Technology Converges At Information Agency
Architectures and Internet protocols meld communications, computing.
A U.S. Army soldier aims a satellite communications antenna during a counterinsurgency operation near Malhah in Kirkuk province, Iraq. Supporting warfighting operations in Southwest Asia is the top priority for the Defense Information Systems Agency (DISA).
The convergence of media and services in commercial cyberspace has its counterpart in the defense arena, where experts are tapping commercial technologies and standards to provide seamless information access to warfighters and decision makers.
Leading this charge is the Defense Information Systems Agency, or DISA. Responsible for providing global
DISA’s two top priorities are speed and assurity, states David Mihelcic, chief technology officer for DISA and its principal director of Global Information Grid–Enterprise Services (GIG-ES) engineering. Speed is essential for delivering information and services to the customer effectively. Assurity encompasses both ensuring security—keeping out interlopers—and guaranteeing that systems perform as they are supposed to when needed. Often the agency balances speed and functional capability, but it will not compromise security, he emphasizes.
“We’re in the middle of an ongoing cyberwar around the globe,” Mihelcic states, adding that many Defense Department and commercial servers were hit with major attacks in February. DISA is demanding that all of its vendors demonstrate that their products are secure and that they also understand the pedigree of the software they are providing the agency.
Culture is another obstacle to be overcome. Achieving full network centricity will require a shift away from information possession to information sharing. Mihelcic relates that many people view information as power and may harbor that information to strengthen their power base. This confronts the challenge of departing from need-to-know in favor of embracing need-to-share.
DISA provides core enterprise services for information sharing in all Defense Department-wide area information systems through the Net-Centric Enterprise Services (NCES) program. But the agency faces several fundamental requirements to ensure true data sharing.
These include having a standards-based infrastructure that allows Defense Department programs to share information more readily. NCES is providing the standards and core infrastructure to enable that sharing, Mihelcic says. The agency already has fielded an evaluation capability baseline—a set of pilots—that are in use by pilot customers on both the nonsecure and secret Internet protocol router networks (NIPRNET and SIPRNET).
The commercial sector is helping provide some solutions. Mihelcic relates that DISA purchased a managed enterprise service from IBM that provides human-to-human collaboration on both the NIPRNET and the SIPRNET. He emphasizes that this acquisition was undertaken as a managed service, with DISA buying no hardware or software. “What we’re buying is collaboration as a capability,” he says.
Another major NCES element is a portal that will open into the U.S. Army’s Army Knowledge Online (AKO), which is morphing into Defense Knowledge Online. This will enable NCES users not only to access that system’s services but also to open access to other services. Ultimately, it may serve as the single portal for all users to access all Defense Department information, Mihelcic offers.
The agency is working closely with the Office of the Assistant Secretary of Defense for Networks and Information Integration (ASD NII) on the departmentwide data strategy. This effort focuses on service-oriented architectures, or SOAs (SIGNAL Magazine, January 2007), and Web services to share data. Mihelcic states that DISA is in partnership with the ASD NII on this effort, as the NCES program is driven by the department’s data strategy initiatives. The agency is working with that office to help provide NCES services and by supporting some of the office’s pilot efforts.
Joint command and control (C2) traditionally has operated through the Global Command and Control System–Joint (GCCS-J) and the Global Combat Support System–Joint (GCSS-J). It now is moving into the Net-Enabled Command and Control (NECC) system. Mihelcic explains that the agency’s C2 systems build on the standards and services that the NCES is delivering.
NECC has achieved its milestone A, and its directors are working on the documentation necessary to move to milestone B, which is still on track to take place this fall. And, the program has begun some of its piloting technology development activities. Mihelcic relates that the program is taking some existing C2 capabilities from the services and morphing them to be compliant with NECC’s next-generation SOA-based architecture.
|Two U.S. Navy petty officers test a satellite communications system in the hangar deck of the USS John Stennis. Providing sufficient bandwidth to forces on the move is a major challenge facing DISA as the use of information services continues to grow across the military.|
But a key aspect will be to protect the investment already made in the GCCS. Mihelcic says that the department cannot afford to discard all GCCS code and start over. The time it would take also would be too great, so the agency is striving to preserve all of the legacy system’s investment “to the maximum extent practical” and migrate it forward by encapsulating it in the SOA architecture.
