Blake Hall is a man on a mission: to help U.S. military personnel use “Web 2.0” Internet technologies to help one another and themselves. Hall’s no stranger to demanding missions. A decorated former U.S. Army Captain and Airborne Ranger who led a scout platoon in Iraq, he relates how the first time he ever led a combat mission, his battalion commander laid his hand on his shoulder and said ominously, “Hall, don’t screw it up.” And based on the overwhelmingly positive, initial response to his and his co-founders’ new, veteran-owned web venture, TroopSwap.com, an online community and marketplace for active duty U.S. military, reservists, veterans and their families, that battalion commander would be more than proud.

Fresh from his powerful and moving Washington Post article that has attracted international attention, Blake Hall sat down with me to discuss TroopSwap.com at O’Reilly Media’s Government 2.0 Summit, the inspiring two-day mind-meld of technology and public policy innovators last week in Washington, D.C.

TroopSwap.com is intended to be a kind of Craigslist in Camo: a “gated online community” and marketplace exclusively for U.S. military personnel and the businesses who serve them. Members can buy, sell and advertise almost anything related to military life, and connect socially with others posted to locations around the world in a safe and secure setting, with well-defined, consistently-enforced membership criteria.

“The military is a very insular community. It has its own language, schools and culture. It’s tightly-knit, because it’s based on shared values” says Hall. “By making site membership exclusive to military service members, veterans and their families as they transition, you’re able to serve them in a way a site like Craigslist.com that’s oriented towards the general public simply can’t.”

Hall and his co-founders also believe the military-only, gated community business model enables them to eliminate much of the fraud, abuse and predatory business practices that target service members. TroopSwap.com’s application process for prospective business advertisers on the site works hand-in-glove with a socially-enabled feedback system that’s accessible only to the service members themselves. So, advertisers can’t artificially boost their own star-based ratings, or post derogatory comments about competitors.

Initially, the core buy-and-sell section of the site is focused on four, selected categories: real estate, cars, tactical gear, and household goods. Growth plans potentially include a multi-service MWR (Morale, Welfare and Recreation) and FFR (Fleet and Family Readiness) section of the community. “Each presently hosts its own website. Some of them are very good, but others are outdated and difficult to use, forcing you to download event calendars in individual Adobe .pdf files,” says Hall. “TroopSwap.com could potentially consolidate and host all of this information in a single, searchable location that service members anywhere could easily access to improve their quality of life.”

“We’re also looking at a Meetup.com type model,” he continued. “Their most active groups are comprised of stay-at-home moms. Now, in the military, which is [predominantly] male, you’ve got folks in the active-duty component deploying for one year for every two they’re at home, and a lot service members’ spouses are very young. So, they need to connect with one another, whether around shared interests, or just for support. The Army’s answer is the Family Readiness Group. It’s a good support network, but in the social interaction many units tends to parallel the formal command structure. This alternative would democratize social interaction somewhat through events, at which you could potentially interact with whomever you want.”

(more…)

Part 2 of 2

Defense Department IT budgets are now fully mortgaged to support ongoing operations and maintenance, while most large development funds are still paying for continuation of programs that were started years ago. With regard to the concerns I’ve raised in my previous post, here are some ideas on what should be done:

1. The Defense Department should proceed with the rapid consolidation of its communication infrastructure to generate cash that will pay for the merger of costly applications. SECDEF Robert Gates observed correctly on August 9 that “…all of our bases, operational headquarters and defense agencies have their own IT infrastructures, processes, and applications. This decentralization results in large cumulative costs, and a patchwork of capabilities that create cyber vulnerabilities and limit our ability to capitalize on the promise of information technology.”Defense Department communications also cannot depend on the routers and servers that are a part of the public Internet. Instead, the department should switch to computing “on the edge” that utilizes government-controlled assets. Communication costs are the largest single component of the Defense Department’s IT budget and can be reduced materially.
2. The Defense Department should proceed with the consolidation of its servers and pack them through virtualization into a small number of fully redundant (and instant fail-over) data centers. Greater than 50 percent savings are available in operating costs, with payback periods of less than one year. Adopting platform-as-a-service cloud technologies will make that possible. Switching to network operated computing devices (thin clients) and to open source desktop software can also produce additional large savings.
3. The Defense Department should complete its data standardization efforts that were started in 1992 and mandate compliance with an enterprise-wide data dictionary. It should proceed with the standardization of meta-data definitions of all Defense Department data elements. The organization for accomplishing that is already in place.
4. The Defense Department should dictate the acceptance of an all-encompassing systems architecture that would dictate Program Executive Officers (PEOs) how to acquire computing services and contractors how to build new application software. The current Defense Architecture Framework (DoDAF) as well as the OSD published architecture directives have not been accepted by the Services and should be superseded.
5. From a cyberdefense standpoint, the Defense Department should set up network control centers that would apply state-of-the art monitoring techniques for complete surveillance of all suspect incoming as well as outgoing transactions. One-hundred percent end-to-end visibility of all Defense Department communications is an absolutely required capability for security assurance as well as for total information awareness.

