The Defense Information Systems Agency wants to kick down a lot of existing security boundaries so that commanders can work together efficiently without having their email, video and text messaging hung up in a thicket of contradictory security requirements. But increasing access to classified command networks calls for some tradeoffs between security and utility, Anthony Montemarano, DISA’s director for strategic planning told Breaking Defense.
To meet its goals and protect military networks, DISA, is working with Cyber Command to share information and develop tactics and policies to respond quickly to cyber attacks. The agency is also working closely with the NSA on security technologies such as encryption for mobile devices, Montemarano said.
DISA already has a cozy relationship with both organizations, but to keep its ambitious information sharing plans workable, it is keeping them close throughout the process to make sure security features and defenses are baked in from the very beginning.
One of the Pentagon’s major priorities is issuing mobile devices to military personnel. To support this, DISA is drafting security guidelines for the use of commercial smart phones and tablets, Montemarano said. Mobile device security is a major concern for the Defense Department, especially when some those devices will have access to classified networks such as the Joint Information Enterprise (JIE). The agency is working with the NSA to develop secure software access and encryption tools, he said.
In the past, the federal government did not issue large numbers of mobile devices because most commercial devices were not secure enough. But commercial devices are so advanced and ubiquitous that the government can no longer ignore the advantages they offer, Montemarano said. “We in the department have to embrace what is going on in the commercial environment,” he said.
One challenge is devising a common security scheme that permits smooth information flow because the services’ computer network security systems are not completely synchronized, Montemarano said. This lack of coordination can lead to problems and delays when users with different security clearance levels try to share information across agencies.
Under the strategic plan, DISA plans to work out these data sharing issues with the goal of making front line and theater commanders’ job easier. The plan calls for expanding shared network spaces such as the JIE and providing them with additional layers of security against cyber attacks through close coordination with the NSA and Cyber Command.
DISA’s strategic plan will be followed up by a campaign plan, scheduled for release in late October, that folds all of the agency’s various efforts into a single document. The challenge is to effectively communicate how DISA will manage the process and follow the Obama administration’s strategic goals, Montemarano said. The campaign plan will be followed by an implementation plan for internal use that will have specific numbers, goals and budget levels.
The current strategic plan does not consider budget and cost levels because they will be detailed in the campaign plan, Montemarano said. The campaign plan will identify the technical and financial requirements to reach the JIE end state. It will also point out technology gaps or areas that may require additional funding investment. This financial assessment will be plugged into current fiscal year spending and shape DISA’s Program Objective Memorandum, the Pentagon’s initial document outlining long-term spending goals, he said.