DOD intertwines data security, interoperability challenges
The Defense Department is spending $2.5 billion on information assurance in fiscal 2007, and a good portion of those funds are to ensure the military can share data safely and more easily with the intelligence community.
John Grimes, DOD CIO, said the key to information sharing is security. 'If you can't protect information, you can't share it.'
'We are looking at those two areas in our architecture and in the next generation of security technology, and how we may change the nonclassified IP router network,' he said at the Information Processing Interagency Conference, sponsored by the Government IT Executive Conference earlier this month.
One program DOD is working on with the Homeland Security Department and other agencies is the National Command Coordination Center, which will improve information sharing among federal, state and local agencies. DOD also is moving more toward communities of interest, including one recently set up in the maritime community with the Coast Guard, Navy and other agencies. And the department is working with the Office of the Director of National Intelligence on sharing information across different classification levels (see story, Page 1).
'We have seen a huge increase in targeted incidents over the Internet,' he said. 'We are under attack 24 hours a day. Grimes cited a 46 percent increase of hackers altering DOD Web sites, a 28 percent increase in e-mail scams and a 250 percent increase in malware over the past year as examples of DOD's challenges.
He also pointed to recent attacks that took down the National Defense University's system and another attack on the Army's Fort Hood in Texas that will cost the Army between '$50 million to $60 million to bring their sites up after the attack,' Grimes said.
To meet these challenges, DOD is relying on enterprise security solutions such as public-key infrastructure with the Common Access Card and patch management software, he said.
Grimes also pointed to DOD's ongoing move to net-centricity and using service-oriented architecture to separate data from the application layer. DOD also is working with the Office of National Intelligence to develop standard security policies and uniform reciprocity agreements to accept certification and accreditation of each other's systems.