The recent reassignment of the Network & Information Integration (NII) from the Office of the Secretary of Defense to the Defense Information Systems Agency (DISA) can be seen as an indication that a combination of policy and execution of enterprise-wide communications will be forthcoming. The Cyber Command now controls DISA. There is hope that DoD will finally have an organization that has the charter to deliver working cyberdefenses.

However, the combination of NII, DISA, NSA and the Cyber Command is insufficient. Cyberdefense inadequacies are embedded into the proliferation of the applications and into the fracturing of the infrastructure. They can be found in the absence of funding to launch a rethinking how to manage cyberdefenses in the decades to come.

A different cybersecurity culture needs to be diffused throughout the Defense Department. It will have to view cyberdefenses not as a bandage to be selectively applied to a patchwork of applications. The new cybersecurity must become an inseparable feature of every computer technology that enables our operations.

Paul A. Strassmann is a Distinguished Professor at the George Mason University. He is the former Director of Defense Information, Office of the Secretary of Defense.

The views expressed by our guest bloggers are their own and do not necessarily reflect the views of AFCEA International or SIGNAL Magazine.

First of two parts.

According to Air Force LTG William Lord, 85 percent of cyberoperations are in defense. That being the case, How should the Defense Department protect its network and computer assets? A 2009 RAND Corporation report on cyberdeterrence asserts “…most of the effort to defend systems is inevitably the ambit of everyday system administrators and with the reinforcement of user vigilance.” The report also states “…the nuts and bolts of cyberdefense are reasonably well understood.”

Such views encapsulate the current thinking about cyberdefense, that such activity is primarily a back office service or a compliance matter. But these views are pernicious. They accept existing systems as they are, other than advocating for improved implementation methods. RAND does not admit that the current hardware, software and networks within the Defense Department are obsolete and dysfunctional. The department continues to operate within a culture that does not acknowledge that its computer systems are not suited for the age of cyberwarfare.

Defense Department leadership appears to be viewing cyberdefense issues primarily as a matter of policy and strategy that can be fixed incrementally. That is not possible. Cyberdefense deficiencies have became deeply rooted as result of the defective ways in which the Defense Department acquired IT over the past decades. Cyberdefense flaws are inherently enterprise-wide and are mostly not application specific.

The Defense Department has not as yet confronted what it will take to make systems and networks sufficiently secure. According to DEPSECDEF William Lynn, the department operates over 15,000 networks. The total number of named systems programs in 2009 was 2,190 (Air Force 465, Army 215, Navy 972 and Agencies 538). Each of these programs was further subdivided into subcontracts, some of which are legislatively dictated. Hardly any of the subcontracts share a common data dictionary, or data formats or software implementation codes.

The IT environment at the Defense Department is fractured. Instead of using shared and defensible infrastructure, over 50 percent of the IT budget is allocated to paying for hundreds and possibly for thousands of mini-infrastructures that operate in contractor-managed enclaves. Such proliferation is guaranteed to be incompatible and certainly not interoperable.

Over 10 percent of the total Defense Department IT budget is spent on cyberdefense to protect a huge number of vulnerability points. The increasing amount of money spent on firewalls, virus protection and other protective measures is not keeping up with the rapidly rising virulence of the attackers.

Take the case of the Navy/Marine Corps Intranet, which accounts for less than 4.8 percent of Defense Department IT spending. The NMCI contains approximately 20,500 routers and switches, which connect to 4,100 enterprise servers at four operations centers that control 50 separate server farms. Since the NMCI represents the most comprehensive security environment in the Defense Department, one can only extrapolate what could be the total number of places that need to be defended. Vulnerability points include hundreds of thousands of routers and switches, tens of thousands of servers and hundreds of server farms. There are also over six million desktops, laptops and smart phones with military, civilian, reserves and contractor personnel, each with an operating system and at least one browser that can be infected by any of the 2,000 new viruses per day. From a security assurance standpoint, such proliferation of risks makes the Defense Department fundamentally insecure.