On the communications side, the great demand is for larger amounts of bandwidth. DISA must provide these greater amounts cost-effectively and with greater interoperability, Mihelcic states. Moving to Internet protocol (IP) lies at the heart of this effort as it allows the convergence of voice, video and data. The agency also can take advantage of the economies of scale by purchasing commercial equipment from companies such as Cisco and Juniper.
Converged IP-based services are a basic technology need. DISA must be able to deliver voice and video over IP that meet military requirements for assured services, and technologies that enable this are of great interest to the agency. Currently, voice over IP tends to be a “best effort” type of service that sometimes is supplemented with commercial-grade quality of service, Mihelcic charges. That does not meet department requirements. It needs a “level of assurity” that a call will go through to its intended recipient.
He continues that the department’s current time division multiplexing, or TDM-, based switched telephone networks—the Defense Switched Network and the Defense Red Switched Network—provide multilevel precedence and pre-emption. This permits a senior C2 commander to push a button to ensure that a call goes through ahead of a lower priority call. But, IP-based voice or video services offer nothing analogous today, Mihelcic points out. That capability will be required before the department attains full IP convergence, he warrants.
But looming on the near horizon is IPv6, the new IP that has been embraced formally by the Defense Department. DISA, through its GIG-ES engineering organization, houses the Defense Department IPv6 Transition Office. As the agency brings together the department’s transition plans, it also scrutinizes DISA’s own internal IPv6 activities with an eye toward pushing harder if necessary, Mihelcic points out.
Several hurdles remain. Network technology is not the issue, Mihelcic maintains. Vendors such as Juniper and Cisco have moved forward with products that support all IPv6 standards, and they have built-in mechanisms to help with the transition from IPv4. A key element is having IPv4 encapsulated within IPv6 and vice versa, Mihelcic observes. With these capabilities built into the network infrastructure, the transition from IPv4 to IPv6 will be easier.
However, what is not working as cleanly is the application and operating system element, he notes. Some progress is apparent. Microsoft has introduced full IPv6 capabilities in its
But Mihelcic warns that IPv6 ubiquity is a chicken-and-egg problem. Vendors will not invest needed funding into IPv6 applications until the market demonstrates a reason for doing that, but the market will not move quickly into that realm until the enterprise applications become available. With Microsoft delivering two key systems with IPv6, the software manufacturer could speed broad-based adoption of IPv6 if it were to move an entire suite of applications to the protocol.
For the Defense Department, funding issues remain. “If you had to take everything we have on the ground today and make it IPv6 tomorrow, you would have to replace a significant amount of hardware and software,” Mihelcic points out. So the services are accommodating the IPv6 changeover in normal refresh cycles. By making IPv6 mandatory as they acquire new capabilities, the services can activate IPv6 in parallel with IPv4 and transition to the new protocol over time.
DISA has defined various epochs of IPv6 transition in this incremental approach. The Defense Department unclassified router network should have dual capability sometime in 2008. Classified networks will take longer because they require high-assurance IP encryptors that are not available yet. The National Security Agency (NSA) has vendors working to deliver this full IPv6 compatibility in the same 2008 time frame, but these systems also will require time for testing and installation, which probably will take a couple more years, Mihelcic offers.
The transition is the biggest challenge facing IPv6 implementation, Mihelcic declares. This will require intellectual capital, he adds. Mihelcic also warns against inflated expectations of a smooth handover from IPv4 to IPv6. Too many people believe that this transition will be abrupt, but the opposite is more likely. “I think we’re going to see a transition where we see IPv4 and IPv6 running in parallel for many years,” he predicts.
That parallel transition should not hurt the Defense Department, he continues. The department holds the largest allocation of IPv4 address space, and it maintains a reserve. “In many ways, we are well-insulated against some of the potential impacts of a lag in transition,” he assures.
The agency is pursuing several improvements in the computing arena. One exciting development is virtualization. This entails having a number of computer processors share computing as if they were one processor. They also could be subdivided into virtual independent machines. This technology will allow the Defense Department either to build large farms of hardware or to purchase the capability as a managed service from commercial providers, so that a customer could acquire a virtual piece of that farm for running applications or services as needed. The activity of that processor farm would be transparent to the user beyond actual processing results.
Mihelcic likens this to the Defense Department concept of a communications cloud, where instead of a telecommunications system based on hard-wired point-to-point circuits, everyone could communicate with anyone. In the virtualization approach, a computing cloud would permit writing applications for that cloud instead of worrying where it might run.
“The days when you built an information system and step one was to build a communications system are over,” he declares. “We want to also end the days where you build a processing grid or a data center as well.”
