DOD gets serious about funding IA improvements

The Defense Department is talking a lot about network and information security these days, and according to Pentagon officials speaking at the Black Hat Federal Briefings in Arlington, Va., it has begun putting some of its money where its mouth is.

The department has budgeted $77 million for six years beginning in 2007 to fund new training and certification requirements for systems administrators, said Rick Aldrich of the DOD network defense organization. An additional $500 million has been requested for IT security initiatives resulting from the department's most recent quadrennial review.

This money is in addition to the $2 billion now being spent annually on information assurance from the DOD's $30 billion IT budget.

Linton Wells II, principal deputy assistant secretary for network and information integration, described some of the security initiatives in his opening keynote address at the briefings.

Wells said the four-year review, which began in 2001, went beyond the program and budget level to address new strategic needs for the nation's military. In the future, DOD will depend more on speed and agility than on brute force to address emerging threats.

'That is why the network, which allows you to use your forces in nonconventional ways, is one of the keys to change in the quadrennial review,' Wells said.

But he warned that today's DOD networks are vulnerable and under attack. Some of the attackers are believed to be nations.

'We know our adversaries have the networks in their sights,' he said. 'We have to assume we are facing a patient, skilled and well financed adversary.'

Actions taken in the last six months to address these threats include:
  • Setting new standards for training and certifying systems administrators on DOD IT systems, which required legislation enabling the department to pay for commercial certification of its IT professionals

  • Standardizing system configurations

  • Pushing for the use of the Common Access smart ID card for network access control throughout the department

  • Improving network monitoring capabilities

  • Establishing greater control over connections between DOD and public networks

Automating patch management. 'We are quite a way away from that because of the heterogeneity of our systems,' Wells said.

To bring more order to DOD communications, the commander of the Strategic Command, headquartered in Omaha, has been placed in command of all department networks, establishing a single point of responsibility and clear chain of command.

The new emphasis on command responsibility was seen in last November's departmentwide information assurance stand-down day, during which IT security policies were reviewed. The stand-down was not a one-time event, Wells said

'I expect we would see more of that in the future,' he said.

One lesson learned by DOD from the war in Iraq is the need to plan for stability, security and rebuilding in the wake of military action. The increased cooperation with nongovernmental organizations that will provide many of these services will require new extranet capabilities, Wells said, 'because they are not getting inside our firewalls.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected