DMS is facing revolt by its intended users

Even as the Defense Message System nears initial operational
capability, targeted users are warning that they won't use it unless time-consuming
security procedures are revised or eliminated.


The Defense Department designed DMS a decade ago as a replacement for the aging AUTODIN
message system. Since then, office PCs and unclassified Internet messaging have
proliferated.


Now DMS is supposed to supplant them and become the armed services' universal e-mail
platform. DMS contractor Loral Corp. is testing DMS versions of Microsoft Corp.'s Exchange
and Lotus Corp.'s Notes messaging and groupware products.


But government systems officials who are familiar with DMS and its security features,
which hinge on the National Security Agency's Fortezza encryption card, said DMS is likely
to alienate users who send primarily unclassified messages over commercial e-mail systems.


At issue is the time computers will take to complete various compulsory DMS security
functions. These include a log-on routine, in which a DMS-compliant application verifies
the validity of a user's Fortezza card and prompts for a PIN number, and the processing
required to check digital signatures and decrypt incoming messages and files.


According to Charlie Scruggs, director of business development with Spyrus Inc., a
manufacturer of Fortezza cards in San Jose, Calif., the log-on procedure alone can take
between 5 and 10 seconds, depending on how a system is configured.


Several government sources who have seen Fortezza demonstrations said the subsequent
signature verification and file decryption process can take from 10 seconds for a
medium-length message and even longer for lengthy messages or attachments.


Moreover, DMS users will be logged off automatically after a few minutes of inactivity,
to ensure that an unauthorized user does not operate a secure terminal with a logged-on
Fortezza card. Depending on message traffic, some users will have to repeat the log-on
process dozens of times daily to send or receive messages.


Government sources said those delays would be acceptable if DMS were envisioned only
for the handful of classified messages that most users send and receive via AUTODIN today.


But DMS will not let users bypass its security and authentication features for the
routine, unclassified messages that make up 90 percent of DOD's e-mail traffic. So every
message, no matter how trivial, will require as many steps to send and receive as an
official, classified memorandum.


For those heavily using e-mail, delays could be prohibitive. "I get around one
AUTODIN message per day and at least 100 e-mails," said one military systems official
who requested anonymity. "I would just die on the vine if I had to spend even 10
seconds waiting to read an e-mail."


That sentiment was echoed by several DOD officials who said fast, spontaneous response
is precisely what makes e-mail so useful.


In a statement last week, the Defense Information Systems Agency, which is running the
DMS program, said that although the current policy requires signing and encrypting all DMS
messages, DOD is considering security changes that would allow some flexibility in
Fortezza's application.


Industry sources said delays could be reduced by configuring DMS applications to let
users log on once for an entire workday, and to let incoming messages be authenticated and
decrypted automatically on arrival. This approach is considered too risky from a security
standpoint, however, and would be allowed only in facilities restricted to users with
secret-level clearances.


"The conflict is between convenience and security," said one industry
executive. "The bosses will want the users to log off after each message, and the
users won't want to be bothered. No one seems to be able to make up their mind about the
right policy."


Advocates of DMS long have maintained that benefits of the system's universal security
and authentication will outweigh any inconveniences. The security features are considered
essential to electronic commerce, for instance, and potentially could reduce much of the
paperwork associated with scores of administrative and combat support functions.


Some observers speculated that convenience issues, combined with the high cost of
replacing e-mail systems with DMS, could mean that the new system will be adopted only at
the level required to replace AUTODIN's formal messaging role.


If so, the potential DMS user base would be a small fraction of the 2 million users
envisioned in the DMS request for proposals. Navy systems officials, for instance,
estimated that, with only 10,000 DMS terminals, they could replace AUTODIN at every naval
facility worldwide.


inside gcn

  • HPE SGI 8600

    New supercomputers headed to DOD

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group