http://www.govexec.com/dailyfed/0601/062701j1.htm By Joshua Dean jdeanat_private June 27, 2001 When the Navy Marine Corps Intranet (NMCI) comes online in mid-July, the programs entire security infrastructure will be fully operational and effective, Navy officials said Tuesday. NMCI is the Navys 5-year, $4.1 billion-effort to outsource the technology, maintenance and help desk support for over 350,000 desktops and 200 networks. The Navy awarded the NMCI contract to Electronic Data Systems in October 2000. Scott Henderson, a systems engineer at the Space and Naval Warfare Systems Command, outlined the projects exhaustive approach to security at a press conference Tuesday. NMCI will use six network operation centers equipped with full-time security staffs. These centers will govern all network traffic between NMCIs networks and the public Internet. The network operation centers will fully isolate the Navy and Marine Corps from outside networks, Henderson said. The government has outsourced the infrastructure but has retained the authority to run the network. NMCIs security wont end there. Further monitoring will occur at the regional and command level, and every workstation and server will be monitored for viruses and outbreaks of malicious code. Under NMCI, every Navy and Marine Corps server will be moved to server farms managed and protected by the network operation centers, thereby limiting access points and reducing security risks. Currently, the Navy suffers from differing security capabilities at its various commands, said Henderson. NMCI will unite the Navy under a single security policy. The Marine Corps already has one. The Navy has reason to pay close attention to information security. Last year, the Navy tracked 23,662 possible hacking attempts on its networks. Thus far in 2001, the Navy knows of 125 successful intrusions into its systems. While most of those were aimed at Web sites rather than core business systems, the Navy takes each hacking incident very seriously, Henderson said. Most successful hacks could have been prevented had known vulnerabilities been fixed, Henderson said. NMCIs enhanced security will make it easier for the Navy to fix known software foul-ups that hackers typically take advantage during their exploits. Fixing such vulnerabilities should enable the Navy and Marine Corps to focus on more advanced information warfare threats, such as those posed by foreign states or terrorist groups, said Henderson. NMCI will be the largest Defense Department implementation of public key infrastructure (PKI), said Henderson. A PKI is used to restrict computer access to only authorized users as well as to protect and encrypt data traveling over networks. EDS stands to earn up to a $10 million performance bonus if Navy and Marine Corps official s are satisfied with NMCIs level of security. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 03:09:09 PDT