What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close


    A secure SOA for DOD

    2008 GCN Technology Leadership Award winner Vera sets the requirements for protecting enterprise services

    • By Drew Robb
    • May 15, 2008

    Related Links

    Tools and techniques

    2008 GCN Technology Leadership Award winner

    Defense Information Systems Agency


    PERSONAL MOTTO

    Always expect more out of people than they expect of themselves. It’s amazing what people can achieve when you set the bar high.


    WHAT KEEPS YOU MOTIVATED

    Learning new things, and with the [Net-Centric Enterprise Services] program being on the cutting edge of technology for the Defense Department, I am never lacking for new topics. Working with people also motivates me; there is nothing like working with a multidisciplinary team in DISA.


    HOW YOU KEEP IT FUN

    Find interesting work, get people involved in it and use their ideas.

    Carlos Vera is the Net-Centric Enterprise Services deputy program manager and a 2008 GCN Technology Leadership Award winner.

    Submitted photo

    In some ways, the Defense Department's task of keeping the
    country secure starts with keeping its own information technology
    systems secure. The job is never easy, and it gets more complicated
    with the shift from a systems-based approach to a service-oriented
    architecture. So as DOD implemented its SOA-based Net-Centric
    Enterprise Services (NCES) platform during the past year, its
    managers had to find a new way to secure services.



    MORE ON THIS TOPIC: 2008 Technology Leadership Awards home page


    'Initially, we thought that taking a centralized approach
    to enterprise security was best,' said Carlos Vera, deputy
    program manager at NCES, which is under the purview of the Defense
    Information Systems Agency. 'What we have learned is that is
    the wrong model. We can't do everything at the enterprise
    level.'


    Instead, NCES migrated to a system that established a security
    framework and protocol for how services should securely talk to one
    another, specifying the requirements while holding service
    providers responsible for their own policy enforcement.


    For example, he is working to ensure that the services satisfy
    Federal Information Processing Standard 140-2 cryptographic models
    for network transmissions and data at rest, particularly on the
    Non-secure IP Router Network. But he doesn't specify how
    providers should do it.


    Vera 'has pioneered a new way of addressing information
    assurance' at DOD, said DISA computer scientist Tom
    Hazelwood. 'His determination and efforts have defined a new
    path for delivering capabilities to the warfighter.'


    Vera began his defense IT career performing software engineering
    research on the Ada language and distributed real-time systems for
    the Army Communications and Electronics Command at Fort Malmouth,
    N.J. After four years there, he returned to San Antonio with his
    wife and four children to provide postdeployment software support
    for the Air Force's Modular Automatic Test Equipment system
    and later led the software engineering process group at Kelly Air
    Force Base. He spent nearly a decade working on information
    assurance as a division chief of the Air Force's cryptologic
    systems group at Lackland Air Force Base, Texas, where he oversaw
    the issuance of 1 million Common Access Cards.


    'We also did a lot of research for the intelligence
    community focusing on information assurance architectures as well
    as how we go about helping the community to identify
    vulnerabilities, characterize them and ultimately say what the
    semantics are for the vulnerabilities,' Vera said. 'We
    started the CVE initiative ' common vulnerabilities and
    exposure ' that has spread out as a standard among all the
    commercial vendors as a vulnerability identification.'


    From Lackland, he came to DISA as chief information assurance
    engineer, which included securing NCES.


    'One of the fundamental issues is: What does it to mean to
    make an enterprise service available to the community?' Vera
    said. 'You have all these ports and services that are being
    driven across the network, but are they secure services, and have
    they been approved? We need to make sure we are all following the
    same set of ground rules, and the same documentation is being
    generated.'


    That goal is complicated by the structure of NCES. Different
    sources provide the four product lines: the SOA foundation,
    collaboration, content discovery and delivery, and portal.


    The Army's Defense Knowledge Online provides
    managed-services user access. Users can collaborate via IBM's
    Sametime or Carahsoft's Adobe Connect and Jabber solution.
    For content discovery and delivery, ISYS search software provides
    Google search appliances through Intelink, and Akamai provides
    forward-hosting of cached Web data. Computer Sciences Corp.
    provides messaging, discovery, monitoring and security of services.
    The services are hosted at Defense Enterprise Computing Centers or
    commercial facilities. DISA establishes security and service
    parameters but lets service providers determine the best way to
    meet those requirements.


    'We need to make sure that the services being deployed are
    secure and that they will be able to satisfy our
    requirements,' he said. 'Once we have determined that,
    it is performance-based.'



    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Your Name:(optional)
    Your Email:(optional)
    Your Location:(optional)
    Comment:
    Please type the letters/numbers you see above

    GCN eNewsletters

    eSeminar