Robert Carey, Principal Deputy CIO, DOD Insight session

D o D C I O

S U P P O R T T H E W A R F I G H T E R

UNCLASSIFIED

DoD CIO Priorities for 2014

Principal Deputy Chief Information Officer

U.S. Department of Defense January 17, 2014

Robert J. Carey

D o D C I O


UNCLASSIFIED

Agenda

• DoD CIO Focus

• DoD IT Environment

• Movement toward the Joint Information Environment o Major Components of JIE

o Work in Progress

o Way Ahead

• Additional Significant Work Streams o Cybersecurity

o Mobility

o Spectrum Strategy and Implementation Plan

• How Can Industry Help

2

D o D C I O


UNCLASSIFIED

DoD CIO Focus

• Deliver the Joint Information Environment

o Major effort and change within the Department towards IT modernization

• Strengthen Cyber Security o Improve information security from desktop to data center o Cyber workforce strategy o DoD strategy for defending networks and data

• Deliver Secure Mobile Devices o Deploy and manage secure modern mobile devices

• Manage RF Spectrum to support mission

3

D o D C I O


UNCLASSIFIED

We must ensure access to information

… on any device,

at anytime, under all conditions,

wherever the warfighter needs it …

What We’re About: Mission Assurance - Warfighter Needs

4 Mission assurance is DoD’s top priority

D o D C I O


UNCLASSIFIED

IT Systems

• > $39.6B in FY14 • > $17.4B in IT

Infrastructure • > $4.7B for

cybersecurity

• ~1.4 million active duty • ~783,000 civilian

personnel • ~1.2 million National

Guard and Reserve • 5.5+ million family

members and military retirees

• 146 + countries • 5,000 + locations • 600,000 + buildings

and structures

• >10,000 operational systems (20% mission critical)

• ~1700 data centers • ~65,000 servers • ~7+ million computers and IT

devices

• Thousands of networks/enclaves

• Thousands of email servers, firewalls, proxy servers, etc.

• Mobile devices ~ 493,000 Blackberries ~ 41,000 iOS Systems (Pilots) ~ 8,700 Android Systems (Pilots)

DoD IT User Base

Total IT Budget

DoD IT Environment: Cyber Footprint

5 Scale of the footprint … scope of the challenge

D o D C I O


UNCLASSIFIED

• JIE (when delivered fully) will consist of: o ~25 Core Data Centers using common computing environment, ~800 smaller installation data

centers (reduced from ~2000) that are secure, resilient and efficient o Coherent security architecture / protected networks with enhanced resiliency to int/ext threats o Common Enterprise Services that support the entire Department o Component built business/warfighter applications on a joint technology infrastructure

• JIE implements joint network standards, specifications, and architectures driving commonality across a diverse DoD computing environment to drive greater security and information sharing

This DoD-wide effort toward the JIE will: • Realign, restructure, modernize how IT

(NIPRnet and SIPRnet) networks and systems are constructed, operated, and defended

• Consolidate and standardize the design and architecture of the Department’s networks

• Change Cyber Security Tactics, Techniques and Procedures

6

What is the Joint Information Environment?

D o D C I O


UNCLASSIFIED

• Enhanced Mission Effectiveness o Rapidly and dynamically respond to changing mission information needs for all operational

scenarios o Users and Systems will have timely and secure access to the data services needed to accomplish

their assigned missions, regardless of their location or device

• Increased Security o Able to jointly See, Block, Maneuver across the whole of the DoD information Network

• Allow Commanders to manage risks within regional domains o C2 of the Network from USCC and component cyber commands o Users and systems can trust their connection from end to end o Knowledge of the network, the data, and accesses with role and persona attribution

o Capabilities are remain available during contested or degraded cyber events

• Achieved IT Efficiencies o Information assets are joint assets, leverage by all for Department missions o Constant visibility into it expenditures through increased transparency o Maximize Enterprise purchasing and minimize variations

Benefits of the JIE

7

D o D C I O


UNCLASSIFIED

Technical Documentation leading to the development of an Acquisition Baseline

What’s needed:

