All-seeing security program spreading throughout DOD

Record software deployment gives cyber command omniscient view

The implementation of a $9.7 million agreement with McAfee and Northrop Grumman to secure 5 million desktop and notebook computers and servers is bolstering military cybersecurity efforts via the host-based security system (HBSS) rolled out last month.

The program helps to secure DOD’s Secret Internet Protocol Router Network (SIPRNet), in addition to its Non-Classified Internet Protocol Router Network (NIPRNet), for which HBSS originally was rolled out through the Air Force Network-Centric Solutions contract last year.

Officials already are touting the benefits of the deal.

“HBSS is the new big thing. We are already deploying it on all our desktops,” said Dave Wennergren, the Defense Department's deputy chief information officer.

“The program is giving cyber command a top-level view,” providing critical information to organizations such as the newly created 24th Air Force at Lackland Air Force Base in San Antonio, which is responsible for Air Force cyber operations, said Tom Conway, director for federal business development at McAfee.

Conway said the HBSS deployment marks the largest single software mandate for DOD, security or otherwise.

The software is built on McAfee’s Host Intrusion Prevention Systems (HIPS) signature and behavioral protection, and a system firewall. HBSS also employs McAfee’s ePolicy Orchestrator management framework, a dedicated security management console.

HBSS "is the last line of defense, but also the first — it’s 360-degree protection, even from inside threats. It offers better visibility into what the network looks like and how it behaves,” Conway said.

According to Herb Galindo, department manager for the central region at Northrop Grumman Information Systems, HBSS also is supporting a Defense Information Systems Agency drive for capabilities that collect and correlate alarms as cyberattacks occur.

The HBSS program also reaches into outside agencies, including civilian agencies such as the Coast Guard, and the other branches of the military are beginning to implement the security standard as well, though officials say the Air Force has been the first military organization to make major strides with the software.

“The Air Force is ahead of the pack across DOD in implementing HBSS,” said Col. Russ Fellers, deputy director of the Air Force 753rd Electronics Systems Group, which focuses on net-centric and command and control capabilities for the Air Force.

“HBSS is a game-changer in the sense of virus protection at the desktop level, [preventing viruses or malware from] spreading into the network,” Fellers said. “The magnitude is enormous.”

Beyond the cyber realm, the HBSS program also is having an effect on the ground, and as far away as Afghanistan. “This provides system administrators improved situational awareness and ensures capabilities to the warfighter,” Galindo said.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Reader Comments

Thu, Feb 18, 2010 Mick Lang London

Yet another wrench to throw into the 'netcentric' world of DoD computing. I doubt any of this sanctioned security enhancements will undergo rugged testing (i.e., SABI) with other three-letter agencies (as DIA will accredit regardless). So far, Public Key encryption, digitally signed emails and attachment-shredding firewalls have not aided in the sharing of data, but have hampered it. I'm sure that this will get a belly-full of laughs at the next DEFCON conference in Vegas.

Fri, Dec 11, 2009

HBSS is touted to be a wonderful solution; however, the HIPS software and HBSS has received zero review by senior admins at critical tiers within AF networks. This has caused multiple-week downtime at some sites, crashed firewalls due to the enormous load inflicted by these programs, and has trashed CPU utilization on multiple servers. The single-solution nonsense will probably only go away once we have a horrible zero-day exploit that hits every last pc. What would we do if a Chinese company bought into McAfee? Would we dump this product just like we did Symantec? I apoligize for being frank, but this is stupid.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above