. “There may have been two logistics applications, for example, each built by two different companies and used in two different locations. The goal of the project was to evaluate those applications and to determine which is better, then to standard-ize the use of that one application across multiple locations and missions using fewer servers and fewer applications.”

To make such a project successful, the onus was on the user to define three categories of applications: those that are mission critical, which need to be

sustained and can suffer no down time; those that are important but not essential to missions, which can tolerate some down time and can potentially be replaced; and those that fulfill administrative functions and can be addressed in variety of different ways.

“The users did well with this process,” said Kelly. “One thing we found was that some processes that users defined as mission critical weren’t being met by the existing services. This created a need for development as opposed to just selection.”

ADCCP officials routinely meet with industry subject matter experts to explore options for improving their understanding of data center consolidation challenges, how the private sector has attacked this task, and processes for both documenting inventory and accel-erating data center closure and application migration. Interaction with industry has revealed opportunities for improvements in data center design, for example to achieve energy savings.

PEO EIS recently issued sent a request for information on installation processing node (IPN) configuration, and a working group is currently reviewing the responses to help define IPN configuration.

IPN, which involves a single data center at each post, camp or station, is considered to be an intermediate point in the process of data center consolidation. IPNs will host all applications and ser-vices for their installations until at least some of those services are migrated to core data centers.

“The responses to the request for information will help guide what we do in the future,” said Blohm. “It will help us build the right things, and not with yesterday’s technologies.”

Experts say the greatest challenge in moving to a shared ser-vices environment can be the cultural and psychological issues associated with such a move.

“Unlike 30 years ago, when there were few data centers and they were easily identified, the ease with which a server based data center can be established to meet real mission requirements has led to proliferation,” said Blohm. “This partially explains the rapid growth in the number of data centers in the Army.”

Until recently, acquiring services meant buying hardware and software and installing it locally where it can be seen and touched. “That is no longer an option as we migrate to the acquisition of services through more efficient, centralized offerings such as enter-prise email, which the Army pioneered with DISA,” Blohm observed. “I am encouraged by the momentum being achieved by the Army’s owning commands. We have really seen a huge shift in support that was apparent with the last quarterly review just a week ago.”

Part of the cultural and psychological shift Blohm mentioned involves the new relationships components must enter into with the managed service provider. “The provider must be capable of providing clearly defined service level agreements with performance

Anthony Robbins


measures which enable to customer to determine the success or failure of service delivery,” said Blohm. “Coupled with that is the need for real options for the customer should service levels not be met.”

Helping overcome cultural barriers are the budgetary con-straints that commanders must cope with. “They can’t afford every-thing they might have been able to afford in the past,” said Blohm. “So if they can get the same or better service more efficiently, they are much more willing to make the necessary changes.”

EmAil migrAtion

The successful migration to enterprise email has also set the stage for greater acceptance of enterprise services that are beyond the immediate control of a unit commander. “Email users didn’t see any degradation in performance, while at the same time DoD gained efficiencies around security,” Brooks said.

“The advice I would give the Army is to continue along the path of focusing on applications and to continue to work to be a better service provider to its commands,” he continued. “Never forget that you are a service organization to the mission.”

Robbins urged the Army to step up the pace of consolidation and the migration to shared services. “As they place a greater emphasis on creating shared services, my worry is that the closing of data centers may be losing its momentum,” he said.

“In some cases the closing of data centers has to come first. The problem is that if the Army is spending 70 of 80 percent of its IT dollars on legacy infrastructure, and if they are not reducing the costs of legacy infrastructure, they are not creating opportunities to spend money on development infrastructure that allows them to share. You can’t manage shared services on the existing infra-structure. You have to invest in today’s infrastructure to enable the sharing across branches and services,” Robbins said.

“The Army has picked up real momentum and will be able to capitalize on that as it moves forward,” Blohm said. “Transforma-tion through application migration is critical for the Army to achieve its enterprise objectives. Advanced technology and effective

management practices will improve security, enhance performance and enable cost control. As applications are migrated or retired, the need for significant infrastructure at the installation level will decrease.”

“The bulk of data processing and data storage will move to the enterprise level, simplifying security of the data, enabling efficient use of available resources, and making it possible for the Army to accurately define and control the cost of its IT operations,” he added

Kelly observed that the hardest part of the process is for the Army and the department as a whole to figure out not what is needed now, but what will be needed five or 10 years from now. “None of this will happen in the blink of an eye,” he said.

“They are having a debate in Washington right now about what the size of the force should be in the future,” Kelly added. “At the same time there is talk about a pivot to the Asia-Pacific region. But to get true savings from data center consolidation and application redundancy elimination you need to know DoD’s future geographi-cal footprint and how many users you will be supporting. To do the job properly, you have to make assumptions about where the U.S. will be projecting force geographically.”

The U.S. will maintain forces in Southwest Asia for the foresee-able future, and the number of personnel in CONUS will probably grow. These areas, along with Europe, where the U.S. military mis-sion is well defined, are obvious venues for data center consolida-tion, according to Kelly.

The U.S. military posture in areas of the globe such as Asia-Pacific and Africa is less clear at this point, however.

“If a sizable number of U.S. military personnel will be deploying to and training in those regions, then the case can be made that building a modern infrastructure like the MCF is a good investment for the military and the taxpayer,” said Kelly. “Until that becomes clear, DoD may want to deploy temporary solutions such as a cloud in the box rather than building something more permanent.” O

For more information, contact MIT Editor Harrison Donnelly at [email protected] or search our online archives

for related stories at www.mit-kmi.com.


optimized enterprise information environment:• Singlejointplatform—StandardizedforallDoDmissions• Secure,trustedconnections—Protectedbyasinglesecurityarchitecture

• Cloudbasedinformationresourcesreachablebyauthorizedmobiledevices

• Accessbycredentialeduserseliminatinganonymityfromthenetwork

• Interconnectedmeshoffixedandwirelesstransport• Convergedcommunications,computingandenterpriseservices• Consistsofbothcommercialandgovernmentcomputingcenters• Bigdataanalyticsandstorage• Reducedattacksurface—Efficientmissionpartneraccess• DataandapplicationsintheCloud• MLSThinClient

Special Section: DiSa

DoD it futuRe: Jie taRget obJective State

JIE:Asecurejointinformationenvironment,comprisingasharedITinfra-structure,enterpriseservices,andasinglesecurityarchitecturetoachievefull spectrum superiority, improve mission effectiveness, increase securityandrealizeITefficiencies.JIEisoperatedandmanagedperUnifiedCom-mandPlanusingenforceablestandards,specifications,andcommontac-tics,techniques,andprocedures.


Global Implementation on an Incremental Basis Based on DesignMaturity


StRategy: Joint infoRmation enviRonment 2020 globally integRateD opeRationS (cuRRent StatuS)

Consideranobjectiveend state for JIE that is “comprisedofa single,secure operational environment that provides a means to reach anynecessarydatasourceorsetofapplicationsnecessarytoconductmissionswhilesimultaneouslyprovidingasetofenterprisebasedservicesavailableon-demandtoallauthorizedDoDusersandmissionpartners,ingarrisonanddeployed,regardlessofdeviceorconnectiontype.”

