DISA: DoD to achieve federated ICAM connection across all military services by end of fiscal year

Airman 1st Class Gerald Mack, cyber operator with 175th Cyber Operations, Maryland Air National Guard, monitors cyber attacks during Exercise Southern Strike at Camp Shelby, Mississippi, April 21, 2023. (U.S. Army National Guard photo by Staff Sgt. Renee Seruntine)

WASHINGTON — The Department of Defense plans to achieve federal identity, credential, and access management (ICAM) connection on unclassified networks across all military services by the end of this fiscal year, according to a Defense Information Systems Agency official.

ICAM — the practice of performing constant checks to ensure that users are allowed to access the information they are trying to access — is essential to the DoD’s larger zero trust “never trust, always verify” philosophy that operates under the assumption that the network is always compromised.

Federated ICAM allows one organization to accept another’s identity processes and procedures to gain access to each other’s data on an existing platform. It’s a vital part of information sharing, Brian Hermann, the program executive officer for PEO Cyber at DISA said during a media roundtable today.

“ICAM is how we work across the department, as well as how we work with our mission partners. Enabling our work with allied and coalition partners means we have to have some connectivity and understanding of who we’re working with in that coalition, to make sure that we have an understanding of their access rights and grant them access to DoD resources,” he said.

Hermann explained that at the beginning of this fiscal year DISA stood up a federation hub that allows the agency to be able to have a “total picture” of all the information an individual has access to, basically guaranteeing that ICAM is working the way it’s supposed to. With this hub, DISA started working with the Army to get its ICAM solutions federated. He said he expects the Army’s ICAM federation solutions to be completed by the end of March.

“Then roughly about three months later, be done with the Navy, followed by the Air Force by the end of the fiscal year,” Hermann said. “We’re going to use the lessons that we learned out of [the services] to go ahead and do the federation across all the other ICAM solutions that exist within the department,” he added.

When asked the reasoning behind the order in which the services were attaining federated ICAM, Hermann explained that it was mostly due to “deconfliction of timing” concerning other “activities” that the services had going on.

“I can’t really say for example, that the Army’s technical solution was more advanced or more mature than any of the others. I think it was just a timing issue,” he said.

Once the services have achieved federated ICAM connection, the next step is to work with the Defense Manpower Data Center to help it achieve federated ICAM followed by other components of the DoD, which Hermann did not expand on.

Throughout this process, DISA will also start working toward federated ICAM with allies and partners — something the department piloted in December when it announced it had achieved federated ICAM connection with Canada.

However, before the DoD begins widely establishing federated ICAM access with other nations, Hermann said it needs to speed up the process of federation, which he said will be possible through lessons learned from the services.

“When we start to federate with external partners, allies … ad hoc kinds of coalitions that we might fight with, we have to be able to move very quickly to make sure that we can continue to work and collaborate with those mission partners,” Hermann said. “I think speed has to get down to days, not months, is my observation, if we’re going to be a supportive part of providing that warfighter support.”