The Department of Defense is looking to increase its network security through standardization and consolidation, shrinking the department’s network footprint to create a cohesive network architecture that can be updated and maintained more efficiently, department Deputy CIO Rob Carey says.
We met with Carey in his Pentagon office, where he says the network consolidation / optimization is part of the department’s Enterprise IT strategy and roadmap going forward. In addition to establishing enterprise standards, he wants to begin leveraging the department’s buying power and make an architecture that is easier to deliver innovation and security.
“At the end of the day, we simply want something that allows the warfighter to bolt into, and an information environment that is friendly to navigate and makes their task easier,” Carey says.
On the network security front, Carey says that DoD is starting to roll out tokens for the SIPRNet (after doing a similar program a few years back with NIPRNet) that gives employees a smartcard to log into the secret network. The cards will show who is on the network and what they are doing at all times. The program is in the pilot phase with a full deployment coming this year on SIPRNet.
Carey also tells us the department is looking heavily into mobility devices. While the risk matrix is still a little high on a number of the consumer products, a number of companies are coming up with an enterprise variant that will hopefully lessen the risks.
“We see mobile computing as the next great blossoming of technology, so our challenge is finding out what we can do with these devices given their inherent security architecture, and how to extend our networks to smart phones and tablet PCs but keep the command and control we want and have the right amount of security risk,” Carey says.
And finally, Carey says DoD is developing its cloud computing strategy, building a collaborative document that leverages the work NSA and DISA and the Military Departments have already done. The second version of that strategy is currently being reviewed with the main issues going forward being about security, the acquisition model and the business cases.