MIT 18.3 | 11www.MIT-kmi.com

network normalization transport (nnt)• CommonNetworkStandardsandTTPs

Single Security architecture

enterprise operations (geoc/eoc)

Data center consolidation • CoreDataCenters(CDC)• InstallationProcessingNodes(IPN)• StandardsandDesign

identity and access management (idam) • DynamicaccessandEntityDiscovery• ActivityMonitoring• ContributestoMissionPartnerEnvironment

enterprise Services • CommonITapps,UnifiedCapabilities(UC)formessaging,voice,video

mobility • Commoncarrier,localareanetworks,Classified/unclassified

gateways • Internet,MissionPartner,Mobility,Tactical

governance • AlignsprocesstoDepartment’srequirements,budgetingandacquisitionprocess

maJoR componentS anD capability aReaS


TheJIEwillnormalize theDoD’scommunication(NNT)andcapabilities(Enterprise ServicesandUnifiedCapabilities)…managedbya standardoperationscenter(GEOC/EOC)anddatacenter(CDC),securedthroughsinglesecuritystacks(SSA)…thatareaccessedthroughcommonaccesscapabilities (IdAM) … having unlimited and secure access across crossdomains and partners (Gateways) and full mobility access (Mobility) …governedbycommonpoliciesandTTPs.


• Jie is an operational imperative and necessity in today’s resource constrained environment

• Jie is focused on enterprise standards and interoperable solutions• Jie will result in increased mission effectiveness, security, and

efficiencies

mission effectiveness• Rapidlyanddynamicallyrespondtoandsupportchangingmissioninformationneedsforalloperationalscenarios

• Usersandsystemswillhavetimelyandsecureaccesstothedataandservicesneededtoaccomplishtheirassignedmissions,regardlessoftheirlocation

• Usersandsystemscantrusttheirconnectionfromendtoendwiththeassurancethattheiractivitywillnotbecompromised

• Mitigatethreatsandmaintainourabilitytooperatethroughacyber-event

increased Security• Canoperate,monitoranddefendDoD’sITassetstoattainandmaintaininformationdominance

• We’llknowwho’sonthenetwork,whatthey’redoing,andwecanproveit

it efficiencies• Informationassetsareavailableforjointuse,leveragedbyallmilitarydepartmentstomeetmissionrequirements

• AconsistentITarchitecturesupportseffectivefieldingofdepartmentcapabilities

• DoDhasrenewedvisibilityaboutitsITexpendituresthroughincreasedbudgettransparency

Joint infoRmation enviRonment benefitS


Jie: enhancing the nation’S StRategic fleXibility

(Editor’s Note: This material was designed by KMI Media Group staff based on information and graphics provided by the Defense Information Systems Agency.)


PacStar’s IQ-Core Software has become one of the first technologies successfully tested and acquired through the Army Network Integration Evaluation (NIE) program, enabling PacStar to more rapidly place IQ-Core Software capabilities in the hands of warfighters and support mission success. NIE 13.1, the fourth evaluation in the series, played an instrumental role in the recent $6.2 million IDIQ contract PacStar secured to support the Warfighter Information Network-Tactical Increment 1. PacStar IQ-Core Software delivers intuitive communications management by replacing time-intensive, complex and error-prone manual set-up and management processes for battlefield tactical communications systems with configuration wizards that automate both complex and routine tasks.

Northrop Grumman has delivered the fourth Advanced Extremely High Frequency (AEHF) satellite payload modules to Lockheed Martin Space Systems, Sunnyvale, Calif., the AEHF system prime contractor. Complex phased array and nulling antennas, along with the advanced crosslinks, will be shipped later this year to complete payload delivery a full six months early. The payload module contains the processing, routing and control hardware and software that perform the satellite’s communications function. Northrop Grumman also delivered payload modules for the first, second and third Advanced EHF satellites ahead of schedule in 2007, 2008 and 2009 respectively. Launch for AEHF Flight 4 is currently planned for 2017. Guidance Software and Blue Coat Systems are part-

nering to deliver a new approach for detecting evasive cyber-threats. The partnership will integrate EnCase Cybersecurity with the Blue Coat Security Analytics Platform to provide an unprecedented level of visibility into both network traffic and endpoint devices that will enable enterprises to close the gap between breach and detection. The combined Security Analytics Platform and EnCase Cybersecurity solution will enable enterprises to gain a 360-degree view of all endpoint data and network traffic across their organizations—allowing proactive identifica-tion and remediation of threats that have bypassed tradi-tional security technologies. As a result, organizations will be able to rapidly correlate data-in-motion with data-at-rest, and share actionable intelligence across information security stakeholders. The result is a dramatic reduction in the time needed to detect and remediate incidents.

Payload Module Delivers Advanced Satellite Communications

Intelsat General and L-3 Communication Systems-West (L-3 CS-West) have announced the successful demonstration of new Air Force Protected Tactical Waveform (PTW) technology over Ku-band transponders on the Intelsat fleet. The demonstrations and performance characterization were conducted at the Intelsat teleport in Ellenwood, Ga. Engineers conducting the tests measured the performance of anti-jam modems and waveform technology from L-3 CS-West on a Ku-band satellite emulator and over the Galaxy 18 satellite, built by SSL and launched in 2008. The tests, observed by a representative from the Air Force Space and Missile Systems Center, demonstrated full-duplex voice, video and IP data via PTW. L-3 CS-West is currently working under an Air Force contract, performing studies and developing proof-of-concept modem and security designs using PTW. PTW is designed to provide affordable, anti-jam SATCOM capabilities over existing satellites, leveraging COTS technologies. The testing and transmissions over an existing Intelsat Ku-band satellite validate the compatibility of the PTW with commercial space assets.

Army Evaluation Backs Communications Management

Software

Partnership Enables Detection of Evasive Cyber-Threats

Protected Tactical Waveform Technology Demonstrated


Data ByteS

The Defense Information Systems Agency (DISA) has selected BAE Systems’ XTS Guard as an enterprisewide security standard. It is being utilized by DISA’s Cross Domain Enterprise Services to ensure the agency’s ability to securely share information among authorized users within the Department of Defense

and across the Global Information Grid. The XTS Guard is a high-assurance, cross domain solution that enables secure information sharing between networks of various security classifications and enclaves. A single guard is capable of handling 20 domains and carrying multiple data types at high speed. It

will specifically be used to protect the agency’s email, file sharing, and system chat features. According to DISA, BAE Systems’ XTS Guard delivers increased performance over legacy guards, reducing overall costs while supporting DISA’s data center consolidation goals and movement to cloud architecture.

Cross Domain Solution Selected as Enterprisewide Security Standard

Marines Test Networking on the Move

General Dynamics C4 Systems has opened the MUOS Radio Testing Lab at its Scottsdale, Ariz., location. The Navy-approved laboratory is one of two that support testing for radio terminals intending to connect with the MUOS space-ground network. The lab is equipped with hardware and software that simulates the radio’s connectivity with the MUOS ground network. To test connectivity with the MUOS system, radios are provisioned with the General Dynamics-developed MUOS waveform to make secure voice calls and complete data transmissions at different data rates across the simulated MUOS network. The MUOS waveform, housed in the government waveform information repository, leverages the widely used commercial Wideband Code Division Multiple Access cell phone tech-nology. The first terminal to receive government authorization and enter the Scottsdale lab was Rockwell Collins’ ARC-210 radio.

Lab Tests Connections with MUOS Space-Ground Network

Hughes Network Systems has unveiled an enhancement to its HughesON Managed Security Solutions that leverages virtualization technology in its family of HR4x00 Branch Gateways. As enterprise branches have grown in complexity, the security challenges have increased dramatically. Protection of customer and corporate information is paramount, demanding a robust network that provides

highly secure access to the data center, the Internet and SaaS applications via both customers’ and employees’ wireless devices at the branch. The new Virtual Domain (VDOM) technology enables enterprises to meet these challenges by dividing the Hughes HR4x00 Branch Gateway into multiple virtual secu-rity devices with completely separate firewalls, routing, VPNs, and other security capabilities.

