Navy lays course for Second Fleet migration to NMCI

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Sean Gallagher
 

Connecting state and local government leaders

By Sean Gallagher

|

The Navy’s Second Fleet Commander will use the Navy Marine Corps Intranet to support its newly established Maritime Operations Center in a move to further collaboration and boost cybersecurity capabilities.

The Navy Marine Corps Intranet is entering the last year of its contracted life. After 10 years, the network has become one of the most reliable and secure networks in the Defense Department after starting as a frequent target of ridicule for what some involved with the program characterize as justified complaints.

As evidence of the Navy’s continuing reliance on NMCI, the network recently gained more customers: the headquarters of Commander, Second Fleet (C2F) and the Second Fleet’s newly established Maritime Operations Center. MOCs are regional command and control centers that give joint and Navy fleet commanders an overview of their forces' location and status, in addition to other information that help commanders make decisions.

The goal of using NMCI for the C2F MOC is partially to enhance decision-making through improved collaboration, but the need for increased cybersecurity was also a major factor, Navy Capt. Jeff Link, C2F's director of command, control, communications, and computers, said in a statement issued by C2F’s public affairs office.

“Working under tight restrictions and timelines, the coordination between the organizations involved in transitioning the systems to NMCI worked out extremely well," he said.

First of a kind

The C2F MOC is the first to be built using NMCI's infrastructure. NMCI is also providing interoperability between the fleet’s networks and NMCI to maintain and improve command and control capabilities.

C2F also moved its unclassified network into NMCI. About 1,000 users, 74 applications and 20 systems were moved onto NMCI’s managed infrastructure. The transition was completed in August, and C2F’s systems — and its MOC — are fully operational.

Consolidating C2F’s network to NMCI and building the MOC on NMCI’s Secret IP Router Network connectivity are expected to reduce operations costs. But the biggest benefit might be improved security. By consolidating C2F into the Navy’s biggest enterprise network, C2F might have needed to compromise some of the configuration of its systems. But in exchange, the command has gained better security and configuration management.

Navy Chief Information Officer Robert Carey has made consolidating the Navy’s disparate networks a major element of the Navy’s strategic vision for its networks, as laid out in the Navy Networking Environment 2016 strategy paper, published in May 2008.

“It is the Navy and Marine Corps’s goal that most of the Navy’s and many of the Marine Corps’s legacy networks will either be consolidated into existing enterprise networks or eliminated,” task force authors noted in the document. “A limited number of legacy networks will be permitted to continue operations as ‘excepted’ networks.”

C2F was previously exempted from using NMCI because it was a command and control organization. Navy officials chose to go forward with a plan for the Navy’s new MOCs based on NMCI’s infrastructure, according to a statement from the NMCI Program Office provided by Denise Deon, the NMCI Program Office public affairs officer.

“Earlier this year, Navy leadership selected a MOC design that combined the NMCI network, workstations, network operations, and security services and Integrated Shipboard Network System (ISNS) command and control applications,” Deon's response states.

“This hybrid approach utilizes the strongest assets from the NMCI and ISNS networks to create an interoperable and flexible MOC solution.” ISNS, also known as Afloat Networks, is a combination of shipboard local-area networks and a wide-area network connecting to the fleet, and it is one of the shipboard networks that the Navy’s Consolidated Afloat Networks and Enterprise Services program is intended to pull into its architecture.

Major domains

The Navy has four major network domains:

  • NMCI ashore at facilities within — and some outside — the continental United States.
  • The Outside Continental United States Navy Enterprise Network for facilities overseas.
  • The Marine Corps Enterprise Network tactical network.
  • The Information Technology for the 21st Century portfolio of programs that included ISNS, satellite communications systems and shore-based support systems for fleet data communications and services.

But there are also more than 500 existing networks by the Office of the Department of the Navy CIO’s count. That vast number of networks makes creating a totally secure Navy networking environment nearly impossible.

“If a hacker is able to get access to a very limited number of systems, or even just a single system within an environment, they can use the trust relationships that exist with just that one system to broaden the attack to the point where it compromises other systems” said Ron Ritchey, a principal at Booz Allen Hamilton.

“If you allow an environment to grow up where you have an unrestrained number of configurations, the one thing that you're absolutely guaranteed is that some of the systems are going to be more secure and some of the systems are going to be less secure,” he said. “You leave yourself open to the least common denominator of security that's in your environment.”

To prevent that, organizations should consolidate networks and reduce the number of configurations of systems allowed to run on them, Ritchey said. 

“By negotiating a common standard that may not be 100 percent of what you want but is 98 percent of what you want and deploying that widely, you're making your environment less complex," he said. "And that makes it easier to manage and to take advantage of things like automated patch management. The problem with patch management is if you push out a patch in an unmanaged environment, you're going to break things because you can't test the patch against 1,000 configurations. If you have a limited set you're managing, that's practical. You can test to that and push that patch out because you’re able to test it thoroughly.”

Consolidation also makes it easier to centrally manage and support networks. “The benefits of consolidation are that this is a very challenging job, the number of threats are growing exponentially, and the DOD network is continuing to grow,” said Tom Conway, director of federal business development at McAfee, which provides much of the technology behind NMCI’s security management. "You always have a personnel situation there — where do you have the best trained people to handle all this? Luckily, the tools have come to the point where it's easier to do this through automation, through consolidation and centralization — [letting you] put your best people on the critical points of the network.”

Demonstrated benefits

Those benefits have been demonstrated by NMCI, Conway said. “I think NMCI is in a good situation. They have more complete visibility into what their network looks like. They can push a policy and make it stick really rapidly, whereas other organizations within DOD aren't at that point yet because they have very heterogeneous networks, and in some cases, they don't even have full situational awareness of what their networks look like.”

He said those capabilities are something the Navy is looking to build on and extend with the Next-Generation Enterprise Network procurement, which will eventually subsume NMCI.

NEXT STORY: How to upgrade (relatively) painlessly to Windows 7

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.