U.S. Defense Department service provider puts on a new game face.
Information assurance, preserving radio spectrum, ensuring interoperability and establishing secure wireless links are just some of the tasks on the menu for the Defense Information Systems Agency. The agency’s Defense Department-wide mandate has placed it at the nexus of the infosphere that increasingly is defining military operations worldwide.
Faced with growing customer dissatisfaction and criticism that the organization was failing in its mission and might even be obsolete, the agency has embarked on a 500-day journey of conversion and renewal. Using a master plan that takes into account the needs, requests and suggestions of top military leaders and staff, the agency is finding its way to efficacy.
In 1997, the U.S. Defense Department issued a directive that requires all military services to use the agency as their network services provider and manager. But when the Defense Information Systems Agency (DISA) failed to respond with high-quality service and support, many customers took the initiative to find a loophole in that policy. Through that narrow window of opportunity, managers of the Navy/Marine Corps Intranet demonstrated that commercial service providers could step in and take over the organization’s mission. As a result, a new agency director was brought in and “DISA 2002: A 500-Day Action Plan for Supporting DOD Decision Superiority” began. The plan, which contains 140 action items, aims to renovate the agency’s approach to customer service, improve services and address challenges in the areas of wireless communications, information assurance and interoperability.
DISA is responding to input from commanders in chief; senior military leaders in command, control, communications and computers; and agency directors. The evaluations cite what DISA has done well, where it has fallen short and what customers expect from the agency in the future.
Today, more than halfway through the plan, Lt. Gen. Harry D. Raduege Jr., USAF, director of DISA and manager of the National Communications System, Arlington, Virginia, maintains that emphasizing the customer and fostering accountability are essential to the agency’s transformation. “Our customers want to see a living process rather than a one-time effort,” Gen. Raduege says. “That’s what we’re working with them to produce. We don’t want this to fizzle out.”
When Gen. Raduege arrived at DISA, the organization’s biggest challenge was to serve the warfighter in the area of network services. The nature of warfare continues to change to a network-centric model, he says, and information networks have become an integral part of warfighting. To address this requirement, DISA had to meet network challenges and demonstrate its resolve to its customers better. As the kickoff event for DISA’s transformation, the agency created the Directorate for Network Services. “This is about re-engineering our entire network implementation, operation and support processes into something that supports the CINCs [commanders in chief], services and agencies in the Department of Defense,” he shares.
Before creating the directorate, DISA established strategic goals in two areas: improving customer focus and concentrating on best-value services for the warfighter. The network services team focused on organizing proactive customer advocacy and providing quality of service--specifically reliability, availability and performance. It also aimed at integrating processes for design, engineering, provisioning, resource management, operations, maintenance, acquisition and planning. To prevent overlap and discover areas that have been overlooked, DISA appointed a director for technical integration services who ensures that processes within DISA work efficiently.
Creating the directorate is just one step toward becoming a more efficient agency as well as the military’s application service provider of choice. Defense Department consumers also have concerns about equitable representation and want their needs, including spectrum requirements, to be heard in Washington. “Some action items are open-ended because we need to solve problems such as intractable funding issues,” the general explains. “What we are doing in these cases is becoming the customer advocate during inside-the-Beltway deliberations.”
Managing wireless technology is among the organization’s tasks, including articulating the case for preserving specific spectrum for the military. Portions of the spectrum are coveted by the wireless industry, which regularly lobbies Congress to make the Defense Department yield some of its frequency. Some DISA leaders have warned that this action could endanger mission-critical systems.
DISA is charged with jointly developing a Defense Department wireless strategy with the National Security Agency. “This partnership is critical because wireless capabilities present a new spin on network security,” Gen. Raduege states. “The weakest link of any network will be the most targeted area for intrusion, and the current crop of wireless devices do not contain as robust encryption as we would like to see. The plan is to concentrate on setting an internal DISA policy for wireless and handheld devices and use that as a model to create an effective long-term DOD policy that will allow secure and flexible use of the devices.”
The DISA team also is focusing on information assurance on a broader basis. It is working to integrate existing sensor technologies into a cohesive infrastructure known as the joint intrusion detection system. The system is a tool for network-based intrusion detection, monitoring and analysis across the Global Information Grid. “We at DISA are living up to our Defense Department directed responsibilities as the technical integrator for the CND [computer network defense] sensor grid. We currently have a project underway to provide 100 percent coverage of the Pacific Command’s theater networks,” the general relates. The system has been installed throughout the department’s networks such as the unclassified but sensitive Internet protocol router network and the secret Internet protocol router network.