The HR4700 Branch Gateway with the VDOM feature is the key enabling platform powering HughesON Managed Security Solutions. Combining best-in-class security from Fortinet with high-performance routing and broad-band WAN optimization, it lets organiza-tions consolidate all their security gateways affordably into a single solution at each branch.

Enhancement Aids Security Gateway Consolidation

Marine Corps Systems Command has successfully tested a robust mobile command-and-control capability inte-grated onto the Assault Amphibious Vehicle (AAV) platform. Known as Networking On-the-Move, NOTM is now fielded on two other Marine Corps plat-forms—the HMMWV and mine resistant ambush protected all-terrain vehicle. NOTM is an evolutionary system, based

upon the capabilities of the Mobile Modular Command and Control systems successfully employed in Afghanistan since 2009. After successfully completing more than seven weeks of rigorous amphibious testing conducted at Camp Pendleton, Calif., by the Marine Corps Tactical Systems Support Activity and Amphibious Vehicle Test Branch, NOTM is now destined for fielding on the AAV.


Compiled by KMI Media Group staff

Mark Orndorff recently received the title of Mission Assurance Executive for the Defense Information Systems Agency (DISA), after previously serving as program executive officer for mission assurance and NetOps and chief information assurance executive.

Previously, Orndorff served as chief of DISA’s Field Security Operations organization. As such, he served as the single IA certi-fication authority within DISA, supporting accreditation decisions for all DISA systems and networks. He was also responsible for the execution of significant portions of DISA’s IA program, including implementation and management of Department of Defense enter-prise solutions; development and maintenance of Security Tech-nical Implementation Guides, checklists and evaluation scripts; development and maintenance of DoD’s NetOps and IA training program; and development of a NetOps and computer network defense service provider certification program. Orndorff was also responsible for DISA’s IA support to the Unified Commands and management of the regional Net Defense contract.

Prior assignments included service as the operations manager within the DISA Network Operations Center, Fort Ritchie, Md., where he provided remote network and systems management support for Army units worldwide. Orndorff was also a network engineer for Army Training and Doctrine Command, and a project manager for the Army’s program manager for tactical manage-ment information systems. Prior to joining the civil service, Orn-dorff served as an Army officer with assignments as a company commander and platoon leader.

Orndorff attended the University of Virginia, where he received a Bachelor of Arts degree. He also received a Master of Science degree in computer systems from the Air Force Institute of Technology.

Orndorff was interviewed by MIT Editor Harrison Donnelly.

Q: As Mission Assurance Executive for DISA, how would you define your mission in the development of JIE?

A: The overall objective of JIE is the delivery of capabilities to the operational commander in the joint environment. That purpose for JIE aligns perfectly with the purpose of my organization, which is mission assurance. So there is complete and total alignment from the beginning. Everything that we are focused on is tied to assuring the missions of the joint commanders. As we build out and define JIE, what we are focused on is laying out a security architecture that will support the joint commander, and making sure that we are doing that in a way that enables the missions they are executing, and doesn’t overdo security to the point where we are inhibiting

their effectiveness, but also provides enough security that they can count on the information and reliability of the JIE. Basically, it’s designing the environment so we can support the joint command-ers and ensure the security of that environment.

Q: Looking broadly at JIE and its development, how would you characterize the overall opportunities and challenges in terms of security?

A: We have been trying to achieve security objectives by publish-ing security standards and guidelines that each program manager and network was required to implement. You would have an entire set of requirements that each was trying to execute, and then we’d inspect to see how well people did that. The approach is completely different with JIE. We’re building those requirements into the envi-ronment up front, designing it in and laying it out with a careful design, and then as program managers and network owners stand up capabilities, they inherit the benefits of the overall environment to the maximum extent possible. We build it consistently, meet a security objective, and then others who build capabilities on top of that are able to leverage what we have put in place as part of the Single Security Architecture.

Another key piece of this is the joint situational awareness of cyber-activity across the entire environment. I already talked about how we were building things in pockets, and we would also see

Mark OrndorffMission Assurance Executive

DISA


JIE DefenderLaying Out a Security Architecture to Support the Joint Commander

Q&AQ&A

activity in those pockets. For example, the Army would run its net-work and see activity there, as would other components of DoD. As we’re building JIE, we’re pulling all of that cyber-activity together into on analytic environment, so there is less opportunity for an adversary to move around without being detected in our networks. The last and most important piece is that because we have a joint approach up front, we’re going to have a different way of building the cyber-workforce, where we can train to a consistent set of stan-dards and processes. Instead of trying to keep up with each other, we’re trying to build each other up.

As for challenges, we have a legacy environment we’re trying to maintain as we build something new. So how do we take some old applications and technologies and move them into a new architec-ture without breaking anything? Getting systems moved to the right places in the network and rationalizing the applications to be able to take full advantage is the number one challenge. And we’re trying to do this with constrained budgets and contracting rules and regula-tions that make things harder than you would like.

Q: What is DISA’s overall strategy for bringing a better cybersecurity paradigm to the JIE?

A: It all starts with the workforce. I define the cyber-workforce with a broader scope than other people, because we’re all part of the cyber-workforce. Obviously people who are operating and defending the network every day are a key part of the workforce, and they are the ones we are going to train and evaluate first. But our program managers, engineers and staff that support them are part of the cyber-workforce as well. The basic strategy is to make sure that all of the people who design, build and operate the network understand cyber and threats in a way that will drive us all to contribute to the same security objectives.

Q: One of the key aspects of your efforts to building out JIE is the creation of a Single Security Architecture (SSA). Why do you think this is necessary?

A: The SSA, which gives us a consistent architecture across the entire joint environment, is important because it gives us the opportunity to look through the architecture and think in terms of a threat actor trying to attack a target. We can trace threats all the way through the SSA defenses and see exactly what capabilities we need to have in what spots in the network. We can define the SSA upfront and put defenses where they need to be—to make sure we have exactly the right capabilities to address the various threats. We have to think through the threats and the architecture, and put what we need where we need it.

Q: What will SSA look like when fully implemented, and how far along are you in the process?

A: We will have specific set of defined security components. What we’re focusing on now are capabilities that will be placed between DoD and the Internet, which we call the Internet access points. We have a defined set of capabilities there and a defined set of capabili-ties at the core data centers. We’ll have the Joint Regional Security Stacks (JRSS), which modernizes and improves what was previously provided at the base level. We’ll also have another set of capabilities facing into the tactical community. Each one of those has a baseline

capability today, so we’re not starting with a blank sheet of paper. We’ve analyzed it and feel that we already have adequate baseline capabilities at the Internet point, at the core data centers, and JRSS coming on line this year will give us baseline capabilities there. We also have adequate capabilities at the tactical interface, although we’ve pushed more responsibilities to the tactical side than we should in the end state, so we have an opportunity to make improve-ments there.

Q: What role will Joint Regional Security Stacks play in the security architecture of JIE?

