[ISN] DOD intertwines data security, interoperability challenges

From: InfoSec News (alerts@private)
Date: Tue Mar 06 2007 - 22:18:53 PST


http://www.gcn.com/online/vol1_no1/43260-1.html

By Jason Miller
GCN Staff
03/06/07

ORLANDO -- The Defense Department is spending $2.5 billion on 
information assurance in fiscal 2007, and a good portion of those funds 
are to ensure the military can share data safely and more easily with 
the intelligence community.

John Grimes, DOD CIO, yesterday said the key to information sharing is 
security. If you cant protect information, you cant share it.

We are looking at those two areas in our architecture and in the next 
generation of security technology, and how we may change the 
nonclassified IP router network, he said at the Information Processing 
Interagency Conference, sponsored by the Government IT Executive 
Conference. The only way to get to net-centricity is to ensure we can 
share information and it is interoperable. We are spending a lot of 
money on this.

One program DOD is working on with the Homeland Security Department and 
other agencies is the National Command Coordination Center, which will 
improve information sharing among federal, state and local agencies.

Grimes also pointed to DODs ongoing move to net-centricity and using 
service-oriented architecture to separate data from the application 
layer.

The information must be understandable and must be able to be used over 
and over again, Grimes said.

To ensure data interoperability, DOD is moving more toward communities 
of interest, including one recently set up in the maritime community 
with the Coast Guard, Navy and other agencies. Grimes said the Office of 
Management and Budget is paying close attention to how these communities 
succeed.

While information sharing is important, Grimes said most of DODs efforts 
are to ensure all data is secure.

We have seen a huge increase in targeted incidents over the Internet, he 
said. We are under attack 24 hours a day, seven days a week, and we are 
starting to share information on cyberattacks or holes with DHS, and 
they are sharing back.

Grimes illustrated DODs challenges with statistics such as:

    * 46 percent increase of hackers altering DOD Web sites
    * 28 percent increase in e-mail scams
    * 250 percent increase in malware.

He also pointed to recent attacks that took down the National Defense 
Universitys system and another attack on the Armys Fort Hood in Texas.

The Army spent about $50 million to $60 million to bring their sites up 
after the attack, Grimes said.

To meet these challenges, DOD is relying on enterprise security 
solutions such as public-key infrastructure with the Common Access Card 
and patch management software, he said.

DOD also is working with the Office of National Intelligence to develop 
standard security policies and uniform reciprocity agreements to accept 
certification and accreditation of each others systems.

Grimes also said the Global Information Grid information assurance 
portfolio is how DOD is moving to the next generation security 
technology.

We are tagging data, and it will go into our service-oriented 
architecture, he said. We are on that road and pushing hard.


_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Tue Mar 06 2007 - 22:29:39 PST