NMCI to Shore Up Cyberdefenses

The Navy-Marine Corps Intranet project, which will tie together more than 360,000 sailors, Marines and civilian employees in a single network, will also go a long way toward closing security gaps now plaguing Navy systems, according to NMCI spokesmen at a press briefing Nov. 13.

Electronic Data Systems Corp., Plano, Texas, is being evaluated, in part, on the network's ability to withstand cyberattacks. EDS, the prime contractor for NMCI, can earn incentives of up to $5 million in any six-month period for meeting information assurance performance requirements.

To test NMCI's performance, the Navy has a "red team" of 20 highly skilled people who attempt different kinds of attacks on the system, ranging from public key infrastructure and password capture to denial of service, virus or Trojan horse plants, said Capt. Jim Newman, director of the operations division for the Chief of Naval Operations staff.

The red team has been testing NMCI for two months, but "so far, [the system has] been pretty good," Newman said. The network is "much more frustrating for our red teamers who have been working on NMCI than on some of the other sites."

Newman was referring to security problems with the Navy's and Marine Corps' existing systems. "We live knowing we have substantial vulnerabilities," he said.

This year, there have been about 16,000 incidents where "someone has specifically tried to get into a Navy box," he said. "About 400 of the 16,000 have had some level of success, [and] about 40 were root access ? which I consider a great cause of alarm."

When an outsider gains root access, he can make his way throughout that particular network as if he is an insider. Most of the 40 attacks were detected and shut down within hours, Newman said, but one lasted four to five days.

The legacy systems' weaknesses came about in large part because there was no master plan for networking, Newman said. Different bases had different approaches, resource commitments and skill levels to pursue security concerns.

Because NMCI incorporates security measures throughout its development, Newman said, it will seriously strengthen the Navy's security.

'We're always going to play catch-up [on security]," said Capt. Stephen Smietana, director of information operations for long-term plans and policy in the CNO staff office, but NMCI "will go a long way."