At the heart of "DoD Information System Certification and Accreditation Reciprocity" is the policy that if a system owner from any service hands a certified and accredited system to the network owner from any other service, the network owner should have the confidence that putting that system on his or her network will not result in creating information assurance or related vulnerabilities. Can we handle this?
Networks no longer are a tidy complement to the work of defense agencies. As information gathering and processing have become faster and more essential to defense and security operations, those networks have evolved into essential tools. But the very barriers created in the justifiable zeal to protect these networks also are erecting significant roadblocks to information sharing, and the fallout affects the agencies’ ability to collaborate with allies, coalition partners and each other.
Network systems are similar to icebergs. Less than 10 percent of their volume is visible to the user of an application. Almost all of the hidden code, measured in hundreds of thousands of lines of logic, is invisible in the operating system, in the database management software, in security safeguards and in communication routines. The problem with such software is that for each application—and the U.S. Defense Department has more than 7,000 major software projects—contractors will develop the hidden coding to suit separate requirements.
The preeminence of the expanded use of cyberspace, the desire for more openness in government, and the demands for faster and better information sharing within and among enterprises—particularly in the context of inter-agency and coalition information sharing—have changed fundamentally the demands of information security. The wider reach of our networks and the quest for timely, relevant information have improved decision-making but have made us more dependent on cyberspace and more vulnerable.
Information security has not kept up with information exploitation as the United States fully embraced the information age. The greater reliance on information systems across the entire breadth of government, military and civilian activities has opened the nation to cyberattacks on its military systems, its vital infrastructure and its economy as a whole.
The U.S. Defense Department is shifting its information assurance approach away from denying access to intruders toward surviving intrusions amid operations. This approach acknowledges that cybermarauders—whether mere individual hackers or foreign intelligence operatives—are likely to penetrate defense networks at the worst possible time, and the key to maintaining those networks will be to instill a network resiliency that allows them to operate in less than optimal conditions.
The U.S. Army is responding to base realignment decisions by combining two major command headquarters into a single state-of-the-art facility. The physical proximity of personnel who already work closely together should enhance collaboration in the command and control of soldiers, but an emphasis on entity individuality will remain. The building itself will contain technologies that combine certain aspects of the two tenant organizations while ensuring that separate identities and capabilities are maintained when necessary.
Militaries around the world are partnering with the United States—with an emphasis on “states.” A National Guard Bureau program links states with countries to facilitate the exchange of ideas and practices as well as to form bonds of friendships between nations. The effort has helped countries join NATO, convinced them to participate in coalition activities and expanded into emergency management efforts. The Guard’s stable personnel structure makes it an ideal organization to undertake the task of building long-term relationships with international partners. The expertise gained by the bureau through the project is becoming more desired by the active duty and interagency communities, and now, with its first-ever line of dedicated future funding, the program can plan and expand in ways not possible before.
The U.S. Air Force has embraced cyber as a domain and is intent on using the network as it does its other domains—space and air. From the basic approach that all airmen must do their part for security, to the effort of engaging in aggressive cyberoperations, the military branch is covering the gamut of the virtual battlespace. Success in the cyber realm is tied to victory on the battlefield, making such nonkinetic efforts critical to saving lives, completing missions and ensuring the proper functioning of services to military members and civilians.