But the big challenge in computing may be to provide cost-effective scalable computing on demand, Mihelcic offers. Traditionally, it would take months or even a year to meet a customer computing requirement. But just as the commercial sector has shortened the product delivery time from years to weeks, DISA must be able to deliver this scalable high-speed computing infrastructure much more quickly.
“Our goal there is to take that [cycle] from where it is now—which could be up to a year—and bring it down to months, weeks, days or even hours and minutes,” Mihelcic declares, adding that this would depend on the particular requirement.
He cites Amazon’s competing-on-demand service as an example of an approach that might help shorten that cycle considerably. It could serve as a model for DISA’s customers to provision computing infrastructure on demand. Potentially, as demand on a particular server increases, additional capacity would be provided automatically for these users.
Time is the enemy for many of DISA’s information technology efforts. Mihelcic notes that the Defense Department’s acquisition system is by definition “a methodical system that tries to minimize risk.” It isn’t geared to build information technology systems the way the private sector does—with great speed and where “continuous beta” is a concept associated with many modern information technology providers, he says. Continuous beta runs counter to the way the Defense Department engages in information technology business, he adds, explaining, “We want to have a completely finished product, go through a complete operational test, say it’s done and move along to the next effort.”
DISA wants vendors to deliver applications and data solutions that are based on open commercial standards, Mihelcic states. This will permit plug-and-play interoperability between applications and services provided by both multiple commercial vendors and Defense Department vendors. As the department is embracing open standards, it wants its acquisitions to embrace them as they are substantiated in usable products, he adds.
The open-source approach has the potential to be the most disruptive technology element in DISA’s arena, Mihelcic suggests. Some vendors already are modifying open-source software to open up new capabilities. With Wikipedia blazing new trails in open-source information, the intelligence community is embracing that approach with its Intellipedia capability on both the NIPRNET and SIPRNET. Mihelcic predicts that open source will be mandated in more defense contracts. Open-source licenses will be mandated so that more vendors can compete for them and the government can view the source code.
Warfighter Support Relies On Commercial Assets
The Defense Information Systems Agency’s (DISA’s) support to the warfighter largely features speeding new technologies to the battlespace. One initiative incorporates commercial technologies to make the Global Broadcast System (GBS) a two-way system. David Mihelcic, chief technology officer for DISA and principal director of Global Information Grid–Enterprise Services (GIG-ES) engineering, describes how the U.S. Central Command (CENTCOM) employs that two-way GBS variant, which is based on digital video broadcasting return-channel signaling, or DVBRCS. This commercial technology allows several CENTCOM units to send video back through GBS as well as to receive it. This is especially useful with unmanned aerial vehicle data, Mihelcic notes.
Another DISA thrust is to provide services to what Mihelcic calls disadvantaged users. This includes providing satellite communications, Net-Centric Enterprise Services (NCES) elements and Defense Information System Network (DISN) services to deployed users as well as tactical users. When the agency conducted its evaluation for the first NCES contract it awarded, it brought in representatives from the services and the combatant commanders. These officials examined how the collaborative services would perform in a disadvantaged environment.
Text chat is critical to Defense Department warfighting, Mihelcic declares. It is used from the strategic level down to the tactical level to enable collaboration. DISA believes it to be a critical capability and has included it in NCES collaboration services. The agency is striving to provide an expanded text chat collaboration capability in its follow-on acquisition, he adds. Text chat may find its way into other DISA programs such as the Multinational Information Sharing program, or MNIS. This would enable
Bandwidth remains a constant struggle. DISA locked up substantial satellite bandwidth with the commercial contracts that it established in the wake of the September 11, 2001, terrorist attacks. The agency now is partnering with the Business Transformation Agency to consider more commercial alternatives to providing satellite services in
Globally, only about 20 percent of
The upcoming generation of military communication satellites, beginning with the Wideband Gap Filler orbiters, will boost military-specific satellite capacity and increase the percentage of traffic carried over military satellites. However, even as the defense satellite capacity increases, the military’s need for commercial satellite usage will not decrease. Much of the new defense satellite capacity will be used to fulfill missions, such as communications on the move, that go wanting today, Mihelcic points out. And, the department’s appetite for bandwidth is likely to increase significantly by the time that the Tactical Satellite constellation becomes fully operational. So the defense need for commercial satellite bandwidth likely will remain constant over the next 10 years or so, he adds.