DISA has increased the monitoring of regional network operations and security management centers, step sites, and command and control enclaves. “To achieve the vision of information superiority as outlined in Joint Vision 2010 and decision superiority as described in Joint Vision 2020, we must be prepared to take the next step, which is to create an enterprise sensor grid with common attributes,” the general prescribes. “We need a shared view of sensor status with locations, and this means a collective and collaborative process to share signatures and vulnerabilities so all incidents are detected and reported consistently.”
Interoperability is yet another challenge. Although the topic is one that must be addressed continually, the general points to the common operating environment, or COE, as an interoperability success story in warfighter equity. The COE is an integrated approach that allows rapid application integration, point-and-click installation and fast turnaround. It manages engineering services across the Defense Department and supports the construction of systems from components that disparate organizations have developed. The COE is planned for use by systems such as the U.S. Air Force’s theater battle management core system, the Army’s battle command system, and the global command and control system–Army.
“Every major service C4I [command, control, communications, computers and intelligence] system currently under development is using the same set of application programming interfaces. That’s a huge success story for joint standards and interoperability,” Gen. Raduege states. “We must not forget the historical and military economic lessons like Grenada, Desert One and Desert Storm that drove the department to establish joint enterprise capabilities, especially when speed of operation is essential, lives and national security are at stake, and dollars are short.”
In addition to its work toward transformation, the agency must continue to address cynics. Acknowledging that some view DISA as an unnecessary middleman. Gen. Raduege notes that the perception is not universal and misses the point of the agency’s military mission. Because DISA plans, develops and operates joint enterprisewide capabilities for the entire Defense Department, it can provide unique benefits such as Type I military-grade encryption, diversity in network routing, diversity in telecommunications media, guaranteed interoperability and global tactical extensions to places where commercial infrastructure does not exist.
The capstones to these capabilities are the organization’s procedures for accreditation and certification, defensive operations, and vulnerability identification and alerts. “Setting these mission-critical factors aside, the right answer for DOD economically is to procure enterprise network and information technology [IT] capabilities rather than procuring a massively confused array of duplicative capabilities that, at the end of the day, don’t work together well, are more difficult to defend, and don’t get the joint mission done,” he asserts.
DISA is working on metrics to ensure that its goals are being met and customers are satisfied. Customers have been given not only a hard copy of the plan but also access to a Web site with daily updates on each of the 140 actions. The items are displayed in chart form so customers can review the program status of resources, item action summaries, milestones and exit criteria. The organization also has a performance contract with targeted goals and performance measures developed through negotiations with its customers and the Office of the Secretary of Defense.
Gen. Raduege personally meets with many consumers of DISA services and tracks the status of the plan using a large board that contains all 140 actions, each with color-coded pins. Red pins represent funding difficulties; green pins, which delineate most of the actions, he adds, mean that progress is good. Yellow pins indicate that some concerns need to be addressed. Blue pins, now starting to appear, denote completed actions.
“At our review we look at the track record—the current month plus the previous two months. You can see whether the trend is improving, not improving or staying the same,” he explains. “We now have a corporate board structure here so that we discuss the heavy issues of the day in a corporate fashion. The General Accounting Office is looking at how effective our 500-day plan is. We’re getting some good additional oversight.”
Many changes that have occurred over the past year are internal and may not be readily apparent. “We established the CONUS [continental United States] Regional Network Operations and Security Center to coordinate network management, security and contingency support for all of our CONUS customers,” he explains. “The feedback is positive. We measure network restoration in minutes, whereas this time last year, it was in hours or days.”
The organization also is writing service-level agreements into every contract and through consolidation and modernization has driven down the cost of mainframe processing from more than $1 billion per year to $348 million per year. “Along the way, the billets devoted to this function have been reduced from 10,000 to 1,000 while taking on a significant increase in workload,” the general adds. “As important as the savings, we’ve reoriented the defense enterprise computing centers [DECCs] to provide go-to-war IT in terms of security, reliability and global connectivity. Our DECCs now serve as JTF [Joint Task Force] beachheads, providing enormous reach-back capabilities for deployed warfighters while enabling them to reduce their forward footprint.”
Gen. Raduege emphasizes that the 500-day action plan is one of several clear signals that DISA is “extraordinarily focused” on its military consumers. It now offers tailored services that were not available a year ago such as community of interest networks. “Customer support is one of the core values that we are infusing throughout the organization,” he asserts. “If skeptics’ views are based on mission performance and cost, all of these steps should help. Our plan says that we’re here to listen, to commit and to deliver. We’ve put our intentions in writing.”
This fall DISA began its effort to refresh the plan and map out the way ahead for the succeeding 500 days—part two—scheduled for publication by the end of 2002. “We’re going to continue to deliver solutions and keep the focus of the plan on customer needs while being responsive to top-level guidance that now is emerging from the Quadrennial Defense Review,” he offers.