The Defense Information Systems Agency serves as the Combat Support Agency for the Department of Defense. DISA develops and delivers enterprise infrastructure and C & C capabilities to support the modern warfighter and leaders. Central to that effort is the work of the information assurance division, headed by Mark Orndorff. The New New Internet had the opportunity recently to ask Orndorff about the current areas DISA is focused on. In part one of this two part interview, you will learn the key areas DISA is focused on and how they seek to balance warfighter access with security.
TNNI: What are some of the key initiatives that DISA is looking to implement?
Mark Orndorff: To start out, probably the most significant initiative that we are working on right now is called the Host Based Security System. We are implementing a product to improve the security of DoD’s computing system at the host level, DoD-wide. It is an enterprise acquisition and implementation effort that is ongoing and we are closing in on our completion in a multi-phase effort to fully leverage that product. That is the most significant effort that we’re working on today. The next thing is kind of the logical counterpart to what we are doing on the hosts with the Host Based Security System. We are working a number of related projects under the general heading of NIPRNet Hardening, where we are working to provide a much better defendable perimeter to the DoD unclassified networks and all of the points where we interface between the DOD networks and the commercial Internet. We will be putting in protections for each of the different protocols across the boundary and some very sophisticated and enhanced detection capabilities and essentially transforming the way DoD does business between the DoD internal networks and the Internet. The last significant one that I wanted to mention is an effort we are working on now to take the public key infrastructure that we’ve had in place and working on the unclassified network for a number of years and provide a similar capability on our classified networks. We will be deploying tokens for individual users who connect up to our classified networks to greatly enhance our individual user identification and authentication capabilities.
TNNI: What are some DoD goals DISA’s IA area is able to effectively meet, and are there any areas that can be improved?
Mark Orndorff: The three main goals that we are meeting but also trying to improve upon are really the same list. I think we are meeting each to a certain threshold, but working hard to improve in each of those three areas. The first is the general heading of reducing the attack surface. I mentioned one of our major initiatives is the NIPRNet Hardening. One of the first things we did on that was to develop a white list where we only allow access to internal assets or devices that actually need to be accessed from the Internet and by doing that we . . . at least one way of measuring it we figured we reduced our attack surface by close to 98 percent for a certain class of attacks. Across the board, we are going to continue under that goal of reducing attack surface to try to figure better ways to eliminate avenues of attack for an adversary. The second major goal is under the heading of global situational awareness. One of the things we found, especially over the last year or year and a half as we’ve gone through a number of incidents on the DoD networks is that we rely today way too much on manual reporting, and a lot of manual processes to try to find out what is going on on our networks, how resistant we are to an attack or how an attack is propagating through the networks. A major goal that we are trying to improve on is using machine to machine data to provide global visibility of readiness, of activities, of events and of compliance with security policies. Industry is key to the success of the machine to machine goal since the DoD is looking for them to implement the standards to enable automated vulnerability management, measurement, and policy-compliance evaluation through the Security Content Automation Protocol. Machine to machine data exchange is the major area that we are working on. One of the key aspects of how we are expanding the Host Based security system is trying to address the global situational awareness objectives. I’d say the last primary goal that we are working on is safe information sharing. Obviously, as you work on security initiatives you can’t ignore the fact that we have missions that we are trying to accomplish and we can’t lock things down without regard to the primary reason the systems existed in the first place. As we work through all of our security initiatives, we’re looking to find ways we can improve our ability to support the safe sharing of information.
TNNI: How does DISA balance ensuring that joint forces are able to access information with the need for effective security? Are the two concepts mutually exclusive or is it possible to have a bit of both?
Mark Orndorff: That exactly ties in with the last goal that I mentioned in terms of safe information sharing. We are trying to maintain that balance. One of the things that I think we do pretty well today is support sharing of information within DoD. As far as joint DoD operations where all of the services are working together on a military operation we have a robust ability to share information at each classification level – not that there aren’t ways that that sharing could improve but I think fundamentally we have great capabilities there. Where the challenges come in is when you go beyond joint operations and you bring in coalition forces, other government or non-government organizations and need to share outside of the Department of Defense. That is a primary area of focus that DISA is going to be pushing forward on over the next year to eighteen months. We are working some quick wins in the next two to three months to better share information from the DoD domain out to networks where our coalition partners are operating. With the emphasis going on today in Afghanistan, DoD has a lot of very, very valuable operational information on our classified networks but we need to share out with our coalition partners. We need to be able to do that quickly but we also need to do it safely. One of our primary areas of emphasis right now is implementing capabilities to support CENTCOM in Afghanistan so that they can take the information that is available to U.S. forces on our classified networks and identify the releasable portions of that and share that out with our coalition partners without compromising the information that is not approved for release.
TNNI: You mentioned a couple of times the host-based security system. Can you talk to us a little bit about that and the role it plays in better securing DoD networks?
Mark Orndorff: The host-based security system was really started primarily to address a gap in improving the security of individual computing platforms and supporting the process called info-con base lining which DoD had established where we would try to identify exactly what is installed on a computer and then evaluate that at various time intervals to make sure that there weren’t any unauthorized changes. That was the primary focus when we did the initial acquisition and we got a commercial product from McAfee through an integrator of BAE that supports those initial. What we got in the package was a lot more than that and now we are working hard to leverage the full capability of the commercial product. I would say the biggest extension from what we originally set out to do is to support that goal I mentioned earlier of global situational awareness. What we’ve done today is take the commercial capability and instead of stopping with a normal implementation of the McAfee product, we are building out a DoD enterprise architecture that takes the information that would normally be contained in a local level implementation and we’re pulling that up to an enterprise level to provide visibility of the compliance, the status and the events that are happening throughout the DoD networks. We’ve focused first on our classified network and the next phase is to extend that into the unclassified network. We’re working that as our No. 1 priority in the DISA IA program.