Defense Planners Eye New Information Infrastructure
Defense Planners Eye New Information Infrastructure<@VM>Global Networked Information Enterprise<@VM>Year 2000 Fixes<@VM>Information Assurance<@VM>Pilot Program
By Ed McKenna
Development of a new information infrastructure and year 2000 remediation efforts are leading priorities as Department of Defense planners race to achieve information superiority and make military systems less vulnerable to attack.
The Defense Department's increasing reliance on information technology has made military systems more susceptible to disruption from a variety of new sources, ranging from year 2000 problems to cyberterrorist attacks.
To counter these threats, the department is pursuing a wide range of projects keyed to its Joint Vision 2010 and the Quadrennial Defense Review, both of which highlighted information superiority as the military's chief goal.
The Pentagon's quadrennial review declared information superiority to be the "backbone of military innovation." The ongoing transformation of the military centers on developing improved information and command and control capabilities, according to the review issued in 1997.
A flat information technology spending budget has forced the Defense Department to target its investments carefully, defense officials said. IT spending for 1998 increased slightly from $12.5 billion in 1997 to $12.7 billion in 1998.
Indeed, IT spending is projected to grow less than 2 percent annually during the next five years, according to the market research firm Input, Vienna, Va.
"We try to focus on what the information technology is being used for" rather than deploying new IT for IT's sake, said Linton Wells, principal deputy assistant secretary of defense for command, control, communications and intelligence.
To sharpen that focus, senior Pentagon officials last year gave the Pentagon's C3I unit broader authority to address the entire spectrum of information superiority.
"One of the major changes in the revitalization of C3I was genuinely empowering Arthur Money as the chief information officer for the department," Wells said.
In recent testimony before Congress, Money said that the Defense Department is planning a fundamental restructuring of its information infrastructure, referred to as the Global Networked Information Enterprise.
Though the specifics have yet to be spelled out, the initiative will incorporate "change management, advanced technologies and process re-engineering to move us
toward an ubiquitous, secure, available network to support information superiority," he told the procurement and research and development subcommittees of the House Armed Services Committee at a joint hearing in February.
A senior defense steering group will roll out its results in the next few months, Money said. Other members of the group include representatives from each of the military services and the Defense Information Systems Agency.
As this new infrastructure is developed, the Pentagon will continue to pursue new technologies. One of the more significant efforts now under way is an extensible information systems project being spearheaded by the Defense Advanced Research Projects Agency.
Budgeted for $70 million in fiscal 2000, the DARPA project is focusing on systems that are flexible and scalable so they can take advantage of changing information and network technology.
"The idea is to extend the reach and effectiveness of network computing," Wells said.
To cut costs and boost efficiency, the Defense Department is stressing the use of competitive acquisition vehicles, commercial off-the-shelf products and electronic commerce.
Those contracting vehicles include the Defense Enterprise Integration Services effort, which traces its roots to the Defense Information Systems Agency. The defense agency launched the big, multiple-award, indefinite delivery, indefinite quantity defense contract in 1993.
After tallying more than $1 billion in business in three years, that contract spawned DEIS II, a follow-on contract that has a ceiling of $3 billion.
But the DEIS II effort has not been as popular as its predecessor, generating just under $550 million since late 1996, in part a victim of its own success. Other agencies copied the concept with their own contract vehicles and the General Services Administration became active in the services field, siphoning business that would have gone to DEIS II, said Marco DeVito, vice president and general manager of joint defense integrated solutions at Computer Sciences Corp., El Segundo, Calif.
Open to all federal government departments, the DEIS II contract offers a range of integration services, including integration planning, systems migration, Y2K solutions and systems development and deployment.
Joining CSC with DEIS II contracts are companies such as Boeing Co., Electronic Data Systems Corp., Lockheed Martin Corp., TRW Inc., and Unisys Corp. Unisys has garnered $130 million in task orders on the contract, according to Ray Davis, program manager for DEIS II at the Blue Bell, Pa.-based company.
In addition to new contracting vehicles, the Defense Department has been looking to commercial off-the-shelf products and electronic commerce. Last year, the Pentagon set up the Joint Electronic Commerce Program Office, which allows soldiers in the field to bypass paperwork and order parts directly, said Wells.
"Soldiers in the field are now getting their parts in six to seven days instead of 25 to 30," he said.
The military's increasing reliance on information technology has placed a premium on keeping defense information systems up and running. In this regard, goal No. 1 is completing Y2K fixes, Wells said.
After taking heat from Congress over the last few years, the Pentagon's repair efforts seem to have turned the corner. "We [now] expect to be 99 percent compliant by the end of the year," Wells said.
Diane McCoy, deputy director for programs at DISA, said that her agency has analyzed all of its mission-critical systems in the past year.
"We know where we are with those systems, [and] where we have issues [and] have get well plans," she said. "Right now, we're finishing up contingency plans to be able to operate those systems if a problem should occur."
Her confidence is backed up by some industry and government officials. "At least from the DoD point of view, the Y2K problem is pretty well in hand," said Unisys' Davis.