Defense Department leadership is aware that cyberoperations are important. JCS Chairman Adm. Mike Mullen said that cyberspace changes how we fight. Gen. Keith B. Alexander, the head of the Cyber Command, said that there is a mismatch between technical capabilities and our security policies.

Meanwhile, the interconnectivity of Defense Department systems is rising in importance. For instance, the Navy’s Information Dominance Corps views its information environment as being able to connect every sensor to all shooters. Information dominance makes no distinction between logistic, personnel, finance, commander or intelligence data because all of it must be available for fusing into decision-making displays. This calls for connectivity as well as real-time interoperability of millions of devices.

After decades of building isolated applications, the Defense Department has now arrived at an impasse with regard to cyberdefenses just as the demand for enterprise-wide connectivity is escalating. Unfortunately, nobody in top leadership has identified the funded program that will remedy the inherent deficiencies in cyberdefenses. Prior efforts to do that, such as the Joint Task Force for Global Network Operations (JTF-GNO) and the Joint Functional Component Command for Network Warfare (JFCC-NW) were disbanded. Right now, there are no adequate budgets in place for reducing the widely exposed “cyberattack vulnerability surface.” As yet there is no unified enterprise system design or architecture that offers cybersecurity that works across separate Defense Department components at an affordable cost.

Paul A. Strassmann is a Distinguished Professor at the George Mason University. He is the former Director of Defense Information, Office of the Secretary of Defense.

The views expressed by our guest bloggers are their own and do not necessarily reflect the views of AFCEA International or SIGNAL Magazine.

The Defense Department is spending $3.2 billion/year on information technology to secure networks against incoming malware. Meanwhile, it spent hardly any money to protect against outgoing compromising data from insiders.  Nobody seems to care much about the prevention of exfiltration of information.

Time has come to recognize that cybersecurity has to deal with unequal amounts of inbound and outbound traffic. Our enemies can gain more credible information from easily available disclosures from inside sources than from encrypted data that must be mined through firewalls, virus protection and filtering. That is why the imbalance between the expensive defenses against incoming intrusions vs. the puny amounts spend to deter outgoing leaks can be labeled as asymmetric.

By far the greatest source of information leakage from the Defense Department is via social computing such as through YouTube, Facebook, MySpace Twitter and blogs. The OSD policy on social networking of February 25, 2010 makes such activity “integral to operations across DoD”. It orders the re-configuration of the NIPRNET to provide access to Internet-based capabilities from all components. But the “how” of implementing that was left without any guidance on how to arrest the revealing of military information. In short, the current OSD policy has opened the gates to the loss of intelligence to close a billion people now engaged in social computing. A well-informed source tells me that about 20 percent of all Defense traffic is in conducting social communications through public sites which are unprotected as well as potentially toxic.

A recent incident demonstrated that outsiders could use the social media to extract DoD information. A phony “Robin Sage”, easily masquerading as an employee of the Naval Network Warfare command, was able to accumulate in a few months 300 friends on LinkedIn, 110 on Facebook and had 141 followers on Twitter. She connected with the Joint Chiefs of Staff, the CIO of the NSA, an intelligence director for the U.S. Marines and the a chief of staff for the U.S. House of Representatives. In all communications there were clues that “Robin” was a fake. In one case “Robin” duped an Army Ranger into friending her. The Ranger inadvertently exposed information about his coordinates in Afghanistan with uploaded photos from the field that contained GeoIP data.

Here is another case of disregarding elementary security which disregarded the asymmetric effects of cyber security. It is a case in which I was involved. A bank’s currency trading system was very secure. In its operations it followed best practices and was often praised as an exemplar of good risk management. All of the money transfers—sometimes in hundreds of millions of dollars in a matter of an hour—were securely executed without ever having a problem. The computers, the data center and the transmission lines were locked-down securely.

Yet, suddenly, there was a problem: A large sum of money ($80 million) disappeared in a matter of seconds. When we finally walked through all of the scenarios, the problem was that although the currency applications were absolutely secure, the maintenance programmers (who were supporting money transfer applications) were communicating by open e-mail about software fixes and the next software release. The e-mails were mostly about project management housekeeping, such as when you run the tests and when you do a software update. The e-mails therefore flagged when the money systems were most vulnerable. By keeping track of the programmers’ chatter over e-mail the attackers knew exactly when, for a few seconds, the system was naked.

