Post Tags: data security
It has often been said if you want to know where a thing is going, you need to look where it has been. So, as I began to entertain the question about the future of information technology, the easiest way for me to explain where we are going is to talk about where we we’ve been. Fourteen years ago, I was actively involved in net-centric operational development. It was right at the start, a time long before the maturity of hyper-convergence, global mesh computing, and multimodal integration. “Cyber” and “security” were broad concepts during this time and had not merged into a single warfare domain.
Back then, the Department of Defense (DoD) underwent a series of transformational initiatives that changed how it conducts warfare, business operations, and enterprise management. As part of this transformation, the DoD embraced the concept of “net-centricity.” Net-centricity was the realization of a robust, globally interconnected network environment (including infrastructure, systems, processes, and people). Data was shared in a timely and seamless way among users, applications, and platforms during all phases of warfighting efforts. By securely interconnecting people and systems, independent of time or location, net-centricity now enables substantially improved military situational awareness and significantly shortened decision-making cycles.
For the first time, our frontline could protect assets better, effectively exploit information, efficiently use resources, and unify forces by supporting extended, collaborative communities to focus on the mission. Nevertheless, these changes came at a price and introduced a whole new set of challenges for the DoD. These challenges include interoperability, configuration management, information assurance, and an enemy that was quickly becoming equally as formidable in cyber operations.
Throughout history, information sharing has played a critical role in all military operations. Information technology is a critical component of military operations. The ability to share information plays an essential role in achieving success during combat. Getting the right information, to the right unit, at the right time can be the difference between victory and defeat. As the DoD entered the information age, it changed the way it fights and sustains its forces. Currently, the DoD command and control infrastructure comprises many disparate networks, services, systems, and databases loosely coupled. As the ability to share precise critical information evolved, so has the military’s ability to take advantage of this innovation, which caused the military to transform from conventional warfare to network centric-warfare. Nevertheless, these changes came at a price and introduced a whole new set of challenges.
In late 2005, I was tasked, as the branch chief for the Network support branch, the Joint Task Force for Global Network Operations (JTF-GNO), to lead a team tasked to implement the required infrastructure portion NCES suite. Immediately, several challenges had to be overcome. These challenges included interoperability, configuration management, and information assurance to ensure those information systems and the processes they support will enhance military operations. I will briefly expand on those challenges.
Network Centric Enterprise Services (NCES) Collaboration Service exists to provide a web-based collaboration environment where DoD personnel (Government and authorized contractors) can accomplish several objections. These include: automated processing, office automation, electronic communication and collaboration associated with operations, research, and support prescribed by the NCES mission, and the assigned mission assigned category (MAC) controls. This collection of services makes up the complete NCES program. My study focused only on the infrastructure portion, which was one project under the program. It was a critical piece of the whole program. That is why much time and research went toward developing a full understanding of all the technical issues that lay in the way of achieving our desired end state.
The initial program design provided the services that support the exchange of information between producers and consumers (human or information systems). It also leveraged Information Assurance (IA)/Security and Network Operations (NetOps) capabilities to protect the information from unauthorized use or access. Today, these services allow users and information systems to find and access relevant information, share the information they produced for others to discover, and collaborate more effectively while minimizing local system and network impact. The program evolved to support a globally interconnected information technology (IT)/information management capability for all phases of warfighting, intelligence, and business operations.
The project back then had several goals. Some of the best results came because we prioritized interoperability, configuration management, and information assurance. I’ll touch on these briefly, but rest assured, they are just as important today and moving ahead.
Interoperability: Still Room for Improvement
All commands engaged in operations must possess the underlying technologies that make such operations possible to capitalize on two combat multipliers. Technologies must be vertically and horizontally interoperable at every level of command. The Joint Interoperability Test Command (JITC) is tasked with ensuring the interoperability of a devices’ capabilities based solely on acquisition standards. JITC provides a full-range of agile and cost-effective test, evaluation, and certification services to support rapid acquisition and fielding of global net-centric warfighting capabilities. It does not account for the multitude of implementation requirements for network architectural designs. I recommended that a single command be apportioned to test, acquire, and field all multiservice systems. This was the most proficient way to guarantee interoperability and compatibility. It is still a worthy goal.