A: We have had a fantastic partnership with the Army, led by Mike Krieger of the Army CIO office. We were able to pull together some network modernization initiatives that they were working on, and take it from an Army program to a joint program, and use that opportunity to build out the JRSS throughout CONUS, Europe and SWA as the first wave of activity. As part of that, we’ll be taking what was done at the base level, move it to the regional locations, modernize it, expand on the capabilities and then support the joint community and not just the Army. It’s a huge opportunity for us, which is underway now. It’s fully built and tested in the lab. We’re installing our first two sites as we speak, and the acquisition is com-pleted to roll out the rest of CONUS, Europe and SWA.

Q: Do you see any issues related to acceptance of JIE and its security architecture within DoD, and what do you see as being helpful in building enthusiasm?

A: Focusing first on the security side of JIE, one of the key points is that this is not DISA’s SSA or JIE security architecture. At the beginning, there were people from the Army, Air Force, NSA and DoD CIO as well as DISA, starting from a blank sheet of paper and building out the security architecture in close partnership. From the start, this was an initiative we were all buying into. It wasn’t a DISA idea that we were trying to convince others to adopt, but an idea that we developed together. That was huge. We’ve also had great senior leadership support, such as Mike Krieger heading up initiatives within the Army to get them on board. There were many generals from the Air Force pushing to bring the Air Force into the security architecture. The Navy has some challenges because of the contract arrangements that they have in place, so it’s been slower bringing the Navy onboard, but they are helping to define where we are going so that as opportunities open up they can join as well. Also, from the cyber-situational awareness perspective, I want to emphasize that because it’s a key enabler of the JIE objectives that we are trying to achieve. Lieutenant Colonel Stanton from the Army is the lead engineer, even though cyber-situational awareness and Acropolis is a DISA program. He is working with our team to build out that architecture and start delivering the analytics that will be key to defending JIE.

Q: What opportunities does JIE offer for improved data center management?

A: Dave Bennett is the lead for that, but what we’re doing in part-nership with him is that as he builds out the MilCloud, and offers a number of different ways for the services, agencies and combat-ant commands to come into the data centers. He has a lot of great


automation in place to support the rapid adaption and movement of applications into the data centers. It’s a much more modern process than it was even six months ago. The ability to provision systems into the data centers has changed dramatically. We’ve tried to part-ner with him in a way that streamlines the security processes, so that anyone who is bringing systems into the data centers is able to benefit from all of the security and accreditation work that we have done upfront. They inherit that, and don’t have to do the paperwork and processes that we’ve done in the data centers. So we hope that will benefit those who are trying to leverage the data centers oper-ated by DISA.

Q: What are you doing in the area of range environments to fully develop the right architecture?

A: In partnership with the Marine Corps, we have a range at Staf-ford, Va., that is used to train the operate-and-defend portion of the cyber-workforce. We run training events there, and have a number of joint exercises, where we can bring in simulated or actual Red teams, and have an opportunity to fight on the network in a realistic environment. We’ve built the SSA into the range, so that they will be training and exercising on the same equipment and environment that they would see in the real world. As the department stands up the cyber protection teams, which was a key initiative of General Alexander and U.S. Cyber Command, this is also a platform that they can use to train and learn the techniques they will use as part of their requirement to defend DoD networks.

Q: What role do you see for big data analytics, such as the current Acropolis program, in ensuring JIE security?

A: I mentioned earlier about how we had compartmented views of cyber-activity. Part of that was because of the way we were building and operating networks, and part was because of limitations on the technology we were using to analyze the data that was available. Frankly, we had outgrown the capabilities that were available in the marketplace. We were in the position that we had good, robust data available to us, but we had to stop it at the door and not bring it into our correlation engines or analytic activities, because we didn’t have the capacity to take it all in. But as we have moved to big data analytics, we’re taking that constraint away as a decision point, and no longer spending a lot of time thinking about the value of the data and only ingesting the most valuable data. We can take in the data that we need and then build the analytics that would leverage that more robust set of data sources. Doing that across the joint environ-ment is a huge benefit.

As we’ve built this, we have a thin governance process to make sure that we have the community buying into the baseline envi-ronment that DISA has built and will operate for the department. Everyone who has the capability will build analytics to operate in that environment. So no one is throwing requirements to a single vendor or organization. We all—DoD, national labs, industry—can add analytic capabilities to this environment.

Q: How are you working to leverage commercial IT, and what role do you see for industry?

A: The way I see DISA’s role in building the security architecture is almost exclusively leveraging commercial technology. Only in

rare cases are we going to build something other than what is available in the commercial sector. DARPA and others may go in other research and development directions, but our core compe-tency is leveraging commercial technology, integrating it into a package, and achieving our requirements through that technique. That’s what we do—leverage commercial technology and weave it together in a way that makes sense and scales out to support the department.

Q: To help put your JIE efforts in context, can you give readers a brief overview of some of the other high priority initiatives underway in your office?

A: I would call out mobility as a key part of what we are focusing a lot of time and attention on. Mobility is where we’re going in the future. The role of mobility in DoD today is important, but it’s not as important as it will be in the future. We’re trying to stay in front of that as much as we can. We’ve had great partnerships with industry to take security objectives and requirements that we develop in col-laboration in industry, and industry is building products that meet or exceed our requirements. Through that partnership, we’re able to take commercial products at the day of release, and bring into DoD and start using them, and take advantage of the best available technology. As part of that, we’ve built out the backend infrastruc-ture, so your mobile device in DoD is not like your mobile device at home. It looks, feels and keeps up with what you are used to, as far as flexibility and power, but through what we call the mobility ecosystem, we have a number of capabilities that reduce the risk and leverage the features that we’re building into the JIE security architecture, to help mitigate the risk of a commercial mobile device operating out in the wild. I think our mobility strategy makes a lot of sense. It’s still in a building phase, but it has a huge amount of potential.

One aspect of that is the user identity side. We have the public key infrastructure and the CAC cards that everyone uses today. Those are foundational from a security architecture standpoint. Moving the CAC into the mobility space has been a challenge for us, but I think we’re at the breakthrough point. Because of how mobile device manufacturers have improved the security of their devices, we are now going to be able to take our credential that today is on the CAC card, and have a derived credential embedded into mobile devices. We’ll be able to use the derived credentials to provide strong authentication into the DoD systems. We’ll maintain your identity just as we do with the CAC card at your desk, and be able to access the whole set of DoD mission systems. This is an area I’m really excited about. It’s going to enable the department to leverage technology in ways we’ve never thought of before, and it will be key to our future.

Q: Is there anything else you would like to add?

A: I want to reinforce the point about how much we are working together with the services, agencies and combatant commands as we build out and define what we’re doing for JIE. The collaboration and support across the community has been unprecedented. We’re learning so much from each other as we go through this process; it’s an exciting time to be working in this space. There are a lot of opportunities ahead of us, and we have the right people working to make it happen. O


With high profile cases continuing to draw attention to the threat to networks posed by malicious insiders, military and other organizations are increasingly focused on finding ways to protect themselves from those who purposefully or inadvertently allow the release of sensitive information or cause damage to systems.

The approaches include both technology, in the form of monitoring, analysis and identification systems, and management, such as policies governing passwords or network access for former employees.

By HArrison DonnElly

mit EDitor

Insider Threat Insights

As tHE risk to nEtworks grows, orgAnizAtions nEED to look BotH to tEcHnology AnD mAnAgEmEnt policy, ExpErts sAy.


With a host of products and services emerging from industry aimed at helping agencies cope with the insider threat, Military Information Technology recently reached out to a number of industry executives for their perspectives on how the Depart-ment of Defense and other agencies can best address this issue. Following are brief accounts of their responses.