When verifying cybersecurity, the number one rule is that the attackers will first devote their time not on attacking a target directly. Devoting efforts to seek out locations of maximum vulnerability will always take precedence. Therefore, I favor managing social media on the NIPRNET against potential exfiltration as a priority (see http://pstrassmann.blogspot.com/2010/06/tracking-anomalies-in-social-computing.html). Unchecked outgoing traffic will always leave military information vulnerable.

Paul A. Strassmann is a Distinguished Professor at the George Mason University. He is the former Director of Defense Information, Office of the Secretary of Defense.

The views expressed by our guest bloggers are their own and do not necessarily reflect the views of AFCEA International or SIGNAL Magazine.

[Editor's Note: This is a guest blog from James Schenck, an Army veteran and the president of the PenFed Foundation, a military support organization.] 

This Fourth of July, I ask you to join me in saluting the sacrifices of all veterans who served to defend our nation and remembering their contributions. While the nation reflects on sacrifices of veterans this Independence Day who did not return back from war, I also would like to salute members of the military who sacrificed in other ways.

From the Marine whose family is struggling financially due to multiple deployments, to the sailor who couldn’t buy her first house because she was overseas, to the soldier who is now relearning how to walk with his wife by his side and needs daycare for his young children: members of our military make sacrifices everyday that go unseen.

As a West Point graduate, I’ve committed myself to a lifetime of service to my nation.  As president of the PenFed Foundation, I have the opportunity to work with an incredible team of board members and employees who are honored to serve our nation’s defenders.  

Independence Day is a day to reflect on what it means to be an American and the liberties and freedoms we all enjoy as a result of the sacrifices and hardships endured by our men and women in uniform. It is a day for every American to look around and say thank you to those currently serving and those who have served.

We must also recognize our national security is a team effort and our military is on the front lines, but we must not forget the selfless servants within our intelligence communities, our defense contractors and the millions of Americans who go to work each day who are supporting the successes of our operations around the world.

This Fourth of July make a commitment to supporting our nation’s defenders and their families in any way you can. When members of our military return home to financial and medical problems, they end up losing their own freedom. Our veterans should not have to sacrifice their independence in order to guarantee ours.

James Schenck is president of the PenFed Foundation. He was a U.S. Army aviation officer flying UH-60 Blackhawk Helicopters. He served in the Office of the Deputy Chief of Staff of the Army for Operations and Plans. The PenFed Foundation has several programs that help military personnel who are struggling with financial, housing and medical issues. For more information about the PenFed Foundation, visit: www.pentagonfoundation.org  

The publication of this blog message does not consititute endorsement by AFCEA or SIGNAL Magazine.

Migration into a cloud environment by means of virtualization of servers is extremely attractive and has instant paybacks. Compared with other software-intensive improvements, the ability to combine servers in order to increase computer utilization from  less than 20 percent to over 70 percent is the most attractive choice in the current environment, when cuts in IT budgets for FY12 and beyond are required by end of this July.

Server virtualization is well understood. The technology is mature. There are a number of software vendors who can deliver server virtualization rapidly and at a fixed cost. The question is what are the potential savings that can be proposed as cost reductions?

To compare, look at the number of servers in computer services. I have chosen Akamai (with IT costs of $636 million/year) and Rackspace (with IT costs of $648 million/year) as benchmarks. The combined IT costs of these two firms of $1.3 billion can be compared to the Defense Department operations and maintenance budget for FY10 of $21.7 billion, which is almost 17 times greater. Without growth, this amounts to $108 billion of Defense Department IT spending over five years.

The total number of servers for Akamai and Rackspace is 104,671. Using the dollar share of total operations and maintenance spending, the Defense Department is likely to have about 180,000 servers, of which 100,000 have been already virtualized as the best case. The most complete total cost of ownership model is from Alinean. The model suggests that a reduction in the number of eligible small-scale Defense Department servers from 80,000 to 5,000 mainframe-like computers is feasible.

While they would require an up-front net investment of $27 million, the net IT capital cost reductions over five years would be $3.8 billion. And the net IT operating cost reduction over that period would be $63.1 billion—a 58 percent cut. Such cost reduction is in line with results that have been so far realized by leading commercial firms. Additionally, there would be a reduction of 36,720 kW in electrical power, and space savings in the data center of 7,118 sq.ft.

The cost reductions from the virtualization of servers should be seen only as the first step on the path toward a cloud environment in which the Defense Department operates its information technologies as a private and secure “platform-as-a-service.” And the potential savings from virtualization are so large that a concerted effort to proceed with such migration should not be deferred.