Prog

ram

C

onsi

dera

tions

Joint Information Environment

IdAM Single Security Architecture

Enterprise Services

Enterprise Operations

Data Center Consolidation

Network Normalization

Transparent Documentation of IT Infrastructure Costs and Cost Recovery Approaches

Defined Enterprise IT Service Management Processes - Incident Mgmt - Event Mgmt - Problem Mgmt - Change Mgmt

Architecture patterns for Security

- Monitoring - C2

Help Desk

End to End IP Transport

Predictable Security Boundaries

MPLS Virtual Networks with QoS

Architecture Patterns for Security

- Monitoring - C2

Standard Approach to Security - Zoned Approach - Boundaries

provided and managed at DoD Enterprise

- Standard Network Configurations

Architecture Patterns for CND

GFE Computing (e.g., cloud computing) - Capacity

Services - Storage Services - Standard

Network Configurations

Single Security Architecture

Email

Portal Services

Instant Messaging/Chat/Presence Awareness VOIP/SVOIP Directory Services

Single Identity linked to DEERS

Authentication via Direct PKI or Gateway Service On-demand account provisioning Access management patterns

JIE Capabilities Provided to Programs

9

D o D C I O


UNCLASSIFIED

10 1/24/2014

Enhancing Cyber Operations Security Improving ability to see and respond to Cyber Threats • Improved Security Architecture (~400 TLAs to 15 regional

TLAs) supporting CONUS & SWA • USMC centralized Operations Center • Mandated use of Enterprise Directory Services and an

authoritative identity data source • Established initial Enterprise Operations Center in Europe

Network Consolidation Consolidating networks and IT infrastructure across the Department IOT increase operational effectiveness • Converging voice, data, video networks via EoIP & migrating to Enterprise

(DISA provided )VoIP (call management) Services • Upgrade to network(MPLS) routers - managed by DISA, • USMC upgrading network (MPLS) routers • Service reduced gateways from 203 to 16 • Services reducing legacy networks • COCOM’s pursuing consolidated desktop initiative • COCOM’s consolidating HQs and component networks

Enterprise Capabilities and Applications Reducing costs through movement to enterprise licensing, capability delivery and application reduction • USA reduce applications by 30%; ID’d 2.5K of 10.6K to sunset • Microsoft Joint Enterprise License Agreement • USMC Data Center hosting Navy and DoJ apps • DON adopts USMC PMO for DON ELAs; USN to complete 3 of

12 ELAs in FY 13 • USN reduced 25K applications to 6K • Coordinating Mission Partner Environment • Commercial cloud service offering pilot efforts

JIE Progress to Date

D o D C I O


UNCLASSIFIED

11 1/24/2014

DoD Chief Information

Officer

CC/S/A

JIE Management

Construct

Joint Staff

DoD

Acqu

isitio

n, B

udge

t & R

equi

rem

ents

Pro

cess

es

JIE EXORD

5 Dec 2012

“First and foremost, JIE will improve mission effectiveness.”

Office of the Secretary of

Defense

Directs DoD Components to participate and align resources

to enable JIE

CJCS JIE Whitepaper

22 Jan 2013

JIE Operations CONOPS 1.0

25 Jan 2013

JIE Increment-1 Transition CONOPS

25 Jul 2013

“…describes roles, responsibilities, functions and

tasks…”

DoD is committed to multi-year JIE effort directed by DoD CIO

DoD ITESR

5 Oct 2011

JIE ICD

In progress

EDS

22 Jan 2013

JIE Implementation Memo

6 May 2013

DoD CDC

11 Jul 2013

JIE Management Charter

9 NOV 2012

JTSO Establishment Memo

29 Aug 2012

JOSG Establishment Memo

23 Oct 2012

Key JIE planning forums stood up

with CC/S/A support and participation

JIE Increment-1 Business Case Analysis

Inactive/Not Complete

“BCA…is the first step in aligning PPBE processes for JIE stakeholders”

“JIE represents the largest restructuring of IT management in the history of the Depart of Defense.”

JIE Inc 1 IOC in Europe

11 Jul 2013

DoD UC Memo

11 Jul 2013

Directs implementation of key capabilities and sets conditions for future planning

“All requirements set for IOC for JIE Increment-1 in the European and specified Africa Commands AORs have been met.”