DEtErrEncE AnD rEsponsE

For Brendan Callahan, vice president, National Security Division for MTSI, the answer lies in keyless signature infrastructure (KSI), a technol-ogy that provides a digital signature or electronic stamp for any binary data.

MTSI and Guardtime, the developer of KSI, recently launched Insider Threat Services, which provides federal enterprises with next-genera-tion enterprise integrity protection and real-time threat detection, contextual threat intelligence, and rapid incident response.

“If you have an insider who is maliciously tampering with or stealing data, and if you are using a scalable digital signature and signing every single piece of data in your objects store, you can instrument all of that data to learn if it is changing or is still intact,” Callahan explained. “If it’s changing, who is changing it? I can do attribution of change very quickly. If an audit log has been changed and I can detect that, which KSI enables you to do, I can look at my signed audit log and see who did it, and can extract the proof of that event in a very portable way. KSI is an extremely portable way of proving the integrity of data, at a rate that no other digital signature technology available today can support.”

Part of the benefit of the solution lies in deterrence. “If I am an insider and I’m sitting in an environment where I know that KSI has been infused into everything I’m touching, I will know that the system will detect adverse activity extremely quickly, that I will not be able to cover my tracks, and that I will be dis-covered before I get out of the building. If anyone lifts a finger to compromise the integrity of the enterprise, everyone will know about it very quickly,” he said.

That also speeds remediation by rapidly making actionable information available. “That’s what has prevented us from han-dling some of these insider threat cases. The people who are charged with taking action cannot get actionable information quickly enough, so long periods of time go by between the bad act and the response. KSI is a way to cut that down to minutes, and that’s deterrence,” Callahan said.

tHE four A’s

The first thing to realize about the insider threat is that, aris-ing as it does from within an organization, it should be solvable with an effective management strategy, said Paul Christman, vice president of public sector for Dell Software.

“The internal threat is different from the external threat, which is very challenging because it’s all exter-nal—you don’t know what the challenges are going to be. We look at the internal threat, how-ever, as being entirely owned by the organization for agency. All of the resources, assets and con-cerns are inside the control of the organization. What we need to do is to say we own and control this problem, which in some cases we have made. So it is solvable by us. We don’t have to guess about what advanced persistent external threat is going to come along,” he said.

“You know who these people are and have granted them privileges, or otherwise they wouldn’t be insiders,” Christman continued. “We have created the rights and privileges that have created the threats, and it leads us to the solutions that we should be implementing.”

The solutions are based on the “four A’s”—authentication, authorization, automation and auditing, he explained. “The four A’s start the discussion about where the internal threat starts. Most people think of it as involving a rogue system administra-tor. But I would start with a different approach, because the basic idea of authentication and authorization includes simple things like ‘onboarding’ a new user and deprovisioning an exiting user.

“We did a survey that found that many agencies take weeks to deprovision a user. What you have created is an inad-vertent internal threat, because the user has been told that they are no longer part of the organization, but their access persists after termination. That is a gigantic security hole that most people think is an administrative oversight. But it’s really a security risk created by the lack of automation,” Christman said.

To reduce risks involving system administrators, Dell is developing solutions that grant specific rights to do systems administration to a group of “super users.” There is a workflow that allows people to be routinely granted system access, but it is automated, tracked and auditable.

“Once the person has requested super user access, you are able to log what that person did. A lot of the internal threat problem is that there is no audit of super users. It’s a huge

Brendan Callahan


problem that we don’t audit or track, but we’re coming up with alternatives so that super users are granted authentication and authorization, but are never granted a password, so they are not able to reuse, divulge or compromise it. A lot of the threat comes from social engineering to have people give you their passwords. We’re overcoming that problem by never letting super users have passwords,” Christman said.

involving stAkEHolDErs

Michael Crouse, director of insider threat strategies at Raytheon Cyber Products, empha-sized the need for an organizational perspec-tive on the insider threat. “Getting stakeholders involved early in the process is something that is being used by all organizations, because it’s not just a counterintelligence problem. You want to get the legal department involved from a privacy perspective, or your inspector general involved from a fraud perspective, and your IT folks from their perspective. It’s evolving as addi-tional stakeholders come into play knowing that the insider can do damage at many different levels, not just espionage. They can do fraud or sabotage or steal proprietary information, so there is aware-ness now of the need to get all your stakeholders involved.”

The next step is to select technology to meet your requirements, Crouse explained. “The tech-nologies today are going beyond traditional infor-mation assurance tools, such as data loss prevention systems. Now you are seeing technologies bring context to the forefront, so you can determine the intent of an insider. You can see if the insider was actually malicious, trying to steal information on purpose, while another might just have made a mistake, was bending the rules to get a job done or didn’t know the policies in place. You need context and intent to determine the insider’s behavior.”

Raytheon favors a layered defense approach for the insider threat, just as for the external threat. “We’ve taken the same mentality and flipped it to protect the organization against the insider threat,” Crouse said. “We’re looking at combining our SureView product, which is an end-point monitoring system, with a product that is looking at the external threat, and inte-grating them together. Raytheon is taking its external tools and integrating with insider threat tools such as SureView to provide a dynamic layered approach.”

Analytics are also coming to the forefront. “SureView is a sensor collecting information based on policies, and it does a tremendous job in grabbing both metadata and context. But we’re also integrating best-of-breed third party analytics into SureView, so that you can really look at the metadata and find the needles in the haystack. We’re looking to be more proactive,

and look at things that you couldn’t on a manual basis. But by automatically crunching through the data, you can pull out the needles and show them to the investigator, who can act appropriately,” he said.

continuous monitoring

At Tenable Network Security, the solution to the insider threat and other issues is continuous networking monitoring, with technologies for measuring vulnerabilities, watching network traf-fic and creating logs.

“We have two unique differentiators in this market,” said Ron Gula, the company’s chief executive officer and chief technical officer. “One is that we can prove we have 100 percent cover-age of the network. Often, people deploy security technologies, which provide a lot of data. But they don’t realize that the data they have is coming from some percentage of their network. What about the rest? We have 100 percent coverage.

“Secondly, we have brought together all of this technology,” he continued. “When you look

at something like incident response or insider threat, if you only had logs or user lists, you might find something. But if you had all of that in one spot, you can do a wide variety of analytics.

“There are certain behaviors that vendors say they find all of. But they’re lying, because there are so many different ways you can steal data. Our differentiator is that once you are looking for someone, you have all the evidence in one spot, so you can quickly determine if this is a wild goose chase or there is some-thing going on,” Gula said.

“If you have certain technologies that are preventative in nature, such as passwords, firewalls or locked doors, it is one thing to worry about who tried to knock on that door,” he added. “You could spend a lot of time looking for that. But if you watch where the data is flowing on the network, that’s something else. Those are two different things—analyzing who is talking to each other, and what is being prevented and who is trying to get in.

Ron Gula

Michael Crouse


They are actually very similar, but often done by different teams. We want to bring those things together.

“Typically, the security people look for bad things, using antivirus software, intrusion detec-tion, anomaly detection and other capabilities, while the auditors look at who are the authorized users, if the system is configured correctly, or if the system is even supposed to exist. Those two roles are done completely differently. Tenable is trying to unify them, and much of what the gov-ernment is trying to do, with continuous moni-toring and other efforts within DoD, is to make those two processes unified, because if you have those in one place, you can infer a great deal of things that you would have completely missed,” Gula said.

log AnD EvEnt mAnAgEmEnt

Chris LaPoint, vice president of product management at SolarWinds, pointed to a recent SolarWinds cybersecurity survey that showed that 41 percent of DoD respondents claimed data leakage or theft as their top cybersecurity threat. What was most notable, he said, was that 53 percent also named careless and untrained insiders as their top security threat sources.