Paul A. Strassmann is a Distinguished Professor at the George Mason University. He is the former Director of Defense Information, Office of the Secretary of Defense.

The views expressed by our guest bloggers are their own and do not necessarily reflect the views of AFCEA International or SIGNAL Magazine.

The Situation

Gen. Keith Alexander, USA, the head of the new cyber command, stated that the Defense Department needs situational awareness across DOD’s networks to protect its cyber defenses: “We do not have a common operating picture for our networks. We need to build that.”

The Defense Department is responsible for protecting more than seven million machines, linked in 15,000 networks, with 21 satellite gateways and 20,000 commercial circuits. Unauthorized users probe Defense Department networks 250,000 times an hour, or more than six million times per day, he added.

In the current situation the proliferation of networks, circuits and computers offer to attackers an enormous “attack surface” which is for all practical purposes indefensible.

Virtual Networks

Network virtualization combines hardware and software network resources into a software-based administrative environment, which can be managed centrally. Network virtualization enables the integration of numerous networks so that central services, such as consolidated security management, situation awareness and protective measures can be shared across every network.

The components of virtual networks are: network hardware, such as routers, switches and network adapters; WANs and LANs; network storage devices; network media, such as ethernet and fiber channels. Examples of virtual networks are switches that physically connect to external networks as well as services that allow system administrators to combine local area networks into a singly administered network entity for the purpose of intrusion prevention.

Network virtualization software allows systems managers to route traffic to diverse data-center environments where support of business and warfare applications can take place.

In the past,  Defense Department components used to purchase multiple security protection measures and to set up failover and redundancy capabilities at each of thousands of data centers. The installation of network virtualization software makes it possible to migrate security services as a fully configured virtual service to each data center, regardless of geographic locations. This allows for migration from legacy environments to a virtual environment across data centers across the world.

As data center resources become consolidated the network virtualization software allows for reduction in space requirements, in optimal server utilization and in the consolidation of controls into DoD-wide network control centers so that highly trained personnel can be utilized much better.

Implications

Establishing situational awareness and the much needed real time responses to attacks that emanate from 15,000 networks and 20,000 commercial circuits is not feasible using the existing network configurations in place at the Defense Department.

The installation of network virtualization as an architectural direction for the Defense Department will make it possible to consolidate points of control to a limited number of network control centers. Such a move will not only deliver large reductions in cost but also safeguard the security of millions of computer devices.

Time has come to start migrating to designs that will use network virtualization as the basis for cyber defense operations.

Paul A. Strassmann is a Distinguished Professor at the George Mason University. He is the former Director of Defense Information, Office of the Secretary of Defense.

The views expressed by our guest bloggers  are their own and do not necessarily reflect the views of AFCEA International or SIGNAL Magazine.

(The following post continues the conversation from Gentlemen Do Not Open Attachments.)

1. Thin Client Case
A person with a “.mil” address walks up to a thin client anywhere in the world and logs in to the DoD NIPRNET “Secure Desktop” using a Public Key Infrastructure (PKI) access card, plus biometric ID. A thin client then presents a menu of available virtual computers to connect to. The choices will include secure NIPRNET-connected desktops, as well as insecure desktops connected to the Internet, as illustrated below:

One can choose more than one of the available options, keeping them open in multiple windows and switching among them. Each of the windows can run in an overlapping mode, or take over the whole screen. Alternating between windows does not require the rebooting the computing device.

It is not possible to transfer files from a “Secure Desktop” to the “Publicly Connected Desktop.” It is not possible to cut and paste from a secure window to a public Internet window. Data transfer is limited to keyboard entries and to mouse movements.

An insecure device such as a digital camera or a “thumb drive” can be connected to the thin client’s USB port. However, this port is only active when the “Publicly Connected Desktop” is in the foreground.

All communications from a “Publicly Connected Desktop” pass through a separate security gateway, where they are automatically inspected for policy compliance and will be logged in (for compliance with records management policies) for further examination. Accesses to all physical media (hard disks, flash drives, CD/DVDs or USB ports) are disabled meanwhile although authentication can be obtained from a Network Control Center in exceptional cases. When the desktop is switched from the “Publicly Connected Desktop” back to the “Secure Desktop” the USB port that communicates directly with the Internet is deactivated and reverts to security compliance that is governed by DoD policies.

The servers that run the “Secure” or “Publicly Connected” desktops do not ever combine secure and insecure Virtual Computers into a pool, since servers with different levels of security are always isolated. This can be accomplished by resorting to the use of “hypervisors” that can separate secure and insecure desktops on the same physical server. Hypervisors are good at creating a secure isolation of applications and operating systems from the underlying “bare metal” microprocessors. Hypervisors are the means for achieving the “virtualization” of servers and for delivery of a high level of security assurance such as guaranteeing anti-malware protection.