CYBERCOM Tasking Order J3-13-0688

31 Jul 2013

Acronym Key CDC – Core Data Center DOT&E – Director of Operational Test & Evaluation EDS – Enterprise Directory Services EXORD – Execution Order DEE- Defense Enterprise Email ICD - Initial Capabilities Document IOC – Initial Operational Capability ITESR – IT Enterprise Strategy and Roadmap JMC – JIE Management Construct JOSG – JIE Operational Sponsor Group JTSO – JIE Technical Synchronization Office OT&E – Operational Test & Evaluation UC- Unified Capabilities UCP – Unified Command Plan

OT&E Oversight Memo

12 Aug 2013

Places all JIE related capabilities under DOT&E oversight.

JIE Operations CONOPS 2.0

In progress

JIE EXORD Modification 1

12 SEP 2013

Designates Defense Enterprise Email as an Enterprise Service and states inclusion in DoD Information Enterprise Architecture for compliance purposes

CDC

1 Nov 2012

Identification of Data Center Types

Migration of Apps and systems by FY18

DEE

5 SEP 2013

JIE Inc2 PACOM

6 SEP 2013

Implementation Guidance

26 Sep 2013

Key JIE Policies and Guidance

D o D C I O


UNCLASSIFIED

12

Enterprise Architecture

Solution Architectures

Reference Architectures

Policy &

Guidance

Provides direction for identifying, developing, and prescribing IT, including NSS and DBS, standards

Establishes the role of the DoD EA in providing context and rules for accomplishing the mission of the Department.

Approved 10 Aug 2012; Foundation for the JIE EA

Provide Strategic Purpose, Principles, Patterns, Technical Positions and Vocabulary for Solution Architecture development

In Formal Review; expected to be approved for JIE RA and SA development in 1QFY14

Acronym Key IEA – Information Enterprise Architecture JIE EA – Joint Information Environment Enterprise Architecture EANCS – Enterprise-wide Access to Network and Collaboration Services ADO – Active Directory Optimization CDC – Core Data Center SSA – Single Security Architecture UC – Unified Capabilities IdAM – Identity and Access Management EOC – Enterprise Operations Center EC – Enterprise Cloud NNT – Network Normalization and Transport OOB – Out Of Band

Establishes a capability-focused, architecture-based approach for interoperability analysis; Establishes the requirement for enterprise services to be certified for interoperability.

DoD IEA v2.0

10 AUG 2012

JIE EA v0.4

In Progress

DoDI 8310.aa

In Progress

Establishes governing policy for Unified Capabilities products and services supported on DoD networks.

DoDI 8100.04

9 DEC 2010

DoDI 8270.bb

In Progress

DoDI 8330.aa

In Progress

DoD IEA v3.0

In progress

SAs Under Development by IDTs: IdAM: Directory Services, Synchronization Services, Authentication GW Services, People & Organization Discovery Services, Enclave Attribute Services, and DoD Visitor SSA: Enterprise Perimeter Protection, Base Area Network(ICAN), and Enterprise IA Security CDC: Core Data Center, Installation Process Node (IPN), and Installation Services Node (ISN) NNT: Wide Area Network (WAN), SATCOM Gateway, and Mobility Gateway Unified Capabilities EOC/OOB Instrumentation

IdAM Data Dictionary

14 AUG 2013

Naming Specification Informational Guidance; Currently Under TWG Review

ADORA

29 Aug 2012

CDC RA

18 SEP 2012

UC RA

8 FEB 2013

IdAM RA

In Review

EOC RA

In Progress

EANCS

24 AUG 2010

SSA RA

MAY 2013

EC RA

In progress

Merges the architecture content and guidance of DoD IEA v2.0 and the JIE EA into a single, integrated, authoritative architecture for the Information Enterprise.