Even Congress' year 2000 hawk, Rep. Steve Horn, R-Calif., gave the Pentagon's effort a cautious thumbs up, raising its grade from D- at the end of last year to a C- in February. Horn, the most visible year 2000 lawmaker on Capitol Hill, is chairman of the House government management, information and technology subcommittee.
Many credit last summer's stern memo from Defense Secretary William Cohen with jump-starting the Pentagon's software conversion effort. In the memo, Cohen threatened a moratorium on IT spending other than for Y2K repairs if the effort continued to lag at the beginning of this year.
Cohen's memo and Deputy Secretary of Defense John Hamre's keen interest in this area "have definitely spurred on everyone in DoD," said Bob Hutton, deputy director for strategic plans and policy at DISA.
While the Y2K threat may be receding, new threats to the military's critical information systems are just coming into focus. Hamre told House lawmakers recently that the department's dependence on information systems "and their ubiquity in every aspect of our operations, has made us vulnerable should they be disrupted."
The Pentagon has detected 80 to 100 cyberintrusions a day, Hamre told members of the procurement and research and development subcommittees of the House Armed Services Committee.
To counter these threats, the department has launched an aggressive information assurance effort. Securing these systems involves a multilayered approach, ensuring not only confidentiality of information interchange, but also the integrity of databases from which the information is drawn, Wells said.
Defense officials also are concerned about "non-repudiation" related to digital signatures and e-commerce.
"If you are going to sign an electronic contract, you have to have it set up in such a way that somebody can't come back six months later and say, 'It wasn't me,' " Wells said.
The question of information assurance is especially important now as department begins using its Defense Message System. Slated to replace the antiquated Automatic Digital Network, or Autodin, next year, the system already supports 300,000 users today, said George Jakabcin, national account manager for civilian agencies at Lockheed Martin Corp., the prime contractor and systems integrator for the project.
The system allows all military personnel to send and receive not only text messages but also maps, drawings, video clips and spreadsheets, said Jakabcin. The initial contract was for two years, and "We are nearing the end of the second of six optional years," he said.
The DMS program was valued at $1.6 billion when it was awarded in 1995 to Loral Federal Systems, which was later acquired by Lockheed Martin Corp., Bethesda, Md. Its subcontractors include Communications & Power Engineering Inc. (CommPower), Camarillo, Calif.; Data Connection Ltd., London; Lotus Development Corp., Cambridge, Mass.; Microsoft Corp., Redmond, Wash., and Xerox Corp., Stamford, Conn.
Like Autodin, the Defense Message System's chief function is providing information to the warfighter and response in a conflict. Therefore, it requires a high-assurance public key infrastructure. That infrastructure is based in part on Fortezza technology developed by the National Security Agency.
Use of the Defense Message System requires a Fortezza crypto card, which includes a private key to access the system and encryption capability. To secure each transaction, there also are public and private keys and a certificate associated with each user in the Defense Message System directory.
General e-mail and other information, such as sensitive but unclassified data, however, does not require that level of protection, said Joe Stafford, vice president of Computer Sciences Corp.'s information security and operations center, Hanover, Md.
CSC evaluates products and recommends security architectures for the Defense Message System to its customers at the National Security Agency under the Information Security Technical Services Contract. The IDIQ contract, which has a $1 billion spending ceiling, is jointly administered by NSA and DISA. Along with CSC, Science Applications International Corp., San Diego; and Merdan Group., Vienna, Va., received prime contracts under this effort in July 1995.
DISA is now developing a medium assurance PKI based on commercially available products, said DISA's McCoy. Such a system would provide cost savings over high-end systems and could serve as a conduit for electronic interchanges between defense organizations and contractors to facilitate paperless contracting.
With the help of SAIC, DISA has conducted a medium assurance pilot program using technology from Netscape Communications Corp., Mountain View, Calif., on the Defense Travel System. SAIC provides PKI support under the Information Security Technical Services Contract.
The pilot, which is likely to end this fall, will help establish standards for a departmentwide system and determine what parts of it could to be operated by a vendor, McCoy said.
"We're still fine tuning it and adding in some capabilities," she said.
In the next few months, DISA likely will issue a road map to vendors detailing the standards for the system and make a decision on the question of outsourcing this fall, she said.
Along with efforts like this are others that are designed to help military planners field a highly skilled work force in the next millennium.
"We are not doing a good job in attracting, training and retaining the kind of computer literate people we need to man the systems of the future," Wells said. "Currently, an integrated process team led by the undersecretary for personnel and readiness is looking into this problem."
One idea being explored is establishing a junior Reserve Officers' Training Corps "to begin attracting kids in their teens to the idea of military service in a technical field," he said. "Once they come on active duty, we will put them in a high-tech field, provide them with access to the latest computers and give them a high level of training."
Another answer is outsourcing."There doesn't seem to be any other path," said DeVito. "While not a panacea, it has clearly been beneficial in the commercial marketplace."