“Given the very real concern of insider threats, and the military’s competing priorities and budget constraints, DoD IT professionals must consider new approaches, including the implementation of continuous network monitoring solu-tions that allow IT teams to collect data once and report to many,” LaPoint said, pointing to technologies such as log and event management systems, which automatically ana-lyze network activity, and user device tracking software, which can automatically monitor switches, ports and network devices.

“Using these types of continuous monitoring tools, system administrators can create watch lists of potentially suspicious and unauthorized devices, receive alerts if one of these devices attempts to connect the network, and even take automated actions to mitigate.

According to our data, 67 percent of DoD IT professionals have implemented at least one continuous monitoring solution to address IT operations and information security domains. Of those who have implemented continuous monitoring, nearly half have measured the return on investment and report it is paying off nicely,” he reported.

multiplE Encryption lEvEls

For agencies to fend off insider threats, multiple levels of encryption that limit decryption of information to only those with proper authentication are essential, according to Robert R. Swindle, director of enterprise solutions for Tangible Security. Layered encryption allows agencies to restrict access to sensi-tive data only to authorized users, allowing for better protection across the operating system or database.

In addition, adoption of Internet Protocol ver-sion 6 (IPv6), which enables Web space expansion and affects data security, will improve insider threat detection by eliminating source network address translation, he said, noting that address translation masks the location of a user authenti-cation event and obstructs user activity monitor-ing and correlation.

“Agencies will see improvements in the track-ing of insider activities across disparate systems from technology that reduces ambiguity and sim-plifies computations. This will yield a more holis-tic account of their actions to identify misuse or malicious intent from authorized or unauthorized users,” Swindle said.

trustED AccEss

Ten years into the implementation of HSPD-12 credentials for federal employees and contrac-tors, technology and processes for authentication and access control remain a crucial element of strategies for managing insider threats, argued Ken Ammon, chief strategy officer at Xceedium.

“Over time, as with the introduction of DoD instruction 8520.03 in 2011, we’ve seen our approach to managing access for users of all kinds mature and become more sophisticated,” Ammon said. “At the same time, the environment being pro-tected is also growing more complex, with the rapid uptake of virtualized and cloud computing technologies. These tech-nologies not only increase the scale of the environment, but also introduce new attack surfaces to protect.

“Add in growing compliance mandates, and security and compliance teams are faced with a substantial hurdle to overcome,” he continued. “But when we look at the tools we use to manage insider access, particularly privileged users, we find they’re not well prepared for the task. All too often, these management tools are point solutions, delivering uninte-grated views of activity and inconsistent enforcement of policy. That’s inefficient and costly, and just isn’t working to prevent critical breaches that fundamentally impact operations and missions.”

There are two key requirements for managing trusted insider access, Ammon said. “First, successfully addressing these risks requires an integrated privileged identity management solution that supports the consistent application of policy across what today are often standalone functions, such as password and credential management, access control, monitoring and recording. Second, that suite of capabilities has to be available across the whole of the hybrid cloud, including traditional data centers, virtual infrastructure, and public/private clouds. It’s only by addressing both these requirements will DoD truly be well equipped to manage these risks.” O



Chris LaPoint

Ken Ammon


Captain Alexander Marotta is looking forward to receiv-ing upgrades to the Army’s new mobile network backbone that will make it easier and faster to initialize, navigate and troubleshoot.

“Commanders love the capability; they do,” said Marotta, communications officer (S6) for the 3rd Brigade Combat Team, 101st Airborne Division (Air Assault), whose unit is training with the mobile network. “Now we’ve just got to make it easier for them to use. The new upgrade is going to make things even better; operators will be able to get in their network-equipped vehicles, hit start and all the systems will start automatically—that will be great.”

In response to feedback from users like Marotta, the Army made upgrades to Warfighter Information Network-Tactical (WIN-T) Increment 2 to enhance and simplify the system to make it easier to operate and maintain. By broadening the system’s user base to include general purpose users at lower echelons, the Army will increase the scalability and utility of the system, and reduce dependence on signal soldiers now free to manage the holistic network rather than troubleshoot.

“WIN-T Increment 2 works; it’s the foundation of every-thing we do,” said Colonel Thomas Dorame, commander for 2nd Brigade, 1st Armored Division (2/1 AD), the unit that executes the Army’s Network Integration Evaluation

Feedback Hones Mobile NetworkArmy upgrADEs wArfigHtEr informAtion nEtwork-tActicAl (win-t) incrEmEnt 2 to mAkE it EAsiEr to opErAtE AnD mAintAin. By Amy wAlkEr


(NIE) exercises. “This is advanced networking; we are able to move information, data and voice down to lower echelons, but we have to do it in a way that doesn’t encumber soldiers so they can get that information without having to take on a lot of additional tasks to access it.”

Soldier feedback from theater, Capability Set fieldings and semi-annual network evaluations help the Army to continually enhance the tactical network. The recent simplification and reli-ability improvements to WIN-T Increment 2 are being assessed during two intensive developmental tests.

The first of these tests was completed in late February at the Aberdeen Test Center at Aberdeen Proving Ground, Md., with soldiers putting a large part of a brigade’s worth of equipment through its paces in a tactical environment. The second develop-mental test is scheduled for June 2014 at Fort Bliss, Texas, and a follow-on operational test and evaluation is planned for NIE 15.1 in October-November 2014.

The Army’s challenge is to extract all of the complex network configurations and management functions inherent within the WIN-T Increment 2 network environment and make them run in the background so they’re invisible to general purpose users, said Lieutenant Colonel LaMont Hall, product manager for WIN-T Increment 2.

“We want soldiers to be able to log onto the system with a single user ID and password and one or two clicks, and be able to access the information they need to do their jobs,” Hall said.

WIN-T Increment 2 enables deployed soldiers operating in remote and challenging terrain to maintain voice, video and data communications while on the move, with connectivity rivaling that found in a stationary command post. The recent improve-ments to the system enhance the capabilities of the WIN-T Increment 2 Soldier Network Extension (SNE) vehicle, which provides network communication and extension capabilities at the company level, and the Point of Presence (PoP), which pro-vides mobile mission command at the battalion level and above.

As part of these improvements, the Army automated the startup for the PoP and SNE, significantly reducing the complex-ity and length of the startup process. More than a dozen buttons and switches were reduced to a single startup switch, dropping the total time to get a networked vehicle up and running from over 12 minutes to four and a half minutes. The Army also made the user interface more intuitive, so it’s easier and quicker to use.

Among the most important improvements to WIN-T Incre-ment 2 are simplified and streamlined troubleshooting capa-bilities for the PoP and SNE, moving from an in-depth interface designed for the signal soldier to one more suitable for a general purpose operator. The Army’s intent is to enable operators, in a matter of minutes, to troubleshoot and resolve 80 percent of issues themselves.