2. Desktop, Laptop and Netbook Cases
A person with a “.mil” address has a personally issued device such as a desktop, laptop or smartphone and logs in to the “Secure Desktop” using a PKI access card, plus biometric ID. The computer boots either into a secure Operating System or to a secure hypervisor, which have been hardened against tampering and eavesdropping. For instance, the hypervisor ensures that the disk images of protected Virtual Computers are encrypted and that there are no means of transferring data into or out of the protected environment.

After that the procedure is identical with Case 1 above, although some of the Virtual Computer logic will be stored locally and some parts will be stored on DoD servers in DoD data centers in order to improve response time.

Downloads from public Internet sites remain on the “Publicly Connected Desktop” but cannot be extracted or copied into the secure desktop. When the “Secure Desktop” is in the foreground, all input/output actions are restricted by NIPRNET security policies.

Whenever connecting through the “Publicly Connected Desktop” its settings are either reset to a like-new condition or can be refreshed according to practices managed by a Network Control Center.

Paul A. Strassmann is a Distinguished Professor at the George Mason University. He is the former Director of Defense Information, Office of the Secretary of Defense.

The views expressed by our guest bloggers  are their own and do not necessarily reflect the views of AFCEA International or SIGNAL Magazine.

Two weeks ago, I listened to a U.S. Marine Corps brigadier general plead for a lightweight personal computer that shooters could use at the squad level. All of the talk he heard about net-centric networks was meaningless because network centricity did not reach where it was needed. If the civilians could walk around with BlackBerrys, why couldn’t the U.S. Defense Department provide comparable services?

A planner’s slides that promised connectivity for everyone were fiction. The existing radios were just too heavy and the antennas gave snipers targets. But there is no reason the Defense Department should not provide U.S. warfighters with a shirt-pocket, five-ounce device with a 3.7-inch color touch screen, GPS, camera and at least a seven-hour power supply that costs less than $300. In fact, several programmable commercial cell phones already do just that. However, a few issues must be resolved before the department can proceed, among them training, communications, security, social computing and performance.

Training can be addressed by timing and consistency. Recruits should receive their shirt-pocket appliance at the same time they get their rifle. The key to adapting computers in the combat environment is simplicity and persistence. Soldiers should be able to use a variety of computing devices regardless of how the technology changes. The graphic buttons on the appliance would be standard icons that can also apply to desktops, laptops or note pads. with added variations for the individual services. Unique buttons could be designed for specific purposes or for designated individuals. Such proprietary buttons can be programmed using device-specific application programming interfaces. This approach guarantees training continuity over decades.

In terms of the capability to connect, 3-G cell towers or Wi-Max transmitters can be erected in the battlefield or on military bases for encrypted transmission. Protected commercial circuits also can be used if additional safeguards are installed. Regardless of technology, all access to the Defense Department private networks can be identical.

As with all new communications devices, information security is a primary concern. To address this issue in these handheld devices, the shooter’s computer would be stripped of every application that is not accessible by means of a standard graphic button. Standard code reduces the attack profile to intrusions. Consequently the code for every function will represent mature software that can be modified only by the designers. Each button then offers access privileges based on the roles that are assigned to an individual, regardless of location. Central network control monitors all traffic including awareness as to the uses of the device.

For warfighters who find social networking beneficial, one graphic button could be reserved for access to the public Internet. It would offer access to a virtual server that is completely isolated from military networks provided that bandwidth capacity is available.

Combat requires response times of less than 250 milliseconds, so access to a screen should take less than a second. In addition, redundancy in communications must guarantee scheduled availability at all times. To meet these needs will require a complete overhaul in the ways in which Defense Department manages its data centers and its networks.

Creating a uniform communications environment for U.S. warfighters is not only feasible but also reduces costs. It scales down the time needed for learning how extract data from diverse sources. It improves security by relying on “thin” computing for access to intelligence regardless of location. Simplification of the user interface creates reusable software components, which increase the reliability of all communications.

The shooter’s computer is feasible because the technology risks are manageable. There is no reason to wait any longer.

Paul A. Strassmann is a distinguished professor of information sciences at George Mason University’s School of Information Technology and Engineering and a regular contributor to SIGNAL Magazine. He is the former director of defense information at the Office of the Secretary of Defense.