The Global Information Grid (GIG), which is the backbone for Netcentric Operations (NCO), still suffers from a lack of homogeneity and technical maturity. Even today the GIG is faced with challenges stemming from interoperability based on proprietary development and a lack of trust that collaboration. Because acquisition processes and practices are rarely synchronized across the strategic/joint environment, decades of IT purchases made in parallel by military departments and agencies have created a conglomerate of systems, standards, networks and services. While the problem of dissimilar technologies would appear manageable under the reigning era of Goldwater Nichols, the GIG continues to suffer from the absence of an enforceable construct (architecture) and remains under the scrutiny of lawmakers and auditors.
The Government Accountability Office’s most recent report noted the DoD Chief Information Officer “has less influence on investment and program decisions than the military services and defense agencies, which determine investment priorities and manage program development efforts.” Hence, we will continue to be challenged by the lack of interoperability until a single enforceable standard or organization stands up as the broker for the acquisition of all critical systems that make NCO possible across every level of command, whether combined or joint.
Configuration Management: Still a Necessary Consideration
Concurrent with the interoperability challenges that hinder us from fully realizing the potential of NCO are the challenges associated with configuration management. While achieving isolated attempts to standardize and acquire interoperable devices, we found ourselves plagued by non-standard or incompatible configurations. Interoperable devices can only communicate if programmed to do so. So, the question became, who establishes the standards by which these networked devices are configured?
As IT professionals, we often focus on all the technical requirements that need to happen but forget about the procedural changes that are required with every new project implementation. My project was no exception. For NCO to work, we had to get everyone talking the same language. I recommended to my command that we establish a working group to flush out all the policy requirements associated with the implementation portion. This would be followed by a board that retains the all-encompassing power to enforce configuration standards for devices that are essential to NCO.
As a result, Chairman of the Joint chief of Staff Manual (CJCSM) 6212.01C states that all IT and NSS (systems or services) acquired, procured, or operated by any component of the Department of Defense must include the ability to exchange and use the information to enable units or forces to operate effectively in joint, combined, coalition, and interagency operations. However, this is a policy-based document and does not prescribe an enforcement arm to ensure compliance. Not the gain I had hoped for, but it was a step in the right direction. We should continue this work.
Information Assurance (IA): Protecting the Veracity of Data
The DoD must be able to protect its information technology as a vital center of gravity. A center of gravity is the hub of all power and movement on which everything else depends. It is that point against which all energy should be directed. To protect our center of gravity, Information Assurance (IA) is a key part of NCO.
This was key to my project because I had to ensure the design encompassed the security parameters for DoD personnel. But I also had to ensure the security architectural design allowed internal access for the commercial personnel that managed the actual product. There were numerous exceptions to policies that relaxed the security posture enough to allow an external entity to the DoD backbone. I made a recommendation that, based on the security requirements, that these services be hosted inside the DoD enclave. This would allow us to implement the most substantial security posture and still provide the desired net-centric services. Today this is fairly standard.
As we see the integration of technologies and the speed at which these emergent technologies can process information, it becomes more critical to control disruptive forces. Clearly, we are moving out of the digital age into the quantum age. Now we must deal with the emerging threats that come with the increase in speed. We must find ways to harness the power of artificial intelligence to create adaptive technologies to overcome threats moving at quantum speed. Further, we are actively developing quantum resistant technologies to slow down progressive threats that arise as we move into the next age of computing.
The US Armed Forces realized the need to increase information speed and accuracy across the battlefield. Network-centric warfare was the tool by which the armed forces achieved its goal. The military linked everything, from the sensor to the shooter, together. Tomorrow, our greatest challenges are protecting the confidentiality, integrity, and availability of data as it transits across the information superhighway. Protecting data has real-life consequences, as these first years of net-centricity have already demonstrated.
Leaders, at all levels and in every sector, must make decisions based on a common understanding of the threats before us. This shared situational awareness, shared understanding, and synchronization has made our military forces more effective on defense, and more lethal on offense. The digital spaces developed by the military has peacetime benefits, too. This infrastructure now undergirds our country’s businesses, making them more profitable and more effective, and, most of all, more efficient.
Not so long ago the concept of network-centricity was young. Now it has grown up and we must endeavor to address the underlying challenges that hamper us from realizing net-centric operations’ full potential. We must continue developing a greater appreciation for the complexities of designing and implementing a net-centric defense. Tomorrow brings more reliance on artificial intelligence for national security. We must comprehend this phenomenon and act today in order to be fully prepared.
Photo by Dawid Zawiła