“I’m a 25 series [signal corps] military occupational spe-cialty; that is my job, but most of the WIN-T Increment 2 vehicle drivers and operators are not 25 series. They are 19Ks [armor crew], they are scouts, and they are 11 bravos [infantry],” said

The Warfighter Information Network-Tactical (WIN-T) Increment 2 Point of Presence, which provides mobile mission command at the battalion level and above, was part of the WIN-T Increment 2 developmental test in February 2014 at the Aberdeen Test Center (ATC) at Aberdeen Proving Ground, Md. The second developmental test is scheduled for June 2014 at Fort Bliss, Texas. [Photo courtesy of U.S. Army/Dan Augustyniak, ATC]


Staff Sergeant Nicholas Vettore, 2/1 AD Brigade network opera-tions satellite communications non commissioned officer. “The Army is working to make the network less time consuming and simpler for them to learn, so it is an easy transition and they can do their job effectively as operators and maintainers of the equipment.”

On the battlefield, commanders and soldiers use WIN-T Incre-ment 2 to quickly access mobile communications applications such as Tactical Ground Reporting, chat and voice-over-Internet Protocol calls. The new upgrades cut in half the time it takes to launch these applications and increased the performance of Joint Battle Command-Platform (JBC-P), a friendly-force tracking and messaging application that soldiers rely on for situational aware-ness, when it’s being operated on a WIN-T Increment 2 node.

Additional enhancements were also made to the SNE’s Combat Net Radio (CNR) Gateway, which takes advantage of the vehicle’s on-the-move satellite communications systems to help extend lower tactical internet radio networks and keep users connected. To improve capability, CNR Gateway operations were simplified and automated; operational steps to start it up were reduced from nearly a dozen manual steps to a single log-in and a click. Now warfighters merely select and connect, with mere seconds to execute.

The Army has been using soldier feedback to continually improve WIN- T Increment 2 since it was first fielded in 2012. Before the system’s initial follow-on operational test, the service acted on user feedback requesting improved speeds and response times when using applications and accessing Web portals over the network. By upgrading the network drives in WIN-T Incre-ment 2-equipped vehicles and making software and network

improvements, the Army was able to significantly improve the user experience.

“I have noticed definite improvements with the bandwidth,” said Specialist Gerardo Cabrera, who operated the 2/1 AD com-mander’s WIN-T Increment 2 PoP at NIE 14.1. “Two years ago if you were to click on the portal and open it up, it would have taken a long time, but now it moves much faster.”

As part of the Army’s Capability Set (CS) 13, WIN-T Incre-ment 2 has now been fielded to four infantry brigade combat teams, three of which have deployed to Afghanistan with the system. Throughout 2014, the Army is planning to field 10 addi-tional units with CS 14 and WIN-T Increment 2 components. As with any new system, there is always room for improvement as operators learn and create innovative ways to leverage the net-work on the battlefield.

“The more WIN-T Increment 2 is put through its paces by soldiers in operational environments, the more we can flesh out and implement system improvements,” Hall said. “We will continue to listen to soldier feedback and improve the system to provide them with the best network possible.” O

Amy Walker is a staff writer for Symbolic Systems, sup-porting the Program Executive Office Command, Control, and Communications-Tactical PM WIN-T and Miltech Solutions.



WIN-T Increment 2 enhancements, based on soldier feedback from theater, Capability Set fieldings and the Network Integration Evaluations, are being assessed during two intensive developmental tests. The first of these tests was completed in late February 2014 at the Aberdeen Test Center (ATC) at Aberdeen Proving Ground, Md., with soldiers putting a large part of a brigade’s worth of equipment through its paces in a tactical environment. [Photo courtesy of U.S. Army/Dan Augustyniak, ATC]


cotSacopia

SIBA from BAE Systems is a tool that redefines and simplifies secure data collaboration and dissemination for both government and commercial customers. SIBA provides an innovative solution to secure information sharing for the nation’s intelligence commu-nity, as well as banks, law firms and users of electronic medical records. The SIBA solution works seamlessly with Microsoft Office and SharePoint without modifying those applications.

It is imperative that agencies in the intel-ligence community are able to quickly migrate intelligence data to shared repositories, where it can be accessed securely in real time by multiple users in multiple agencies. SIBA provides this capability to any government agency or business by leveraging their existing Microsoft Office and SharePoint invest-ments. Unlike competitor solutions, no additional investment is required for the development of new secure

interagency clouds or other big data platforms to ingest, tag, replicate and share information. SIBA enables analysts to tag (portion mark) specific characters, words, paragraphs and images within their documents to define need-to-know access to portions of data. This allows other users, like field personnel and coalition partners, to access redacted versions of the intel-ligence product, based on network access and security clearance.

Dell has announced the launch of the Latitude 14 Rugged Extreme and the Latitude 12 Rugged Extreme convertible notebook for customers who require powerful solutions that can survive unforgiving conditions. The Dell Latitude Rugged Extreme solutions are purpose-built to withstand hazards such as dust, moisture, drops, vibra-tion, extreme temperatures and other punishing conditions faced by users in fields such as military service, public safety, manufacturing and first response. Latitude Rugged Extreme notebooks are independently tested to military standards including drops up to six feet, as well as ingress protection, emissions and hazardous materials certifications by a third-party testing facility. No single field test accounts for every possible scenario, so the Dell Rugged Extreme portfolio is tested above and beyond every existing standard to verify survivability in real world situations. The Dell Latitude 12 and 14 Rugged Extreme are built to endure worst-case conditions with the most robust materials avail-able, including impact-resistant ultra-polymers and sturdy magnesium alloy.

Citrix has announced new security and feature enhancements to its XenMobile solution. The new release empowers organizations in highly regulated industries, such as government agencies, to embrace device choice, improve productivity with quick access to more apps, and provide support for Microsoft Lync online meetings and other communication environments, without sacrificing security, control and most importantly, user experience. Citrix also enables enterprises and government agencies that are planning to phase out BlackBerry devices to transition smoothly,

knowing their data and existing apps are secure, integrated and supported. XenMobile enables government agencies and other highly regulated organizations to mobilize their employees without sacrificing security or control. XenMobile provides a complete EMM solution for highly regulated organizations to manage mobile apps, data and devices. With XenMobile, government agencies and enterprises gain control over personal and corporate-issued mobile devices with full configuration, security, provi-sioning and support capabilities.

HP Enterprise Services has announced a new service designed to help accelerate the U.S. public sector’s adop-tion of mobile technology to drive workforce productivity, while securing IT assets. The growth in adoption of high-bandwidth mobile services presents the opportunity for a new era of digital government. HP Enterprise Cloud Services (ECS)–Mobility for U.S. Public Sector—part of the HP Mobile Enterprise Services portfolio—offers a complete enterprise mobility management service. It is hosted on HP’s secure, Federal Risk and Authorization Management Program -autho-rized managed cloud environment to meet the requirements for regulated environment operations under FISMA, ITAR and HIPAA. The cloud-enabled solution allows for a fast and flex-ible deployment that can be scaled to fit the unique mobility needs of an agency, while ensuring that users have easy and secure access to applications across multiple device types and platforms. HP ECS–Mobility for U.S. Public Sector enables government and commercial clients to establish and enforce effective security policies and access privileges to address their unique mission challenges while protecting sensitive informa-tion. Plus, the offering’s HP Management Essentials package combines HP Mobile Device Management and HP Mobile Application Management to address security concerns at the device, application and data level.

Tool Simplifies Secure Data Collaboration and Dissemination

Security, Feature Enhancements Offer Mobile Productivity

New Service Speeds Public Sector Adoption of Mobile

Technology

Rugged Units Offer Powerful Solutions for Unforgiving Conditions


Advertisers indexRiverbed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9www.riverbed.comTeradata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5www.teradata.com/citoresearch

University of Maryland University College . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C4http://military.umuc.edu/miltech

The

adve

rtis

ers

inde

x is

pro

vide

d as

a s

ervi

ce to

our

read

ers.

