U.S. Soldiers and Airmen with the Vermont National Guard work in the Joint Operations Center covering 24 hour operations during Vigilant Guard 2016 at Camp Johnson, Vt. (U.S. Air National Guard photo by Tech. Sgt. Chelsea Clark)
Military networks typically consist of numerous different operating systems (OS) across different domains, which can inhibit collaboration. With a vendor-agnostic automation tool, however, organizations can standardize how operations are performed regardless of the OS. This allows for easier cross collaboration as everyone is speaking the same automation language
Automation lets developers make better use of Infrastructure as Code (IaD) for DevSecOps, which is commonly known as agile software development because it embraces an iterative process of developing a little, getting quick user feedback, fielding a little more, and repeat.
To discuss network automation, Breaking Defense talked with Kevin Griffith, Senior Director, Department of Defense Sales for Red Hat.
Breaking Defense: Describe the present state of military networks. What inefficiencies would network automation address?
Kevin Griffith, Senior Director, Department of Defense Sales – Red Hat.
Kevin Griffith: The state of military networks today is that there are just so many of them. We have enterprise networks and tactical networks. We have multiple classifications of networks with NIPR, SIPR, and JWICS, as well as networks for special access programs. There have been efforts for years, decades even, to collapse and consolidate networks and provide secure logical separation versus physical or ‘air-gapped’ separation. The Army, Navy, Air Force, and Marines each have their own networks, and they don’t consistently integrate, which is a huge problem. The way the U.S. military collaborates across branches is antiquated to say the least, and networks must be integrated across branches for efforts such as JADC2 (Joint All Domain Command and Control) to be a success. Today’s network environment is also unique in history. With so many people working from home during the COVID-19 pandemic, nearly everyone is outside the traditionally defined network perimeter.
Network automation can trivialize many of the common challenges encountered in standing up new temporary networks or integrating inter-service networks. On top of improving efficiency and service speed, network automation can greatly increase security posture, especially as the services move toward Zero-Trust models. Automation can also reduce human error and capture best practices, which is key as the government frequently changes both government employees and contractors responsible for operating networks.
Breaking Defense: How does network automation allow military organizations to apply industry best practice such as DevSecOps and support digital transformation?
Griffith: Automation is a vital component necessary to bring DevSecOps to the network arena, and it is already proven and heavily leveraged in the telecommunications industry. Network automation codifies all of the steps, procedures, and processes necessary to implement the specific networking objective. The automation framework can then be version controlled, and when similar tasks need to be performed again they can be exactly replicated by leveraging the automation playbooks. This capability permits sophisticated network configurations to be deployed by less experienced network administrators.
By bringing DevSecOps practices and automation to the network configuration activities, we are able to better position the enterprise to implement digital transformation. Embracing disruption and change will be necessary to gain the benefits of digital transformation. By implementing network automation, an organization is more able to integrate changes to their network needs. Changes that may cascade across a network domain can be easily replicated and modified in totality. Perhaps even more valuable than the ability to quickly change is the ability to easily revert configuration changes. This ensures that in the event of a misconfiguration, returning to a known working state is much quicker.
Breaking Defense: How does network automation improve compliance and reduce risk?
Griffith: We can improve compliance and reduce risk using network automation for automated policy enforcement and change management. When network administrators have to make changes manually, they have to retain a list of all of the activities they have performed to achieve their task. If that task needs to be reverted, again, a manual process is necessary to revert those changes. This human element introduces the possibility of errors. Repeat that process hundreds or thousands of times, and eventually someone will make a mistake. If these changes are managed through network automation, there is an audit trail, the tasks are easily replicated and reverted, and running the automation 10, 100, or 1,000 times will all result in the same behavior. Additionally, an automation platform can be used to schedule changes, for example. A policy exception may then be granted for a certain period, and automation can be used to enforce the reversion of the exception at expiry. For example, if a network port needs to be opened for 24 hours, network automation monitors that port and automatically closes it at the expiry of the exception.
Breaking Defense: How does network automation combine with the military’s legacy security investments?
Griffith: Network automation solutions are widely adopted across the industry, and many third-party vendors like Cisco, Juniper, Arista, Palo Alto, and VMWare have developed their own automation playbooks. This integrated support means that network automation is a valuable investment regardless of legacy hardware or software investments.
Breaking Defense: What military elements/organizations/commands benefit from network automation?
Griffith: I would say all of them, and frankly this doesn’t just apply to networking but all IT. There is no reason not to deploy automation. It dramatically increases efficiency, creates additional agility, improves security, and reduces human error. One concern is that it may force people out of jobs, but I don’t see that as an issue. There is so much work to be done that we don’t need to employ people to perform repetitive tasks. We need to integrate systems, create better systems, update antiquated technology and improve our security posture. So I don’t see the jobs going away. Besides, the unemployment rate in the IT industry is near zero and I don’t see that changing anytime soon.
Breaking Defense: How will network automation help the military better accomplish its missions?
Griffith: Network automation brings many advantages to the military. Because the military has such a dynamic operating environment and wide range of network capability needs, automation can offload a lot of the tedious tasks necessary to create and integrate temporary networks in the field, interoperate between service branches and allies, and maintain and innovate at the enterprise level. Automation frees up trained personnel to give them the ability to tackle sophisticated and unique challenges, and ensure that there is a reliable, consistent network infrastructure backbone to build off of.
