NSA finalizing GIG assurance policy
- By Patience Wait
- Apr 29, 2005
SALT LAKE CITY'The long-anticipated information assurance policy for the Defense Department's Global Information Grid is in its final stages, ac-cording to a senior DOD IT official.
Deputy assistant secretary of Defense and deputy CIO Patricia Guthrie said at recent Systems and Software Technology Conference here that officials were 'very close to signing it and sending it out.'
The policy is considered by many to be one of the main cogs in making the GIG successful. The IA component calls for integrating security into the GIG by, among other things, authenticating credentials and security clearances. The plan also calls for the use of some form of user token for the security architecture.
NSA will put together a GIG Information Assurance Portfolio so DOD can have a go-to agency if portions of the grid lack adequate security.Achilles heel
Guthrie said that in the push to transform the military to a network-centric force, one lingering risk has been information assurance. 'I always thought that IA might be the Achilles heel' of transformation, she said.
Guthrie said DOD traditionally has relied on perimeter protection and multilayered defense to protect data integrity. But the military in the future will have to constantly monitor those providing and using data, both insiders and outsiders.
The issue of IA 'kept me awake for a long time,' Guthrie said. 'We didn't do very well' on Federal Information Security Management Act compliance. 'Some huge percentage of our IA problem is people and processes,' she said, and fixing those involves more than just software.
Guthrie said a second transformation challenge is understanding how the data is used. Warfighters need ubiquitous communications and must be able to draw from the broadest possible pool of information, based on what they consider important.
Maj. Kurt Warner, information and knowledge management officer with the 18th Airborne Corps and the 82nd Airborne Division, traveled to the conference from Baghdad to describe networking needs there.
FusionNet, one of the pilots in the Horizontal Fusion Portfolio Initiative, aims to provide information about both sides of the battle space, he said. The program is creating a cross-battlefield information system that is both smart-client- and Web-based, he said. It can work across multiple networks, a critical requirement in Iraq where users might need access to the global Centrix network, the Secret IP Router Network and the Non-classified IP Router Network to get all the information they require.
One goal is a 'user-defined operational picture that gives them the tools to build their own vision of the battlefield,' Warner said.
A second benefit is that commanders will be able to ask questions directly.
'Higher echelons, the institutional elements and their industry partners perceive more success in IT solutions than the 'muddy boots' Army,' Warner said. 'When a congressman from Michigan asked how many females from Michigan were involved in the Fallujah firefight,' answering that question was 'not as simple as pushing a button.'