KM

I can

not b

e he

ld re

spon

sibl

e fo

r dis

crep

anci

es d

ue to

last

-min

ute

chan

ges

or a

ltera

tions

.

CAlendArMay 22, 2014DI2E PlugfestFairfax, Va.www.afei.org/events

June 24-25, 2014AFCEA International Cyber SymposiumBaltimore, Md.www.afcea.org

September 15-17, 2014Air and Space ConferenceNational Harbor, Md.www.afa.org

September 24-26, 2014Modern Day MarineQuantico, Va.www.marinemilitaryexpos.com

October 6-8, 2014MILCOMBaltimore, Md.www.milcom.org

October 13-15, 2014AUSA Annual MeetingWashington, D.C.www.ausa.org

mit reSoUrce center

NEVER STOP LEARNING

Considering a new degree? Advising your troops on their education options? You need Military Advanced Education’s 2014 Guide to Military-Friendly Colleges & Universities!

Check out the searchable database at www.mae-kmi.com for the details prospective students and commanders are looking for!

• AccessallthesurveyanswersfromthehundredsofschoolsthatparticipatedinMAE’s2014 Guide to Military-Friendly Colleges & Universities

• Newandimproveddesignmakesiteasierthanevertofindwhatyou’relookingfor

• Searchthedatabasebyschoolname,state,onlineorbrick-and-mortarschools

• CompareandcontrastinstitutionswithalltheinfoMAEusedtoscoreanddesignateourtopschools


Michael Bomba has worked within the Department of Defense for more than 35 years, and is currently Riverbed’s senior solutions architect for defense. Previous major efforts he has been involved in include leading Army engineering support for the Joint Information Environment, providing senior engineering for the Army’s migra-tion to Defense Enterprise Email, building the Army’s first two area processing centers, designing and fielding the Army’s network perimeter defense solutions, designing and fielding the Army’s global Active Direc-tory solution, and designing and fielding the Army’s first global email service. In addition, he has participated in leading the Army’s efforts to build and distribute secure versions of Microsoft operating sys-tems; designing and fielding large scale communications systems for Army efforts in Saudi Arabia, Kuwait and Afghanistan; building the first deployable email ser-vices for tactical users; moving the Army to Internet based networks; and moving Army transport solutions from analog to digital solutions.

Q: What types of products and services are you offering to military and other government customers?

A: Riverbed offers a robust platform that truly enables location independent comput-ing—the idea that enterprises can now use distance and location to their advantage. Within our platform, the various prod-ucts offer a broad range of solutions to the military and government. Our core strengths and roots lie in WAN optimi-zation, application acceleration, branch office virtualization, enterprise scale cloud backup/archiving, virtual/cloud based appli-cation delivery controllers, Web applica-tion firewalls and storage projection. With the acquisition of Opnet, our platform extended to application performance man-agement, network performance monitoring and diagnostics, network planning/map-ping/modeling and unified communica-tions management. This common platform ensures that all technologies work as a

cohesive whole, providing end-to-end man-agement solutions for enterprises of any scale. All of these technologies are in use across a diverse customer base in defense, government and the commercial segment. In addition to our platform, we also have a strong professional services group, which has been recognized by J.D. Power for its service excellence.

Q: What unique benefits does your company provide its customers in comparison with other companies in your field?

A: Riverbed is the only company with WAN/application optimization, application performance management and network performance management and diagnostics in multiple Gartner leadership quadrants. Our capabilities span solutions for automa-tion of testing for large scale voice-over-IP deployments to detailed simulation and modeling for development of new network protocols. We have integrated our WAN optimization solution with our applica-tion and network performance manage-ment solutions to eliminate the need for our customers to purchase point solutions for packet capture and analysis. In addition to WAN and application optimization, our SteelHead WAN solution is also a major sensor for our management solutions.

We deliver the capability for network operations organizations to see all parts of the application delivery chain, including the ability to instrument the end-user browser, measure flow and packet performance across a large network, automate applica-tion dependency mapping, and instrument the servers involved in application delivery.

We can rapidly determine the cause of service disruptions and are the only com-pany that can see problems in the entire end-to-end application delivery chain before the end-user is adversely impacted.

Q: What are some of the most significant programs your company is currently working on with the military?

A: Riverbed has fully embraced cloud and virtual computing environments. For pro-grams like the Army Warrior Information Network, our solutions all run inside their virtual platform. Our application delivery controller and Web application firewall is software only and licensed by the megabit, not by the number of devices like most of our competitors. Amazon Web Services government cloud uses this to allow cus-tomers to spin up as many ADCs as needed. Since our solutions can run as virtual appliances, the ability to fail over entire cloud data centers is greatly simplified, as our customers are no longer dependent on physical appliances like load balancers or Web firewalls at the secondary cloud site. Providing our Web application firewall in a software-only model allows organizations to embed the firewall on their web server, install it as a virtual appliance inside a cloud data center or place it on a dedicated device to provide a physical appliance capability.

We provide all our technology in cloud-ready format to ensure it can be run as virtual appliances inside cloud comput-ing environments, as well as providing performance enhanced hardware solutions for networks operating as speeds as fast as 10 GBs.

Riverbed fully supports government efforts to improve information security and has just completed FIPS certification for our common cryptographic module, which is used across a large portion of our portfolio. Because we also provide software-only solutions, our technology can inherit security efforts from industry operating system leaders such as Red Hat, VMware and Microsoft. O

[email protected]

Mike Bomba Senior Solutions Architect-Defense

Riverbed Technology

inDUStry interVieW military information technology


NEXT ISSUEThe Voice of Military Information Dominance

Cover and In-Depth Interview with:

Brig. Gen. Kevin NallyChief Information OfficerU.S. Marine Corps

Insertion Order Deadline: May 30, 2014 • Ad Materials Deadline: June 6, 2014

FeAtUreS4G Quandary4G/LTE technology offers huge opportunities for the military, but the booming popularity of consumer uses is crowding the military out of the electromagnetic spectrum. DoD is searching for ways to benefit while also accommodating the economy’s need for more bandwidth.

Software-defined NetworkingA new approach called software-defined networking is drawing increasing attention from government and industry in order to improve management of network services.

ID ManagementWith the aging of technology used in the Common Access Card for both physical and network access, government and industry are exploring a variety of alternatives.

Digital SAtCOM

Digital intermediate frequency (IF) technology offers enormous benefits to the buyers and users of SATCOM terminals, beginning with performance, cost and size, and addresses performance challenges that cannot be solved with conventional analog IFs.

JIe reportThe recent Joint Information Environment (JIE) Mission Partner Symposium spotlighted the role of the Defense Information Systems Agency and other Department of Defense organizations in developing the JIE.

June 2014Vol. 18, Issue 4

THIS IS OUR CAMPUS

Creating learning opportunities wherever the U.S. military serves

More than 95 career-relevant programs available online and on-sitecybersecurity • criminal justice • business

AT YOUR SERVICE SINCE 1947

Serving the military is in our DNA. Talk to us.877-275-(UMUC) 8682 • military.umuc.edu/miltech

14-MIL-077 Military Campus Ad Refresh_MIT_HRR3.indd 1 2/12/14 12:21 PM

Mit 18 3 finalv2

Documents

Transcript of Mit 18 3 finalv2