1/24/2014

Key JIE Related Architecture Artifacts

D o D C I O


UNCLASSIFIED

JIE Way Ahead

• Continue to leverage COCOMs, Services and Agencies IT initiatives to achieve end-state

• Drive implementation and execution actions necessary to deliver capabilities o Acquire via component normal tech refresh process to standards and

architectures defined as JIE norms

• Improve IT Budget transparency to align spend • Develop and deploy policies, procedures, oversight, and

culture that enables info sharing • Accelerate initiatives where feasible to move effort forward • Consolidate/standardize elements of networks to more

effectively defend them and confront threats with agile information sharing 13

D o D C I O


UNCLASSIFIED

• Cybersecurity

• Mobility • Spectrum Strategy and Implementation Plan

14 1/24/2014

Additional Significant Work Streams

D o D C I O


UNCLASSIFIED

High

Low

1980 1985 1990 1995 2000

Soph

istic

atio

n

cross site scripting

password guessing self-replicating code

password cracking exploiting known vulnerabilities

disabling audits back doors

hijacking sessions

sweepers sniffers

packet spoofing

graphic user interface

automated probes/scans

denial of service

www attacks

“stealth” / advanced scanning techniques

burglaries

network mgmt. diagnostics

Distributed attack tools staging

sophisticated C2

2010

phishing

Growth of the Cyber Threat Sophistication of available tools is GROWING

Sophistication

required of Actors is DECLINING

2015

?

“Cyberspace is real. And so are the risks

that come with it.” -President Obama,

29 May 09

?

15

D o D C I O


UNCLASSIFIED

Defending DoD Networks & Systems: Cyber Strategic Choices for 2020

Shift to Proactive Cyber Defense

Operations

Fully employ active cyber defense

Provide forces to maneuver and

influence

Deliver Adaptable Cyber Defense

Solutions

Architect a defensible information environment

Strengthen data defenses

Enhance Cyber Situational Awareness

and Partnering

Improve the cyber sensing infrastructure

Harness the power of Big Data analytics

Assure Survivability against Catastrophic

Cyber Attacks

High priority mission areas

Prepare for success against large-scale

cyber- attack Mitigate all phases of cyber aggression

Institutionalize cyber threat-based

engineering & acquisition

Capitalize on the strengths of public-private partnerships

Defend beyond DoD boundaries

Engineer unpredictable

defenses

Implement a multi-mission cyber

operational picture

Focusing Cyber Defense on Assured Mission Execution 16

D o D C I O


UNCLASSIFIED

JIE Security Architecture Overview

The intent of the security architecture is to: • Create a coherent, uniform and standards-based security construct

o Uniform Service/Capability Delivery o Ability to Standardize Ingress/Egress connectivity as well as O&M processes

• Improve Performance of Security o Provide full security suite capability to every Base / Post / Camp / Station o Fill known holes in the current security architecture o Provide full visibility, move away from standalone to an enterprise security solution o Reduced lateral movement beneath the Regional Security Stacks o Enclave boundaries clearly defined and centrally managed o Provide a Security Infrastructure that is Always On, Always Connected

• Improve Cost of Security o Cost avoidance associated with life-cycle of hardware, eliminate localized Security Stacks, by

delivering the same services through 11 Centralized Security Stacks. o Cost avoidance associated with operations and maintenance o Cost avoidance associated with scaling to meet emerging requirements o No new hardware simply add virtual instances

17 1/24/2014

D o D C I O


UNCLASSIFIED

JIE SSA Architecture Overview (V2.0)

18 1/24/2014

• JIE Single Security Architecture team delivered the JIE SSA RA Version 2.0 and receiving comments from the Architecture Working Group (AWG)

– Enterprise Perimeter Protections – NIPR & SIPR – Cross Domain Security – Common Network Interfaces – CND views

• Version 3.0 will include Mission Partner Environment (MPE), SATCOM, UC, and IdAM

D o D C I O


UNCLASSIFIED

What actions are we taking? • Evolving DoD’s defenses:

o Standardization and consolidation of the infrastructure

o Layering defenses o Deploying identity tools – PKI all network

domains o Improving monitoring

• Multiple efforts to contain, dampen, detect, diagnose, and respond to successful or partially successful cyber intrusions and attacks include: o Network hardening o Moving toward more automation via continuous

