Information Assurance and Network Security
What is it? Information assurance (IA) and network security ensure the confidentiality, availability, and integrity of information across the entire spectrum of military operations. The environment is characterized by rapid technology change that is subject to increasing frequency of attacks from a sophisticated and organized cyber threat ranging from nation states and transnational terrorist and criminal organizations to hackers and vandals capable of entering networks via cyberspace from any geographic location worldwide. IA defends the LandWarNet by employing a defense-in-depth strategy that integrates people, technology, and operations, supported by a trained/skilled workforce that employs multiple IA protective measures layered from the perimeter to the desktop.
What has the Army done? ? Army's approach concentrates on protecting information, defending systems and networks, providing IA situational awareness, fostering innovation, and creating an empowered workforce. In FY-06 the Army led DoD on several strategic fronts: Quadrennial Defense Review (QDR), Federal Information Security Management Act (FISMA), and Homeland Security Presidential Directive-12 (HSPD-12). For the QDR, Army highlighted IA as a key military strategy for securing cyber space and the warfighter. In FISMA, Army achieved near perfect scores in all system accreditations, security controls, contingency planning, annual security reviews, and has taken the initiative to document user and specialized training. In the wake of its FISMA success, the Army’s achievement reflected positively on the DoD’s overall grade. The phased implementation of HSPD-12 surpassed an aggressive timeline established by JTF-GNO for 100% compliance in the following areas: Cryptographic Common Access Card Logon (CCL) for users and machines; Contractor Verification System, and electronic Digital Signature for authoritative authentication. Army has now completed these initial phases and has taken steps toward securing two way wireless devices and extending physical security measures to the DoD smart card technology. Army continued to update its aging cryptographic capabilities by successfully programming and integrating communications security (COMSEC) equipment, key management processes and associated support items into the Army inventory. The Army’s Certification and Accreditation and Networthiness teams have campaigned diligently toward institutionalizing both programs into the Army and DoD risk based IT acquisition policies and procedures. The Army became an integral partner with NSA in developing the Global Information Grid (GIG) IA Architectures, and developed capabilities documents and strategies for the GIG Information Assurance Portfolio (GIAP). The Army continued to forge the way in its efforts to reduce network vulnerabilities and prevent pilfering of private data by combing the web for at risk data through the Army Web Risk Assessment Cells, and protecting against data theft or loss by means of encrypting data at rest and in transit. The Information Assurance Vulnerability Management (IAVM) process to find, fix, report, and verify compliance with DoD mandates has improved significantly with the deployment of DoD provided automated scanning and remediation tools, innovative reporting capabilities, and increased compliance verification inspections. Army has not only investigated innovative technologies to enhance defense-in-depth at the most critical level, the host, but it also contributed invaluable manpower and resources to assist DoD and Strategic Command (STRATCOM) to select and accredit a host based security solution. Most importantly, Army has created a robust training program for IA professionals that will require certifications as validation of the knowledge and skills of the Army’s military, civilian, and contractor IA workforce.
What efforts does the Army plan to continue in the future? The keystone to future security is protecting the Army data. The enforcement and compliance of data protection by means of encryption for mobile devices and removable media has led the Army to develop requirements and seek technology for a comprehensive enterprise wide solution that is both cost effective and meets the Army’s desired end state to integrate commercial technologies with the DoD Public Key Infrastructure. This collaborative approach between Army and industry has inspired the other Services to follow suit. The creation, establishment, and construction of Area Processing Centers (APC)--to integrate and consolidate information technology service delivery, consolidate service, provide a uniform security architecture, and reduce access points not only to the Army, but also to the Joint environment. APCs are a key component in the mandated Base Realignment and Joint Basing initiatives. APCs will not only improve network security policy enforcement, but greatly enhance information sharing and collaboration between the Services, Inter-Agency, and coalition partners. The Army, in conjunction with the joint community, is developing and implementing an IA sensor grid to enhance defense-in-depth of the global information grid (GIG) in support of Army and combatant commands worldwide. These tools will enhance the Army’s ability to proactively mitigate vulnerabilities and improve capabilities to detect and react to attacks on Army networks.
Why is this important to the Army? IA is the foundational pillar of information dominance in a net-centric warfare environment. It assures the capability of the LandWarNet to provide reliable communications for a global force and dramatically improve the warfighting capabilities of Army forces across the full spectrum of conflict.