monitoring

19 19

D o D C I O


UNCLASSIFIED

• DoD Mobile Device Strategy, Jun 2012

• DoD CMD Implementation Plan, Feb 2013

• Mobility STIGs (iOS, Android, BB), May 2013

• Commercial Classified Solution (Secret), May 2013

• DISA MDM/MAS award, Jun 2013

• Defense Enterprise Email, Sept 2013

• DoD Enterprise MDM and Mobile App Storefront, Dec 2013

• Commercial Classified Solution (Top Secret), May 2013

• Modified CMD Security Approval Process, July 2014

• SME PED end-of-life, Dec 2014

DoD Mobility Strategy

20

D o D C I O


UNCLASSIFIED

DoD Mobility Strategy & Implementation Plan

Mobility Gateways FY13-14

Business Case

Analysis

BYOD

CMD Pilot Consolidation

MDM/MAS Award

Expedite Approval Process

Ent

erpr

ise

Sol

utio

n

FY13 FY14 FY15 - 17 FY17 - Beyond

MAS

MAM

MDM CAC/PIV 201-2 Integration

NEW SPEC

?

Promote the development and User of

DoD Mobile & Web-Enabled

Apps

An enterprise Mobility

services for Classified & Unclassified capabilities

Information Enterprise

Infrastructure to support

Mobile Devices

Mobile Device Policies and Standards

DoD Mobility Strategy

DoDI 8100.02

Federal Digital

Strategies

DoD CIO Consolidation

Plan

Federal Standards

Technology Insertion

Phase-out SME PED

Primary Communication for

ROUTINE DoD Users is Wireless

TBD

New Classified Capability

BCA – Business Case Analysis BYOD – Bring Your Own Device CMD – Commercial Mobile Device DoDI – DoD Instruction MAM – Mobile Application Management MAS – Mobile Application Store MDM – Mobile Device Management MILDEP – Military Department PIV – Personal Identity Verification SME PED – Secure Mobile Environment Portable Electronic Device

21

D o D C I O


UNCLASSIFIED

22

Battlefield Training/Testing

Increasingly Contested & Congested

• Constraining Regulatory Environment

• Repurposing/Spectrum Sharing

• Auctions of Federal spectrum in US

• Reallocation of military spectrum in host nations

• Exponential increase in

wireless devices worldwide

• Jamming

• Cyber warfare

•Mobility Strategy

•More unmanned systems

• More powerful radars to combat stealthier threats

• Increasing data rates

• Connectivity to lower echelons

DoD’s exclusive access to spectrum WILL BE reduced and challenged – in US and overseas spectrum sharing and co-use is a certainty

Wireless Industry

Mob

ile In

tern

atio

nal C

oalit

ion

Challenge: Rapidly Changing Spectrum Use

D o D C I O


UNCLASSIFIED

Response: DoD Electromagnetic Spectrum Strategy

Spectrum Dependent

Systems

Goal 1: Increase efficiency,

flexibility, and adaptability

• Expedite development of spectrum efficient and flexible technologies • Accelerate sharing technologies • Adopt commercial services where feasible • Strengthen enterprise oversight

Spectrum Operations

Goal 2: Increase agility

• Develop near real-time spectrum operations • Advance ability to mitigate interference • Modify policy, regulation and standards to allow agile spectrum

operations

Spectrum Regulation and Policy

Goal 3: Sharpen responsiveness

• Reform DoD’s ability to assess regulatory/policy proposals • Expand DoD participation in regulatory/policy discussions • Institutionalize DoD’s ability to adapt to regulatory/policy changes

Vision: Spectrum access when and where needed to achieve mission success

• A paradigm shift - Improvements to spectrum management and spectrum efficiency are necessary, but not sufficient - spectrum access through sharing is required to increase DoD’s spectrum access opportunities

• Advancements in technology and associated policy/regulations are needed • Required for success: Collaboration/partnerships AND Leadership/ Accountability

Working toward “win-win” for DoD, other federal users, and the wireless industry

23

D o D C I O


UNCLASSIFIED

How can you Help?

• Ask hard questions…propose answers in the context of our problem set

• Leverage your best and brightest • Help us find lasting, innovative solutions • Be part of our success

Collaboration – Key to conquering our challenges 24

D o D C I O


UNCLASSIFIED

25

QUESTIONS?

Robert Carey, Principal Deputy CIO, DOD Insight session

Technology

Transcript of Robert Carey, Principal Deputy CIO, DOD Insight session